pc problem.

Sherlock_34 · May 11, 2011

Hello everybody, I'm new here, and I can't seem to open Mouse Control Panel, whether from the Control Panel itself, from the search box, or the command Prompt(even if I run it as administrator).

And whenever I try to open System in Control Panel, instead of getting the whole information, most of it is blanked out, as you can see here (ignore the blacked-out part, it's just the name of my computer).

System

Here are the things that happened prior to my finding this:

There were times that the computer would completely freeze or hang up, and the only way to get out was to reboot.
After rebooting, I would get stuck on one of the various startup screens (e.g. loading Windows; detecting SATA, etc.)
There were times I got lucky and got through and the computer would actually work.
But then, it would freeze up randomly again, and the reboot/startup problem would come again.
I ran Startup Repair and then it seemed as if my startup/freezing problems would be gone.
I noticed my mouse pointer was different, than the default Windows 7 pointer, so I tried to change it in Control Panel, but it wouldn't open.
And I right-clicked on My Computer randomly, and clicked Properties, and the image above is what came up.

Here are my computer specs (any additional information will be added on request):

OS: Microsoft Windows 7 Ultimate
Version: 6.1.7600 Build 7600
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+, 2611 Mhz, 2 Core(s), 2 Logical Processors
BIOS Version/Date: American Megatrends Inc. 0507, 12/23/2008
Graphics Card Driver: NVIDIA GeForce 9400 GT

Can anybody help me with this?

EDIT: I already suspected a registry problem, so I ran TuneUp Utilities 2011 constantly for some time now, but it's still there. I also ran a full system scan with Avira Antivir with no detections.

gamblingman · May 11, 2011

Since you're having problems with the system, lets begin at square-one. Please, don't do anything else on the computer while working with these programs. Proceed through these instructions and perform all the below steps in the order listed, and do all in normal boot mode NOT safe mode. If you cannot boot normally and all you can boot into is safe mode, tell us.

Also, Do not restart your computer unless someone from here or the program Malwarebytes informs you that its necessary to restart. If you cannot get any files to download from the links we have provided, then stop what you are doing and tell us.

Please download Malwarebytes' Anti-Malware HERE or HERE and save it to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to

o Update Malwarebytes' Anti-Malware
o and Launch Malwarebytes' Anti-Malware
Then click Finish.
If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

- - - - - - - - - - - - - -
NOTE!
If for some reason Malwarebytes will not install or run please download these files: Rkill.scr, Rkill.exe, or Rkill.com.

First, run the .SCR file by clicking it. If a black window opens then closes (or you get a message from the infection that RKill is infected) run the file again, do this until it generates a log of processes stopped. If .SCR will not run at all, try the .EXE, if the .EXE wont work then use the .COM until one of them gives you a log. If none will run and produce a log then stop and tell us immediately. Then work to install or run Malwarebytes.

DO NOT reboot immediately after running RKill because doing so will deactivate RKill and you will have to run it again. Just run RKill then malwarebytes, then HijackThis.
- - - - - - - - - - - - - -

Now, generate a HijackThis log.

Download the HijackThis installer from HERE.

Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log.

Sherlock_34 · May 12, 2011

Here's the Malwarebytes Anti-Malware log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6559

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

5/12/2011 2:11:25 PM
mbam-log-2011-05-12 (14-11-25).txt

Scan type: Quick scan
Objects scanned: 159574
Time elapsed: 4 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\System32\secushr.dat (Malware.Trace) -> Quarantined and deleted successfully.

And here's the HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:13:54 PM, on 5/12/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Users\LEA\AppData\Local\Google\Update\1.3.21.53\GoogleCrashHandler.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE
C:\Users\LEA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\LEA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\LEA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Clip Extractor Toolbar\tbhelper.dll
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo1.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\LEA\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Clip Extractor Toolbar\tbcore3.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O2 - BHO: FBLayouts Plugin - {FF4E1D1D-705B-4379-AB33-22D98C1ABF55} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Clip Extractor Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Clip Extractor Toolbar\tbcore3.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo1.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\LEA\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [L09AXLRD_4584682] "C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE" -m
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2498620038-3934093899-3520722079-1007\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2498620038-3934093899-3520722079-1007\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O8 - Extra context menu item: Download All By FlashGet3 - C:\Users\LEA\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Download By FlashGet3 - C:\Users\LEA\AppData\Roaming\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\sblsp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\Windows\system32\SupportAppXL\cdrom_mon.exe
O23 - Service: @%SystemRoot%\system32\PresentationHost.exe,-3309 (FontCache3.0.0.0) - Unknown owner - C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
O23 - Service: VideoAcceleratorService - Unknown owner - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10547 bytes

what else should i do?

gamblingman · May 12, 2011

You are still infected. Follow these instructions now or in the morning. Regardless of which you choose to do, I am about to go to bed. Tomorrow, either I or Johnb35 will walk you through the next steps after you post the necessary logs from Combofix and HiJackThis.

Don't do anything else on the computer while working with this program.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

Click the link below then download Combofix from the BleepingComputer Mirror
http://www.bleepingcomputer.com/download/anti-virus/combofix

Then double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Combofix should never take more that 20 minutes including the reboot if malware is detected.

In your next reply please post:

The ComboFix log
A fresh HiJackThis log
An update on how your computer is running

Sherlock_34 · May 12, 2011

Thanks a lot guys. Man it's a good thing there are people like you here.

Anyway, here are the logs:

COMBOFIX LOG:

