VGA corrupt (Kernel code patch)

Posted 9/11/2012 3:41 AM
#94350
User avatar

Chips Member

Date Joined Nov 2016
Total Posts: 8
I have a new Dell mini laptop that picked up a virus while AVG was updating! When explorer came up, it was in Russian and splashed up a dialog box <br/>that said, in large, bold letters "YOU BEEN GOT". That disappeared when I deleted it's tool bar, but most antivirus or virus removers won't load <br/> <br/>properly and RootkitBuster says the vga has beem corrupted and it's "unable to fix". I finally got Hijackthis to work and have a file. <br/> <br/>This computer has a HDD that has just been formatted with a /u attribute and only the operating system and a few utilities are installed and it's <br/> <br/>never been on the internet. What I guess i need help with is how to repair the vga and remove the malware causing it. I suspect the virus is <br/> <br/>resident in my color card memory because it survived a hard format. <br/> <br/>Any help and ideas appreciated
Post attachments:
Posted 9/11/2012 6:05 AM
#94351
User avatar

Advanced member

Ok let me start by explaining that there is no way that an infection could be residing in your "color card memory" (your video card?). While each computer component does have capacitors and may be able to retain information, if you turn the power off long enough for the capacitors to get discharged, the data is erased. <br/>You could think that your BIOS may be infected, but if you take the BIOS battery out it resets when you turn off the power. <br/> <br/>So what I recommend, just to be sure, is that you turn off your computer, and take the battery of the BIOS out. Leave it off for a few minutes. Put the BIOS battery back on and start your computer. Then : <br/>1. First, load up the Windows 7 disc in your drive and press any key to boot from the disc. <br/>2. Choose the language, time, currency, etc and click Next. Now click on Repair Your Computer. <br/>3. Choose the operating system to repair and click Next. When the System Recovery Options dialog comes up, choose the Command Prompt. <br/>4. Now type bootrec.exe and press Enter. This will rebuild the boot configuration data and hopefully fix your problem. You can also run the command with switches to fix just the master boot record (/fixmbr), the boot sector (/fixboot), or rebuild the entire BCD (/rebuildbcd). <br/> <br/>Fixing your VGA issue is as easy as reinstalling your video card driver. <br/> <br/>Let us know of the outcome.
Andreea-Luciana Ostache
Support Team Leader
[url]support@bullguard.com[/url]
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security 16

You have a BullGuard related problem? Post your question on these forums, contact Support or contact me on Twitter!
Posted 9/11/2012 6:32 PM
#94354
User avatar

Chips Member

Date Joined Nov 2016
Total Posts: 8
I removed the HDD from my Dell Mini N1012 and reformatted it again, removed the motherboard to remove the button cell and reinstall it. <br/>I then followed your instructions, including /rebuildbcd. On bootup, I ran RootkitBuster and will attach the resulting log. It still reports Corrupted <br/>vga and several illegal registry entries. When I try to install new video drivers from Dell, a dialog box says it can't continue and will tell me when a solution is found. <br/>I ran Gmer, ComboFix and Hijack this, hoping you will be able to find my problem. <br/>When I try to run these apps, I get error messages like "You can't run a program slated for removal" or the Admin error although I have total Admin privlidges. <br/>It also changes the card letter for the SD card I'm using to hold these utilities. It changes the card from F: to E:, although no other drives are on <br/>this computer. <br/>If I make mistakes on your forum, please forive me, I'm learning. <br/> <br/>Thanks for your help, I'm really stuck. <br/> <br/> <br/> <br/><SPAN style="FONT-FAMILY: 'Times New Roman'; FONT-SIZE: 12pt; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-US; mso-fareast-language: EN-US; mso-bidi-language: AR-SA">Registry EntryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reliability\Srt false Registry EntryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce; value: BootExecute false Registry EntryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update false Kernel Code Patchvga corrupted <br/> <br/><SPAN style="FONT-FAMILY: 'Times New Roman'; FONT-SIZE: 12pt; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-US; mso-fareast-language: EN-US; mso-bidi-language: AR-SA"> <br/> <br/><SPAN style="FONT-FAMILY: 'Times New Roman'; FONT-SIZE: 12pt; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-US; mso-fareast-language: EN-US; mso-bidi-language: AR-SA">This is the only way I can find to display the results of the RootkitBuster scan.
Post attachments:
Posted 9/12/2012 11:16 AM
#94355
User avatar

