BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
VGA corrupt (Kernel code patch)
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > VGA corrupt (Kernel code patch)  
Forum Quick Jump
 
New Topic Post reply to : VGA corrupt (Kernel code patch) Printable version of : VGA corrupt (Kernel code patch)
[ << Previous Thread | Next Thread >> ]

Chips
New Member


Date Joined Sep 2012
Total Posts : 8
 
   Posted 9/11/2012 5:41 AM (GMT +2)    Quote: VGA corrupt (Kernel code patch)Alert an admin about: VGA corrupt (Kernel code patch)
I have a new Dell mini laptop that picked up a virus while AVG was updating! When explorer came up, it was in Russian and splashed up a dialog box
that said, in large, bold letters "YOU BEEN GOT". That disappeared when I deleted it's tool bar, but most antivirus or virus removers won't load
properly and RootkitBuster says the vga has beem corrupted and it's "unable to fix". I finally got Hijackthis to work and have a file.
This computer has a HDD that has just been formatted with a /u attribute and only the operating system and a few utilities are installed and it's
never been on the internet. What I guess i need help with is how to repair the vga and remove the malware causing it. I suspect the virus is
resident in my color card memory because it survived a hard format.
Any help and ideas appreciated

File Attachment :
hijackthis.log   2KB (application/octet-stream)
This file has been downloaded 129 time(s).
Back to Top
 

Andreea-Luciana Ostache
Forum Moderator




Date Joined Aug 2010
Total Posts : 549
 
   Posted 9/11/2012 8:05 AM (GMT +2)    Quote: VGA corrupt (Kernel code patch)Alert an admin about: VGA corrupt (Kernel code patch)
Ok let me start by explaining that there is no way that an infection could be residing in your "color card memory" (your video card?). While each computer component does have capacitors and may be able to retain information, if you turn the power off long enough for the capacitors to get discharged, the data is erased.
You could think that your BIOS may be infected, but if you take the BIOS battery out it resets when you turn off the power.

So what I recommend, just to be sure, is that you turn off your computer, and take the battery of the BIOS out. Leave it off for a few minutes. Put the BIOS battery back on and start your computer. Then :
1. First, load up the Windows 7 disc in your drive and press any key to boot from the disc.
2. Choose the language, time, currency, etc and click Next. Now click on Repair Your Computer.
3. Choose the operating system to repair and click Next. When the System Recovery Options dialog comes up, choose the Command Prompt.
4. Now type bootrec.exe and press Enter. This will rebuild the boot configuration data and hopefully fix your problem. You can also run the command with switches to fix just the master boot record (/fixmbr), the boot sector (/fixboot), or rebuild the entire BCD (/rebuildbcd).

Fixing your VGA issue is as easy as reinstalling your video card driver.

Let us know of the outcome.


Andreea-Luciana Ostache
Senior Support Technician EN
support@bullguard.com
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security 12

You have a BullGuard related problem? Post your question on these forums, contact Support or contact me on Twitter!

Back to Top
 

Chips
New Member


Date Joined Sep 2012
Total Posts : 8
 
   Posted 9/11/2012 8:32 PM (GMT +2)    Quote: VGA corrupt (Kernel code patch)Alert an admin about: VGA corrupt (Kernel code patch)
I removed the HDD from my Dell Mini N1012 and reformatted it again, removed the motherboard to remove the button cell and reinstall it.
I then followed your instructions, including /rebuildbcd. On bootup, I ran RootkitBuster and will attach the resulting log. It still reports Corrupted
vga and several illegal registry entries. When I try to install new video drivers from Dell, a dialog box says it can't continue and will tell me when a solution is found. 
I ran Gmer, ComboFix and Hijack this, hoping you will be able to find my problem.
When I try to run these apps, I get error messages like "You can't run a program slated for removal" or the Admin error although I have total Admin privlidges.
It also changes the card letter for the SD card I'm using to hold these utilities. It changes the card from F: to E:, although no other drives are on
this computer.
If I make mistakes on your forum, please forive me, I'm learning.
Thanks for your help, I'm really stuck.
 
Registry EntryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reliability\Srt false Registry EntryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce; value: BootExecute false Registry EntryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update false Kernel Code Patchvga corrupted
 
This is the only way I can find to display the results of the RootkitBuster scan.

Post Edited (Chips) : 9/11/2012 7:42:02 PM GMT



File Attachment :
gmer log.log   2KB (application/octet-stream)
This file has been downloaded 111 time(s).

File Attachment :
hijackthis.log   2KB (application/octet-stream)
This file has been downloaded 108 time(s).
Back to Top
 

Andreea-Luciana Ostache
Forum Moderator




Date Joined Aug 2010
Total Posts : 549
 
   Posted 9/12/2012 1:16 PM (GMT +2)    Quote: VGA corrupt (Kernel code patch)Alert an admin about: VGA corrupt (Kernel code patch)
You need to restart your computer after running Combofix, to escape the message "You can't run a program slated for removal". Post the log it created.

Hijackthis doesn't show this kind of infection anyway, so you can leave it aside for now. Gmer doesn't show anything abnormal.

Question: Do you have an SSD hard drive?


Andreea-Luciana Ostache
Senior Support Technician EN
support@bullguard.com
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security 12

You have a BullGuard related problem? Post your question on these forums, contact Support or contact me on Twitter!

Post Edited (Andreea-Luciana Ostache) : 9/12/2012 11:22:25 AM GMT

Back to Top
 

Chips
New Member


Date Joined Sep 2012
Total Posts : 8
 
   Posted 9/12/2012 3:35 PM (GMT +2)    Quote: VGA corrupt (Kernel code patch)Alert an admin about: VGA corrupt (Kernel code patch)
Thanks for your reply. I don't feel so helpless now.
This is a Dell mini with only a single SATA 150 MB drive and USB ports for I/O. It has wireless internet connection. All input is done through SD cards
or a thumbdrive that I made bootable and installed Win7 Starter. All cards and thumb drives were checked as thorughly as possible for any possible malware.
 
Here is the combofix log:
 