ComboFix 11-05-11.02 - LEA 05/12/2011 18:34:48.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2047.1438 [GMT 8:00]
Running from: c:\users\LEA\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\program files\Clip Extractor Toolbar\tbHElper.dll
c:\users\LEA\AppData\Roaming\chrtmp
c:\windows\system32\drivers\npf.sys
.
Infected copy of c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe was found and disinfected
Restored copy from - c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
.
c:\windows\System32\taskkill.exe . . . is infected!!
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
((((((((((((((((((((((((( Files Created from 2011-04-12 to 2011-05-12 )))))))))))))))))))))))))))))))
.
.
2011-05-12 10:29 . 2011-05-12 10:33 -------- d-----w- C:\32788R22FWJFW
2011-05-12 05:51 . 2011-05-12 05:51 -------- d-----w- c:\users\LEA\AppData\Roaming\Malwarebytes
2011-05-12 05:51 . 2010-12-20 10:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-12 05:51 . 2011-05-12 05:51 -------- d-----w- c:\programdata\Malwarebytes
2011-05-12 05:51 . 2011-05-12 05:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-12 05:51 . 2010-12-20 10:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-12 05:50 . 2011-05-12 05:50 388096 ----a-r- c:\users\LEA\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-11 14:56 . 2011-05-11 14:56 -------- d-----w- c:\users\LEA\AppData\Local\SKIDROW
2011-05-09 12:27 . 2011-05-09 12:37 -------- d-----w- c:\users\LEA\AppData\Roaming\vlc
2011-05-09 10:59 . 2011-05-09 10:59 -------- d-----w- c:\program files\CCleaner
2011-05-08 15:03 . 2011-03-30 11:02 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2011-05-08 15:03 . 2011-03-30 10:57 21312 ----a-w- c:\windows\system32\authuitu.dll
2011-05-08 15:03 . 2011-03-30 10:57 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2011-05-08 15:03 . 2011-05-08 15:03 -------- d-----w- c:\users\LEA\AppData\Roaming\TuneUp Software
2011-05-08 15:02 . 2011-05-08 15:03 -------- d-----w- c:\program files\TuneUp Utilities 2011
2011-05-08 15:02 . 2011-05-08 15:03 -------- d-----w- c:\programdata\TuneUp Software
2011-05-08 15:02 . 2011-05-08 15:02 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-05-06 12:21 . 2011-05-12 09:50 -------- d-----w- c:\program files\Steam
2011-05-05 12:47 . 2011-05-12 09:07 -------- d-----w- c:\users\UpdatusUser
2011-05-05 12:44 . 2011-04-08 05:14 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-05-05 12:44 . 2011-04-08 05:14 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-05-05 12:44 . 2011-04-08 05:14 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-05 12:44 . 2011-04-08 05:14 5180824 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-05 12:44 . 2011-04-08 05:14 2765928 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-05 12:44 . 2011-04-08 05:14 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-05-05 12:44 . 2011-04-08 05:14 15227496 ----a-w- c:\windows\system32\nvoglv32.dll
2011-05-05 12:44 . 2011-04-08 05:14 10690024 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-05-05 12:44 . 2011-04-08 05:14 13007464 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-05 09:33 . 2011-05-05 09:33 -------- d-----w- c:\users\LEA\AppData\Local\Activision
2011-05-05 08:23 . 2011-05-05 08:24 -------- d-----w- c:\program files\vgif
2011-05-05 08:10 . 2011-05-05 08:10 -------- d-----w- c:\users\LEA\AppData\Local\{DD1A14D6-9D5E-4315-8DC0-6F838CDDAF43}
2011-05-05 08:10 . 2011-05-05 08:10 -------- d-----w- c:\users\LEA\AppData\Local\{95335CE0-006C-4A6C-B3F2-12400D13A363}
2011-05-03 08:43 . 2011-05-03 08:43 -------- d-----w- c:\users\LEA\AppData\Local\Google
2011-05-03 08:35 . 2011-05-03 08:44 -------- d-----w- c:\users\LEA\AppData\Local\ElevatedDiagnostics
2011-05-03 07:59 . 2011-05-03 07:59 -------- d-----w- c:\users\LEA\AppData\Local\Mozilla
2011-05-03 07:57 . 2011-05-08 14:23 -------- d-----w- c:\users\LEA\AppData\Local\Microsoft
2011-05-02 14:38 . 2011-05-07 09:15 -------- d-----w- c:\users\LEA\AppData\Roaming\funkitron
2011-05-02 14:37 . 2011-05-02 14:37 -------- d-sh--w- c:\windows\ftpcache
2011-05-02 13:43 . 2011-05-02 13:43 -------- d-----w- c:\program files\Microsoft Research
2011-05-02 06:26 . 2010-08-12 03:46 758784 ----a-w- c:\windows\system32\cohelper.dll
2011-05-02 06:26 . 2010-08-09 14:33 11164 ----a-w- c:\windows\system32\drivers\nvphy.bin
2011-05-02 06:22 . 2011-05-02 06:22 -------- d-----w- c:\windows\system32\EventProviders
2011-05-02 06:06 . 2011-05-02 06:06 -------- d-----w- c:\windows\en
2011-05-02 06:00 . 2011-05-02 06:00 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-05-02 05:58 . 2011-05-02 05:59 -------- d-----w- c:\program files\Windows Live
2011-05-02 05:53 . 2011-05-05 08:10 -------- d-----w- c:\users\LEA\AppData\Local\Windows Live
2011-05-02 05:53 . 2011-05-02 05:53 -------- d-----w- c:\program files\Common Files\Windows Live
2011-05-02 05:52 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2011-05-02 02:43 . 2011-04-14 16:26 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-02 02:43 . 2011-04-14 16:25 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-02 02:43 . 2011-04-14 16:25 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-02 02:43 . 2011-04-14 16:25 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-02 02:43 . 2011-04-14 16:25 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-02 02:43 . 2011-04-14 16:25 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-02 02:43 . 2010-01-01 08:00 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-02 02:43 . 2010-01-01 08:00 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-02 02:25 . 2011-03-11 05:44 146304 ----a-w- c:\windows\system32\drivers\storport.sys
2011-05-02 02:25 . 2011-03-11 05:44 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-05-02 02:25 . 2011-03-11 05:44 1210240 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-05-02 02:25 . 2011-03-11 05:44 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-05-02 02:25 . 2011-03-11 05:43 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-05-02 02:25 . 2011-03-11 05:43 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-05-02 02:25 . 2011-03-11 05:43 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-05-02 02:25 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\system32\esent.dll
2011-05-02 02:25 . 2011-03-11 05:37 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-05-02 02:23 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\explorer.exe
2011-05-02 02:21 . 2011-03-12 11:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-05-02 02:20 . 2011-02-18 05:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-05-02 02:20 . 2011-02-19 05:33 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-05-02 02:20 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-05-02 02:20 . 2011-02-19 05:32 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-05-02 02:20 . 2011-02-24 05:32 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-05-02 02:20 . 2011-01-17 05:38 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-05-01 16:14 . 2011-05-01 16:14 -------- d-----w- c:\windows\CheckSur
2011-05-01 16:14 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B776D157-E6BE-4950-A60B-199136E7599A}\mpengine.dll
2011-05-01 15:35 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-05-01 15:35 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-05-01 15:35 . 2011-02-23 05:05 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-01 15:35 . 2011-02-23 05:05 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-01 15:35 . 2011-02-23 05:05 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-01 15:35 . 2011-02-23 05:05 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-05-01 08:19 . 2011-05-01 08:19 -------- d-----w- C:\sawesome
2011-05-01 07:42 . 2011-05-01 07:42 -------- d-----w- c:\program files\TuneUpMedia
2011-05-01 05:30 . 2011-05-01 05:30 -------- d-----w- c:\program files\iPod
2011-05-01 05:27 . 2011-05-01 05:27 -------- d-----w- c:\program files\Bonjour
