Which browser are you talking about that sucks up the CPU? Internet Explorer or Chrome?

For BitTorrent:

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  Code:

  :folderfind
*bittorrent*

:regfind
bittorrent

  
  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 22:04 on 21/06/2010 by Elmo (Administrator - Elevation successful)

========== folderfind ==========

Searching for "*bittorrent*"
No folders found.

========== regfind ==========

Searching for "bittorrent"
[HKEY_CURRENT_USER\Software\BitTorrent]
[HKEY_CURRENT_USER\Software\BitTorrent\BitTorrent]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31A86D13-8ACA-45B8-BC75-7D9DF66B3901}]
"AppPath"="C:\Program Files\BitTorrent"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31A86D13-8ACA-45B8-BC75-7D9DF66B3901}]
"AppPath"="C:\Program Files\BitTorrent"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\e3a44b2d_0]
@="{0.0.0.00000000}.{4cef4e1b-8bf8-4b32-92b8-ad1f226af776}|\Device\HarddiskVolume3\Users\Elmo\Documents\Downloads\BitTorrent Completed\WinRAR 3.90 Final x86-x64 PreRegged\Keygen.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\all-bittorrent.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\bittorrent]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\www.bittorrent]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\all-bittorrent.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\bittorrent]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\www.bittorrent]
[HKEY_CURRENT_USER\Software\Classes\Azureus\Content Type]
@="application/x-bittorrent"
[HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-bittorrent]
[HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml]
[HKEY_LOCAL_MACHINE\SOFTWARE\BitTorrent]
[HKEY_LOCAL_MACHINE\SOFTWARE\BitTorrent\Plugin]
"rootpath"="C:\Program Files\BitTorrent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ares.Torrent\Content Type]
@="application/x-bittorrent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Azureus\Content Type]
@="application/x-bittorrent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\all-bittorrent.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\bittorrent]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\www.bittorrent]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\all-bittorrent.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\bittorrent]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\www.bittorrent]
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@bittorrent.com/BitTorrentDNA]
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@bittorrent.com/BitTorrentDNA\MimeTypes\application/vnd.bittorrent-dna]
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@bittorrent.com/BitTorrentDNA\MimeTypes\application/vnd.bittorrent-dna]
"Description"="Delivery Network Acceleration by BitTorrent?"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\all-bittorrent.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\bittorrent]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\www.bittorrent]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\all-bittorrent.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\bittorrent]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\www.bittorrent]
[HKEY_USERS\S-1-5-21-2581296474-4004132396-1459460041-1000\Software\BitTorrent]
[HKEY_USERS\S-1-5-21-2581296474-4004132396-1459460041-1000\Software\BitTorrent\BitTorrent]
[HKEY_USERS\S-1-5-21-2581296474-4004132396-1459460041-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31A86D13-8ACA-45B8-BC75-7D9DF66B3901}]
"AppPath"="C:\Program Files\BitTorrent"
[HKEY_USERS\S-1-5-21-2581296474-4004132396-1459460041-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31A86D13-8ACA-45B8-BC75-7D9DF66B3901}]
"AppPath"="C:\Program Files\BitTorrent"
[HKEY_USERS\S-1-5-21-2581296474-4004132396-1459460041-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\e3a44b2d_0]
@="{0.0.0.00000000}.{4cef4e1b-8bf8-4b32-92b8-ad1f226af776}|\Device\HarddiskVolume3\Users\Elmo\Documents\Downloads\BitTorrent Completed\WinRAR 3.90 Final x86-x64 PreRegged\Keygen.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-2581296474-4004132396-1459460041-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\all-bittorrent.com]
[HKEY_USERS\S-1-5-21-2581296474-4004132396-1459460041-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\bittorrent]
[HKEY_USERS\S-1-5-21-2581296474-4004132396-1459460041-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\www.bittorrent]
[HKEY_USERS\S-1-5-21-2581296474-4004132396-1459460041-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\all-bittorrent.com]
[HKEY_USERS\S-1-5-21-2581296474-4004132396-1459460041-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\bittorrent]
[HKEY_USERS\S-1-5-21-2581296474-4004132396-1459460041-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\www.bittorrent]
[HKEY_USERS\S-1-5-21-2581296474-4004132396-1459460041-1000\Software\Classes\Azureus\Content Type]
@="application/x-bittorrent"
[HKEY_USERS\S-1-5-21-2581296474-4004132396-1459460041-1000\Software\Classes\MIME\Database\Content Type\application/x-bittorrent]
[HKEY_USERS\S-1-5-21-2581296474-4004132396-1459460041-1000\Software\Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml]
[HKEY_USERS\S-1-5-21-2581296474-4004132396-1459460041-1000_Classes\Azureus\Content Type]
@="application/x-bittorrent"
[HKEY_USERS\S-1-5-21-2581296474-4004132396-1459460041-1000_Classes\MIME\Database\Content Type\application/x-bittorrent]
[HKEY_USERS\S-1-5-21-2581296474-4004132396-1459460041-1000_Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\all-bittorrent.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\bittorrent]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\www.bittorrent]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\all-bittorrent.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\bittorrent]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\www.bittorrent]

-=End Of File=-

Oh & I was talking about Chrome. I've just had bad experiences with Internet Explorer in the past so I switched to Mozilla Firefox until Google Chrome came out. But it turns out, Google Chrome seems to run like two or three different processes for each tab [each taking up about 20,000k-30,000k in the task manager] even for new, empty tabs! Now that I type it out, Firefox obviously seems to be the better choice! Haha, thanks!

Download both of these, but SAVE them to your Desktop. Do not open them directly.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
rapidshare.com rapidshare.comCFScript.txt.html

Then, once that is done, drag CFScript.txt into ComboFix.exe.

ComboFix will run, and will eventually launch a log.

Please post it in your next reply.

ComboFix 10-06-22.01 - Elmo 06/22/2010 14:24:56.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2045.1185 [GMT -4:00]
Running from: c:\users\Elmo\Desktop\ComboFix.exe
Command switches used :: c:\users\Elmo\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1290 [VPS 081122-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1290 [VPS 081122-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-05-22 to 2010-06-22 )))))))))))))))))))))))))))))))
.

