pc problem.

[Sherlock_34]

Thanks for getting back.

I tried to do as you said, but two messages come up, first:

You'll need to provide administrator permission to copy to this folder.

I clicked "Continue," and it said again:

Destination Folder Access Denied
You need permission to perform this action

I already edited the permissions in System32's Properties, changing my User Account to "Full Control," but I still can't do it. I also did the same thing with the "Windows" folder, to no avail.

 

[johnb35]

Where do you have the file taskkill.exe file I sent you located at on your system? I need to know this before I give you the script.

 

[Sherlock_34]

I put it in my Downloads folder.

C:\Users\LEA\Downloads

I tried to directly unzip it into the System32 folder, but it didn't work.

 

[johnb35]

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

fcopy::
C:\Users\LEA\Downloads\taskkill.exe | c:\windows\system32\taskkill.exe

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.


I also noticed some of the entries I asked you to uninstall is still listed in the combofix log. Did you actually uninstall those programs?

 

[Sherlock_34]

Here's the log:


ComboFix 11-05-14.01 - LEA 05/15/2011 11:01:13.4.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2047.1353 [GMT 8:00]
Running from: c:\users\LEA\Desktop\ComboFix.exe
Command switches used :: c:\users\LEA\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\users\LEA\Downloads\taskkill.exe --> c:\windows\system32\taskkill.exe
.
((((((((((((((((((((((((( Files Created from 2011-04-15 to 2011-05-15 )))))))))))))))))))))))))))))))
.
.
2011-05-15 03:07 . 2011-05-15 03:07 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-05-15 03:07 . 2011-05-15 03:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-15 02:31 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{34A96933-FF95-4E64-A4B4-90DFECAA467C}\mpengine.dll
2011-05-14 09:40 . 2011-05-15 18:26 -------- d-----w- c:\program files\Recover My Files v4
2011-05-14 06:08 . 2011-05-14 06:08 -------- d-----w- c:\users\LEA\AppData\Local\uTorrent
2011-05-13 14:23 . 2011-05-15 03:07 -------- d-----w- c:\users\LEA\AppData\Local\temp
2011-05-13 08:19 . 2011-05-13 15:11 -------- d-----w- c:\users\LEA\AppData\Roaming\FVZilla
2011-05-13 08:19 . 2011-05-13 08:19 -------- d-----w- C:\downloads
2011-05-13 08:10 . 2011-05-13 08:10 -------- d-----w- c:\program files\WinPcap
2011-05-12 05:51 . 2011-05-12 05:51 -------- d-----w- c:\users\LEA\AppData\Roaming\Malwarebytes
2011-05-12 05:51 . 2010-12-20 10:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-12 05:51 . 2011-05-12 05:51 -------- d-----w- c:\programdata\Malwarebytes
2011-05-12 05:51 . 2011-05-12 05:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-12 05:51 . 2010-12-20 10:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-12 05:50 . 2011-05-12 05:50 388096 ----a-r- c:\users\LEA\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-11 14:56 . 2011-05-11 14:56 -------- d-----w- c:\users\LEA\AppData\Local\SKIDROW
2011-05-09 12:27 . 2011-05-15 18:26 -------- d-----w- c:\users\LEA\AppData\Roaming\vlc
2011-05-09 10:59 . 2011-05-09 10:59 -------- d-----w- c:\program files\CCleaner
2011-05-08 15:03 . 2011-03-30 11:02 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2011-05-08 15:03 . 2011-03-30 10:57 21312 ----a-w- c:\windows\system32\authuitu.dll
2011-05-08 15:03 . 2011-03-30 10:57 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2011-05-08 15:03 . 2011-05-08 15:03 -------- d-----w- c:\users\LEA\AppData\Roaming\TuneUp Software
2011-05-08 15:02 . 2011-05-08 15:03 -------- d-----w- c:\program files\TuneUp Utilities 2011
2011-05-08 15:02 . 2011-05-08 15:03 -------- d-----w- c:\programdata\TuneUp Software
2011-05-08 15:02 . 2011-05-08 15:02 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-05-06 12:21 . 2011-05-15 02:45 -------- d-----w- c:\program files\Steam
2011-05-05 12:47 . 2011-05-15 02:47 -------- d-----w- c:\users\UpdatusUser
2011-05-05 12:44 . 2011-04-08 05:14 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-05-05 12:44 . 2011-04-08 05:14 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-05-05 12:44 . 2011-04-08 05:14 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-05 12:44 . 2011-04-08 05:14 5180824 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-05 12:44 . 2011-04-08 05:14 2765928 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-05 12:44 . 2011-04-08 05:14 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-05-05 12:44 . 2011-04-08 05:14 15227496 ----a-w- c:\windows\system32\nvoglv32.dll
2011-05-05 12:44 . 2011-04-08 05:14 10690024 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-05-05 12:44 . 2011-04-08 05:14 13007464 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-05 09:33 . 2011-05-05 09:33 -------- d-----w- c:\users\LEA\AppData\Local\Activision
2011-05-05 08:23 . 2011-05-05 08:24 -------- d-----w- c:\program files\vgif
2011-05-03 08:43 . 2011-05-03 08:43 -------- d-----w- c:\users\LEA\AppData\Local\Google
2011-05-03 08:35 . 2011-05-13 06:03 -------- d-----w- c:\users\LEA\AppData\Local\ElevatedDiagnostics
2011-05-03 07:59 . 2011-05-03 07:59 -------- d-----w- c:\users\LEA\AppData\Local\Mozilla
2011-05-03 07:57 . 2011-05-12 11:10 -------- d-----w- c:\users\LEA\AppData\Local\Microsoft