2011-04-30 07:36 . 2011-04-30 07:36 -------- d-----w- c:\program files\LTYT MP3 Converter
2011-04-27 17:19 . 2011-04-27 17:19 -------- d-----w- c:\users\LEA\AppData\Roaming\NVIDIA
2011-04-19 03:31 . 2011-04-19 03:31 -------- d-----w- c:\windows\system32\Wat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-04 00:27 . 2009-07-14 00:19 276480 ----a-w- c:\windows\system32\compstui.dll
2011-05-04 00:27 . 2009-07-13 23:20 14848 ----a-w- c:\windows\system32\ntvdmd.dll
2011-05-04 00:27 . 2009-07-13 23:52 2048 ----a-w- c:\windows\system32\bridgeres.dll
2011-05-02 05:59 . 2010-06-24 03:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-08 05:14 . 2011-05-05 12:44 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-04-08 05:14 . 2010-08-06 10:22 2034280 ----a-w- c:\windows\system32\nvapi.dll
2011-04-08 05:14 . 2009-07-13 22:09 6299752 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-04-08 05:14 . 2009-06-10 21:19 10071656 ----a-w- c:\windows\system32\nvd3dum.dll
2011-04-07 14:45 . 2011-04-07 14:45 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-04-07 14:45 . 2011-04-07 14:45 612456 ----a-w- c:\windows\system32\nvvsvc.exe
2011-04-07 14:45 . 2011-04-07 14:45 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-07 14:44 . 2011-04-07 14:44 3701352 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-07 14:44 . 2011-04-07 14:44 2565224 ----a-w- c:\windows\system32\nvsvc.dll
2011-04-06 08:20 . 2011-04-06 08:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 08:20 . 2011-04-06 08:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 08:20 . 2011-04-06 08:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 08:20 . 2011-04-06 08:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-02 14:16 . 2009-07-13 23:24 811520 ----a-w- c:\windows\system32\user32.dll.old
2011-03-18 09:34 . 2010-08-06 10:41 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-23 00:27 . 2011-02-23 00:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-02-23 00:27 . 2011-02-23 00:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-02-18 08:36 . 2011-02-18 08:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 08:36 . 2011-02-18 08:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-04-14 16:26 . 2011-05-02 02:43 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2003-10-01 10:04 121856 --sha-w- c:\windows\System32\cfpsys.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2011-01-12 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-12 10:28 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngin0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-01-12 10:28 3911776 ----a-w- c:\program files\uTorrentBar\tbuTo1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2011-01-12 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [2011-01-12 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2011-01-12 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-03-26 399736]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"Steam"="c:\program files\Steam\Steam.exe" [2011-05-07 1242448]
"L09AXLRD_4584682"="c:\program files\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE" [2009-06-11 351000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 15:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutorunRemover.exe]
2008-06-18 15:51 1257472 ----a-w- c:\program files\AutorunRemover\AutorunRemover.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 03:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-14 03:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L09AXLRD_3070068]
2009-06-11 02:49 351000 ----a-w- c:\program files\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L09AXLRD_6851907]
2009-06-11 02:49 351000 ----a-w- c:\program files\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 02:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 09:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]
2005-10-11 12:54 339968 ----a-w- c:\windows\vsnpstd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 06:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Antivirus]
2010-12-11 15:28 824224 ----a-w- c:\program files\USB Disk Security\USBGuard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Warning: do not remove it! (system)]
2003-10-01 10:04 121856 --sha-w- c:\windows\System32\cfpsys.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Adobe.exe"=c:\users\LEA\AppData\Roaming\Adobe.exe
"L09AXLRD_6462325"="c:\program files\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE" -m
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-06 136176]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe [x]
R3 cpuz134;cpuz134;c:\users\LEA\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-06 136176]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-07-12 3583840]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-19 1343400]
R3 XDva352;XDva352;c:\windows\system32\XDva352.sys [x]
R3 XDva361;XDva361;c:\windows\system32\XDva361.sys [x]
R3 XDva366;XDva366;c:\windows\system32\XDva366.sys [x]
R3 XDva367;XDva367;c:\windows\system32\XDva367.sys [x]
R3 XDva368;XDva368;c:\windows\system32\XDva368.sys [x]
R3 XDva370;XDva370;c:\windows\system32\XDva370.sys [x]
R3 XDva372;XDva372;c:\windows\system32\XDva372.sys [x]
R3 XDva377;XDva377;c:\windows\system32\XDva377.sys [x]
R3 XDva379;XDva379;c:\windows\system32\XDva379.sys [x]
R3 XDva382;XDva382;c:\windows\system32\XDva382.sys [x]
S1 vdrv9000;vdrv9000;c:\windows\system32\Drivers\VDRV9000.SYS [2007-11-14 113168]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-05-01 136360]
S2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon.exe [2009-01-07 81920]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-07 378472]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-03-30 1523008]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2011-02-10 10064]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-26 10:26]
.
2011-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-26 10:26]
.
2011-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2498620038-3934093899-3520722079-1001Core.job
- c:\users\LEA\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-02 02:56]
.
2011-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2498620038-3934093899-3520722079-1001UA.job
- c:\users\LEA\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-02 02:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.microsoft.com
mStart Page = hxxp://www.microsoft.com
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = *.local
IE: Download All By FlashGet3 - c:\users\LEA\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download By FlashGet3 - c:\users\LEA\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\SpeedBit Video Accelerator\SBLSP.dll
Trusted Zone: facebook.com
FF - ProfilePath - c:\users\LEA\AppData\Roaming\Mozilla\Firefox\Profiles\bjkw3bjo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=hp
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
MSConfigStartUp-RockMelt Update - c:\users\LEA\AppData\Local\RockMelt\Update\RockMeltUpdate.exe
MSConfigStartUp-SpeedBitVideoAccelerator - c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe
MSConfigStartUp-Steam - d:\steam\Steam.exe
AddRemove-Final Fantasy VII - d:\final fantasy vii (pc) ultima edition\Final Fantasy VII\Uninst.isu
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2498620038-3934093899-3520722079-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A379EA48-F984-C397-1631-761CA066D9F4}*]
"palpafihgaoaccgcnddmaegfahnppfoc"=hex:6a,61,67,6f,69,6d,6e,68,70,62,63,6d,6c,
64,70,65,61,61,70,6f,00,00
"abbfomdfnfllnofmloicbhehhflfgbdiam"=hex:6a,61,67,6f,64,6e,62,62,6c,62,65,69,
6b,64,64,6a,70,6b,6f,62,00,00
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\WerFault.exe
.
**************************************************************************
.
Completion time: 2011-05-12 18:52:14 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-12 10:52
.
Pre-Run: 53,130,858,496 bytes free
Post-Run: 52,711,481,344 bytes free
.
- - End Of File - - 56CCADB4E3B5CD86AA2E3C9B71EAAD90