2010-06-22 18:35 . 2010-06-22 18:35 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-22 18:35 . 2010-06-22 18:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-22 18:35 . 2010-06-22 18:35 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-06-22 04:40 . 2010-06-22 04:40 -------- d-----w- c:\users\Elmo\AppData\Roaming\uTorrent
2010-06-22 01:59 . 2010-06-22 02:01 -------- d-----w- c:\programdata\Comodo Downloader
2010-06-22 01:57 . 2010-06-22 01:57 -------- d-----w- c:\program files\hpHosts
2010-06-22 01:40 . 2010-06-22 01:41 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-20 19:01 . 2010-06-20 19:01 -------- d-----w- c:\program files\ESET
2010-06-20 18:41 . 2010-06-22 18:35 -------- d-----w- c:\users\Elmo\AppData\Local\temp
2010-06-20 09:44 . 2010-06-20 09:43 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-20 05:03 . 2010-06-20 05:03 -------- d-----w- c:\users\Elmo\AppData\Roaming\Malwarebytes
2010-06-20 05:03 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-20 05:03 . 2010-06-20 05:03 -------- d-----w- c:\programdata\Malwarebytes
2010-06-20 05:03 . 2010-06-20 05:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-20 05:03 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-20 03:08 . 2010-06-20 03:10 46064978 ----a-w- c:\programdata\motorola\motorola media link\UpDate\Download\Motorola Media Link\1.02.0800.3\patch\patch.exe
2010-06-19 22:55 . 2010-06-19 22:55 -------- d-----w- c:\windows\system32\MpEngineStore
2010-06-18 20:51 . 2010-06-18 20:53 -------- d-----w- c:\users\Elmo\AppData\Roaming\ooVoo Details
2010-06-18 20:47 . 2010-06-18 20:47 -------- d-----w- c:\program files\ooVoo
2010-06-16 20:39 . 2010-06-16 20:39 -------- d-----w- c:\users\Administrator\AppData\Roaming\DragonicaSCB
2010-06-16 18:53 . 2010-06-16 18:53 -------- d-----w- c:\users\Administrator\AppData\Roaming\DAEMON Tools Lite
2010-06-16 18:46 . 2010-06-16 20:23 1096 -c--a-w- C:\debug.dat
2010-06-16 18:39 . 2010-06-16 18:39 291 ----a-w- c:\windows\PowerReg.dat
2010-06-16 18:33 . 2000-01-14 16:14 45568 ----a-w- c:\windows\UniFish3.exe
2010-06-16 18:32 . 2010-06-16 18:32 -------- d-----w- c:\program files\Hasbro Interactive
2010-06-16 05:45 . 2010-06-17 02:24 -------- d-----w- c:\users\Elmo\AppData\Roaming\Atari
2010-06-16 04:07 . 2010-06-16 04:07 -------- d-----w- c:\program files\Common Files\SWF Studio
2010-06-16 04:05 . 2010-06-16 04:05 -------- d-----w- c:\program files\LEGO Media
2010-06-16 03:48 . 2010-06-16 03:49 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-06-16 03:47 . 2010-06-16 04:01 -------- d-----w- c:\users\Elmo\AppData\Roaming\DAEMON Tools Lite
2010-06-16 03:47 . 2010-06-16 03:47 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-06-15 23:10 . 2010-06-15 23:10 -------- d-----w- c:\program files\Activision Value
2010-06-15 20:20 . 2010-06-16 00:49 -------- dc----w- C:\hegames
2010-06-15 17:12 . 2010-06-22 00:44 -------- d-----w- c:\program files\Enigma Software Group
2010-06-13 22:33 . 2010-06-13 22:33 -------- d-----w- c:\program files\Common Files\Nero
2010-06-13 22:33 . 2010-06-22 18:06 -------- d-----w- c:\program files\Motorola Media Link
2010-06-13 22:30 . 2010-06-13 22:30 -------- d-----w- c:\users\Elmo\AppData\Roaming\Logitech
2010-06-13 20:52 . 2010-06-13 20:52 680 ----a-w- c:\users\Elmo\AppData\Local\d3d9caps.dat
2010-06-13 20:26 . 2010-06-13 20:26 -------- d-----w- c:\users\Elmo\{f51b9d09-372f-40cf-ba8a-91e53cb62b21}
2010-06-13 20:23 . 2010-06-13 20:23 -------- d-----w- c:\program files\Motorola
2010-06-13 02:03 . 2010-06-21 22:30 119032 ----a-w- c:\users\Elmo\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-13 01:26 . 2010-06-13 01:26 -------- d-----w- c:\users\Administrator\AppData\Roaming\Leadertech
2010-06-13 01:26 . 2010-06-13 01:26 53248 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-06-13 01:26 . 2010-06-22 18:06 -------- d-----w- c:\windows\system32\logishrd
2010-06-13 01:25 . 2010-06-13 01:25 -------- d-----w- c:\program files\Common Files\LWS
2010-06-13 01:06 . 2010-06-13 01:06 -------- d-----w- c:\users\Elmo\AppData\Local\LogiShrd
2010-06-13 01:04 . 2009-10-07 08:43 199192 ----a-w- c:\windows\system32\lvci12101110.dll
2010-06-13 01:01 . 2010-06-13 01:07 -------- d-----w- c:\programdata\LogiShrd
2010-06-10 17:21 . 2010-05-01 14:13 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-06-10 02:19 . 2010-06-10 02:43 -------- d-----w- c:\program files\PeerGuardian2
2010-06-07 17:01 . 2010-06-07 17:01 -------- d-----w- c:\program files\Electronic Arts
2010-06-07 05:24 . 2010-06-07 05:24 -------- dc----w- C:\Internet Evidence Finder
2010-06-05 20:00 . 2010-06-05 20:00 -------- d-----w- c:\users\Elmo\AppData\Roaming\ImgBurn
2010-06-05 19:55 . 2010-06-05 19:56 -------- d-----w- c:\program files\ImgBurn
2010-06-05 02:13 . 2010-06-05 02:13 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-06-04 05:07 . 2010-06-04 05:07 356352 ----a-w- c:\windows\eSellerateEngine.dll
2010-06-04 05:07 . 2010-06-04 05:07 -------- d-----w- c:\program files\Common Files\DeskShare Shared
2010-06-04 04:59 . 2010-06-04 04:59 -------- d-----w- c:\program files\Common Files\Common Share
2010-06-04 04:59 . 2008-12-18 17:38 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2010-06-04 04:37 . 2010-06-04 04:37 -------- d-----w- c:\users\Elmo\AppData\Local\Geckofx
2010-06-04 03:49 . 2006-12-15 01:41 41248 ----a-w- c:\windows\system32\drivers\LVUSBSta.sys
2010-06-04 03:49 . 2006-12-15 01:40 1513120 ----a-w- c:\windows\system32\drivers\lvpopflt.sys
2010-06-04 03:49 . 2006-12-15 01:38 133920 ----a-w- c:\windows\system32\lvcoinst.dll
2010-06-04 03:48 . 2010-06-13 01:26 -------- d-----w- c:\programdata\Logitech
2010-06-04 03:45 . 2010-06-13 01:26 -------- d-----w- c:\program files\Logitech
2010-06-04 03:16 . 2010-06-04 03:16 -------- d-----w- c:\users\Elmo\AppData\Local\ElevatedDiagnostics
2010-06-04 02:58 . 2010-06-04 03:07 -------- d-----w- c:\program files\Microsoft ATS
2010-06-04 02:29 . 2005-12-06 03:28 142848 ----a-w- c:\windows\system32\drivers\lvmjpeg.sys
2010-06-04 02:29 . 2003-02-21 12:42 348160 ----a-w- c:\windows\system\msvcr71.dll
2010-06-04 02:19 . 2005-12-09 19:31 245824 ----a-r- c:\windows\system32\InstExec.exe
2010-06-04 02:19 . 2010-06-04 02:26 -------- d-----w- c:\program files\Common Files\Logitech
2010-06-04 02:02 . 2010-06-13 01:27 -------- d-----w- c:\program files\Common Files\logishrd