ComboFix 12-09-03.07 - Norm 09/04/2012  17:16:44.3.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6000.0.1252.1.1033.18.3326.2377 [GMT -7:00]
Running from: F:\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Norm\AppData\Local\Temp\apmB22E.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2012-08-05 to 2012-09-05  )))))))))))))))))))))))))))))))
.
.
2012-09-05 00:18 . 2012-09-05 00:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-29 16:32 . 2012-08-29 16:33 -------- d-----w- c:\program files\stinger
2012-08-27 00:41 . 2012-08-27 00:41 123904 ----a-w- c:\windows\system32\L2SecHC.dll
2012-08-27 00:41 . 2012-08-27 00:41 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2012-08-27 00:41 . 2012-08-27 00:41 502272 ----a-w- c:\windows\system32\wlansvc.dll
2012-08-27 00:41 . 2012-08-27 00:41 47104 ----a-w- c:\windows\system32\wlanapi.dll
2012-08-27 00:41 . 2012-08-27 00:41 297984 ----a-w- c:\windows\system32\wlansec.dll
2012-08-27 00:41 . 2012-08-27 00:41 290816 ----a-w- c:\windows\system32\wlanmsm.dll
2012-08-27 00:41 . 2012-08-27 00:41 378368 ----a-w- c:\windows\system32\winhttp.dll
2012-08-27 00:40 . 2012-08-27 00:40 268800 ----a-w- c:\windows\system32\es.dll
2012-08-25 15:25 . 2012-08-26 15:31 -------- d-----w- C:\bd_logs
2012-08-25 14:14 . 2012-08-25 14:14 -------- d-----w- C:\found.000
2012-08-25 00:53 . 2012-08-25 00:53 -------- d-----w- c:\programdata\Kaspersky Lab
2012-08-25 00:53 . 2012-08-25 10:04 489048 ------w- c:\windows\system32\drivers\9204181drv.sys
2012-08-24 22:13 . 2012-08-24 23:30 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-08-24 22:06 . 2012-09-04 23:17 -------- d-----w- C:\$AVG8.VAULT$
2012-08-24 20:15 . 2012-08-24 20:15 -------- d-----w- c:\programdata\Trend Micro
2012-08-24 17:12 . 2012-08-24 17:44 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-08-24 10:58 . 2012-08-24 10:58 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-08-24 10:58 . 2012-08-24 10:58 289792 ----a-w- c:\windows\system32\atmfd.dll
2012-08-24 10:58 . 2012-08-24 10:58 156672 ----a-w- c:\windows\system32\t2embed.dll
2012-08-24 10:58 . 2012-08-24 10:58 72704 ----a-w- c:\windows\system32\fontsub.dll
2012-08-24 10:58 . 2012-08-24 10:58 24064 ----a-w- c:\windows\system32\lpk.dll
2012-08-24 10:58 . 2012-08-24 10:58 10240 ----a-w- c:\windows\system32\dciman32.dll
2012-08-24 10:55 . 2012-08-24 10:55 61440 ----a-w- c:\windows\system32\winipsec.dll
2012-08-24 10:55 . 2012-08-24 10:55 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2012-08-24 10:55 . 2012-08-24 10:55 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2012-08-24 10:55 . 2012-08-24 10:55 272896 ----a-w- c:\windows\system32\polstore.dll
2012-08-24 10:54 . 2012-08-24 10:54 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys
2012-08-24 10:54 . 2012-08-24 10:54 306688 ----a-w- c:\windows\system32\drivers\srv.sys
2012-08-24 10:52 . 2012-08-24 10:52 15360 ----a-w- c:\windows\system32\netevent.dll
2012-08-24 10:52 . 2012-08-24 10:52 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2012-08-24 10:52 . 2012-08-24 10:52 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2012-08-24 10:52 . 2012-08-24 10:52 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2012-08-24 10:52 . 2012-08-24 10:52 19968 ----a-w- c:\windows\system32\ARP.EXE
2012-08-24 10:52 . 2012-08-24 10:52 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2012-08-24 10:52 . 2012-08-24 10:52 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2012-08-24 10:52 . 2012-08-24 10:52 103936 ----a-w- c:\windows\system32\netiohlp.dll
2012-08-24 10:52 . 2012-08-24 10:52 10240 ----a-w- c:\windows\system32\finger.exe
2012-08-24 10:51 . 2012-08-24 10:51 704000 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2012-08-24 10:51 . 2012-08-24 10:51 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll
2012-08-24 10:51 . 2012-08-24 10:51 258232 ----a-w- c:\windows\system32\drivers\acpi.sys
2012-08-24 10:51 . 2012-08-24 10:51 24064 ----a-w- c:\windows\system32\wtsapi32.dll
2012-08-24 10:51 . 2012-08-24 10:51 542720 ----a-w- c:\windows\system32\sysmain.dll
2012-08-24 10:50 . 2012-08-24 10:50 194560 ----a-w- c:\windows\system32\WebClnt.dll
2012-08-24 10:50 . 2012-08-24 10:50 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2012-08-24 10:50 . 2012-08-24 10:50 1260032 ----a-w- c:\windows\system32\msxml3.dll
2012-08-24 10:50 . 2012-08-24 10:50 2048 ----a-w- c:\windows\system32\msxml6r.dll
2012-08-24 10:50 . 2012-08-24 10:50 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-08-24 10:50 . 2012-08-24 10:50 1406464 ----a-w- c:\windows\system32\msxml6.dll
2012-08-24 10:49 . 2012-08-24 10:49 216576 ----a-w- c:\windows\system32\msv1_0.dll
2012-08-24 10:48 . 2012-08-24 10:48 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2012-08-24 10:48 . 2012-08-24 10:48 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2012-08-24 10:48 . 2012-08-24 10:48 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2012-08-24 10:48 . 2012-08-24 10:48 49664 ----a-w- c:\windows\system32\csrsrv.dll
2012-08-24 10:48 . 2012-08-24 10:48 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-08-24 10:47 . 2012-08-24 10:47 98816 ----a-w- c:\windows\system32\mfps.dll
2012-08-24 10:47 . 2012-08-24 10:47 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2012-08-24 10:47 . 2012-08-24 10:47 2855424 ----a-w- c:\windows\system32\mf.dll
2012-08-24 10:47 . 2012-08-24 10:47 24576 ----a-w- c:\windows\system32\mfpmp.exe
2012-08-24 10:47 . 2012-08-24 10:47 2048 ----a-w- c:\windows\system32\mferror.dll
2012-08-24 10:46 . 2012-08-24 10:46 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-24 10:46 . 2012-08-24 10:46 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-24 10:44 . 2012-08-24 10:44 434176 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:43 . 2012-08-24 10:43 71680 ----a-w- c:\windows\system32\atl.dll
2012-08-24 10:42 . 2012-08-24 10:42 297472 ----a-w- c:\windows\system32\gdi32.dll
2012-08-24 10:41 . 2012-08-24 10:41 41984 ----a-w- c:\windows\system32\drivers\monitor.sys
2012-08-24 10:41 . 2012-08-24 10:41 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-24 10:40 . 2012-08-24 10:40 374456 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
2012-08-24 10:39 . 2012-08-24 10:39 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2012-08-24 10:39 . 2012-08-24 10:39 30208 ----a-w- c:\windows\system32\xolehlp.dll
2012-08-24 10:39 . 2012-08-24 10:39 156160 ----a-w- c:\windows\system32\wkssvc.dll
2012-08-24 10:38 . 2012-08-24 10:38 36352 ----a-w- c:\windows\system32\tsgqec.dll
2012-08-24 10:38 . 2012-08-24 10:38 1871872 ----a-w- c:\windows\system32\mstscax.dll
2012-08-24 10:38 . 2012-08-24 10:38 116736 ----a-w- c:\windows\system32\aaclient.dll
2012-08-24 10:37 . 2012-08-24 10:37 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2012-08-24 10:36 . 2012-08-24 10:36 414208 ----a-w- c:\windows\system32\msscp.dll
2012-08-24 10:35 . 2012-08-24 10:35 713728 ----a-w- c:\windows\system32\timedate.cpl
2012-08-24 10:35 . 2012-08-24 10:35 356864 ----a-w- c:\windows\system32\MediaMetadataHandler.dll
2012-08-24 10:34 . 2012-08-24 10:34 86016 ----a-w- c:\windows\system32\icfupgd.dll
2012-08-24 10:34 . 2012-08-24 10:34 63488 ----a-w- c:\windows\system32\drivers\mpsdrv.sys
2012-08-24 10:34 . 2012-08-24 10:34 61952 ----a-w- c:\windows\system32\cmifw.dll
2012-08-24 10:34 . 2012-08-24 10:34 396800 ----a-w- c:\windows\system32\MPSSVC.dll
2012-08-24 10:34 . 2012-08-24 10:34 392192 ----a-w- c:\windows\system32\FirewallAPI.dll
2012-08-24 10:34 . 2012-08-24 10:34 16896 ----a-w- c:\windows\system32\wfapigp.dll
2012-08-24 10:33 . 2012-08-24 10:33 150016 ----a-w- c:\program files\Movie Maker\MOVIEMK.exe
2012-08-24 10:33 . 2012-08-24 10:33 10922496 ----a-w- c:\program files\Movie Maker\MOVIEMK.dll
2012-08-24 10:33 . 2012-08-24 10:33 23040 ----a-w- c:\program files\Movie Maker\WMM2EXT.dll
2012-08-24 10:33 . 2012-08-24 10:33 195072 ----a-w- c:\program files\Movie Maker\WMM2AE.dll
2012-08-24 10:32 . 2012-08-24 10:32 1244672 ----a-w- c:\windows\system32\mcmde.dll
2012-08-24 10:32 . 2012-08-24 10:32 80896 ----a-w- c:\windows\system32\MSNP.ax
2012-08-24 10:32 . 2012-08-24 10:32 68608 ----a-w- c:\windows\system32\Mpeg2Data.ax
2012-08-24 10:32 . 2012-08-24 10:32 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-08-24 10:32 . 2012-08-24 10:32 428032 ----a-w- c:\windows\system32\EncDec.dll