HIJACKTHIS LOG (NOTE: I didn't fix anything yet or do anything else other than what you have told me to do):

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:55:49 PM, on 5/12/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.exe
C:\Program Files\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo1.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\LEA\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Clip Extractor Toolbar\tbcore3.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O2 - BHO: FBLayouts Plugin - {FF4E1D1D-705B-4379-AB33-22D98C1ABF55} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo1.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [L09AXLRD_4584682] "C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE" -m
O4 - HKUS\S-1-5-21-2498620038-3934093899-3520722079-1007\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2498620038-3934093899-3520722079-1007\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O8 - Extra context menu item: Download All By FlashGet3 - C:\Users\LEA\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Download By FlashGet3 - C:\Users\LEA\AppData\Roaming\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\sblsp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\Windows\system32\SupportAppXL\cdrom_mon.exe
O23 - Service: @%SystemRoot%\system32\PresentationHost.exe,-3309 (FontCache3.0.0.0) - Unknown owner - C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
O23 - Service: VideoAcceleratorService - Unknown owner - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 8869 bytes

COMPUTER CONDITION:

My computer seems fine, still like normal, like after I launched Startup Repair and the freezing and startup problems stopped. But the "System," or the Properties in My Computer; and the Mouse Control Panel are still not functioning correctly.

Sidenote:
Mouse Control Panel isn't the only Control Panel item that doesn't work, included also in the list are:

Phone and Modem
Keyboard Control Panel (the windows just pops up and closes suddenly)
Taskbar (I can't customize anything, the buttons are empty, more details in image below)

Thanks again gamblingman. Is there anything more?

gamblingman · May 12, 2011

Yes there is more that needs to be done.

But, I have GOT to shut my computers down as we are about to have a big storm with tons of lightning roll over me here. I just messaged one of our mods to carry you to the next step, hang tight.

johnb35 · May 13, 2011

Ok, a few things to do here.

First -

Move the file combofix to your desktop area so you can perform the following procedure.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

Code:

Folder::
c:\users\LEA\AppData\Local\{DD1A14D6-9D5E-4315-8DC0-6F838CDDAF43}
c:\users\LEA\AppData\Local\{95335CE0-006C-4A6C-B3F2-12400D13A363}

Driver::
XDva352
XDva361
XDva366 
XDva367
XDva368
XDva370
XDva372
XDva377
XDva379
XDva382 

File::
c:\windows\system32\XDva352.sys
c:\windows\system32\XDva361.sys
c:\windows\system32\XDva366.sys
c:\windows\system32\XDva367.sys 
c:\windows\system32\XDva368.sys
c:\windows\system32\XDva370.sys
c:\windows\system32\XDva372.sys 
c:\windows\system32\XDva377.sys
c:\windows\system32\XDva379.sys
c:\windows\system32\XDva382.sys

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Second -

Please post an uninstall list using hijackthis. Open hijackthis, click on open misc tools section, click on open uninstall manager, click on save list and save it, then copy and paste it back here.

Third -

Download Security Check from here or here
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.

Last -

Download Filefind By Attribune.

•Unzip the file and save it to your desktop.
•Double-click on FileFind.exe
•In the box labeled "Enter the directory to search" type C:\
•(note if your default Windows boot drive is not drive C, substitute your drive letter).
•In the box labeled "Enter the file to search" type taskkill.exe
•Click on the Find button.
•Once the utility has found the files click on Export. This will save a text file to your C:\ drive (or your default Windows drive) as Export.txt.

Add the C:\Export.txt log to your next message.

