Help please-Having a pc shutdown problem

D

danilotron

banned
I didnt find any tech support area so i post it here. Recenty out from no where my pc is freezing and i can move my mouse and see my background and everything but i cant click anything, my monitor goes to like a bright color, also sometimes the monitor goes black and i cant move my mouse but i can see the cursor.
This is happening when im like downloading 2+ torrents. I leave my pc alone, come back and its freezed... I downloaded other files(not torrent, not big) and i have downloaded them without problem.Another example is when im trying to update my game Global Agenda. it says in 11 hours it will be ready, so i suppose is such a big file that it freezes my pc. but i dont understand why, this is happening more often now. And ive had my pc for about 4 years, its been happening past 2 weeks.
Happened once again few mins ago, my Vuze was downloading 2 torrents, and out nowhere all files go to download speed: 0kbs. I dont touch vuze program and change tab to my google chrome that was opened, i cant use the internet, is like i dont have any, cant get to google. I try to close vuze or END TASK but nothing and im doing it slowly so it dosent freeze. i click START, to restart it and it freezes(second time it happens)
Any help please?
And i use vuze alot, is happening now...
 
Last edited:
If you've been downloading torrents and using file sharing programs, you could be and most likely are infected. Please start by running this procedure.

Please download Malwarebytes' Anti-Malware from here or here and save it to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If you continue to experience problems after doing this, please post a HijackThis log by doing the following:

Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log
 
Hey,thanks for your reply. I already did malyware quick scan twice, zero result. When I get home I will save the hijacklog and post it right here.:)
 
here is the log file, i tried to attach it but it didnt work. ill paste it. Hope you can help me out.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:40:46 PM, on 6/20/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\vsnpstd.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Vuze\Azureus.exe
C:\Users\Danilo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Danilo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\Danilo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [NCsoft Launcher] C:\Program Files\NCSoft\Launcher\NCLauncher.exe /Minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 8519 bytes
 
Since you've been using torrents go ahead and run combofix.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.


In your next reply please post:
  • The ComboFix log
  • A fresh HiJackThis log
  • An update on how your computer is running
 
(I wish i could attach them but too big or invalid file)(FIRST I will post the combo fix log in this post, And in the next post a fresh hijack log and my current computer state)
Combo Fix Log:

ComboFix 10-06-20.03 - Danilo 06/20/2010 18:42:24.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.2030 [GMT -4:00]
Running from: c:\users\Danilo\Downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\ARA\ChipsetARA.dll
c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\CHS\ChipsetCHS.dll
c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\CHT\ChipsetCHT.dll
c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\CSY\ChipsetCSY.dll
c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\DAN\ChipsetDAN.dll
c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\DEU\ChipsetDEU.dll
c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\ELL\ChipsetELL.dll
c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\ENU\ChipsetENU.dll
c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\ESP\ChipsetESP.dll
c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\FIN\ChipsetFIN.dll
c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\FRA\ChipsetFRA.dll
c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\HEB\ChipsetHEB.dll
c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\HUN\ChipsetHUN.dll
c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\ITA\ChipsetITA.dll
c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\JPN\ChipsetJPN.dll
c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\KOR\ChipsetKOR.dll
c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\NLD\ChipsetNLD.dll
c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\NOR\ChipsetNOR.dll
c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\PLK\ChipsetPLK.dll
c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\PTB\ChipsetPTB.dll
c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\PTG\ChipsetPTG.dll
c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\RUS\ChipsetRUS.dll
c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\SVE\ChipsetSVE.dll
c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\THA\ChipsetTHA.dll
c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\TRK\ChipsetTRK.dll
c:\users\Danilo\AppData\Local\TempDIR

.
((((((((((((((((((((((((( Files Created from 2010-05-20 to 2010-06-20 )))))))))))))))))))))))))))))))
.