2011-05-02 14:38 . 2011-05-07 09:15 -------- d-----w- c:\users\LEA\AppData\Roaming\funkitron
2011-05-02 14:37 . 2011-05-02 14:37 -------- d-sh--w- c:\windows\ftpcache
2011-05-02 13:43 . 2011-05-02 13:43 -------- d-----w- c:\program files\Microsoft Research
2011-05-02 06:26 . 2010-08-12 03:46 758784 ----a-w- c:\windows\system32\cohelper.dll
2011-05-02 06:26 . 2010-08-09 14:33 11164 ----a-w- c:\windows\system32\drivers\nvphy.bin
2011-05-02 06:22 . 2011-05-02 06:22 -------- d-----w- c:\windows\system32\EventProviders
2011-05-02 06:06 . 2011-05-02 06:06 -------- d-----w- c:\windows\en
2011-05-02 06:00 . 2011-05-02 06:00 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-05-02 05:58 . 2011-05-02 05:59 -------- d-----w- c:\program files\Windows Live
2011-05-02 05:53 . 2011-05-12 11:13 -------- d-----w- c:\users\LEA\AppData\Local\Windows Live
2011-05-02 05:53 . 2011-05-02 05:53 -------- d-----w- c:\program files\Common Files\Windows Live
2011-05-02 05:52 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2011-05-02 02:43 . 2011-04-14 16:26 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-02 02:43 . 2011-04-14 16:25 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-02 02:43 . 2011-04-14 16:25 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-02 02:43 . 2011-04-14 16:25 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-02 02:43 . 2011-04-14 16:25 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-02 02:43 . 2011-04-14 16:25 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-02 02:43 . 2010-01-01 08:00 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-02 02:43 . 2010-01-01 08:00 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-02 02:25 . 2011-03-11 05:44 146304 ----a-w- c:\windows\system32\drivers\storport.sys
2011-05-02 02:25 . 2011-03-11 05:44 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-05-02 02:25 . 2011-03-11 05:44 1210240 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-05-02 02:25 . 2011-03-11 05:44 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-05-02 02:25 . 2011-03-11 05:43 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-05-02 02:25 . 2011-03-11 05:43 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-05-02 02:25 . 2011-03-11 05:43 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-05-02 02:25 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\system32\esent.dll
2011-05-02 02:25 . 2011-03-11 05:37 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-05-02 02:23 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\explorer.exe
2011-05-02 02:21 . 2011-03-12 11:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-05-02 02:20 . 2011-02-18 05:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-05-02 02:20 . 2011-02-19 05:33 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-05-02 02:20 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-05-02 02:20 . 2011-02-19 05:32 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-05-02 02:20 . 2011-02-24 05:32 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-05-02 02:20 . 2011-01-17 05:38 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-05-01 16:14 . 2011-05-01 16:14 -------- d-----w- c:\windows\CheckSur
2011-05-01 15:35 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-05-01 15:35 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-05-01 15:35 . 2011-02-23 05:05 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-01 15:35 . 2011-02-23 05:05 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-01 15:35 . 2011-02-23 05:05 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-01 15:35 . 2011-02-23 05:05 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-05-01 08:19 . 2011-05-01 08:19 -------- d-----w- C:\sawesome
2011-05-01 05:30 . 2011-05-01 05:30 -------- d-----w- c:\program files\iPod
2011-05-01 05:27 . 2011-05-01 05:27 -------- d-----w- c:\program files\Bonjour
2011-04-30 07:36 . 2011-04-30 07:36 -------- d-----w- c:\program files\LTYT MP3 Converter
2011-04-27 17:19 . 2011-04-27 17:19 -------- d-----w- c:\users\LEA\AppData\Roaming\NVIDIA
2011-04-19 03:31 . 2011-04-19 03:31 -------- d-----w- c:\windows\system32\Wat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-04 00:27 . 2009-07-14 00:19 276480 ----a-w- c:\windows\system32\compstui.dll
2011-05-04 00:27 . 2009-07-13 23:20 14848 ----a-w- c:\windows\system32\ntvdmd.dll
2011-05-04 00:27 . 2009-07-13 23:52 2048 ----a-w- c:\windows\system32\bridgeres.dll
2011-05-02 05:59 . 2010-06-24 03:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-08 05:14 . 2011-05-05 12:44 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-04-08 05:14 . 2010-08-06 10:22 2034280 ----a-w- c:\windows\system32\nvapi.dll
2011-04-08 05:14 . 2009-07-13 22:09 6299752 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-04-08 05:14 . 2009-06-10 21:19 10071656 ----a-w- c:\windows\system32\nvd3dum.dll
2011-04-07 14:45 . 2011-04-07 14:45 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-04-07 14:45 . 2011-04-07 14:45 612456 ----a-w- c:\windows\system32\nvvsvc.exe
2011-04-07 14:45 . 2011-04-07 14:45 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-07 14:44 . 2011-04-07 14:44 3701352 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-07 14:44 . 2011-04-07 14:44 2565224 ----a-w- c:\windows\system32\nvsvc.dll