Sherlock_34 · May 13, 2011

Combofix.txt

ComboFix 11-05-11.04 - LEA 05/13/2011 12:01:26.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2047.1306 [GMT 8:00]
Running from: c:\users\LEA\Desktop\ComboFix.exe
Command switches used :: c:\users\LEA\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\XDva352.sys"
"c:\windows\system32\XDva361.sys"
"c:\windows\system32\XDva366.sys"
"c:\windows\system32\XDva367.sys"
"c:\windows\system32\XDva368.sys"
"c:\windows\system32\XDva370.sys"
"c:\windows\system32\XDva372.sys"
"c:\windows\system32\XDva377.sys"
"c:\windows\system32\XDva379.sys"
"c:\windows\system32\XDva382.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\LEA\AppData\Local\{95335CE0-006C-4A6C-B3F2-12400D13A363}
c:\users\LEA\AppData\Local\{DD1A14D6-9D5E-4315-8DC0-6F838CDDAF43}
.
c:\windows\System32\taskkill.exe . . . is infected!!
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_XDVA352
-------\Legacy_XDVA361
-------\Legacy_XDVA366
-------\Legacy_XDVA367
-------\Legacy_XDVA368
-------\Legacy_XDVA370
-------\Legacy_XDVA372
-------\Legacy_XDVA377
-------\Legacy_XDVA379
-------\Legacy_XDVA382
-------\Service_XDva352
-------\Service_XDva361
-------\Service_XDva366
-------\Service_XDva367
-------\Service_XDva368
-------\Service_XDva370
-------\Service_XDva372
-------\Service_XDva377
-------\Service_XDva379
-------\Service_XDva382
.
.
((((((((((((((((((((((((( Files Created from 2011-04-13 to 2011-05-13 )))))))))))))))))))))))))))))))
.
.
2011-05-13 04:13 . 2011-05-13 04:13 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-05-13 04:13 . 2011-05-13 04:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-12 10:47 . 2011-05-13 04:17 -------- d-----w- c:\users\LEA\AppData\Local\temp
2011-05-12 05:51 . 2011-05-12 05:51 -------- d-----w- c:\users\LEA\AppData\Roaming\Malwarebytes
2011-05-12 05:51 . 2010-12-20 10:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-12 05:51 . 2011-05-12 05:51 -------- d-----w- c:\programdata\Malwarebytes
2011-05-12 05:51 . 2011-05-12 05:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-12 05:51 . 2010-12-20 10:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-12 05:50 . 2011-05-12 05:50 388096 ----a-r- c:\users\LEA\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-11 14:56 . 2011-05-11 14:56 -------- d-----w- c:\users\LEA\AppData\Local\SKIDROW
2011-05-09 12:27 . 2011-05-09 12:37 -------- d-----w- c:\users\LEA\AppData\Roaming\vlc
2011-05-09 10:59 . 2011-05-09 10:59 -------- d-----w- c:\program files\CCleaner
2011-05-08 15:03 . 2011-03-30 11:02 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2011-05-08 15:03 . 2011-03-30 10:57 21312 ----a-w- c:\windows\system32\authuitu.dll
2011-05-08 15:03 . 2011-03-30 10:57 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2011-05-08 15:03 . 2011-05-08 15:03 -------- d-----w- c:\users\LEA\AppData\Roaming\TuneUp Software
2011-05-08 15:02 . 2011-05-08 15:03 -------- d-----w- c:\program files\TuneUp Utilities 2011
2011-05-08 15:02 . 2011-05-08 15:03 -------- d-----w- c:\programdata\TuneUp Software
2011-05-08 15:02 . 2011-05-08 15:02 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-05-06 12:21 . 2011-05-12 23:39 -------- d-----w- c:\program files\Steam
2011-05-05 12:47 . 2011-05-12 09:07 -------- d-----w- c:\users\UpdatusUser
2011-05-05 12:44 . 2011-04-08 05:14 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-05-05 12:44 . 2011-04-08 05:14 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-05-05 12:44 . 2011-04-08 05:14 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-05 12:44 . 2011-04-08 05:14 5180824 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-05 12:44 . 2011-04-08 05:14 2765928 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-05 12:44 . 2011-04-08 05:14 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-05-05 12:44 . 2011-04-08 05:14 15227496 ----a-w- c:\windows\system32\nvoglv32.dll
2011-05-05 12:44 . 2011-04-08 05:14 10690024 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-05-05 12:44 . 2011-04-08 05:14 13007464 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-05 09:33 . 2011-05-05 09:33 -------- d-----w- c:\users\LEA\AppData\Local\Activision
2011-05-05 08:23 . 2011-05-05 08:24 -------- d-----w- c:\program files\vgif
2011-05-03 08:43 . 2011-05-03 08:43 -------- d-----w- c:\users\LEA\AppData\Local\Google
2011-05-03 08:35 . 2011-05-03 08:44 -------- d-----w- c:\users\LEA\AppData\Local\ElevatedDiagnostics
2011-05-03 07:59 . 2011-05-03 07:59 -------- d-----w- c:\users\LEA\AppData\Local\Mozilla
2011-05-03 07:57 . 2011-05-12 11:10 -------- d-----w- c:\users\LEA\AppData\Local\Microsoft
2011-05-02 14:38 . 2011-05-07 09:15 -------- d-----w- c:\users\LEA\AppData\Roaming\funkitron
2011-05-02 14:37 . 2011-05-02 14:37 -------- d-sh--w- c:\windows\ftpcache
2011-05-02 13:43 . 2011-05-02 13:43 -------- d-----w- c:\program files\Microsoft Research
2011-05-02 06:26 . 2010-08-12 03:46 758784 ----a-w- c:\windows\system32\cohelper.dll
2011-05-02 06:26 . 2010-08-09 14:33 11164 ----a-w- c:\windows\system32\drivers\nvphy.bin
2011-05-02 06:22 . 2011-05-02 06:22 -------- d-----w- c:\windows\system32\EventProviders
2011-05-02 06:06 . 2011-05-02 06:06 -------- d-----w- c:\windows\en
2011-05-02 06:00 . 2011-05-02 06:00 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-05-02 05:58 . 2011-05-02 05:59 -------- d-----w- c:\program files\Windows Live
2011-05-02 05:53 . 2011-05-12 11:13 -------- d-----w- c:\users\LEA\AppData\Local\Windows Live
2011-05-02 05:53 . 2011-05-02 05:53 -------- d-----w- c:\program files\Common Files\Windows Live
2011-05-02 05:52 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2011-05-02 02:43 . 2011-04-14 16:26 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-02 02:43 . 2011-04-14 16:25 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-02 02:43 . 2011-04-14 16:25 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-02 02:43 . 2011-04-14 16:25 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-02 02:43 . 2011-04-14 16:25 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-02 02:43 . 2011-04-14 16:25 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-02 02:43 . 2010-01-01 08:00 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-02 02:43 . 2010-01-01 08:00 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-02 02:25 . 2011-03-11 05:44 146304 ----a-w- c:\windows\system32\drivers\storport.sys
2011-05-02 02:25 . 2011-03-11 05:44 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-05-02 02:25 . 2011-03-11 05:44 1210240 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-05-02 02:25 . 2011-03-11 05:44 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-05-02 02:25 . 2011-03-11 05:43 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-05-02 02:25 . 2011-03-11 05:43 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-05-02 02:25 . 2011-03-11 05:43 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-05-02 02:25 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\system32\esent.dll
2011-05-02 02:25 . 2011-03-11 05:37 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-05-02 02:23 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\explorer.exe
2011-05-02 02:21 . 2011-03-12 11:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-05-02 02:20 . 2011-02-18 05:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-05-02 02:20 . 2011-02-19 05:33 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-05-02 02:20 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-05-02 02:20 . 2011-02-19 05:32 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-05-02 02:20 . 2011-02-24 05:32 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-05-02 02:20 . 2011-01-17 05:38 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-05-01 16:14 . 2011-05-01 16:14 -------- d-----w- c:\windows\CheckSur
2011-05-01 16:14 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B776D157-E6BE-4950-A60B-199136E7599A}\mpengine.dll
2011-05-01 15:35 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-05-01 15:35 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-05-01 15:35 . 2011-02-23 05:05 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-01 15:35 . 2011-02-23 05:05 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-01 15:35 . 2011-02-23 05:05 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-01 15:35 . 2011-02-23 05:05 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-05-01 08:19 . 2011-05-01 08:19 -------- d-----w- C:\sawesome
2011-05-01 07:42 . 2011-05-01 07:42 -------- d-----w- c:\program files\TuneUpMedia
2011-05-01 05:30 . 2011-05-01 05:30 -------- d-----w- c:\program files\iPod
2011-05-01 05:27 . 2011-05-01 05:27 -------- d-----w- c:\program files\Bonjour
2011-04-30 07:36 . 2011-04-30 07:36 -------- d-----w- c:\program files\LTYT MP3 Converter
2011-04-27 17:19 . 2011-04-27 17:19 -------- d-----w- c:\users\LEA\AppData\Roaming\NVIDIA
2011-04-19 03:31 . 2011-04-19 03:31 -------- d-----w- c:\windows\system32\Wat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-04 00:27 . 2009-07-14 00:19 276480 ----a-w- c:\windows\system32\compstui.dll
2011-05-04 00:27 . 2009-07-13 23:20 14848 ----a-w- c:\windows\system32\ntvdmd.dll
2011-05-04 00:27 . 2009-07-13 23:52 2048 ----a-w- c:\windows\system32\bridgeres.dll
2011-05-02 05:59 . 2010-06-24 03:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-08 05:14 . 2011-05-05 12:44 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-04-08 05:14 . 2010-08-06 10:22 2034280 ----a-w- c:\windows\system32\nvapi.dll
2011-04-08 05:14 . 2009-07-13 22:09 6299752 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-04-08 05:14 . 2009-06-10 21:19 10071656 ----a-w- c:\windows\system32\nvd3dum.dll
2011-04-07 14:45 . 2011-04-07 14:45 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-04-07 14:45 . 2011-04-07 14:45 612456 ----a-w- c:\windows\system32\nvvsvc.exe
2011-04-07 14:45 . 2011-04-07 14:45 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-07 14:44 . 2011-04-07 14:44 3701352 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-07 14:44 . 2011-04-07 14:44 2565224 ----a-w- c:\windows\system32\nvsvc.dll
2011-04-06 08:20 . 2011-04-06 08:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 08:20 . 2011-04-06 08:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 08:20 . 2011-04-06 08:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 08:20 . 2011-04-06 08:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-02 14:16 . 2009-07-13 23:24 811520 ----a-w- c:\windows\system32\user32.dll.old
2011-03-18 09:34 . 2010-08-06 10:41 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-23 00:27 . 2011-02-23 00:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-02-23 00:27 . 2011-02-23 00:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-02-18 08:36 . 2011-02-18 08:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 08:36 . 2011-02-18 08:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-04-14 16:26 . 2011-05-02 02:43 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2003-10-01 10:04 121856 --sha-w- c:\windows\System32\cfpsys.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2011-01-12 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-12 10:28 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngin0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-01-12 10:28 3911776 ----a-w- c:\program files\uTorrentBar\tbuTo1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2011-01-12 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [2011-01-12 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2011-01-12 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-03-26 399736]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"Steam"="c:\program files\Steam\Steam.exe" [2011-05-07 1242448]
"L09AXLRD_4584682"="c:\program files\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE" [2009-06-11 351000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 15:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutorunRemover.exe]
2008-06-18 15:51 1257472 ----a-w- c:\program files\AutorunRemover\AutorunRemover.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 03:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-14 03:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L09AXLRD_3070068]
2009-06-11 02:49 351000 ----a-w- c:\program files\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L09AXLRD_6851907]
2009-06-11 02:49 351000 ----a-w- c:\program files\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 02:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 09:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]
2005-10-11 12:54 339968 ----a-w- c:\windows\vsnpstd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 06:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Antivirus]
2010-12-11 15:28 824224 ----a-w- c:\program files\USB Disk Security\USBGuard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Warning: do not remove it! (system)]
2003-10-01 10:04 121856 --sha-w- c:\windows\System32\cfpsys.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Adobe.exe"=c:\users\LEA\AppData\Roaming\Adobe.exe
"L09AXLRD_6462325"="c:\program files\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE" -m
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-06 136176]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe [x]
R3 cpuz134;cpuz134;c:\users\LEA\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-06 136176]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-07-12 3583840]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-19 1343400]
S1 vdrv9000;vdrv9000;c:\windows\system32\Drivers\VDRV9000.SYS [2007-11-14 113168]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-05-01 136360]
S2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon.exe [2009-01-07 81920]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-07 378472]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-03-30 1523008]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2011-02-10 10064]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-26 10:26]
.
2011-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-26 10:26]
.
2011-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2498620038-3934093899-3520722079-1001Core.job
- c:\users\LEA\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-02 02:56]
.
2011-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2498620038-3934093899-3520722079-1001UA.job
- c:\users\LEA\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-02 02:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.microsoft.com
mStart Page = hxxp://www.microsoft.com
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = *.local
IE: Download All By FlashGet3 - c:\users\LEA\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download By FlashGet3 - c:\users\LEA\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\SpeedBit Video Accelerator\SBLSP.dll
Trusted Zone: facebook.com
FF - ProfilePath - c:\users\LEA\AppData\Roaming\Mozilla\Firefox\Profiles\bjkw3bjo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=hp
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2498620038-3934093899-3520722079-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A379EA48-F984-C397-1631-761CA066D9F4}*]
"palpafihgaoaccgcnddmaegfahnppfoc"=hex:6a,61,67,6f,69,6d,6e,68,70,62,63,6d,6c,
64,70,65,61,61,70,6f,00,00
"abbfomdfnfllnofmloicbhehhflfgbdiam"=hex:6a,61,67,6f,64,6e,62,62,6c,62,65,69,
6b,64,64,6a,70,6b,6f,62,00,00
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-05-13 12:20:30 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-13 04:20
ComboFix2.txt 2011-05-12 10:52
.
Pre-Run: 52,634,673,152 bytes free
Post-Run: 52,341,051,392 bytes free
.
- - End Of File - - E69ACC3CEC18D18D890A6D12A5399C65