Advanced member

You need to restart your computer after running Combofix, to escape the message "You can't run a program slated for removal". Post the log it created. <br/> <br/>Hijackthis doesn't show this kind of infection anyway, so you can leave it aside for now. Gmer doesn't show anything abnormal. <br/> <br/>Question: Do you have an SSD hard drive?
Andreea-Luciana Ostache
Support Team Leader
[url]support@bullguard.com[/url]
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security 16

You have a BullGuard related problem? Post your question on these forums, contact Support or contact me on Twitter!
Posted 9/12/2012 1:35 PM
#94356
User avatar

Chips Member

Date Joined Nov 2016
Total Posts: 8
Thanks for your reply. I don't feel so helpless now. <br/>This is a Dell mini with only a single SATA 150 MB drive and USB ports for I/O. It has wireless internet connection. All input is done through SD cards <br/>or a thumbdrive that I made bootable and installed Win7 Starter. All cards and thumb drives were checked as thorughly as possible for any possible malware. <br/> <br/> <br/>Here is the combofix log: <br/> <br/> <br/> <br/>ComboFix 12-09-03.07 - Norm 09/04/2012 17:16:44.3.2 - x86 <br/>Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3326.2377 [GMT -7:00] <br/>Running from: F:\ComboFix.exe <br/>. <br/>. <br/>((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>c:\users\Norm\AppData\Local\Temp\apmB22E.tmp <br/>. <br/>. <br/>((((((((((((((((((((((((( Files Created from 2012-08-05 to 2012-09-05 ))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>2012-09-05 00:18 . 2012-09-05 00:18 -------- d-----w- c:\users\Default\AppData\Local\temp <br/>2012-08-29 16:32 . 2012-08-29 16:33 -------- d-----w- c:\program files\stinger <br/>2012-08-27 00:41 . 2012-08-27 00:41 123904 ----a-w- c:\windows\system32\L2SecHC.dll <br/>2012-08-27 00:41 . 2012-08-27 00:41 67584 ----a-w- c:\windows\system32\wlanhlp.dll <br/>2012-08-27 00:41 . 2012-08-27 00:41 502272 ----a-w- c:\windows\system32\wlansvc.dll <br/>2012-08-27 00:41 . 2012-08-27 00:41 47104 ----a-w- c:\windows\system32\wlanapi.dll <br/>2012-08-27 00:41 . 2012-08-27 00:41 297984 ----a-w- c:\windows\system32\wlansec.dll <br/>2012-08-27 00:41 . 2012-08-27 00:41 290816 ----a-w- c:\windows\system32\wlanmsm.dll <br/>2012-08-27 00:41 . 2012-08-27 00:41 378368 ----a-w- c:\windows\system32\winhttp.dll <br/>2012-08-27 00:40 . 2012-08-27 00:40 268800 ----a-w- c:\windows\system32\es.dll <br/>2012-08-25 15:25 . 2012-08-26 15:31 -------- d-----w- C:\bd_logs <br/>2012-08-25 14:14 . 2012-08-25 14:14 -------- d-----w- C:\found.000 <br/>2012-08-25 00:53 . 2012-08-25 00:53 -------- d-----w- c:\programdata\Kaspersky Lab <br/>2012-08-25 00:53 . 2012-08-25 10:04 489048 ------w- c:\windows\system32\drivers\9204181drv.sys <br/>2012-08-24 22:13 . 