2010-06-02 02:26 . 2010-06-22 04:31 -------- d-----w- c:\users\Elmo\AppData\Roaming\Skype
2010-06-02 02:24 . 2010-06-02 02:24 -------- d-----r- c:\program files\Skype
2010-06-02 02:24 . 2010-06-02 02:24 -------- d-----w- c:\programdata\Skype
2010-05-30 05:21 . 2010-05-30 05:21 -------- d-----w- c:\users\Elmo\AppData\Roaming\DragonicaSCB
2010-05-26 10:06 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-22 18:08 . 2009-11-17 12:29 113568 ----a-w- c:\programdata\nvModes.dat
2010-06-22 04:10 . 2008-02-09 00:50 -------- d-----w- c:\program files\Common Files\Steam
2010-06-22 03:42 . 2010-06-04 02:03 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-06-20 09:44 . 2007-08-13 21:20 -------- d-----w- c:\program files\Common Files\Java
2010-06-20 09:43 . 2007-08-13 21:20 -------- d-----w- c:\program files\Java
2010-06-20 09:24 . 2007-12-23 20:19 -------- d-----w- c:\programdata\Viewpoint
2010-06-20 07:00 . 2009-04-10 16:08 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-19 01:09 . 2010-05-03 21:10 -------- d-----w- c:\program files\Bonjour
2010-06-17 02:25 . 2007-08-13 21:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-16 03:49 . 2008-08-03 01:11 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-15 16:54 . 2009-11-24 18:06 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-06-13 22:33 . 2009-12-27 02:49 -------- d-----w- c:\programdata\Nero
2010-06-13 01:15 . 2009-08-17 02:12 119032 ----a-w- c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-12 02:51 . 2009-04-10 15:31 -------- d-----w- c:\program files\CCleaner
2010-06-10 19:19 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-10 19:03 . 2007-08-29 03:41 -------- d-----w- c:\programdata\Microsoft Help
2010-06-07 00:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games
2010-06-04 02:15 . 2007-08-13 21:20 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-02 23:04 . 2010-05-23 04:01 98304 ----a-w- c:\programdata\NexonUS\NGM\npNxGameUS.dll
2010-06-02 23:04 . 2010-05-23 04:01 401408 ----a-w- c:\programdata\NexonUS\NGM\NGMResource.dll
2010-06-02 23:04 . 2010-05-23 04:01 258352 ----a-w- c:\programdata\NexonUS\NGM\unicows.dll
2010-06-02 23:04 . 2007-12-20 23:47 765952 ----a-w- c:\programdata\NexonUS\NGM\NGMDll.dll
2010-06-02 23:04 . 2007-12-20 23:46 172032 ----a-w- c:\programdata\NexonUS\NGM\NGM.exe
2010-06-02 23:04 . 2007-12-20 23:46 126976 ----a-w- c:\programdata\NexonUS\NGM\nxgameus.dll
2010-05-26 17:06 . 2010-06-10 17:22 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-10 17:22 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-22 16:27 . 2010-05-22 16:27 -------- d-----w- c:\program files\Pando Networks
2010-05-21 18:14 . 2009-10-03 05:18 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 00:15 . 2010-05-21 00:10 -------- d--h--w- c:\program files\InstallJammer Registry
2010-05-21 00:14 . 2010-05-21 00:10 -------- d-----w- c:\users\Elmo\AppData\Roaming\Gmote
2010-05-19 07:54 . 2010-05-19 07:54 1824136 ----a-w- c:\programdata\Nexon\Common\NMService.exe
2010-05-19 07:54 . 2010-05-19 07:54 1734032 ----a-w- c:\programdata\Nexon\Common\nmconew.dll
2010-05-15 02:04 . 2010-05-15 02:04 6842592 ----a-w- c:\windows\system32\drivers\lvuvc.sys
2010-05-15 02:03 . 2010-05-15 02:03 539232 ----a-w- c:\windows\system32\LVUI2RC.dll
2010-05-15 02:03 . 2010-05-15 02:03 543328 ----a-w- c:\windows\system32\LVUI2.dll
2010-05-15 02:02 . 2010-05-15 02:02 276448 ----a-w- c:\windows\system32\drivers\lvrs.sys
2010-05-15 01:59 . 2010-05-15 01:59 203360 ----a-w- c:\windows\system32\lvci1301783.dll
2010-05-15 01:59 . 2010-05-15 01:59 416352 ----a-w- c:\windows\system32\lvcodec2.dll
2010-05-15 01:56 . 2010-05-15 01:56 10830680 ----a-w- c:\windows\system32\LogiDPP.dll
2010-05-15 01:56 . 2010-05-15 01:56 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe
2010-05-15 01:55 . 2010-05-15 01:55 290648 ----a-w- c:\windows\system32\DevManagerCore.dll
2010-05-15 01:46 . 2010-05-15 01:46 37518 ----a-w- c:\windows\system32\Repository.reg
2010-05-14 04:06 . 2010-05-14 04:06 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-05-12 20:42 . 2010-05-12 20:42 46904 ----a-w- c:\programdata\Logitech\LWS\PrivacyShades\LWS_PrivacyShade_Uninstall.exe
2010-05-11 20:03 . 2010-05-11 20:03 -------- d-----w- c:\program files\Mozilla Firefox Browser
2010-05-07 22:50 . 2010-05-07 22:50 299352 ----a-w- c:\programdata\Logitech\LWS\Filters\VMSEF.dll
2010-05-07 22:48 . 2010-05-07 22:48 6915416 ----a-w- c:\programdata\Logitech\LWS\Filters\MMSEF.dll
2010-05-07 22:46 . 2010-05-07 22:46 14168 ----a-w- c:\windows\system32\drivers\iKeyLFT2.dll
2010-05-07 22:43 . 2010-05-07 22:43 25824 ----a-w- c:\windows\system32\drivers\LVPr2Mon.sys
2010-05-07 22:30 . 2010-05-07 22:30 85302 ----a-w- c:\windows\system32\drivers\LVFeL102.cfg
2010-05-07 22:30 . 2010-05-07 22:30 227172 ----a-w- c:\windows\system32\drivers\LVFeL100.cfg
2010-05-07 22:30 . 2010-05-07 22:30 146680 ----a-w- c:\windows\system32\drivers\LVFeL101.cfg
2010-05-07 22:29 . 2010-05-07 22:29 69592 ----a-w- c:\windows\system32\drivers\LVFaL100.cfg
2010-05-04 21:04 . 2010-05-04 21:02 -------- d-----w- c:\program files\iTunes
2010-05-04 21:02 . 2010-05-04 21:02 -------- d-----w- c:\program files\iPod
2010-05-04 21:02 . 2007-10-10 04:37 -------- d-----w- c:\program files\Common Files\Apple
2010-05-04 11:31 . 2010-05-04 11:30 -------- d-----w- c:\program files\QuickTime
2010-05-04 05:59 . 2010-06-10 17:22 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-10 17:22 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-10 17:22 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-10 17:22 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-04-28 19:45 . 2010-04-28 19:45 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-05 17:01 . 2010-06-10 17:22 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-04-03 20:00 . 2008-11-22 02:30 220926964 ----a-w- c:\users\Elmo\AppData\Roaming\ijjigame\U_GUNZ_setup.exe
2007-08-14 05:05 . 2007-08-14 05:02 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Elmo\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-01-22 133104]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-28 857648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files\Logitech\Ereg\eReg.exe [2009-11-16 517384]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-8-13 50688]
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-8-13 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):0f,92,f5,15,e9,15,ca,01