2010-06-20 22:52 . 2010-06-20 22:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-20 19:40 . 2010-06-20 19:40 -------- d-----w- c:\program files\Trend Micro
2010-06-20 03:35 . 2010-06-20 03:35 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-06-20 03:35 . 2010-06-20 03:35 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-06-20 03:34 . 2010-06-20 03:34 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-06-20 03:34 . 2010-06-20 03:34 57715 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-06-20 03:34 . 2010-06-20 03:34 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-06-20 03:34 . 2010-06-20 03:34 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe
2010-06-20 03:34 . 2010-06-20 03:34 54644 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
2010-06-20 03:33 . 2010-06-20 03:33 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-20 03:21 . 2010-06-20 03:21 1251 ----a-w- c:\users\Danilo\AppData\Roaming\Raptr\config\certificates\x509\tls_peers\xmpp.raptr.com
2010-06-19 15:31 . 2010-06-19 15:40 21210944 ----a-w- c:\users\Danilo\AppData\Roaming\Raptr\raptr-0.8.8-r40568-vuze.exe
2010-06-17 21:03 . 2010-06-17 21:03 -------- d-----w- c:\program files\City Interactive
2010-06-16 02:23 . 2010-06-16 02:23 -------- d-----w- C:\AeriaGames
2010-06-16 00:08 . 2010-06-18 18:17 -------- d-----w- c:\users\Danilo\AppData\Roaming\Xfire
2010-06-16 00:08 . 2010-06-16 00:12 -------- d-----w- c:\programdata\Xfire
2010-06-16 00:08 . 2010-06-16 00:08 -------- d-----w- c:\program files\Xfire
2010-06-15 16:58 . 2010-06-20 03:20 -------- d-----w- c:\users\Danilo\AppData\Roaming\Raptr
2010-06-15 16:58 . 2010-06-19 15:40 -------- d-----w- c:\program files\Raptr
2010-06-15 15:17 . 2010-06-15 15:17 -------- d--h--w- c:\windows\PIF
2010-06-14 00:07 . 2010-06-14 00:07 -------- d-----w- c:\program files\CPUID
2010-06-14 00:07 . 2010-03-31 03:38 20968 ----a-w- c:\windows\system32\drivers\cpuz133_x32.sys
2010-06-11 13:41 . 2010-06-11 13:41 -------- d-----w- C:\GamepotUSA
2010-06-11 01:42 . 2010-06-11 01:43 -------- d-----w- C:\Hotspot Shield
2010-06-11 01:42 . 2010-06-11 01:44 -------- d-----w- c:\program files\Hotspot Shield
2010-06-10 22:39 . 2010-06-10 22:51 -------- d-----w- c:\users\Danilo\AppData\Roaming\DeepBurner Pro
2010-06-10 22:28 . 2010-06-10 22:35 -------- d-----w- c:\program files\MP3 CD Converter
2010-06-10 22:15 . 2010-06-10 22:28 -------- d-----w- c:\program files\MP3 CD Converter Professional
2010-06-10 15:29 . 2010-06-10 15:29 -------- d-----w- c:\program files\softnyx
2010-06-09 21:04 . 2010-06-09 21:04 -------- d-----w- c:\program files\Common Files\Common Share
2010-06-09 21:04 . 2008-12-18 17:38 719872 ----a-w- c:\windows\system32\devil.dll
2010-06-09 21:04 . 2008-12-18 17:38 351744 ----a-w- c:\windows\system32\avisynth.dll
2010-06-09 21:04 . 2008-12-18 17:38 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2010-06-09 21:04 . 2010-06-09 21:04 -------- d-----w- c:\program files\OJOsoft
2010-06-09 15:43 . 2007-10-23 07:45 1336632 ----a-r- c:\users\Danilo\AppData\Roaming\U3\temp\U3BkUpDir\LaunchU3.exe
2010-06-08 20:35 . 2010-05-01 14:49 2326528 ----a-w- c:\windows\system32\win32k.sys
2010-06-08 20:35 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-08 20:35 . 2010-05-21 05:18 977920 ----a-w- c:\windows\system32\wininet.dll
2010-06-08 20:35 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-08 20:35 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-06-04 20:53 . 2010-06-04 20:53 -------- d-----w- c:\users\Danilo\AppData\Roaming\Malwarebytes
2010-06-04 20:53 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-04 20:53 . 2010-06-04 20:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-04 20:53 . 2010-06-04 20:53 -------- d-----w- c:\programdata\Malwarebytes
2010-06-04 20:53 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-02 19:36 . 2010-06-02 19:36 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2010-06-02 18:40 . 2010-06-02 18:40 29512 ----a-w- c:\programdata\avg9\update\backup\avgmfx86.sys
2010-06-02 18:40 . 2010-06-02 18:40 242896 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-06-02 17:38 . 2010-06-02 17:38 -------- d-----w- c:\program files\CONEXANT