2012-08-24 10:32 . 2012-08-24 10:32 292352 ----a-w- c:\windows\system32\psisdecd.dll
2012-08-24 10:32 . 2012-08-24 10:32 217088 ----a-w- c:\windows\system32\psisrndr.ax
2012-08-24 10:32 . 2012-08-24 10:32 177152 ----a-w- c:\windows\system32\mpg2splt.ax
2012-08-24 10:30 . 2012-08-24 10:30 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-24 10:29 . 2012-08-24 10:29 696832 ----a-w- c:\windows\system32\localspl.dll
2012-08-24 10:29 . 2012-08-24 10:29 45112 ----a-w- c:\windows\system32\drivers\pciidex.sys
2012-08-24 10:29 . 2012-08-24 10:29 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2012-08-24 10:29 . 2012-08-24 10:29 15928 ----a-w- c:\windows\system32\drivers\pciide.sys
2012-08-24 10:29 . 2012-08-24 10:29 211000 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-08-24 10:29 . 2012-08-24 10:29 154624 ----a-w- c:\windows\system32\drivers\nwifi.sys
2012-08-24 10:29 . 2012-08-24 10:29 109624 ----a-w- c:\windows\system32\drivers\ataport.sys
2012-08-24 10:28 . 2012-08-24 10:28 104448 ----a-w- c:\windows\system32\DWWIN.EXE
2012-08-24 10:28 . 2012-08-24 10:28 2923520 ----a-w- c:\windows\explorer.exe
2012-08-24 10:27 . 2012-08-24 10:27 8704 ----a-w- c:\windows\system32\hcrstco.dll
2012-08-24 10:27 . 2012-08-24 10:27 8704 ----a-w- c:\windows\system32\hccoin.dll
2012-08-24 10:27 . 2012-08-24 10:27 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2012-08-24 10:27 . 2012-08-24 10:27 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-08-24 10:27 . 2012-08-24 10:27 38400 ----a-w- c:\windows\system32\drivers\usbehci.sys
2012-08-24 10:27 . 2012-08-24 10:27 23040 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2012-08-24 10:27 . 2012-08-24 10:27 224768 ----a-w- c:\windows\system32\drivers\usbport.sys
2012-08-24 10:27 . 2012-08-24 10:27 192000 ----a-w- c:\windows\system32\drivers\usbhub.sys
2012-08-24 10:26 . 2012-08-24 10:26 171520 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 10:26 . 2012-08-24 10:26 494592 ----a-w- c:\windows\system32\kerberos.dll
2012-08-24 10:26 . 2012-08-24 10:26 175104 ----a-w- c:\windows\system32\wdigest.dll
2012-08-24 10:26 . 2012-08-24 10:26 7680 ----a-w- c:\windows\system32\lsass.exe
2012-08-24 10:26 . 2012-08-24 10:26 72704 ----a-w- c:\windows\system32\secur32.dll
2012-08-24 10:26 . 2012-08-24 10:26 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-08-24 10:26 . 2012-08-24 10:26 1233920 ----a-w- c:\windows\system32\lsasrv.dll
2012-08-24 10:26 . 2012-08-24 10:26 272384 ----a-w- c:\windows\system32\schannel.dll
2012-08-24 10:26 . 2012-08-24 10:26 24064 ----a-w- c:\windows\system32\netcfg.exe
2012-08-24 10:23 . 2012-08-24 10:23 549888 ----a-w- c:\windows\system32\rpcss.dll
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-27 00:39 . 2012-08-27 00:39 36864 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui
2012-08-24 10:57 . 2012-08-24 10:57 52736 ----a-w- c:\windows\apppatch\iebrshim.dll
2012-08-24 10:40 . 2006-11-02 08:30 134760 ----a-w- c:\windows\system32\halacpi.dll
2012-08-24 10:40 . 2006-11-02 08:30 160872 ----a-w- c:\windows\system32\halmacpi.dll
2012-08-24 10:24 . 2012-08-24 10:24 3072 ----a-w- c:\windows\system32\drivers\en-US\mouhid.sys.mui
2012-08-24 10:24 . 2012-08-24 10:24 5632 ----a-w- c:\windows\system32\drivers\en-US\sermouse.sys.mui
2012-08-24 10:24 . 2012-08-24 10:24 4608 ----a-w- c:\windows\system32\drivers\en-US\mouclass.sys.mui
2012-08-24 10:24 . 2012-08-24 10:24 4608 ----a-w- c:\windows\system32\drivers\en-US\kbdclass.sys.mui
2012-08-24 10:24 . 2012-08-24 10:24 3072 ----a-w- c:\windows\system32\drivers\en-US\kbdhid.sys.mui
2012-08-24 10:24 . 2012-08-24 10:24 10752 ----a-w- c:\windows\system32\drivers\en-US\i8042prt.sys.mui
2012-08-24 10:20 . 2012-08-24 10:20 40960 ----a-w- c:\windows\apppatch\apihex86.dll
2012-08-24 10:12 . 2012-08-24 10:12 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2012-08-24 10:12 . 2012-08-24 10:12 537600 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-08-24 10:12 . 2012-08-24 10:12 449024 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2012-08-24 10:12 . 2012-08-24 10:12 2143744 ----a-w- c:\windows\apppatch\AcGenral.dll
2012-08-24 10:12 . 2012-08-24 10:12 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-09-04_00.19.16   )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-23 19:49 . 2012-09-05 00:22 26370              c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2012-09-05 00:22 58762              c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:02 . 2012-08-27 21:51 16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:02 . 2012-09-04 23:11 16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 13:02 . 2012-08-27 21:51 32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:02 . 2012-09-04 23:11 32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:02 . 2012-09-04 23:11 16384              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2006-11-02 13:02 . 2012-08-27 21:51 16384              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-08-24 20:05 . 2012-09-04 00:28 16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-08-24 20:05 . 2012-09-04 00:11 16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-08-24 20:05 . 2012-09-04 00:11 16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-08-24 20:05 . 2012-09-04 00:28 16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-08-23 19:52 . 2012-09-04 00:12 16608              c:\windows\gdrv.sys
+ 2012-08-23 19:52 . 2012-09-05 00:22 16608              c:\windows\gdrv.sys
+ 2012-08-23 19:49 . 2012-09-04 23:10 5482              c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1963017673-917373318-2746995141-1000_UserData.bin
+ 2012-09-05 00:19 . 2012-09-05 00:19 2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-09-04 00:11 . 2012-09-04 00:11 2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-09-04 00:11 . 2012-09-04 00:11 2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-09-05 00:19 . 2012-09-05 00:19 2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2012-09-04 23:11 617662              c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2012-09-04 00:18 617662              c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2012-09-04 23:11 103440              c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2012-09-04 00:18 103440              c:\windows\System32\perfc009.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2012-08-24 1232896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2012-08-24 2042208]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904]
"57xxSteelVine"="c:\program files\Silicon Image\57xx SteelVine\SteelVineManager.exe" [2007-08-20 1720320]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"Trend Micro RUBotted V2.0 Beta"="c:\program files\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-12-17 1103184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
.
S2 57xx SteelVine Manager;57xx SteelVine;c:\program files\Silicon Image\57xx SteelVine\SteelVine.exe [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-23 c:\windows\Tasks\SpeedyPC Pro.job
- c:\program files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-08-09 20:44]
.
2012-08-25 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2012-07-06 20:52]
.
2012-09-05 c:\windows\Tasks\SpeedyPC Update Version3 Startup Task.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-07-06 20:52]
.
2012-08-23 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-07-06 20:52]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.69.1
.
.
**************************************************************************
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files:
.
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG8\avgwdsvc.exe
c:\program files\GIGABYTE\EnergySaver\GSvr.exe
c:\program files\Trend Micro\RUBotted\RUBotSrv.exe
c:\progra~1\AVG\AVG8\avgemc.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\ccwindows\system32\WUDFHost.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\windows\RtHDVCpl.exe
.
**************************************************************************
.
Completion time: 2012-09-04  17:23:51 - machine was rebooted
ComboFix-quarantined-files.txt  2012-09-05 00:23
ComboFix2.txt  2012-09-04 00:34
ComboFix3.txt  2012-09-04 00:20
.
Pre-Run: 286,006,059,008 bytes free
Post-Run: 286,418,595,840 bytes free
.
- - End Of File - - 8C2B646D102FFDC007CD8115C6B64146
Back to Top
 