2012-08-24 23:30 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys <br/>2012-08-24 22:06 . 2012-09-04 23:17 -------- d-----w- C:\$AVG8.VAULT$ <br/>2012-08-24 20:15 . 2012-08-24 20:15 -------- d-----w- c:\programdata\Trend Micro <br/>2012-08-24 17:12 . 2012-08-24 17:44 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0 <br/>2012-08-24 10:58 . 2012-08-24 10:58 34304 ----a-w- c:\windows\system32\atmlib.dll <br/>2012-08-24 10:58 . 2012-08-24 10:58 289792 ----a-w- c:\windows\system32\atmfd.dll <br/>2012-08-24 10:58 . 2012-08-24 10:58 156672 ----a-w- c:\windows\system32\t2embed.dll <br/>2012-08-24 10:58 . 2012-08-24 10:58 72704 ----a-w- c:\windows\system32\fontsub.dll <br/>2012-08-24 10:58 . 2012-08-24 10:58 24064 ----a-w- c:\windows\system32\lpk.dll <br/>2012-08-24 10:58 . 2012-08-24 10:58 10240 ----a-w- c:\windows\system32\dciman32.dll <br/>2012-08-24 10:55 . 2012-08-24 10:55 61440 ----a-w- c:\windows\system32\winipsec.dll <br/>2012-08-24 10:55 . 2012-08-24 10:55 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL <br/>2012-08-24 10:55 . 2012-08-24 10:55 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll <br/>2012-08-24 10:55 . 2012-08-24 10:55 272896 ----a-w- c:\windows\system32\polstore.dll <br/>2012-08-24 10:54 . 2012-08-24 10:54 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys <br/>2012-08-24 10:54 . 2012-08-24 10:54 306688 ----a-w- c:\windows\system32\drivers\srv.sys <br/>2012-08-24 10:52 . 2012-08-24 10:52 15360 ----a-w- c:\windows\system32\netevent.dll <br/>2012-08-24 10:52 . 2012-08-24 10:52 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE <br/>2012-08-24 10:52 . 2012-08-24 10:52 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE <br/>2012-08-24 10:52 . 2012-08-24 10:52 27136 ----a-w- c:\windows\system32\NETSTAT.EXE <br/>2012-08-24 10:52 . 2012-08-24 10:52 19968 ----a-w- c:\windows\system32\ARP.EXE <br/>2012-08-24 10:52 . 2012-08-24 10:52 17920 ----a-w- c:\windows\system32\ROUTE.EXE <br/>2012-08-24 10:52 . 2012-08-24 10:52 11264 ----a-w- c:\windows\system32\MRINFO.EXE <br/>2012-08-24 10:52 . 2012-08-24 10:52 103936 ----a-w- c:\windows\system32\netiohlp.dll <br/>2012-08-24 10:52 . 2012-08-24 10:52 10240 ----a-w- c:\windows\system32\finger.exe <br/>2012-08-24 10:51 . 2012-08-24 10:51 704000 ----a-w- c:\windows\system32\PhotoScreensaver.scr <br/>2012-08-24 10:51 . 2012-08-24 10:51 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll <br/>2012-08-24 10:51 . 2012-08-24 10:51 258232 ----a-w- c:\windows\system32\drivers\acpi.sys <br/>2012-08-24 10:51 . 2012-08-24 10:51 24064 ----a-w- c:\windows\system32\wtsapi32.dll <br/>2012-08-24 10:51 . 2012-08-24 10:51 542720 ----a-w- c:\windows\system32\sysmain.dll <br/>2012-08-24 10:50 . 2012-08-24 10:50 194560 ----a-w- c:\windows\system32\WebClnt.dll <br/>2012-08-24 10:50 . 2012-08-24 10:50 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys <br/>2012-08-24 10:50 . 