2010-06-02 17:33 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-06-02 17:31 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-06-02 17:31 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-06-02 17:31 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-06-02 17:31 . 2010-01-18 23:29 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-06-02 17:31 . 2010-01-18 23:29 369152 ----a-w- c:\windows\system32\secproc.dll
2010-06-02 17:31 . 2010-01-18 23:28 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-06-02 17:31 . 2010-01-18 23:28 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-06-02 17:30 . 2010-01-18 23:28 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-06-02 17:30 . 2010-01-18 23:28 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-06-02 17:30 . 2009-12-13 09:30 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-06-02 17:30 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-06-02 17:30 . 2009-12-13 09:29 417792 ----a-w- c:\windows\system32\msdri.dll
2010-06-02 13:26 . 2010-06-02 13:26 -------- d-----w- c:\windows\system32\RTCOM
2010-06-02 13:20 . 2010-06-02 13:26 -------- d--h--w- c:\program files\Temp
2010-06-02 13:20 . 2010-06-02 13:19 831488 ----a-w- c:\windows\RtlExUpd.dll
2010-06-02 13:20 . 2010-06-02 13:20 -------- d-----w- C:\Intel
2010-06-02 13:10 . 2002-11-15 02:32 55808 ----a-w- c:\windows\system32\devcon.exe
2010-06-02 13:02 . 2010-06-02 13:12 -------- d-----w- c:\program files\Driver Checker
2010-06-02 13:02 . 2008-12-03 21:40 81408 ----a-w- c:\windows\system32\devcon_x64.exe
2010-06-01 22:07 . 2010-06-01 22:08 -------- d-----w- c:\program files\NVIDIA Corporation
2010-06-01 22:01 . 2010-04-02 16:33 56424 ----a-w- c:\windows\system32\OpenCL.dll
2010-06-01 22:01 . 2010-04-02 16:33 227944 ----a-w- c:\windows\system32\nvcod1913.dll
2010-06-01 22:01 . 2010-04-02 16:33 11647592 ----a-w- c:\windows\system32\nvcompiler.dll
2010-06-01 18:50 . 2010-06-20 03:35 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-01 18:34 . 2010-06-20 03:24 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-06-01 18:34 . 2010-06-20 03:24 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-06-01 18:33 . 2010-06-01 20:00 -------- d-----w- c:\users\Danilo\AppData\Roaming\DivX
2010-06-01 18:33 . 2010-06-01 18:33 84040 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-06-01 18:33 . 2010-06-01 18:33 57609 ----a-w- c:\programdata\DivX\MFComponents\Uninstaller.exe
2010-06-01 18:33 . 2010-06-01 18:33 57054 ----a-w- c:\programdata\DivX\DSDesktopComponents\Uninstaller.exe
2010-06-01 18:33 . 2010-06-01 18:33 57532 ----a-w- c:\programdata\DivX\DSASPDecoder\Uninstaller.exe
2010-06-01 18:33 . 2010-06-01 18:33 54166 ----a-w- c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe
2010-06-01 18:33 . 2010-06-01 18:33 56458 ----a-w- c:\programdata\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-06-01 18:33 . 2010-06-01 18:33 54174 ----a-w- c:\programdata\DivX\DSAACDecoder\Uninstaller.exe
2010-06-01 18:32 . 2010-06-01 18:32 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-06-01 18:32 . 2010-06-01 18:32 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-06-01 18:32 . 2010-06-01 18:32 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-06-01 18:32 . 2010-06-01 18:32 56969 ----a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe
2010-06-01 18:26 . 2010-06-20 03:35 -------- d-----w- c:\programdata\DivX
2010-06-01 17:04 . 2010-06-01 17:04 -------- d-----w- c:\users\Danilo\AppData\Roaming\AnvSoft
2010-06-01 17:04 . 2010-06-01 17:04 -------- d-----w- c:\program files\AnvSoft
2010-06-01 16:15 . 2010-06-01 16:15 -------- d-----w- c:\program files\URUSoft
2010-06-01 15:18 . 2010-06-01 15:18 -------- d-----w- c:\program files\Common Files\Java
2010-06-01 15:18 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-01 15:14 . 2010-06-01 15:15 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-01 10:53 . 2010-02-04 14:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-06-01 10:53 . 2010-02-04 14:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-06-01 10:53 . 2010-02-04 14:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-06-01 10:53 . 2010-02-04 14:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-06-01 10:50 . 2010-06-01 10:51 -------- d-----w- c:\program files\AGEIA Technologies