R1 msjmfcxb;msjmfcxb;c:\windows\system32\drivers\msjmfcxb.sys [x]
R1 nhygiydq;nhygiydq;c:\windows\system32\drivers\nhygiydq.sys [x]
R3 LTXMD_VAC;Litex Media Virtual Audio Cable (WDM);c:\windows\system32\drivers\lmvac.sys [2008-07-01 18912]
R3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNt.sys [2008-10-18 131072]
R3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2008-10-18 79104]
R3 ndfs;ndfs;c:\program files\Netdrive\ndfs.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-03-10 3601608]
R3 samhid;samhid;c:\windows\system32\drivers\samhid.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-06-16 691696]
S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys [2007-05-16 13440]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-09-15 53328]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\NServiceEntry.exe [2010-04-29 85088]
S2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [2010-01-27 91392]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2581296474-4004132396-1459460041-1000Core.job
- c:\users\Elmo\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-22 20:36]

2010-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2581296474-4004132396-1459460041-1000UA.job
- c:\users\Elmo\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-22 20:36]

2010-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2581296474-4004132396-1459460041-500Core.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-13 03:21]

2010-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2581296474-4004132396-1459460041-500UA.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-13 03:21]

2010-06-21 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-04-10 19:31]

2010-06-22 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2009-04-10 19:31]

2010-06-22 c:\windows\Tasks\User_Feed_Synchronization-{75750F29-32CD-46E9-AC03-910F4F4C582C}.job
- c:\windows\system32\msfeedssync.exe [2010-06-10 04:30]
.
.
------- Supplementary Scan -------
.
uStart Page = ????????????????????????????????
DPF: {8C165CC2-E50D-4D99-9D32-DAF6AB15AA32} - hxxp://patch.mnet.com/Ver2/App/totalApp/mnethelper/MnetHelper2_20090318.cab
DPF: {9F84D013-66B3-4AB7-946B-11A920A55F06} - hxxp://www.melon.com/cab/sktload.cab
DPF: {A9F090E5-FC80-4772-AFEE-D102AB6E77D6} - hxxp://pgdownload.lgdacom.net/dacom/IssacWebProCMS_4_2_7_3_DE.cab
DPF: {B42DD475-BC8D-11D4-9D98-0090CC006D96} - hxxp://mxengine.net-dimension.com/download/1.1.8.523/axmxeng.cab
DPF: {C0B2F53E-5E61-4856-B314-FE9AE262A796} - hxxp://www.melon.com/cab/P3MelWebInstall.cab
DPF: {D912AABC-6CB0-416F-85B6-CABBB86FD558} - hxxp://plugin.inicis.com/wallet60/INIwallet60_vista.cab
FF - ProfilePath - c:\users\Elmo\AppData\Roaming\Mozilla\Firefox\Profiles\d4hqe602.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?cplp=1276474116167
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programdata\Nexon\NGM\npNxGame.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\users\Elmo\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Steam - f:\css\steam\steam.exe
Notify-8abb4508530 - (no file)
AddRemove-ESET Online Scanner - c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
AddRemove-Gunz - j:\locker\portal\GAMES\ijji Gunz\Gunz\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-22 14:35
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2581296474-4004132396-1459460041-1000\Software\SecuROM\License information*]
"datasecu"=hex:c9,a7,61,2b,97,6c,a8,5a,13,28,ee,26,83,ce,65,7b,39,f0,98,6d,d0,
9d,8a,09,63,f9,67,0e,e4,28,6e,77,b4,1e,7e,80,11,12,d1,ad,58,56,41,e9,83,3b,\
"rkeysecu"=hex:22,08,71,d5,fd,fc,48,78,de,35,45,c8,57,d1,a0,72