Uninstall List:

Update for Microsoft Office 2007 (KB2508958)
µTorrent
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.2
Adobe Shockwave Player 11.5
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Autorun Virus Remover 2.3
Avira AntiVir Personal - Free Antivirus
AviSynth 2.5
Bloom
Bonjour
Canon ScanGear Starter
CanoScan Toolbox Ver4.9
CCleaner
Cheat Engine 5.6.1
Clip Extractor Toolbar
Conduit Engine
Cool & Quiet
D3DX10
Dragon Age: Origins
ffdshow [rev 2583] [2009-01-05]
GameClub Launcher PH (Remove only)
GameHouse Games Collection: Academy of Magic
GameHouse Games Collection: Adventure Inlay
GameHouse Games Collection: Adventure Inlay - Safari Edition
GameHouse Games Collection: Air Strike 3D
GameHouse Games Collection: Alien Sky
GameHouse Games Collection: Aloha Solitaire
GameHouse Games Collection: Aloha TriPeaks
GameHouse Games Collection: Ancient Tri-Jong
GameHouse Games Collection: Ancient Tripeaks
GameHouse Games Collection: Astrobatics
GameHouse Games Collection: Atlantis
GameHouse Games Collection: Atomaders
GameHouse Games Collection: Bejeweled 2
GameHouse Games Collection: Bewitched
GameHouse Games Collection: Big Kahuna Reef
GameHouse Games Collection: Boggle Supreme
GameHouse Games Collection: Bounce Out Blitz
GameHouse Games Collection: Casino Island To Go
GameHouse Games Collection: Chainz
GameHouse Games Collection: Chainz 2 - Relinked
GameHouse Games Collection: Charm Solitaire
GameHouse Games Collection: Charm Tale
GameHouse Games Collection: Chicktionary
GameHouse Games Collection: Chuzzle Deluxe
GameHouse Games Collection: Collapse! Crunch
GameHouse Games Collection: Combo Chaos!
GameHouse Games Collection: Crystal Path
GameHouse Games Collection: Cubis Gold 2
GameHouse Games Collection: Digby's Donuts
GameHouse Games Collection: Diner Dash
GameHouse Games Collection: Feeding Frenzy
GameHouse Games Collection: Fiber Twig
GameHouse Games Collection: Five Card Deluxe
GameHouse Games Collection: Flip Words
GameHouse Games Collection: Flying Leo
GameHouse Games Collection: Fortune Tiles Gold
GameHouse Games Collection: Fresco Wizard
GameHouse Games Collection: GameHouse Sudoku
GameHouse Games Collection: Gearz
GameHouse Games Collection: Granny in Paradise
GameHouse Games Collection: Gutterball
GameHouse Games Collection: Gutterball 2
GameHouse Games Collection: Hamsterball
GameHouse Games Collection: Hello!
GameHouse Games Collection: Holiday Express
GameHouse Games Collection: Iggle Pop!
GameHouse Games Collection: Incadia
GameHouse Games Collection: Incredible Ink
GameHouse Games Collection: Insaniquarium Deluxe
GameHouse Games Collection: Inspector Parker
GameHouse Games Collection: Invadazoid
GameHouse Games Collection: Jewel Quest
GameHouse Games Collection: Lemonade Tycoon
GameHouse Games Collection: Luxor
GameHouse Games Collection: Mad Caps
GameHouse Games Collection: Magic Ball
GameHouse Games Collection: Magic Ball 2
GameHouse Games Collection: Magic Ball 2 - New Worlds
GameHouse Games Collection: Magic Inlay
GameHouse Games Collection: Magic Vines
GameHouse Games Collection: Mah Jong Adventures
GameHouse Games Collection: Mah Jong Medley
GameHouse Games Collection: Mah Jong Quest
GameHouse Games Collection: Mahjong Garden To Go
GameHouse Games Collection: Mahjong Towers Eternity
GameHouse Games Collection: Maui Wowee
GameHouse Games Collection: Phlinx To Go
GameHouse Games Collection: Pin High Country Club Golf
GameHouse Games Collection: Pizza Frenzy
GameHouse Games Collection: Platypus
GameHouse Games Collection: Poker Superstars
GameHouse Games Collection: Puzzle Express
GameHouse Games Collection: Puzzle Inlay
GameHouse Games Collection: Puzzle Solitaire
GameHouse Games Collection: QBz
GameHouse Games Collection: Reader's Digest Super Word Power
GameHouse Games Collection: Ricochet
GameHouse Games Collection: Ricochet Lost Worlds
GameHouse Games Collection: Ricochet Lost Worlds - Recharged
GameHouse Games Collection: Roller Rush
GameHouse Games Collection: Saints & Sinners Bingo
GameHouse Games Collection: SCRABBLE
GameHouse Games Collection: Shape Shifter
GameHouse Games Collection: Slingo Deluxe
GameHouse Games Collection: Spelvin
GameHouse Games Collection: Splash
GameHouse Games Collection: Spring Sprang Sprung
GameHouse Games Collection: Super 5-Line Slots
GameHouse Games Collection: Super Blackjack!
GameHouse Games Collection: Super Bounce Out!
GameHouse Games Collection: Super Candy Cruncher
GameHouse Games Collection: Super Collapse!
GameHouse Games Collection: Super Collapse! II
GameHouse Games Collection: Super Collapse! II Platinum
GameHouse Games Collection: Super Fruit Frolic
GameHouse Games Collection: Super GameHouse Solitaire Vol. 1
GameHouse Games Collection: Super GameHouse Solitaire Vol. 2
GameHouse Games Collection: Super GameHouse Solitaire Vol. 3
GameHouse Games Collection: Super Gem Drop
GameHouse Games Collection: Super Glinx!
GameHouse Games Collection: Super Letter Linker
GameHouse Games Collection: Super Mah Jong Solitaire
GameHouse Games Collection: Super Nisqually
GameHouse Games Collection: Super PileUp!
GameHouse Games Collection: Super Pool
GameHouse Games Collection: Super Pop & Drop!
GameHouse Games Collection: Super Rumble Cube
GameHouse Games Collection: Super SpongeBob Collapse!
GameHouse Games Collection: Super TextTwist
GameHouse Games Collection: Super WHATword
GameHouse Games Collection: Super Wild Wild Words
GameHouse Games Collection: Tap a Jam
GameHouse Games Collection: Ten Pin Championship Bowling Pro
GameHouse Games Collection: Tennis Titans
GameHouse Games Collection: Tradewinds 2
GameHouse Games Collection: Trivia Machine
GameHouse Games Collection: Tropical Swaps
GameHouse Games Collection: Tumblebugs
GameHouse Games Collection: Turtle Bay
GameHouse Games Collection: Twistingo
GameHouse Games Collection: Ultimate Dominoes
GameHouse Games Collection: Varmintz Deluxe
GameHouse Games Collection: Walls of Jericho, The
GameHouse Games Collection: Wheel of Fortune
GameHouse Games Collection: Word Jolt
GameHouse Games Collection: Word Slinger
GameHouse Games Collection: WordJong To Go
GameHouse Games Collection: Zuma Deluxe
Google Earth Plug-in
Google Update Helper
HiJackThis
ImgBurn
Internet TV for Windows Media Center
iTunes
Java(TM) 6 Update 24
LAME v3.98.2 for Audacity
Learning Essentials for Microsoft Office
LTYT MP3 Converter 1.1
Magic ISO Maker v5.5 (build 0281)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended
Microsoft Image Composite Editor
Microsoft Math
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Student 2007 for Learning Essentials
Microsoft Student with Encarta Premium 2009
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Mozilla Firefox 4.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
NSIS vgif
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Controller Driver 270.61
NVIDIA 3D Vision Driver 270.61
NVIDIA Drivers
NVIDIA Graphics Driver 270.61
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.1.34
QuickTime
San Andreas Mod Installer
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Toolbars
Skype™ 4.2
Steam
System Requirements Lab
System Requirements Lab CYRI
The Sims™ 3
TuneUp Companion 2.0.9
TuneUp Utilities 2011
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2536413)
USB Disk Security 5.0.0.35
uTorrentBar Toolbar
VLC media player 1.1.9
Winamp
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
Windows Movie Maker 2.6
WinRAR archiver
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
YouTube Downloader 2.7.1