2010-06-01 10:50 . 2010-06-01 10:50 -------- d-----w- c:\windows\system32\AGEIA
2010-06-01 10:49 . 2010-06-01 10:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-31 18:12 . 2010-05-31 18:12 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-05-30 05:37 . 2010-05-30 05:37 6123008 ----a-w- c:\users\Danilo\AppData\Roaming\Azureus\plugins\azemp\vuzeplayer.exe
2010-05-29 06:02 . 2010-06-20 22:36 -------- d-----w- c:\users\Danilo\AppData\Roaming\Azureus
2010-05-29 06:02 . 2010-06-16 14:28 -------- d-----w- c:\program files\Vuze
2010-05-29 06:02 . 2010-05-29 06:02 -------- d-----w- c:\program files\Conduit
2010-05-29 06:02 . 2010-05-29 06:02 -------- d-----w- c:\program files\Vuze_Remote
2010-05-28 18:23 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-05-28 18:23 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-05-28 18:23 . 2010-03-04 07:33 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-28 18:23 . 2010-04-23 07:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-28 00:04 . 2010-05-28 00:04 41872 ----a-w- c:\windows\system32\xfcodec.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-20 03:35 . 2009-12-23 04:54 -------- d-----w- c:\program files\DivX
2010-06-20 03:20 . 2009-10-25 01:36 -------- d-----w- c:\users\Danilo\AppData\Roaming\uTorrent
2010-06-20 03:19 . 2010-04-07 13:03 -------- d-----w- c:\program files\Steam
2010-06-14 00:02 . 2009-11-02 06:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-12 14:33 . 2009-11-01 00:11 -------- d-----w- c:\programdata\PMB Files
2010-06-10 22:39 . 2009-12-20 23:57 -------- d-----w- c:\program files\Astonsoft
2010-06-09 15:44 . 2009-12-04 16:09 -------- d-----w- c:\users\Danilo\AppData\Roaming\U3
2010-06-08 21:01 . 2009-11-23 22:10 -------- d-----w- c:\programdata\Microsoft Help
2010-06-02 19:37 . 2009-11-24 21:56 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-06-02 18:39 . 2009-10-25 02:19 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-02 18:39 . 2009-10-25 02:19 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-02 17:24 . 2009-11-06 06:42 -------- d-----w- c:\programdata\NVIDIA
2010-06-01 18:33 . 2010-02-01 18:29 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-06-01 18:32 . 2009-12-23 04:54 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-06-01 15:18 . 2009-11-12 14:46 -------- d-----w- c:\program files\Java
2010-05-31 18:13 . 2009-10-26 01:05 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-05-29 07:34 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-05-17 19:27 . 2010-02-01 18:38 256 ----a-w- c:\windows\system32\pool.bin
2010-05-13 22:05 . 2010-05-13 22:05 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2010-05-11 17:52 . 2010-05-11 17:52 -------- d-----w- c:\users\Danilo\AppData\Roaming\Blackberry Desktop
2010-04-28 23:20 . 2009-10-25 01:37 -------- d-----w- c:\program files\uTorrent
2010-04-25 20:02 . 2010-04-25 17:38 -------- d-----w- c:\users\Danilo\AppData\Roaming\Western Digital
2010-04-25 07:17 . 2010-04-25 07:17 -------- d-----w- c:\program files\WBFS
2010-04-22 23:29 . 2009-11-24 21:56 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2010-04-22 23:28 . 2009-10-26 01:04 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-04-21 21:10 . 2009-07-13 23:40 409088 ----a-w- c:\windows\system32\systemcpl.dll
2010-04-21 21:10 . 2009-07-13 23:36 13824 ----a-w- c:\windows\system32\slwga.dll
2010-04-21 21:10 . 2009-07-13 23:24 811520 ----a-w- c:\windows\system32\user32.dll
2010-04-20 22:23 . 2009-10-26 01:06 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2010-04-20 22:20 . 2009-11-08 19:38 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-04-18 06:13 . 2010-04-18 06:13 220926964 ----a-w- c:\users\Danilo\AppData\Roaming\ijjigame\U_GUNZ_setup.exe
2010-04-17 14:09 . 2009-10-25 01:15 124272 ----a-w- c:\users\Danilo\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-02 16:33 . 2009-09-28 03:12 600680 ----a-w- c:\windows\system32\nvudisp.exe
2010-04-02 15:57 . 2010-04-02 15:57 1515624 ----a-w- c:\windows\system32\nvsvcr.dll
2010-03-31 22:20 . 2009-11-06 06:41 600680 ----a-w- c:\windows\system32\nvuninst.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