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-06-22 14:45:21
ComboFix-quarantined-files.txt 2010-06-22 18:41

Pre-Run: 13,600,579,584 bytes free
Post-Run: 13,480,914,944 bytes free

- - End Of File - - 32B6B791773FAAFF5FEC7EAC4DC77EB6

Re-running ComboFix to remove infections:

• Close any open browsers.
  
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
• Open notepad and copy/paste the text in the codebox below into it:
  

  Code:

  File::
c:\windows\system32\drivers\msjmfcxb.sys
c:\windows\system32\drivers\nhygiydq.sys

Driver::
nhygiydq
msjmfcxb

• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
  
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.

ComboFix 10-06-22.02 - Elmo 06/22/2010 16:45:26.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2045.1218 [GMT -4:00]
Running from: c:\users\Elmo\Desktop\ComboFix.exe
Command switches used :: c:\users\Elmo\Desktop\CFscript.txt
AV: avast! antivirus 4.8.1290 [VPS 081122-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1290 [VPS 081122-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\drivers\msjmfcxb.sys"
"c:\windows\system32\drivers\nhygiydq.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_msjmfcxb
-------\Service_nhygiydq


((((((((((((((((((((((((( Files Created from 2010-05-22 to 2010-06-22 )))))))))))))))))))))))))))))))
.