2012-08-24 10:50 1260032 ----a-w- c:\windows\system32\msxml3.dll <br/>2012-08-24 10:50 . 2012-08-24 10:50 2048 ----a-w- c:\windows\system32\msxml6r.dll <br/>2012-08-24 10:50 . 2012-08-24 10:50 2048 ----a-w- c:\windows\system32\msxml3r.dll <br/>2012-08-24 10:50 . 2012-08-24 10:50 1406464 ----a-w- c:\windows\system32\msxml6.dll <br/>2012-08-24 10:49 . 2012-08-24 10:49 216576 ----a-w- c:\windows\system32\msv1_0.dll <br/>2012-08-24 10:48 . 2012-08-24 10:48 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys <br/>2012-08-24 10:48 . 2012-08-24 10:48 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys <br/>2012-08-24 10:48 . 2012-08-24 10:48 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys <br/>2012-08-24 10:48 . 2012-08-24 10:48 49664 ----a-w- c:\windows\system32\csrsrv.dll <br/>2012-08-24 10:48 . 2012-08-24 10:48 376320 ----a-w- c:\windows\system32\winsrv.dll <br/>2012-08-24 10:47 . 2012-08-24 10:47 98816 ----a-w- c:\windows\system32\mfps.dll <br/>2012-08-24 10:47 . 2012-08-24 10:47 52736 ----a-w- c:\windows\system32\rrinstaller.exe <br/>2012-08-24 10:47 . 2012-08-24 10:47 2855424 ----a-w- c:\windows\system32\mf.dll <br/>2012-08-24 10:47 . 2012-08-24 10:47 24576 ----a-w- c:\windows\system32\mfpmp.exe <br/>2012-08-24 10:47 . 2012-08-24 10:47 2048 ----a-w- c:\windows\system32\mferror.dll <br/>2012-08-24 10:46 . 2012-08-24 10:46 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe <br/>2012-08-24 10:46 . 2012-08-24 10:46 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe <br/>2012-08-24 10:44 . 2012-08-24 10:44 434176 ----a-w- c:\windows\system32\vbscript.dll <br/>2012-08-24 10:43 . 2012-08-24 10:43 71680 ----a-w- c:\windows\system32\atl.dll <br/>2012-08-24 10:42 . 2012-08-24 10:42 297472 ----a-w- c:\windows\system32\gdi32.dll <br/>2012-08-24 10:41 . 2012-08-24 10:41 41984 ----a-w- c:\windows\system32\drivers\monitor.sys <br/>2012-08-24 10:41 . 2012-08-24 10:41 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys <br/>2012-08-24 10:40 . 2012-08-24 10:40 374456 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll <br/>2012-08-24 10:39 . 2012-08-24 10:39 500736 ----a-w- c:\windows\system32\msdtcprx.dll <br/>2012-08-24 10:39 . 2012-08-24 10:39 30208 ----a-w- c:\windows\system32\xolehlp.dll <br/>2012-08-24 10:39 . 2012-08-24 10:39 156160 ----a-w- c:\windows\system32\wkssvc.dll <br/>2012-08-24 10:38 . 2012-08-24 10:38 36352 ----a-w- c:\windows\system32\tsgqec.dll <br/>2012-08-24 10:38 . 2012-08-24 10:38 1871872 ----a-w- c:\windows\system32\mstscax.dll <br/>2012-08-24 10:38 . 2012-08-24 10:38 116736 ----a-w- c:\windows\system32\aaclient.dll <br/>2012-08-24 10:37 . 2012-08-24 10:37 303616 ----a-w- c:\windows\system32\wmpeffects.dll <br/>2012-08-24 10:36 . 2012-08-24 10:36 414208 ----a-w- c:\windows\system32\msscp.dll <br/>2012-08-24 10:35 . 