------- Sigcheck -------

[-] 2010-04-21 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-05-20 2675296]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-05-20 19:35 2675296 ----a-w- c:\program files\Vuze_Remote\tbVuze.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2010-05-13 22:06 220208 ----a-w- c:\program files\Hotspot Shield\HssIE\HssIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-05-20 2675296]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-05-20 2675296]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856]
"Google Update"="c:\users\Danilo\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-10-25 133104]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-02 2065248]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-09-22 615696]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-09-19 236016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"snpstd"="c:\windows\vsnpstd.exe" [2005-10-12 339968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]

c:\users\Danilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2009-07-24 25112]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-04-23 3656616]
R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-21 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys [x]
S0 amacpi;Microsoft Away Mode System;c:\windows\system32\DRIVERS\null.sys [2009-07-13 4608]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-12 216200]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-06-02 242896]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-03-12 916760]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-12 308064]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-03-31 20968]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-05-25 323632]
S3 CXFALCON;Conexant Falcon II NTSC Video Capture;c:\windows\system32\drivers\cxfalcon_32.sys [2009-07-24 99712]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
Contents of the 'Scheduled Tasks' folder

2010-06-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1144810401-2075839299-2014336149-1000Core.job
- c:\users\Danilo\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-25 01:35]

2010-06-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1144810401-2075839299-2014336149-1000UA.job
- c:\users\Danilo\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-25 01:35]

2010-06-20 c:\windows\Tasks\RegPowerClean.job
- c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe [2009-12-14 18:48]

2010-06-20 c:\windows\Tasks\RPCReminder.job
- c:\program files\Winferno\RegistryPowerCleaner\RPCReminder.exe [2009-12-14 18:34]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-NCsoft Launcher - c:\program files\NCSoft\Launcher\NCLauncher.exe



[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-06-20 18:56:26
ComboFix-quarantined-files.txt 2010-06-20 22:56

Pre-Run: 168,144,216,064 bytes free
Post-Run: 174,008,803,328 bytes free

- - End Of File - - 384056E51B2B4107E29F4BF5775D02FC
 
(In This post i will put my Fresh Hijack log and my current computer state regarding my problem)
Happened once again few mins ago, my Vuze was downloading 2 torrents, and out nowhere all files go to download speed: 0kbs. I dont touch vuze program and change tab to my google chrome that was opened, i cant use the internet, is like i dont have any, cant get to google. I try to close vuze or END TASK but nothing and im doing it slowly so it dosent freeze. i click START, to restart it and it freezes(second time it happens). Ive been using Vuze a lot, and it started 1 day and a half ago.
NEW: Ive been using vuze today, downloading 1 torrent at a time,and havent had any freezing but in a moment i had to close it and reopen because everything went to 0kbs per second, like if i lost internet. Im considering reinstalling Vuze.

Fresh Hijack Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:01:52 PM, on 6/20/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\explorer.exe
C:\Windows\system32\taskeng.exe
C:\Users\Danilo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Danilo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\Danilo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 7591 bytes
 
Rerun hijackthis and place checks next to these entries.

R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

Then click on fix checked at the bottom.

Then download and run Superantispyware free edition.

http://download.cnet.com/SuperAntiSpyware-Free-Edition/3000-8022_4-10523889.html

Make sure it is fully updated before running a full scan. Post back the log when done. The log will be under the statistics/logs tab when you click on the prefences button on the main page.

The problem you are having comes from using torrents/file sharing programs. My advice would be to uninstall them and don't use them.

I would also like to see an uninstall list from hijackthis. Open hijackthis, click on open misc tools section, click on open uninstall manager, click on save and save the file then copy and paste the log back here.
 
You must log in or register to reply here.
Back
Top