2010-06-22 20:52 . 2010-06-22 20:52 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-22 20:52 . 2010-06-22 20:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-22 20:52 . 2010-06-22 20:52 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-06-22 04:40 . 2010-06-22 04:40 -------- d-----w- c:\users\Elmo\AppData\Roaming\uTorrent
2010-06-22 01:59 . 2010-06-22 02:01 -------- d-----w- c:\programdata\Comodo Downloader
2010-06-22 01:57 . 2010-06-22 01:57 -------- d-----w- c:\program files\hpHosts
2010-06-22 01:40 . 2010-06-22 01:41 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-20 19:01 . 2010-06-20 19:01 -------- d-----w- c:\program files\ESET
2010-06-20 18:41 . 2010-06-22 20:57 -------- d-----w- c:\users\Elmo\AppData\Local\temp
2010-06-20 09:44 . 2010-06-20 09:43 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-20 05:03 . 2010-06-20 05:03 -------- d-----w- c:\users\Elmo\AppData\Roaming\Malwarebytes
2010-06-20 05:03 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-20 05:03 . 2010-06-20 05:03 -------- d-----w- c:\programdata\Malwarebytes
2010-06-20 05:03 . 2010-06-20 05:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-20 05:03 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-19 22:55 . 2010-06-19 22:55 -------- d-----w- c:\windows\system32\MpEngineStore
2010-06-18 20:51 . 2010-06-18 20:53 -------- d-----w- c:\users\Elmo\AppData\Roaming\ooVoo Details
2010-06-18 20:47 . 2010-06-18 20:47 -------- d-----w- c:\program files\ooVoo
2010-06-16 20:39 . 2010-06-16 20:39 -------- d-----w- c:\users\Administrator\AppData\Roaming\DragonicaSCB
2010-06-16 18:53 . 2010-06-16 18:53 -------- d-----w- c:\users\Administrator\AppData\Roaming\DAEMON Tools Lite
2010-06-16 18:46 . 2010-06-16 20:23 1096 -c--a-w- C:\debug.dat
2010-06-16 18:39 . 2010-06-16 18:39 291 ----a-w- c:\windows\PowerReg.dat
2010-06-16 18:33 . 2000-01-14 16:14 45568 ----a-w- c:\windows\UniFish3.exe
2010-06-16 18:32 . 2010-06-16 18:32 -------- d-----w- c:\program files\Hasbro Interactive
2010-06-16 05:45 . 2010-06-17 02:24 -------- d-----w- c:\users\Elmo\AppData\Roaming\Atari
2010-06-16 04:07 . 2010-06-16 04:07 -------- d-----w- c:\program files\Common Files\SWF Studio
2010-06-16 04:05 . 2010-06-16 04:05 -------- d-----w- c:\program files\LEGO Media
2010-06-16 03:48 . 2010-06-16 03:49 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-06-16 03:47 . 2010-06-16 04:01 -------- d-----w- c:\users\Elmo\AppData\Roaming\DAEMON Tools Lite
2010-06-16 03:47 . 2010-06-16 03:47 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-06-15 23:10 . 2010-06-15 23:10 -------- d-----w- c:\program files\Activision Value
2010-06-15 20:20 . 2010-06-16 00:49 -------- dc----w- C:\hegames
2010-06-15 17:12 . 2010-06-22 00:44 -------- d-----w- c:\program files\Enigma Software Group
2010-06-13 22:33 . 2010-06-13 22:33 -------- d-----w- c:\program files\Common Files\Nero
2010-06-13 22:33 . 2010-06-22 20:54 -------- d-----w- c:\program files\Motorola Media Link
2010-06-13 22:30 . 2010-06-13 22:30 -------- d-----w- c:\users\Elmo\AppData\Roaming\Logitech
2010-06-13 20:52 . 2010-06-13 20:52 680 ----a-w- c:\users\Elmo\AppData\Local\d3d9caps.dat
2010-06-13 20:26 . 2010-06-13 20:26 -------- d-----w- c:\users\Elmo\{f51b9d09-372f-40cf-ba8a-91e53cb62b21}
2010-06-13 20:23 . 2010-06-13 20:23 -------- d-----w- c:\program files\Motorola
2010-06-13 02:03 . 2010-06-21 22:30 119032 ----a-w- c:\users\Elmo\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-13 01:26 . 2010-06-13 01:26 -------- d-----w- c:\users\Administrator\AppData\Roaming\Leadertech
2010-06-13 01:26 . 2010-06-22 20:54 -------- d-----w- c:\windows\system32\logishrd
2010-06-13 01:25 . 2010-06-13 01:25 -------- d-----w- c:\program files\Common Files\LWS
2010-06-13 01:06 . 2010-06-13 01:06 -------- d-----w- c:\users\Elmo\AppData\Local\LogiShrd
2010-06-13 01:04 . 2009-10-07 08:43 199192 ----a-w- c:\windows\system32\lvci12101110.dll
2010-06-13 01:01 . 2010-06-13 01:07 -------- d-----w- c:\programdata\LogiShrd
2010-06-10 17:21 . 2010-05-01 14:13 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-06-10 02:19 . 2010-06-10 02:43 -------- d-----w- c:\program files\PeerGuardian2
2010-06-07 17:01 . 2010-06-07 17:01 -------- d-----w- c:\program files\Electronic Arts
2010-06-07 05:24 . 2010-06-07 05:24 -------- dc----w- C:\Internet Evidence Finder
2010-06-05 20:00 . 2010-06-05 20:00 -------- d-----w- c:\users\Elmo\AppData\Roaming\ImgBurn
2010-06-05 19:55 . 2010-06-05 19:56 -------- d-----w- c:\program files\ImgBurn
2010-06-05 02:13 . 2010-06-05 02:13 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-06-04 05:07 . 2010-06-04 05:07 356352 ----a-w- c:\windows\eSellerateEngine.dll
2010-06-04 05:07 . 2010-06-04 05:07 -------- d-----w- c:\program files\Common Files\DeskShare Shared
2010-06-04 04:59 . 2010-06-04 04:59 -------- d-----w- c:\program files\Common Files\Common Share
2010-06-04 04:59 . 2008-12-18 17:38 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2010-06-04 04:37 . 2010-06-04 04:37 -------- d-----w- c:\users\Elmo\AppData\Local\Geckofx
2010-06-04 03:49 . 2006-12-15 01:41 41248 ----a-w- c:\windows\system32\drivers\LVUSBSta.sys
2010-06-04 03:49 . 2006-12-15 01:40 1513120 ----a-w- c:\windows\system32\drivers\lvpopflt.sys
2010-06-04 03:49 . 2006-12-15 01:38 133920 ----a-w- c:\windows\system32\lvcoinst.dll
2010-06-04 03:48 . 2010-06-13 01:26 -------- d-----w- c:\programdata\Logitech
2010-06-04 03:45 . 2010-06-13 01:26 -------- d-----w- c:\program files\Logitech
2010-06-04 03:16 . 2010-06-04 03:16 -------- d-----w- c:\users\Elmo\AppData\Local\ElevatedDiagnostics
2010-06-04 02:58 . 2010-06-04 03:07 -------- d-----w- c:\program files\Microsoft ATS
2010-06-04 02:29 . 2005-12-06 03:28 142848 ----a-w- c:\windows\system32\drivers\lvmjpeg.sys
2010-06-04 02:29 . 2003-02-21 12:42 348160 ----a-w- c:\windows\system\msvcr71.dll
2010-06-04 02:19 . 2005-12-09 19:31 245824 ----a-r- c:\windows\system32\InstExec.exe
2010-06-04 02:19 . 2010-06-04 02:26 -------- d-----w- c:\program files\Common Files\Logitech
2010-06-04 02:02 . 2010-06-13 01:27 -------- d-----w- c:\program files\Common Files\logishrd
2010-06-02 02:26 . 2010-06-22 04:31 -------- d-----w- c:\users\Elmo\AppData\Roaming\Skype
2010-06-02 02:24 . 2010-06-02 02:24 -------- d-----r- c:\program files\Skype
2010-06-02 02:24 . 2010-06-02 02:24 -------- d-----w- c:\programdata\Skype
2010-05-30 05:21 . 2010-05-30 05:21 -------- d-----w- c:\users\Elmo\AppData\Roaming\DragonicaSCB