Checkup.txt

Results of screen317's Security Check version 0.99.10
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
Autorun Virus Remover 2.3
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
TuneUp Utilities 2011
TuneUp Companion 2.0.9
TuneUp Utilities Language Pack (en-US)
TuneUp Utilities 2011
CCleaner
Java(TM) 6 Update 24
Adobe Flash Player 10.2.159.1
Adobe Reader 9.4.2
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avguard.exe
``````````End of Log````````````

PROBLEM:
Whenever I click "Export" in Filefinder, an error message comes up, saying:

Run time error '52':
Bad file name or number.

EDIT:
Here are additional computer problems:

I cannot run troubleshouters. Everyitme I try to launch one, it always says: A problem is preventing the troubleshooter from starting. Error code: 0x803C010A
Whenever I disable my antivirus to run Combofix, I cannot activate it after the reboot. The mouse pointer changes to a "loading" icon for about a splitsecond, and goes back to a normal state, as if I didn't launch anything. It won't even appear in the Taskbar icons. I had to reboot before it appeared in the Taskbar icons again.

johnb35 · May 13, 2011

If you have any nongenuine software installed, please uninstall it. I noticed you have utorrent installed. Nongenuine software is how you get infected easily.

Please uninstall the following programs via add/remove programs.

µTorrent
uTorrentBar Toolbar
Conduit Engine

TuneUp Companion 2.0.9
TuneUp Utilities 2011
USB Disk Security 5.0.0.35
Autorun Virus Remover 2.3

The last 4 programs usually refer to hacked/keygen software. If you have actually paid for them, then its up to you. Also uninstall any software that you know is illegal and not paid for.

Since you can't export the text from file find, can you write it in a post of what the report says?

Sherlock_34 · May 13, 2011

Done uninstalling the programs.

Since you can't export the text from file find, can you write it in a post of what the report says?

I'm sorry I can't, because no report actually comes out. Is there another way to do this?

johnb35 · May 13, 2011

Then in that case, do a file search for taskkill.exe and tell me where all the locations of the file are located.

Sherlock_34 · May 13, 2011

Here are the files I've found:

taskkill.exe.mui - C:\Windows\System32\en-US

taskkill.exe.mui - C:\Windows\winsxs\x86_microsoft-windows-taskkill.resources_31bf3856ad364e35_6.1.7600.16385_en-us_001f1af17f8ea927

taskkill.exe - C:\Windows\System32

taskkill.exe - C:\Windows\winsxs\x86_microsoft-windows-taskkill_31bf3856ad364e35_6.1.7600.16385_none_25545528bd642170

SIDENOTE: Strange since FileFind only found two files, instead of four.

johnb35 · May 13, 2011

We need to know if the file in the one particular location is infection free so we need to upload the file to a file checker for us.

Please go to Virustotal.com

Click on the browse button and upload the taskkill.exe file from this location

C:\Windows\winsxs\x86_microsoft-windows-taskkill_31bf3856ad364e35_6.1.7600.16385_none_2554 5528bd642170

so it can scan it and then give me link to the result,it might take a minute for it give the result.

Sherlock_34 · May 13, 2011

I don't know if this is the result you're talking about, but check it out. Is this the one?

www.virustotal.com/file-scan/report.html?id=cfb9dcaad16d2118e61d97d22561dd8e0efb3680fbc3d40f25ef89f2144b38ef-1305294126

johnb35 · May 13, 2011

Yes, that would be the one.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

Code:

Killall::

Fcopy::

C:\Windows\winsxs\x86_microsoft-windows-taskkill_31bf3856ad364e35_6.1.7600.16385_none_2554 5528bd642170\taskkill.exe | c:\windows\System32\taskkill.exe

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Sherlock_34 · May 13, 2011

Here it is:

ComboFix 11-05-12.02 - LEA 05/13/2011 22:11:44.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2047.1172 [GMT 8:00]
Running from: c:\users\LEA\Desktop\ComboFix.exe
Command switches used :: c:\users\LEA\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
.
----- BITS: Possible infected sites -----
.
hxxp://xp.yimg.com
c:\windows\System32\taskkill.exe . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2011-04-13 to 2011-05-13 )))))))))))))))))))))))))))))))
.
.
2011-05-13 14:23 . 2011-05-13 14:27 -------- d-----w- c:\users\LEA\AppData\Local\temp
2011-05-13 14:23 . 2011-05-13 14:23 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-05-13 14:23 . 2011-05-13 14:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-13 08:19 . 2011-05-13 08:19 -------- d-----w- c:\users\LEA\AppData\Roaming\FVZilla
2011-05-13 08:19 . 2011-05-13 08:19 -------- d-----w- C:\downloads
2011-05-13 08:19 . 2011-05-13 08:21 -------- d-----w- c:\program files\Free Video Zilla
2011-05-13 08:10 . 2011-05-13 08:10 -------- d-----w- c:\program files\WinPcap
2011-05-12 05:51 . 2011-05-12 05:51 -------- d-----w- c:\users\LEA\AppData\Roaming\Malwarebytes
2011-05-12 05:51 . 2010-12-20 10:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-12 05:51 . 2011-05-12 05:51 -------- d-----w- c:\programdata\Malwarebytes
2011-05-12 05:51 . 2011-05-12 05:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-12 05:51 . 2010-12-20 10:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-12 05:50 . 2011-05-12 05:50 388096 ----a-r- c:\users\LEA\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-11 14:56 . 2011-05-11 14:56 -------- d-----w- c:\users\LEA\AppData\Local\SKIDROW
2011-05-09 12:27 . 2011-05-09 12:37 -------- d-----w- c:\users\LEA\AppData\Roaming\vlc
2011-05-09 10:59 . 2011-05-09 10:59 -------- d-----w- c:\program files\CCleaner
2011-05-08 15:03 . 2011-03-30 11:02 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2011-05-08 15:03 . 2011-03-30 10:57 21312 ----a-w- c:\windows\system32\authuitu.dll
2011-05-08 15:03 . 2011-03-30 10:57 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2011-05-08 15:03 . 2011-05-08 15:03 -------- d-----w- c:\users\LEA\AppData\Roaming\TuneUp Software
2011-05-08 15:02 . 2011-05-08 15:03 -------- d-----w- c:\program files\TuneUp Utilities 2011
2011-05-08 15:02 . 2011-05-08 15:03 -------- d-----w- c:\programdata\TuneUp Software
2011-05-08 15:02 . 2011-05-08 15:02 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-05-06 12:21 . 2011-05-13 12:04 -------- d-----w- c:\program files\Steam
2011-05-05 12:47 . 2011-05-12 09:07 -------- d-----w- c:\users\UpdatusUser
2011-05-05 12:44 . 2011-04-08 05:14 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-05-05 12:44 . 2011-04-08 05:14 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-05-05 12:44 . 2011-04-08 05:14 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-05 12:44 . 2011-04-08 05:14 5180824 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-05 12:44 . 2011-04-08 05:14 2765928 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-05 12:44 . 2011-04-08 05:14 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-05-05 12:44 . 2011-04-08 05:14 15227496 ----a-w- c:\windows\system32\nvoglv32.dll
2011-05-05 12:44 . 2011-04-08 05:14 10690024 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-05-05 12:44 . 2011-04-08 05:14 13007464 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-05 09:33 . 2011-05-05 09:33 -------- d-----w- c:\users\LEA\AppData\Local\Activision
2011-05-05 08:23 . 2011-05-05 08:24 -------- d-----w- c:\program files\vgif
2011-05-03 08:43 . 2011-05-03 08:43 -------- d-----w- c:\users\LEA\AppData\Local\Google
2011-05-03 08:35 . 2011-05-13 06:03 -------- d-----w- c:\users\LEA\AppData\Local\ElevatedDiagnostics
2011-05-03 07:59 . 2011-05-03 07:59 -------- d-----w- c:\users\LEA\AppData\Local\Mozilla
2011-05-03 07:57 . 2011-05-12 11:10 -------- d-----w- c:\users\LEA\AppData\Local\Microsoft
2011-05-02 14:38 . 2011-05-07 09:15 -------- d-----w- c:\users\LEA\AppData\Roaming\funkitron
2011-05-02 14:37 . 2011-05-02 14:37 -------- d-sh--w- c:\windows\ftpcache
2011-05-02 13:43 . 2011-05-02 13:43 -------- d-----w- c:\program files\Microsoft Research
2011-05-02 06:26 . 2010-08-12 03:46 758784 ----a-w- c:\windows\system32\cohelper.dll
2011-05-02 06:26 . 2010-08-09 14:33 11164 ----a-w- c:\windows\system32\drivers\nvphy.bin
2011-05-02 06:22 . 2011-05-02 06:22 -------- d-----w- c:\windows\system32\EventProviders
2011-05-02 06:06 . 2011-05-02 06:06 -------- d-----w- c:\windows\en
2011-05-02 06:00 . 2011-05-02 06:00 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-05-02 05:58 . 2011-05-02 05:59 -------- d-----w- c:\program files\Windows Live
2011-05-02 05:53 . 2011-05-12 11:13 -------- d-----w- c:\users\LEA\AppData\Local\Windows Live
2011-05-02 05:53 . 2011-05-02 05:53 -------- d-----w- c:\program files\Common Files\Windows Live
2011-05-02 05:52 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2011-05-02 02:43 . 2011-04-14 16:26 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-02 02:43 . 2011-04-14 16:25 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-02 02:43 . 2011-04-14 16:25 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-02 02:43 . 2011-04-14 16:25 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-02 02:43 . 2011-04-14 16:25 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-02 02:43 . 2011-04-14 16:25 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-02 02:43 . 2010-01-01 08:00 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-02 02:43 . 2010-01-01 08:00 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-02 02:25 . 2011-03-11 05:44 146304 ----a-w- c:\windows\system32\drivers\storport.sys
2011-05-02 02:25 . 2011-03-11 05:44 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-05-02 02:25 . 2011-03-11 05:44 1210240 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-05-02 02:25 . 2011-03-11 05:44 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-05-02 02:25 . 2011-03-11 05:43 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-05-02 02:25 . 2011-03-11 05:43 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-05-02 02:25 . 2011-03-11 05:43 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-05-02 02:25 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\system32\esent.dll