Chips
New Member


Date Joined Sep 2012
Total Posts : 8
 
   Posted 9/14/2012 4:57 AM (GMT +2)    Quote: VGA corrupt (Kernel code patch)Alert an admin about: VGA corrupt (Kernel code patch)
Thought I had it figured out, but it's still here. 

Post Edited (Chips) : 9/14/2012 4:47:19 AM GMT

Back to Top
 

Andreea-Luciana Ostache
Forum Moderator




Date Joined Aug 2010
Total Posts : 549
 
   Posted 9/14/2012 8:48 AM (GMT +2)    Quote: VGA corrupt (Kernel code patch)Alert an admin about: VGA corrupt (Kernel code patch)
Here is something that I don't understand. Your hijackthis and gmer logs are for Windows 7 and the Combofix log is for Windows Vista. The GMER log is newer, so is it safe to assume that you had vista and you have Windows 7 now?


Andreea-Luciana Ostache
Senior Support Technician EN
support@bullguard.com
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security 12

You have a BullGuard related problem? Post your question on these forums, contact Support or contact me on Twitter!

Back to Top
 

Chips
New Member


Date Joined Sep 2012
Total Posts : 8
 
   Posted 9/14/2012 7:50 PM (GMT +2)    Quote: VGA corrupt (Kernel code patch)Alert an admin about: VGA corrupt (Kernel code patch)
Sorry, I have a Vista machine with a similar problem and posted the wrong log. Here is the log for WIN7:

ComboFix 12-09-13.03 - Norm 09/13/2012 17:01:46.4.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1013.388 [GMT -7:00]
Running from: E:\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-14 to 2012-09-14 )))))))))))))))))))))))))))))))
.
.
2012-09-14 00:11 . 2012-09-14 00:11 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F1C8B781-EC60-4679-80B0-6EC572454DB6}\offreg.dll
2012-09-14 00:11 . 2012-09-14 00:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-13 23:24 . 2012-09-13 23:24 -------- d-----w- c:\program files\7-Zip
2012-09-13 22:34 . 2012-09-13 22:34 -------- d-----w- c:\users\Norm\AppData\Roaming\Dell
2012-09-13 22:33 . 2012-09-13 22:33 -------- d-----w- c:\programdata\PCDr
2012-09-13 22:33 . 2012-09-13 22:33 -------- d-----w- c:\programdata\PC-Doctor for Windows
2012-09-13 22:33 . 2012-09-13 22:33 -------- d-----w- c:\programdata\Dell
2012-09-13 22:32 . 2012-09-13 22:33 -------- d-----w- c:\program files\Dell Support Center
2012-09-13 22:20 . 2012-09-13 22:32 -------- d-----w- c:\users\Norm\AppData\Roaming\PCDr
2012-09-13 22:19 . 2012-09-13 22:20 -------- d-----w- C:\DeLL
2012-09-13 20:09 . 2012-09-13 20:09 -------- d-----w- c:\users\Norm\AppData\Roaming\Free Download Manager
2012-09-13 20:09 . 2012-09-13 20:09 -------- d-----w- c:\users\Norm\AppData\Local\Wajam
2012-09-13 20:08 . 2012-09-13 20:10 -------- d-----w- c:\users\Norm\AppData\Local\antiphishing-vmninternethelper1_1dn
2012-09-13 20:05 . 2012-09-13 20:10 -------- d-----w- c:\programdata\blekko toolbars
2012-09-13 13:43 . 2012-08-28 08:50 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F1C8B781-EC60-4679-80B0-6EC572454DB6}\mpengine.dll
2012-09-13 13:43 . 2012-05-31 19:25 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-09-13 13:40 . 2012-09-13 13:40 -------- d-----w- c:\program files\videofixer
2012-09-12 23:50 . 2012-09-12 23:50 14664 ----a-w- c:\windows\stinger.sys
2012-09-12 23:47 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-09-12 23:47 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-09-12 23:47 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-09-12 23:47 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-09-12 23:47 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-09-12 23:47 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-09-12 23:47 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-09-12 23:47 . 2012-06-02 22:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-09-12 23:47 . 2012-06-02 22:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-09-12 23:44 . 2012-09-13 00:31 -------- d-----w- c:\program files\stinger
2012-09-12 23:42 . 2012-09-13 23:24 -------- d-sh--w- c:\windows\Installer
2012-09-12 23:42 . 2012-09-12 23:42 -------- d-----w- c:\users\Norm\AppData\Roaming\SUPERAntiSpyware.com
2012-09-12 23:42 . 2012-09-12 23:42 -------- d-----w- c:\users\Norm\AppData\Local\Google
2012-09-12 23:42 . 2012-09-12 23:43 -------- d-----w- c:\program files\Google
2012-09-12 23:42 . 2012-09-12 23:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-12 23:42 . 2012-09-12 23:42 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-09-12 14:49 . 2012-09-12 15:41 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-06 4780928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-12 23:42]
.
2012-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-12 23:42]
.
.
------- Supplementary Scan -------
.
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
TCP: DhcpNameServer = 192.168.69.1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Free Download Manager - c:\program files\Free Download Manager\fdm.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-13 17:15:34
ComboFix-quarantined-files.txt 2012-09-14 00:15
ComboFix2.txt 2012-09-13 20:48
ComboFix3.txt 2012-09-13 00:45
ComboFix4.txt 2012-09-12 21:08
.
Pre-Run: 149,300,518,912 bytes free
Post-Run: 149,221,670,912 bytes free
.
- - End Of File - - 4CB60A23104EFDEDC6C5E5319ECCD085
Back to Top
 

Andreea-Luciana Ostache
Forum Moderator




Date Joined Aug 2010
Total Posts : 549
 
   Posted 9/14/2012 9:53 PM (GMT +2)    Quote: VGA corrupt (Kernel code patch)Alert an admin about: VGA corrupt (Kernel code patch)
Uninstall PC-Doctor for Windows and blekko toolbars.