2012-08-24 10:35 713728 ----a-w- c:\windows\system32\timedate.cpl <br/>2012-08-24 10:35 . 2012-08-24 10:35 356864 ----a-w- c:\windows\system32\MediaMetadataHandler.dll <br/>2012-08-24 10:34 . 2012-08-24 10:34 86016 ----a-w- c:\windows\system32\icfupgd.dll <br/>2012-08-24 10:34 . 2012-08-24 10:34 63488 ----a-w- c:\windows\system32\drivers\mpsdrv.sys <br/>2012-08-24 10:34 . 2012-08-24 10:34 61952 ----a-w- c:\windows\system32\cmifw.dll <br/>2012-08-24 10:34 . 2012-08-24 10:34 396800 ----a-w- c:\windows\system32\MPSSVC.dll <br/>2012-08-24 10:34 . 2012-08-24 10:34 392192 ----a-w- c:\windows\system32\FirewallAPI.dll <br/>2012-08-24 10:34 . 2012-08-24 10:34 16896 ----a-w- c:\windows\system32\wfapigp.dll <br/>2012-08-24 10:33 . 2012-08-24 10:33 150016 ----a-w- c:\program files\Movie Maker\MOVIEMK.exe <br/>2012-08-24 10:33 . 2012-08-24 10:33 10922496 ----a-w- c:\program files\Movie Maker\MOVIEMK.dll <br/>2012-08-24 10:33 . 2012-08-24 10:33 23040 ----a-w- c:\program files\Movie Maker\WMM2EXT.dll <br/>2012-08-24 10:33 . 2012-08-24 10:33 195072 ----a-w- c:\program files\Movie Maker\WMM2AE.dll <br/>2012-08-24 10:32 . 2012-08-24 10:32 1244672 ----a-w- c:\windows\system32\mcmde.dll <br/>2012-08-24 10:32 . 2012-08-24 10:32 80896 ----a-w- c:\windows\system32\MSNP.ax <br/>2012-08-24 10:32 . 2012-08-24 10:32 68608 ----a-w- c:\windows\system32\Mpeg2Data.ax <br/>2012-08-24 10:32 . 2012-08-24 10:32 57856 ----a-w- c:\windows\system32\MSDvbNP.ax <br/>2012-08-24 10:32 . 2012-08-24 10:32 428032 ----a-w- c:\windows\system32\EncDec.dll <br/>2012-08-24 10:32 . 2012-08-24 10:32 292352 ----a-w- c:\windows\system32\psisdecd.dll <br/>2012-08-24 10:32 . 2012-08-24 10:32 217088 ----a-w- c:\windows\system32\psisrndr.ax <br/>2012-08-24 10:32 . 2012-08-24 10:32 177152 ----a-w- c:\windows\system32\mpg2splt.ax <br/>2012-08-24 10:30 . 2012-08-24 10:30 2048 ----a-w- c:\windows\system32\tzres.dll <br/>2012-08-24 10:29 . 2012-08-24 10:29 696832 ----a-w- c:\windows\system32\localspl.dll <br/>2012-08-24 10:29 . 2012-08-24 10:29 45112 ----a-w- c:\windows\system32\drivers\pciidex.sys <br/>2012-08-24 10:29 . 2012-08-24 10:29 21560 ----a-w- c:\windows\system32\drivers\atapi.sys <br/>2012-08-24 10:29 . 2012-08-24 10:29 15928 ----a-w- c:\windows\system32\drivers\pciide.sys <br/>2012-08-24 10:29 . 2012-08-24 10:29 211000 ----a-w- c:\windows\system32\drivers\volsnap.sys <br/>2012-08-24 10:29 . 2012-08-24 10:29 154624 ----a-w- c:\windows\system32\drivers\nwifi.sys <br/>2012-08-24 10:29 . 2012-08-24 10:29 109624 ----a-w- c:\windows\system32\drivers\ataport.sys <br/>2012-08-24 10:28 . 2012-08-24 10:28 104448 ----a-w- c:\windows\system32\DWWIN.EXE <br/>2012-08-24 10:28 . 2012-08-24 10:28 2923520 ----a-w- c:\windows\explorer.exe <br/>2012-08-24 10:27 . 2012-08-24 10:27 8704 ----a-w- c:\windows\system32\hcrstco.dll <br/>2012-08-24 10:27 . 