2011-05-02 02:25 . 2011-03-11 05:37 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-05-02 02:23 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\explorer.exe
2011-05-02 02:21 . 2011-03-12 11:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-05-02 02:20 . 2011-02-18 05:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-05-02 02:20 . 2011-02-19 05:33 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-05-02 02:20 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-05-02 02:20 . 2011-02-19 05:32 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-05-02 02:20 . 2011-02-24 05:32 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-05-02 02:20 . 2011-01-17 05:38 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-05-01 16:14 . 2011-05-01 16:14 -------- d-----w- c:\windows\CheckSur
2011-05-01 16:14 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B776D157-E6BE-4950-A60B-199136E7599A}\mpengine.dll
2011-05-01 15:35 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-05-01 15:35 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-05-01 15:35 . 2011-02-23 05:05 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-01 15:35 . 2011-02-23 05:05 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-01 15:35 . 2011-02-23 05:05 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-01 15:35 . 2011-02-23 05:05 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-05-01 08:19 . 2011-05-01 08:19 -------- d-----w- C:\sawesome
2011-05-01 05:30 . 2011-05-01 05:30 -------- d-----w- c:\program files\iPod
2011-05-01 05:27 . 2011-05-01 05:27 -------- d-----w- c:\program files\Bonjour
2011-04-30 07:36 . 2011-04-30 07:36 -------- d-----w- c:\program files\LTYT MP3 Converter
2011-04-27 17:19 . 2011-04-27 17:19 -------- d-----w- c:\users\LEA\AppData\Roaming\NVIDIA
2011-04-19 03:31 . 2011-04-19 03:31 -------- d-----w- c:\windows\system32\Wat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-04 00:27 . 2009-07-14 00:19 276480 ----a-w- c:\windows\system32\compstui.dll
2011-05-04 00:27 . 2009-07-13 23:20 14848 ----a-w- c:\windows\system32\ntvdmd.dll
2011-05-04 00:27 . 2009-07-13 23:52 2048 ----a-w- c:\windows\system32\bridgeres.dll
2011-05-02 05:59 . 2010-06-24 03:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-08 05:14 . 2011-05-05 12:44 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-04-08 05:14 . 2010-08-06 10:22 2034280 ----a-w- c:\windows\system32\nvapi.dll
2011-04-08 05:14 . 2009-07-13 22:09 6299752 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-04-08 05:14 . 2009-06-10 21:19 10071656 ----a-w- c:\windows\system32\nvd3dum.dll
2011-04-07 14:45 . 2011-04-07 14:45 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-04-07 14:45 . 2011-04-07 14:45 612456 ----a-w- c:\windows\system32\nvvsvc.exe
2011-04-07 14:45 . 2011-04-07 14:45 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-07 14:44 . 2011-04-07 14:44 3701352 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-07 14:44 . 2011-04-07 14:44 2565224 ----a-w- c:\windows\system32\nvsvc.dll
2011-04-06 08:20 . 2011-04-06 08:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 08:20 . 2011-04-06 08:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 08:20 . 2011-04-06 08:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 08:20 . 2011-04-06 08:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-02 14:16 . 2009-07-13 23:24 811520 ----a-w- c:\windows\system32\user32.dll.old
2011-03-18 09:34 . 2010-08-06 10:41 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-23 00:27 . 2011-02-23 00:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-02-23 00:27 . 2011-02-23 00:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-02-18 08:36 . 2011-02-18 08:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 08:36 . 2011-02-18 08:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-04-14 16:26 . 2011-05-02 02:43 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2003-10-01 10:04 121856 --sha-w- c:\windows\System32\cfpsys.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2011-01-12 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-01-12 10:28 3911776 ----a-w- c:\program files\uTorrentBar\tbuTo1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2011-01-12 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2011-01-12 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"Steam"="c:\program files\Steam\Steam.exe" [2011-05-07 1242448]
"L09AXLRD_4584682"="c:\program files\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE" [2009-06-11 351000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 15:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 03:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-14 03:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L09AXLRD_3070068]
2009-06-11 02:49 351000 ----a-w- c:\program files\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L09AXLRD_6851907]
2009-06-11 02:49 351000 ----a-w- c:\program files\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 02:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 09:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]
2005-10-11 12:54 339968 ----a-w- c:\windows\vsnpstd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 06:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Antivirus]
2010-12-11 15:28 824224 ----a-w- c:\program files\USB Disk Security\USBGuard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Warning: do not remove it! (system)]
2003-10-01 10:04 121856 --sha-w- c:\windows\System32\cfpsys.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Adobe.exe"=c:\users\LEA\AppData\Roaming\Adobe.exe
"L09AXLRD_6462325"="c:\program files\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE" -m
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-06 136176]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe [x]
R3 cpuz134;cpuz134;c:\users\LEA\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-06 136176]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-07-12 3583840]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-19 1343400]
S1 vdrv9000;vdrv9000;c:\windows\system32\Drivers\VDRV9000.SYS [2007-11-14 113168]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-05-01 136360]
S2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon.exe [2009-01-07 81920]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-07 378472]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-03-30 1523008]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2011-02-10 10064]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-26 10:26]
.
2011-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-26 10:26]
.
2011-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2498620038-3934093899-3520722079-1001Core.job
- c:\users\LEA\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-02 02:56]
.
2011-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2498620038-3934093899-3520722079-1001UA.job
- c:\users\LEA\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-02 02:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.microsoft.com
mStart Page = hxxp://www.microsoft.com
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = *.local
IE: Download All By FlashGet3 - c:\users\LEA\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download By FlashGet3 - c:\users\LEA\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\SpeedBit Video Accelerator\SBLSP.dll
Trusted Zone: facebook.com
FF - ProfilePath - c:\users\LEA\AppData\Roaming\Mozilla\Firefox\Profiles\bjkw3bjo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=hp
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-c:\program files\Free Video Zilla\FVZilla.exe - (no file)
MSConfigStartUp-AutorunRemover - c:\program files\AutorunRemover\AutorunRemover.exe
AddRemove-URL Helper_is1 - e:\urlhelper\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2498620038-3934093899-3520722079-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A379EA48-F984-C397-1631-761CA066D9F4}*]
"palpafihgaoaccgcnddmaegfahnppfoc"=hex:6a,61,67,6f,69,6d,6e,68,70,62,63,6d,6c,
64,70,65,61,61,70,6f,00,00
"abbfomdfnfllnofmloicbhehhflfgbdiam"=hex:6a,61,67,6f,64,6e,62,62,6c,62,65,69,
6b,64,64,6a,70,6b,6f,62,00,00
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-05-13 22:30:17 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-13 14:30
ComboFix2.txt 2011-05-13 04:20
ComboFix3.txt 2011-05-12 10:52
.
Pre-Run: 51,358,605,312 bytes free
Post-Run: 51,300,904,960 bytes free
.
- - End Of File - - 9FB6B848A21F7BC7B3C8FD991BC576B0

johnb35 · May 13, 2011

Well that didn't work like it should have. I'm not at home at the moment so you will have to wait until later today when I can reply with more instructions.

Sherlock_34 · May 13, 2011

I see what you mean. I checked the folder and it seems that taskkill.exe was still there. Should I delete it manually?

EDIT: My startup/freezing problems came back. My computer just froze randomly and I had to reboot. I had to press the reset button many times, because the computer wouldn't get past the BIOS screen.

johnb35 · May 14, 2011

Sorry about not getting back to you. No you shouldn't delete any windows vaild file. I need to upload a copy of my uninfected file for you to replace yours with. Give me a minute to set this up for you.

johnb35 · May 14, 2011

I'm attaching a zipped file of taskill.exe. You will need to download it and unzip it and then copy and paste the file into your c\windows\system32 folder. You should get a notification that the folder already has a file named that and asking if you want to overwrite it, choose yes. Then please rerun combofix for me to make sure the overwrite took. If not, i will have to give you another script to run.

pc problem.

New Member

VIP Member

New Member

VIP Member

New Member

VIP Member

Administrator

New Member

Administrator

New Member

Administrator

New Member

Administrator

New Member

Administrator

New Member

Administrator

New Member

Administrator

Administrator

Attachments