Run public.avast.com/~gmerek/aswMBR.exe
Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply

Also open notepad and copy/paste the text in the quotebox below into it:
RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]


Save this as CFScript.txt, in the same location as ComboFix.exe


drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Andreea-Luciana Ostache
Senior Support Technician EN
support@bullguard.com
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security 12

You have a BullGuard related problem? Post your question on these forums, contact Support or contact me on Twitter!

Back to Top
 

Chips
New Member


Date Joined Sep 2012
Total Posts : 8
 
   Posted 9/15/2012 3:12 AM (GMT +2)    Quote: VGA corrupt (Kernel code patch)Alert an admin about: VGA corrupt (Kernel code patch)
Thanks again for your help. Here are the logs you requested:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-14 17:20:31
-----------------------------
17:20:31.716 OS Version: Windows 6.1.7601 Service Pack 1
17:20:31.716 Number of processors: 2 586 0x1C0A
17:20:31.716 ComputerName: NORM-PC UserName: Norm
17:20:33.993 Initialize success
17:20:34.914 AVAST engine defs: 12091400
17:20:41.185 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:20:41.185 Disk 0 Vendor: ST9160314AS D005DEM1 Size: 152626MB BusType: 11
17:20:41.232 Disk 0 MBR read successfully
17:20:41.247 Disk 0 MBR scan
17:20:41.278 Disk 0 Windows 7 default MBR code
17:20:41.310 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:20:41.356 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152524 MB offset 206848
17:20:41.450 Disk 0 scanning sectors +312576000
17:20:41.590 Disk 0 scanning C:\Windows\system32\drivers
17:20:57.112 Service scanning
17:21:24.647 Modules scanning
17:21:46.377 Disk 0 trace - called modules:
17:21:46.471 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys
17:21:46.487 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x83f32ac8]
17:21:46.502 3 CLASSPNP.SYS[863b559e] -> nt!IofCallDriver -> [0x83e54918]
17:21:46.549 5 ACPI.sys[85e9b3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x83e2b908]
17:21:47.594 AVAST engine scan C:\Windows
17:21:51.947 AVAST engine scan C:\Windows\system32
17:24:07.464 AVAST engine scan C:\Windows\system32\drivers
17:24:19.710 AVAST engine scan C:\Users\Norm
17:25:04.342 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
17:25:04.560 The log file has been saved successfully to "E:\aswMBR Log.txt"


ComboFix 12-09-13.03 - Norm 09/14/2012 17:38:21.5.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1013.488 [GMT -7:00]
Running from: E:\ComboFix.exe
Command switches used :: E:\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-15 to 2012-09-15 )))))))))))))))))))))))))))))))
.
.
2012-09-15 00:52 . 2012-09-15 00:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-14 23:47 . 2012-08-28 08:50 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5C4D4E49-E0F7-45C5-8957-3A0541DDB136}\mpengine.dll
2012-09-14 22:56 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-09-14 22:56 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-09-14 22:56 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-09-14 22:56 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-09-14 22:42 . 2012-09-14 22:42 131344 ----a-w- c:\windows\system32\drivers\tmrkb.sys
2012-09-14 22:42 . 2012-09-14 22:42 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-09-14 04:35 . 2012-09-14 04:35 -------- d-----w- c:\programdata\Kaspersky Lab
2012-09-14 00:56 . 2012-08-21 09:13 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-09-14 00:56 . 2012-08-21 09:13 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-09-14 00:56 . 2012-08-21 09:13 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-09-14 00:56 . 2012-08-21 09:13 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-09-14 00:56 . 2012-08-21 09:13 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-09-14 00:56 . 2012-08-21 09:13 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-09-14 00:55 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-09-14 00:55 . 2012-08-21 09:12 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-09-14 00:54 . 2012-09-14 01:07 -------- d-----w- c:\programdata\AVAST Software
2012-09-14 00:54 . 2012-09-14 00:54 -------- d-----w- c:\program files\AVAST Software
2012-09-13 23:24 . 2012-09-13 23:24 -------- d-----w- c:\program files\7-Zip
2012-09-13 22:34 . 2012-09-13 22:34 -------- d-----w- c:\users\Norm\AppData\Roaming\Dell
2012-09-13 22:33 . 2012-09-13 22:33 -------- d-----w- c:\programdata\Dell
2012-09-13 22:32 . 2012-09-13 22:33 -------- d-----w- c:\program files\Dell Support Center
2012-09-13 22:20 . 2012-09-13 22:32 -------- d-----w- c:\users\Norm\AppData\Roaming\PCDr
2012-09-13 22:19 . 2012-09-13 22:20 -------- d-----w- C:\DeLL
2012-09-13 20:09 . 2012-09-13 20:09 -------- d-----w- c:\users\Norm\AppData\Roaming\Free Download Manager
2012-09-13 20:09 . 2012-09-13 20:09 -------- d-----w- c:\users\Norm\AppData\Local\Wajam
2012-09-13 20:08 . 2012-09-13 20:10 -------- d-----w- c:\users\Norm\AppData\Local\antiphishing-vmninternethelper1_1dn
2012-09-13 14:10 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-13 14:10 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-13 14:08 . 2012-06-02 04:40 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-09-13 14:07 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\explorer.exe
2012-09-13 13:59 . 2011-02-03 05:54 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2012-09-13 13:43 . 2012-05-31 19:25 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-09-13 13:40 . 2012-09-13 13:40 -------- d-----w- c:\program files\videofixer
2012-09-13 13:40 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-09-13 13:40 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-09-12 23:50 . 2012-09-12 23:50 14664 ----a-w- c:\windows\stinger.sys
2012-09-12 23:47 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-09-12 23:47 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-09-12 23:47 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-09-12 23:47 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-09-12 23:47 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-09-12 23:47 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-09-12 23:47 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-09-12 23:47 . 2012-06-02 22:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-09-12 23:47 . 2012-06-02 22:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-09-12 23:44 . 2012-09-13 00:31 -------- d-----w- c:\program files\stinger
2012-09-12 23:42 . 2012-09-14 01:07 -------- d-sh--w- c:\windows\Installer
2012-09-12 23:42 . 2012-09-12 23:42 -------- d-----w- c:\users\Norm\AppData\Roaming\SUPERAntiSpyware.com
2012-09-12 23:42 . 2012-09-12 23:42 -------- d-----w- c:\users\Norm\AppData\Local\Google
2012-09-12 23:42 . 2012-09-12 23:43 -------- d-----w- c:\program files\Google
2012-09-12 23:42 . 2012-09-12 23:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-12 23:42 . 2012-09-12 23:42 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-09-12 14:49 . 2012-09-12 15:41 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-06 4780928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-12 23:42]
.
2012-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-12 23:42]
.
.
------- Supplementary Scan -------
.
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
TCP: DhcpNameServer = 192.168.69.1
.
.
Completion time: 2012-09-14 17:58:20
ComboFix-quarantined-files.txt 2012-09-15 00:58
ComboFix2.txt 2012-09-14 00:15
ComboFix3.txt 2012-09-13 20:48
ComboFix4.txt 2012-09-13 00:45
ComboFix5.txt 2012-09-15 00:36
.
Pre-Run: 146,973,491,200 bytes free
Post-Run: 146,838,061,056 bytes free
.
- - End Of File - - 576C2B4BDF275ABEDF0A84C77B670698