2010-05-26 10:06 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-22 20:56 . 2009-11-17 12:29 113568 ----a-w- c:\programdata\nvModes.dat
2010-06-22 04:10 . 2008-02-09 00:50 -------- d-----w- c:\program files\Common Files\Steam
2010-06-22 03:42 . 2010-06-04 02:03 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-06-20 09:44 . 2007-08-13 21:20 -------- d-----w- c:\program files\Common Files\Java
2010-06-20 09:43 . 2007-08-13 21:20 -------- d-----w- c:\program files\Java
2010-06-20 09:24 . 2007-12-23 20:19 -------- d-----w- c:\programdata\Viewpoint
2010-06-20 07:00 . 2009-04-10 16:08 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-20 03:10 . 2010-06-20 03:08 46064978 ----a-w- c:\programdata\motorola\motorola media link\UpDate\Download\Motorola Media Link\1.02.0800.3\patch\patch.exe
2010-06-19 01:09 . 2010-05-03 21:10 -------- d-----w- c:\program files\Bonjour
2010-06-17 02:25 . 2007-08-13 21:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-16 03:49 . 2008-08-03 01:11 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-15 16:54 . 2009-11-24 18:06 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-06-13 22:33 . 2009-12-27 02:49 -------- d-----w- c:\programdata\Nero
2010-06-13 01:26 . 2010-06-13 01:26 53248 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-06-13 01:15 . 2009-08-17 02:12 119032 ----a-w- c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-12 02:51 . 2009-04-10 15:31 -------- d-----w- c:\program files\CCleaner
2010-06-10 19:19 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-10 19:03 . 2007-08-29 03:41 -------- d-----w- c:\programdata\Microsoft Help
2010-06-07 00:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games
2010-06-04 02:15 . 2007-08-13 21:20 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-02 23:04 . 2010-05-23 04:01 98304 ----a-w- c:\programdata\NexonUS\NGM\npNxGameUS.dll
2010-06-02 23:04 . 2010-05-23 04:01 401408 ----a-w- c:\programdata\NexonUS\NGM\NGMResource.dll
2010-06-02 23:04 . 2010-05-23 04:01 258352 ----a-w- c:\programdata\NexonUS\NGM\unicows.dll
2010-06-02 23:04 . 2007-12-20 23:47 765952 ----a-w- c:\programdata\NexonUS\NGM\NGMDll.dll
2010-06-02 23:04 . 2007-12-20 23:46 172032 ----a-w- c:\programdata\NexonUS\NGM\NGM.exe
2010-06-02 23:04 . 2007-12-20 23:46 126976 ----a-w- c:\programdata\NexonUS\NGM\nxgameus.dll
2010-05-26 17:06 . 2010-06-10 17:22 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-10 17:22 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-22 16:27 . 2010-05-22 16:27 -------- d-----w- c:\program files\Pando Networks
2010-05-21 18:14 . 2009-10-03 05:18 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 00:15 . 2010-05-21 00:10 -------- d--h--w- c:\program files\InstallJammer Registry
2010-05-21 00:14 . 2010-05-21 00:10 -------- d-----w- c:\users\Elmo\AppData\Roaming\Gmote
2010-05-19 07:54 . 2010-05-19 07:54 1824136 ----a-w- c:\programdata\Nexon\Common\NMService.exe
2010-05-19 07:54 . 2010-05-19 07:54 1734032 ----a-w- c:\programdata\Nexon\Common\nmconew.dll
2010-05-15 02:04 . 2010-05-15 02:04 6842592 ----a-w- c:\windows\system32\drivers\lvuvc.sys
2010-05-15 02:03 . 2010-05-15 02:03 539232 ----a-w- c:\windows\system32\LVUI2RC.dll
2010-05-15 02:03 . 2010-05-15 02:03 543328 ----a-w- c:\windows\system32\LVUI2.dll
2010-05-15 02:02 . 2010-05-15 02:02 276448 ----a-w- c:\windows\system32\drivers\lvrs.sys
2010-05-15 01:59 . 2010-05-15 01:59 203360 ----a-w- c:\windows\system32\lvci1301783.dll
2010-05-15 01:59 . 2010-05-15 01:59 416352 ----a-w- c:\windows\system32\lvcodec2.dll
2010-05-15 01:56 . 2010-05-15 01:56 10830680 ----a-w- c:\windows\system32\LogiDPP.dll
2010-05-15 01:56 . 2010-05-15 01:56 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe
2010-05-15 01:55 . 2010-05-15 01:55 290648 ----a-w- c:\windows\system32\DevManagerCore.dll
2010-05-15 01:46 . 2010-05-15 01:46 37518 ----a-w- c:\windows\system32\Repository.reg
2010-05-14 04:06 . 2010-05-14 04:06 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-05-12 20:42 . 2010-05-12 20:42 46904 ----a-w- c:\programdata\Logitech\LWS\PrivacyShades\LWS_PrivacyShade_Uninstall.exe
2010-05-11 20:03 . 2010-05-11 20:03 -------- d-----w- c:\program files\Mozilla Firefox Browser
2010-05-07 22:50 . 2010-05-07 22:50 299352 ----a-w- c:\programdata\Logitech\LWS\Filters\VMSEF.dll
2010-05-07 22:48 . 2010-05-07 22:48 6915416 ----a-w- c:\programdata\Logitech\LWS\Filters\MMSEF.dll
2010-05-07 22:46 . 2010-05-07 22:46 14168 ----a-w- c:\windows\system32\drivers\iKeyLFT2.dll
2010-05-07 22:43 . 2010-05-07 22:43 25824 ----a-w- c:\windows\system32\drivers\LVPr2Mon.sys
2010-05-07 22:30 . 2010-05-07 22:30 85302 ----a-w- c:\windows\system32\drivers\LVFeL102.cfg
2010-05-07 22:30 . 2010-05-07 22:30 227172 ----a-w- c:\windows\system32\drivers\LVFeL100.cfg
2010-05-07 22:30 . 2010-05-07 22:30 146680 ----a-w- c:\windows\system32\drivers\LVFeL101.cfg
2010-05-07 22:29 . 2010-05-07 22:29 69592 ----a-w- c:\windows\system32\drivers\LVFaL100.cfg
2010-05-04 21:04 . 2010-05-04 21:02 -------- d-----w- c:\program files\iTunes
2010-05-04 21:02 . 2010-05-04 21:02 -------- d-----w- c:\program files\iPod
2010-05-04 21:02 . 2007-10-10 04:37 -------- d-----w- c:\program files\Common Files\Apple
2010-05-04 11:31 . 2010-05-04 11:30 -------- d-----w- c:\program files\QuickTime
2010-05-04 05:59 . 2010-06-10 17:22 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-10 17:22 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-10 17:22 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-10 17:22 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-04-28 19:45 . 2010-04-28 19:45 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-05 17:01 . 2010-06-10 17:22 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-04-03 20:00 . 2008-11-22 02:30 220926964 ----a-w- c:\users\Elmo\AppData\Roaming\ijjigame\U_GUNZ_setup.exe
2007-08-14 05:05 . 2007-08-14 05:02 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Elmo\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-01-22 133104]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-28 857648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files\Logitech\Ereg\eReg.exe [2009-11-16 517384]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-8-13 50688]
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-8-13 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):0f,92,f5,15,e9,15,ca,01