2011-04-06 08:20 . 2011-04-06 08:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 08:20 . 2011-04-06 08:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 08:20 . 2011-04-06 08:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 08:20 . 2011-04-06 08:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-02 14:16 . 2009-07-13 23:24 811520 ----a-w- c:\windows\system32\user32.dll.old
2011-03-18 09:34 . 2010-08-06 10:41 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-23 00:27 . 2011-02-23 00:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-02-23 00:27 . 2011-02-23 00:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-02-18 08:36 . 2011-02-18 08:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 08:36 . 2011-02-18 08:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-04-14 16:26 . 2011-05-02 02:43 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2003-10-01 10:04 121856 --sha-w- c:\windows\System32\cfpsys.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2011-01-12 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-01-12 10:28 3911776 ----a-w- c:\program files\uTorrentBar\tbuTo1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2011-01-12 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2011-01-12 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"Steam"="c:\program files\Steam\Steam.exe" [2011-05-07 1242448]
"L09AXLRD_4584682"="c:\program files\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE" [2009-06-11 351000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 15:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 03:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-14 03:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L09AXLRD_3070068]
2009-06-11 02:49 351000 ----a-w- c:\program files\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L09AXLRD_6851907]
2009-06-11 02:49 351000 ----a-w- c:\program files\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 02:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 09:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]
2005-10-11 12:54 339968 ----a-w- c:\windows\vsnpstd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 06:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Antivirus]
2010-12-11 15:28 824224 ----a-w- c:\program files\USB Disk Security\USBGuard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Warning: do not remove it! (system)]
2003-10-01 10:04 121856 --sha-w- c:\windows\System32\cfpsys.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Adobe.exe"=c:\users\LEA\AppData\Roaming\Adobe.exe
"L09AXLRD_6462325"="c:\program files\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE" -m
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
R2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon.exe [2009-01-07 81920]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-06 136176]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe [x]
R3 cpuz134;cpuz134;c:\users\LEA\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-06 136176]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-07-12 3583840]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-19 1343400]
S1 vdrv9000;vdrv9000;c:\windows\system32\Drivers\VDRV9000.SYS [2007-11-14 113168]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-05-01 136360]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-07 378472]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-03-30 1523008]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2011-02-10 10064]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-26 10:26]
.
2011-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-26 10:26]
.
2011-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2498620038-3934093899-3520722079-1001Core.job
- c:\users\LEA\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-02 02:56]
.
2011-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2498620038-3934093899-3520722079-1001UA.job
- c:\users\LEA\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-02 02:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.microsoft.com
mStart Page = hxxp://www.microsoft.com
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = *.local
IE: Download All By FlashGet3 - c:\users\LEA\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download By FlashGet3 - c:\users\LEA\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\SpeedBit Video Accelerator\SBLSP.dll
Trusted Zone: facebook.com
FF - ProfilePath - c:\users\LEA\AppData\Roaming\Mozilla\Firefox\Profiles\bjkw3bjo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=hp
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2498620038-3934093899-3520722079-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A379EA48-F984-C397-1631-761CA066D9F4}*]
"palpafihgaoaccgcnddmaegfahnppfoc"=hex:6a,61,67,6f,69,6d,6e,68,70,62,63,6d,6c,
64,70,65,61,61,70,6f,00,00
"abbfomdfnfllnofmloicbhehhflfgbdiam"=hex:6a,61,67,6f,64,6e,62,62,6c,62,65,69,
6b,64,64,6a,70,6b,6f,62,00,00
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-15 11:08:46
ComboFix-quarantined-files.txt 2011-05-15 03:08
ComboFix2.txt 2011-05-13 14:30
ComboFix3.txt 2011-05-13 04:20
ComboFix4.txt 2011-05-12 10:52
.
Pre-Run: 64,004,694,016 bytes free
Post-Run: 63,938,158,592 bytes free
.
- - End Of File - - 702833CBD759FAEB86C656079E49F23E