Post Edited (Chips) : 9/15/2012 1:21:01 AM GMT

Back to Top
 

Andreea-Luciana Ostache
Forum Moderator




Date Joined Aug 2010
Total Posts : 549
 
   Posted 9/15/2012 7:17 AM (GMT +2)    Quote: VGA corrupt (Kernel code patch)Alert an admin about: VGA corrupt (Kernel code patch)
Right. I don't see anything out of place.

Run CCleaner www.piriform.com/ccleaner/download/standard install it with the default settings and run both temp removal and registry scan. Fix everything it finds.

Then visit the site of the manufacturer of your video card and use the "detection" tool they have to automatically download the driver for your card. If it gives you an error when trying to install, write down the exact error message.

Make sure you have all the Windows Updates as well. Both optional and important.


Andreea-Luciana Ostache
Senior Support Technician EN
support@bullguard.com
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security 12

You have a BullGuard related problem? Post your question on these forums, contact Support or contact me on Twitter!

Back to Top
 

Chips
New Member


Date Joined Sep 2012
Total Posts : 8
 
   Posted 9/15/2012 7:34 PM (GMT +2)    Quote: VGA corrupt (Kernel code patch)Alert an admin about: VGA corrupt (Kernel code patch)
Here is the CCcleaner log:

7-Zip 9.21 Igor Pavlov 9/13/2012 3.54 MB 9.21.00.0
avast! Free Antivirus AVAST Software 9/13/2012 7.0.1466.0
CCleaner Piriform 8/22/2012 3.22
Dell Support Center PC-Doctor, Inc. 9/13/2012 128 MB 3.2.6032.55
Google Toolbar for Internet Explorer Google Inc. 9/15/2012 7.4.3203.136
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 9/13/2012 596 KB 9.0.30729.4148
SUPERAntiSpyware SUPERAntiSpyware.com 9/12/2012 148 MB 5.5.1016
Video Fixer 3.23 video-fixer Inc. 9/13/2012

This is the log from RootkitBuster FWIW:

Operating System Hook ZwAddBootEntry; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwAllocateVirtualMemory; hooked by C:\Windows\System32\Drivers\aswSP.SYS Unable to fix false
Operating System Hook ZwAssignProcessToJobObject; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwCreateEvent; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwCreateEventPair; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwCreateIoCompletion; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwCreateMutant; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwCreateSection; hooked by C:\Windows\System32\Drivers\aswSP.SYS Unable to fix false
Operating System Hook ZwCreateSemaphore; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwCreateThread; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwCreateThreadEx; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwCreateTimer; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwDebugActiveProcess; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwDeleteBootEntry; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwFreeVirtualMemory; hooked by C:\Windows\System32\Drivers\aswSP.SYS Unable to fix false
Operating System Hook ZwLoadDriver; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwModifyBootEntry; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwNotifyChangeKey; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwNotifyChangeMultipleKeys; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook Z!!!enEvent; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook Z!!!enEventPair; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook Z!!!enIoCompletion; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook Z!!!enMutant; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook Z!!!enSection; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook Z!!!enSemaphore; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook Z!!!enTimer; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwProtectVirtualMemory; hooked by C:\Windows\System32\Drivers\aswSP.SYS Unable to fix false
Operating System Hook ZwQueryObject; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwQueueApcThreadEx; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwSetBootEntryOrder; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwSetBootOptions; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwSetContextThread; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwSetSystemInformation; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwSetSystemPowerState; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwShutdownSystem; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwSuspendProcess; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwSuspendThread; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwSystemDebugControl; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwTerminateProcess; hooked by C:\Windows\System32\Drivers\aswSP.SYS Unable to fix false
Operating System Hook ZwTerminateThread; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwVdmControl; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwWriteVirtualMemory; hooked by C:\Windows\System32\Drivers\aswSP.SYS Unable to fix false

Operating System Hook ZwAddBootEntry; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwAllocateVirtualMemory; hooked by C:\Windows\System32\Drivers\aswSP.SYS Unable to fix false
Operating System Hook ZwAssignProcessToJobObject; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwCreateEvent; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwCreateEventPair; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwCreateIoCompletion; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwCreateMutant; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwCreateSection; hooked by C:\Windows\System32\Drivers\aswSP.SYS Unable to fix false
Operating System Hook ZwCreateSemaphore; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwCreateThread; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwCreateThreadEx; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwCreateTimer; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwDebugActiveProcess; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwDeleteBootEntry; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwFreeVirtualMemory; hooked by C:\Windows\System32\Drivers\aswSP.SYS Unable to fix false
Operating System Hook ZwLoadDriver; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwModifyBootEntry; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwNotifyChangeKey; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwNotifyChangeMultipleKeys; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook Z!!!enEvent; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook Z!!!enEventPair; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook Z!!!enIoCompletion; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook Z!!!enMutant; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook Z!!!enSection; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook Z!!!enSemaphore; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook Z!!!enTimer; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwProtectVirtualMemory; hooked by C:\Windows\System32\Drivers\aswSP.SYS Unable to fix false
Operating System Hook ZwQueryObject; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwQueueApcThreadEx; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwSetBootEntryOrder; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwSetBootOptions; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwSetContextThread; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwSetSystemInformation; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwSetSystemPowerState; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwShutdownSystem; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwSuspendProcess; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwSuspendThread; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwSystemDebugControl; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwTerminateProcess; hooked by C:\Windows\System32\Drivers\aswSP.SYS Unable to fix false
Operating System Hook ZwTerminateThread; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwVdmControl; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwWriteVirtualMemory; hooked by C:\Windows\System32\Drivers\aswSP.SYS Unable to fix false



Here is the CCcleaner log:

7-Zip 9.21 Igor Pavlov 9/13/2012 3.54 MB 9.21.00.0
avast! Free Antivirus AVAST Software 9/13/2012 7.0.1466.0
CCleaner Piriform 8/22/2012 3.22
Dell Support Center PC-Doctor, Inc. 9/13/2012 128 MB 3.2.6032.55
Google Toolbar for Internet Explorer Google Inc. 9/15/2012 7.4.3203.136
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 9/13/2012 596 KB 9.0.30729.4148
SUPERAntiSpyware SUPERAntiSpyware.com 9/12/2012 148 MB 5.5.1016
Video Fixer 3.23 video-fixer Inc. 9/13/2012

This is the log from RootkitBuster FWIW:

Operating System Hook ZwAddBootEntry; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwAllocateVirtualMemory; hooked by C:\Windows\System32\Drivers\aswSP.SYS Unable to fix false
Operating System Hook ZwAssignProcessToJobObject; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwCreateEvent; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwCreateEventPair; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwCreateIoCompletion; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwCreateMutant; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwCreateSection; hooked by C:\Windows\System32\Drivers\aswSP.SYS Unable to fix false
Operating System Hook ZwCreateSemaphore; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwCreateThread; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwCreateThreadEx; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwCreateTimer; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwDebugActiveProcess; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwDeleteBootEntry; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwFreeVirtualMemory; hooked by C:\Windows\System32\Drivers\aswSP.SYS Unable to fix false
Operating System Hook ZwLoadDriver; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwModifyBootEntry; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwNotifyChangeKey; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwNotifyChangeMultipleKeys; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook Z!!!enEvent; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook Z!!!enEventPair; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook Z!!!enIoCompletion; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook Z!!!enMutant; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook Z!!!enSection; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook Z!!!enSemaphore; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook Z!!!enTimer; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwProtectVirtualMemory; hooked by C:\Windows\System32\Drivers\aswSP.SYS Unable to fix false
Operating System Hook ZwQueryObject; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwQueueApcThreadEx; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwSetBootEntryOrder; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwSetBootOptions; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwSetContextThread; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwSetSystemInformation; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwSetSystemPowerState; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwShutdownSystem; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwSuspendProcess; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwSuspendThread; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwSystemDebugControl; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwTerminateProcess; hooked by C:\Windows\System32\Drivers\aswSP.SYS Unable to fix false
Operating System Hook ZwTerminateThread; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwVdmControl; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwWriteVirtualMemory; hooked by C:\Windows\System32\Drivers\aswSP.SYS Unable to fix false

Operating System Hook ZwAddBootEntry; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwAllocateVirtualMemory; hooked by C:\Windows\System32\Drivers\aswSP.SYS Unable to fix false
Operating System Hook ZwAssignProcessToJobObject; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwCreateEvent; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwCreateEventPair; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwCreateIoCompletion; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwCreateMutant; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwCreateSection; hooked by C:\Windows\System32\Drivers\aswSP.SYS Unable to fix false
Operating System Hook ZwCreateSemaphore; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwCreateThread; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwCreateThreadEx; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwCreateTimer; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwDebugActiveProcess; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwDeleteBootEntry; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwFreeVirtualMemory; hooked by C:\Windows\System32\Drivers\aswSP.SYS Unable to fix false
Operating System Hook ZwLoadDriver; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwModifyBootEntry; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwNotifyChangeKey; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwNotifyChangeMultipleKeys; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook Z!!!enEvent; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook Z!!!enEventPair; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook Z!!!enIoCompletion; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook Z!!!enMutant; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook Z!!!enSection; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook Z!!!enSemaphore; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook Z!!!enTimer; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwProtectVirtualMemory; hooked by C:\Windows\System32\Drivers\aswSP.SYS Unable to fix false
Operating System Hook ZwQueryObject; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwQueueApcThreadEx; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwSetBootEntryOrder; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwSetBootOptions; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwSetContextThread; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwSetSystemInformation; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwSetSystemPowerState; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwShutdownSystem; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwSuspendProcess; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwSuspendThread; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwSystemDebugControl; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwTerminateProcess; hooked by C:\Windows\System32\Drivers\aswSP.SYS Unable to fix false
Operating System Hook ZwTerminateThread; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwVdmControl; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false
Operating System Hook ZwWriteVirtualMemory; hooked by C:\Windows\System32\Drivers\aswSP.SYS Unable to fix false

My system is up to date with the latest Dell update, and all 82 Windows updates dowmloaded.

I still get Illegal operation and operation failed dialog boxes when I try to run programs unless I run rkill first.

When I tried to run Sysclean, most of the files suddenly had a 'Z' on the end and couldn't run. When I tried to rename them, the z reappeared.

It took several downloads to finally get it to run.

If I shut my wireless off, it turns back on. The only way I can keep off the internet is to shut off my modem.

Earlier, cccleaner reported TSC_Genclean and Troj_SPNR.OBD112 as malware, but no longer.

I finally deleted PC-Doctor fron the registry.
 
I ran "Rkill" tobe able to run other utilities. It reported: "Security center is not running"
 
"Sensr Svc (missing)" and "Windows update not running, set to automatic (delayed start)".
 
I tried to run Bit Defender rescue, but unable to update.
 
 
I don't know if any of this means anything, but I though I better pass it along.

Thanks

Post Edited (Chips) : 9/16/2012 3:01:09 AM GMT

Back to Top
 

Andreea-Luciana Ostache
Forum Moderator




Date Joined Aug 2010
Total Posts : 549
 
   Posted 9/21/2012 5:12 AM (GMT +2)    Quote: VGA corrupt (Kernel code patch)Alert an admin about: VGA corrupt (Kernel code patch)
First of all, sorry for the late reply. I really had a busy week last week.

Now, the aswSnx.SYS that RootkitBuster is unable to "fix" belongs to Avast and it's a Virtualization Driver.

From everything you have explained, you are having issues with the system itself. I do not see any infections in your logs. Try and take one issue at a time and search for solutions.


Andreea-Luciana Ostache
Senior Support Technician EN
support@bullguard.com
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security 12

You have a BullGuard related problem? Post your question on these forums, contact Support or contact me on Twitter!

Back to Top
 

Chips
New Member


Date Joined Sep 2012
Total Posts : 8
 
   Posted 9/22/2012 1:08 AM (GMT +2)    Quote: VGA corrupt (Kernel code patch)Alert an admin about: VGA corrupt (Kernel code patch)
I am firmly convinced this PC has malware in flash memory somewhere. I've had the BIOS battery out, formatted
the HDD/u, exchanged the RAM and still get error messages like"Illegal operation attempted on a registry key that has been marked for deletion" and" unspecified error" and the longer it's on the net, the worse it gets.
I've ordered another motherboard and I'll let you know how it turns out. I hate to let them win, but I've spent
a lot of time on this and don't seem to be getting anywhere.
Here is the last ComboFix log from a few minutes ago.
 
Thank you for your help with this, I can see from the forum just how busy you are and I really appreciate your
time and effort.