R3 LTXMD_VAC;Litex Media Virtual Audio Cable (WDM);c:\windows\system32\drivers\lmvac.sys [2008-07-01 18912]
R3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNt.sys [2008-10-18 131072]
R3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2008-10-18 79104]
R3 ndfs;ndfs;c:\program files\Netdrive\ndfs.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-03-10 3601608]
R3 samhid;samhid;c:\windows\system32\drivers\samhid.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-06-16 691696]
S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys [2007-05-16 13440]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-09-15 53328]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\NServiceEntry.exe [2010-04-29 85088]
S2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [2010-01-27 91392]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2581296474-4004132396-1459460041-1000Core.job
- c:\users\Elmo\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-22 20:36]

2010-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2581296474-4004132396-1459460041-1000UA.job
- c:\users\Elmo\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-22 20:36]

2010-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2581296474-4004132396-1459460041-500Core.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-13 03:21]

2010-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2581296474-4004132396-1459460041-500UA.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-13 03:21]

2010-06-21 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-04-10 19:31]

2010-06-22 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2009-04-10 19:31]

2010-06-22 c:\windows\Tasks\User_Feed_Synchronization-{75750F29-32CD-46E9-AC03-910F4F4C582C}.job
- c:\windows\system32\msfeedssync.exe [2010-06-10 04:30]
.
.
------- Supplementary Scan -------
.
uStart Page = ????????????????????????????????
DPF: {8C165CC2-E50D-4D99-9D32-DAF6AB15AA32} - hxxp://patch.mnet.com/Ver2/App/totalApp/mnethelper/MnetHelper2_20090318.cab
DPF: {9F84D013-66B3-4AB7-946B-11A920A55F06} - hxxp://www.melon.com/cab/sktload.cab
DPF: {A9F090E5-FC80-4772-AFEE-D102AB6E77D6} - hxxp://pgdownload.lgdacom.net/dacom/IssacWebProCMS_4_2_7_3_DE.cab
DPF: {B42DD475-BC8D-11D4-9D98-0090CC006D96} - hxxp://mxengine.net-dimension.com/download/1.1.8.523/axmxeng.cab
DPF: {C0B2F53E-5E61-4856-B314-FE9AE262A796} - hxxp://www.melon.com/cab/P3MelWebInstall.cab
DPF: {D912AABC-6CB0-416F-85B6-CABBB86FD558} - hxxp://plugin.inicis.com/wallet60/INIwallet60_vista.cab
FF - ProfilePath - c:\users\Elmo\AppData\Roaming\Mozilla\Firefox\Profiles\d4hqe602.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?cplp=1276474116167
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programdata\Nexon\NGM\npNxGame.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\users\Elmo\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2581296474-4004132396-1459460041-1000\Software\SecuROM\License information*]
"datasecu"=hex:c9,a7,61,2b,97,6c,a8,5a,13,28,ee,26,83,ce,65,7b,39,f0,98,6d,d0,
9d,8a,09,63,f9,67,0e,e4,28,6e,77,b4,1e,7e,80,11,12,d1,ad,58,56,41,e9,83,3b,\
"rkeysecu"=hex:22,08,71,d5,fd,fc,48,78,de,35,45,c8,57,d1,a0,72

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Motorola\MotoConnectService\MotoConnect.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2010-06-22 17:07:16 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-22 21:06
ComboFix2.txt 2010-06-22 18:45

Pre-Run: 13,744,074,752 bytes free
Post-Run: 13,354,405,888 bytes free

- - End Of File - - DBBAE192344F5F11A25469F984020B8B

Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky and save it to your Desktop.

Note: please close all other applications running on your system.

Double click GetSystemInfo.exe to open it. It will display an agreement. Click on I Agree to continue.

Click the Settings button.



Set the slider to Maximum.



IMPORTANT! Then, click Customize - choose Driver / Ports tab and uncheck Scan Ports.




On the General tab, make sure all of the boxes are checked.




On the Misc tab, make sure all the checkboxes are checked.

Then, click OK on the windows that you launched.



Click Create Report to run it.


It will begin scanning.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop.

It should automatically upload it to http://www.getsysteminfo.com. If it does not, then please submit it manually by going to the site and doing the upload process.

It will redirect to a page, where it will provide a sharing URL for specialists. Copy and paste the url of the GSI Parser report in your next reply.

Here it is:

http://www.getsysteminfo.com/read.php?file=746e5a20a3ffbcb9791e60a9a237fd17

If there are no more issues, then it is time to clean up.

To manually create a new Restore Point

• Go to Control Panel and select System and Maintenance
  
• Select System
  
• On the left select Advance System Settings and accept the warning if you get one
  
• Select System Protection Tab
  
• Select Create at the bottom
  
• Type in a name i.e. Clean
  
• Select Create

Now we can purge the infected ones

• Go back to the System and Maintenance page
  
• Select Performance Information and Tools
  
• On the left select Open Disk Cleanup
  
• Select Files from all users and accept the warning if you get one
  
• In the drop down box select your main drive i.e. C
  
• For a few moments the system will make some calculations
  
• Select the More Options tab
  
• In the System Restore and Shadow Backups select Clean up
  
• Select Delete on the pop up
  
• Select OK
  
• Select Delete

You are now done

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

• Save it to your Desktop.
  
• Double click OTC.exe.
  
• Click the CleanUp! button.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.
  

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start
  button to begin the process. Depending on how often you clean temp
  files, execution time should be anywhere from a few seconds to a minute
  or two. Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

==

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Results of screen317's Security Check version 0.99.4
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
Java(TM) 6 Update 20
Java(TM) SE Runtime Environment 6
Adobe Flash Player 10.1.53.64
Adobe Reader 9.3
````````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast4 aswUpdSv.exe
Alwil Software Avast4 ashServ.exe
Alwil Software Avast4 ashMaiSv.exe
Alwil Software Avast4 ashWebSv.exe
````````````````````````````````
DNS Vulnerability Check:
Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

``````````End of Log````````````


Note: I forgot to remove MBAM. I am now removing MBAM as we speak.
MBAM has been removed.

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Firewall

• Tallemu Online Armor: the free version is just as good as the premium. I have linked you to the free version.
  
• Comodo Firewall: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  
• PC Tools Firewall Plus: free and excellent firewall.

AntiSpyware

• SpywareBlaster
  SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
  
• Spybot - Search & Destroy.
  Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).
  

NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Securing your computer

• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.
  

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

• Firefox may be downloaded from here: http://www.getfirefox.com
  
• Opera is available here: http://www.opera.com/download/
  

See this page for more info about malware and prevention.

Please leave feedback for The Ultimate Geek TaskForce! by going here

If you would like to make a small donation, please see the link in my signature below.

If you ever need help in the future, feel free to come back to this site for any computer issue, and we shall help.