I'm sorry. Truthfully, I didn't uninstall uTorrent because I thought it was too useful. But since you inisted, I figured it must be real. So I uninstalled it after running Combofix.

 

[johnb35]

Good job, it worked this time. Now after doing this, what issues if any are you still having with the system?

 

[Sherlock_34]

Thanks! But the startup/freezing issues are still there. This time, it took me more than 10 times of pressing the reset button to get through the BIOS screen.

And the Control Panel Items problems that I posted about in the first page are still there. (System, Mouse Control Panel, Taskbar, etc.)

 

[johnb35]

If you are freezing up at the bios screen then it sounds like there is a hardware issue somewhere. Sometimes a failing hard drive will cause the system to hang at bootup. You may also want to try resetting the cmos by unplugging the power supply from the wall, then remove the cmos battery that is on the motherboard, press the power button on the case a few times to discharge any remaining power and then wait a few minutes. Then reinsert battery and power cable to power supply and try booting up.

Do you have an actual windows 7 install cd? You may have to use it to repair windows.

 

[Sherlock_34]

When you said,

unplugging the power supply from the wall

and:

reinsert battery and power cable to power supply

Did you mean I just had to unplug the computer from the electric socket? Or is it more complicated than that? And do I have to remove the motherboard from the chassis just to remove the small battery?

If by Win7 actual CD you mean Genuine Windows, I'm afraid no. When my father bought this pre-built CPU from a computer store, it was actually near perfect, Windows Vista and all.

But we had it reformatted one time, and when the repair shop brought it back, it was already Windows 7. A few months into Win7, the Windows Genuine Advantage Notifications started popping up after a Windows update, and I knew I was screwed.

Is there another way around this?
And what about the system problems (e.g. not being able to view some Control Panel Items properly)?

 

[johnb35]

So it's possible that this isn't a genuine operating system?

If its not, you will have to get a copy of windows 7 and install cleanly. I can't help any further if there is a possibility of it not being a genuine copy.

 

[Sherlock_34]

If that's the case, then I have no choice but to agree.
But what about the BIOS/hardware/startup issues? Can you still help me with that?

 

[johnb35]

No, you don't need to remove the motherboard to remove the battery, the battery will be showing once you open the side of the case. And all you do is unplug the cord from the wall or the psu. Like I said before, sometimes a failing hard drive will cause stalling on bootup, you can try removing the power and data cables from the drive to see if it boots normally and able to access the bios. You may need a bios update. Do you know what model of motherboard this computer has?

 

[Sherlock_34]

Yes, I see the battery. I think I will be doing as you said later tonight, tinkering and all.
So it's simple, I just unplug all external wires from the CPU and remove the battery?

you can try removing the power and data cables from the drive to see if it boots normally and able to access the bios.

Can you explain this step to me further? I see only two cables, one connected to SATA1, and the other one connected to a jumble of wires, which leads to either the CD-ROM, or the PSU.

I'm afraid I do not know. Is there a way for me to find out?

EDIT: I see an "ASUS M2N X-PLUS" marking on the motherboard. Is this it?

 

[johnb35]

You don't need to unplug all the wires, just the power cord going to the tower.

There are only 2 cables hooked up to the hard drive, unplug them both and try booting up a few times to see what happens.

Yes, thats the motherboard model number. Do you know which version of bios is installed? It should be listed on boot screen or first screen of the bios.

 

[Sherlock_34]

By tower, do you mean the PSU or the power transformer?
I checked msinfo32, and I saw American Megatrends Inc. 0507, 12/23/2008

if that's what you mean.
EDIT: I checked the ASUS website and found that Version 0507 is the latest. I mean, there is no version later than 0507. I'm not sure though.

 

[johnb35]

0507 is the latest bios for that board, so no bios update available. The tower is the case itself.

 

[Sherlock_34]

Do you have any last-minute instructions for me before I try to do as you asked (removing and then replacing motherboard battery) ?

 

[johnb35]

If you can't figure out why its doing it then you may have to take it in to a computer repair shop and see if its a bad motherboard.

 

[Sherlock_34]

I already thought of that. But I thought maybe I could get help online first. Seems I did. Thanks again for the taskkill you gave me. Here goes nothing.

 

[Sherlock_34]

Finished. Replaced CMOS battery, the settings were reset. I put the system time back on track, enabled Cool'n'Quiet, and Q-Fan.

I also did as you said, and removed the two cables from my hard drive. I booted up my computer, and I got into the BIOS screen successfully, no errors.