ComboFix 12-09-20.03 - norm 09/21/2012  14:50:16.4.2 - x86
Microsoft Windows 7 Starter   6.1.7601.1.1252.1.1033.18.2037.1334 [GMT -7:00]
Running from: E:\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2012-08-21 to 2012-09-21  )))))))))))))))))))))))))))))))
.
.
2012-09-21 22:19 . 2012-09-21 22:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-21 17:55 . 2012-09-21 17:57 -------- d-----w- c:\program files\CCleaner
2012-09-21 12:31 . 2012-09-21 12:32 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-09-21 12:29 . 2012-09-21 12:29 -------- d-----w- c:\programdata\Malwarebytes
2012-09-21 12:29 . 2012-09-21 12:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-21 12:29 . 2012-09-08 00:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-20 16:56 . 2012-09-20 19:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-09-20 16:56 . 2012-09-20 19:06 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-09-20 16:42 . 2009-07-07 08:05 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-20 16:23 . 2012-09-20 16:23 -------- d-----w- c:\program files\Microsoft.NET
2012-09-20 16:17 . 2012-09-20 16:17 -------- d-----w- c:\program files\Microsoft WSE
2012-09-20 15:04 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-09-20 15:04 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-09-20 15:04 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-09-20 15:04 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-09-20 01:03 . 2012-09-20 01:03 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CE43CA50-56C3-4969-9915-3CD5512F5CB4}\offreg.dll
2012-09-20 00:54 . 2012-09-21 12:51 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-20 00:54 . 2012-09-20 00:54 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-09-20 00:11 . 2012-09-20 00:11 -------- d-----w- c:\program files\Trend Micro
2012-09-19 22:16 . 2012-09-19 22:16 -------- d-----w- c:\program files\videofixer
2012-09-19 21:35 . 2012-09-19 21:35 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-09-19 21:25 . 2012-09-19 21:25 -------- d-----w- C:\Combo123
2012-09-19 20:55 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-09-19 20:55 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-09-19 19:21 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-19 19:21 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-19 19:20 . 2011-04-29 02:46 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2012-09-19 19:20 . 2011-04-29 02:46 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2012-09-19 19:20 . 2011-04-29 02:46 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2012-09-19 19:20 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2012-09-19 19:20 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-09-19 19:20 . 2011-02-18 05:39 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-09-19 19:19 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-19 19:19 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-19 19:19 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-19 19:18 . 2012-05-05 07:46 400896 ----a-w- c:\windows\system32\srcore.dll
2012-09-19 19:18 . 2011-03-03 05:38 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2012-09-19 19:18 . 2011-03-03 05:36 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2012-09-19 19:17 . 2011-02-19 06:30 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-09-19 19:17 . 2011-02-19 04:34 294912 ----a-w- c:\windows\system32\atmfd.dll
2012-09-19 19:17 . 2010-09-30 06:47 70656 ----a-w- c:\windows\system32\fontsub.dll
2012-09-19 19:17 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-09-19 19:17 . 2011-08-17 04:24 465408 ----a-w- c:\windows\system32\psisdecd.dll
2012-09-19 19:17 . 2011-08-17 04:19 75776 ----a-w- c:\windows\system32\psisrndr.ax
2012-09-19 19:17 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-09-19 19:17 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-09-19 19:11 . 2011-05-04 04:32 1401344 ----a-w- c:\windows\system32\mssrch.dll
2012-09-19 19:10 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\explorer.exe
2012-09-19 19:07 . 2011-01-17 05:47 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-09-19 19:07 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2012-09-19 19:07 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-09-19 18:46 . 2012-09-19 21:20 -------- d-----w- C:\5edbdbda54630c9129708afe0fef39
2012-09-19 18:44 . 2012-09-19 18:44 -------- d-----w- c:\program files\AnalogX
2012-09-18 14:40 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-09-18 14:40 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-09-18 14:40 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-09-18 14:40 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-09-18 14:40 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-09-18 14:40 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-09-18 14:40 . 2012-05-14 04:33 769024 ----a-w- c:\windows\system32\localspl.dll
2012-09-18 14:40 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-09-18 14:39 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-09-18 14:39 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\system32\mfc42.dll
2012-09-18 14:39 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2012-09-18 14:39 . 2011-02-23 04:47 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-09-18 14:39 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-09-18 14:39 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-09-18 14:39 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-09-18 14:39 . 2011-02-03 05:54 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2012-09-18 14:17 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-09-18 14:17 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-09-18 13:36 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-09-18 13:36 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-09-18 13:36 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-09-18 13:36 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-09-18 13:36 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-09-18 13:36 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-09-18 13:36 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-09-18 13:35 . 2012-06-02 22:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-09-18 13:35 . 2012-06-02 22:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-09-18 04:32 . 2012-09-18 04:32 -------- d-----w- c:\programdata\Kaspersky Lab
2012-09-17 22:32 . 2012-09-21 17:59 -------- d-----w- c:\windows\Panther
2012-09-17 22:32 . 2012-09-17 22:32 -------- d-----w- C:\Hotfix
2012-09-17 22:32 . 2012-09-17 22:32 -------- d-----w- C:\Drivers
2012-09-17 22:32 . 2012-09-17 21:39 -------- d-----w- c:\windows\system32\OEM
2012-09-17 22:12 . 2012-08-28 08:50 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CE43CA50-56C3-4969-9915-3CD5512F5CB4}\mpengine.dll
2012-09-17 22:12 . 2012-05-31 19:25 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-09-17 22:07 . 2012-09-20 19:38 -------- d-----w- c:\program files\Google
2012-09-17 22:06 . 2012-08-21 09:13 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-09-17 22:06 . 2012-08-21 09:13 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-09-17 22:06 . 2012-08-21 09:13 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-09-17 22:06 . 2012-08-21 09:13 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-09-17 22:06 . 2012-08-21 09:13 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-09-17 22:06 . 2012-08-21 09:13 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-09-17 22:06 . 2012-09-21 12:59 -------- d-sh--w- c:\windows\Installer
2012-09-17 22:06 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-09-17 22:06 . 2012-08-21 09:12 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-09-17 22:05 . 2012-09-17 22:05 -------- d-----w- c:\programdata\AVAST Software
2012-09-17 22:05 . 2012-09-17 22:05 -------- d-----w- c:\program files\AVAST Software
2012-09-17 21:44 . 2009-07-07 11:52 -------- d-----w- c:\users\norm
2012-09-17 21:43 . 2012-09-17 21:43 -------- d-----w- C:\Recovery
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-06 4780928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R3 ESFODCY;ESFODCY;c:\users\norm\AppData\Local\Temp\ESFODCY.exe [x]
R3 LLT;LLT;c:\users\norm\AppData\Local\Temp\LLT.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 QXZYMYYPCG;QXZYMYYPCG;c:\users\norm\AppData\Local\Temp\QXZYMYYPCG.exe [x]
R3 SQKJFMCSF;SQKJFMCSF;c:\users\norm\AppData\Local\Temp\SQKJFMCSF.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 XCPIQEYC;XCPIQEYC;c:\users\norm\AppData\Local\Temp\XCPIQEYC.exe [x]
R3 YVD;YVD;c:\users\norm\AppData\Local\Temp\YVD.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ    SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-21  15:24:03
ComboFix-quarantined-files.txt  2012-09-21 22:24
ComboFix2.txt  2012-09-21 18:59
ComboFix3.txt  2012-09-21 18:28
.
Pre-Run: 147,793,272,832 bytes free
Post-Run: 147,753,783,296 bytes free
.
- - End Of File - - 1D0B619C587DB7E0FB00113BC5B37162

Post Edited (Chips) : 9/21/2012 11:12:17 PM GMT

Back to Top
 
New Topic Post reply to : VGA corrupt (Kernel code patch) Printable version of : VGA corrupt (Kernel code patch)
 
Forum Information
Currently it is Saturday, November 01, 2014 4:14 AM (GMT +2)
There are a total of 60,719 posts in 13,337 threads.
In the last 3 days there were 3 new threads and 5 reply posts. View Active Threads
Who's Online
This forum has 36607 registered members. Please welcome our newest member, kbstinky.
3 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
How do I safely remove trojan SysWOW64 (0)11/1/2014 12:16:19 AM (kbstinky)
Bullguard dosent update to latest versions (20)10/31/2014 1:28:48 PM (klimek69)
Cheap Kitchens Newcastle (0)10/31/2014 11:45:29 AM (wayahpanas)
COMPUTER PROBLEMS (2)10/31/2014 3:00:32 AM (Deb1957)