2012-08-24 10:27 8704 ----a-w- c:\windows\system32\hccoin.dll <br/>2012-08-24 10:27 . 2012-08-24 10:27 5888 ----a-w- c:\windows\system32\drivers\usbd.sys <br/>2012-08-24 10:27 . 2012-08-24 10:27 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys <br/>2012-08-24 10:27 . 2012-08-24 10:27 38400 ----a-w- c:\windows\system32\drivers\usbehci.sys <br/>2012-08-24 10:27 . 2012-08-24 10:27 23040 ----a-w- c:\windows\system32\drivers\usbuhci.sys <br/>2012-08-24 10:27 . 2012-08-24 10:27 224768 ----a-w- c:\windows\system32\drivers\usbport.sys <br/>2012-08-24 10:27 . 2012-08-24 10:27 192000 ----a-w- c:\windows\system32\drivers\usbhub.sys <br/>2012-08-24 10:26 . 2012-08-24 10:26 171520 ----a-w- c:\windows\system32\wintrust.dll <br/>2012-08-24 10:26 . 2012-08-24 10:26 494592 ----a-w- c:\windows\system32\kerberos.dll <br/>2012-08-24 10:26 . 2012-08-24 10:26 175104 ----a-w- c:\windows\system32\wdigest.dll <br/>2012-08-24 10:26 . 2012-08-24 10:26 7680 ----a-w- c:\windows\system32\lsass.exe <br/>2012-08-24 10:26 . 2012-08-24 10:26 72704 ----a-w- c:\windows\system32\secur32.dll <br/>2012-08-24 10:26 . 2012-08-24 10:26 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys <br/>2012-08-24 10:26 . 2012-08-24 10:26 1233920 ----a-w- c:\windows\system32\lsasrv.dll <br/>2012-08-24 10:26 . 2012-08-24 10:26 272384 ----a-w- c:\windows\system32\schannel.dll <br/>2012-08-24 10:26 . 2012-08-24 10:26 24064 ----a-w- c:\windows\system32\netcfg.exe <br/>2012-08-24 10:23 . 2012-08-24 10:23 549888 ----a-w- c:\windows\system32\rpcss.dll <br/>. <br/>. <br/>(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>2012-08-27 00:39 . 2012-08-27 00:39 36864 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui <br/>2012-08-24 10:57 . 2012-08-24 10:57 52736 ----a-w- c:\windows\apppatch\iebrshim.dll <br/>2012-08-24 10:40 . 2006-11-02 08:30 134760 ----a-w- c:\windows\system32\halacpi.dll <br/>2012-08-24 10:40 . 2006-11-02 08:30 160872 ----a-w- c:\windows\system32\halmacpi.dll <br/>2012-08-24 10:24 . 2012-08-24 10:24 3072 ----a-w- c:\windows\system32\drivers\en-US\mouhid.sys.mui <br/>2012-08-24 10:24 . 2012-08-24 10:24 5632 ----a-w- c:\windows\system32\drivers\en-US\sermouse.sys.mui <br/>2012-08-24 10:24 . 2012-08-24 10:24 4608 ----a-w- c:\windows\system32\drivers\en-US\mouclass.sys.mui <br/>2012-08-24 10:24 . 2012-08-24 10:24 4608 ----a-w- c:\windows\system32\drivers\en-US\kbdclass.sys.mui <br/>2012-08-24 10:24 . 2012-08-24 10:24 3072 ----a-w- c:\windows\system32\drivers\en-US\kbdhid.sys.mui <br/>2012-08-24 10:24 . 2012-08-24 10:24 10752 ----a-w- c:\windows\system32\drivers\en-US\i8042prt.sys.mui <br/>2012-08-24 10:20 . 2012-08-24 10:20 40960 ----a-w- c:\windows\apppatch\apihex86.dll <br/>2012-08-24 10:12 . 2012-08-24 10:12 2560 ----a-w- c:\windows\apppatch\AcRes.dll <br/>2012-08-24 10:12 . 2012-08-24 10:12 537600 ----a-w- c:\windows\apppatch\AcLayers.dll <br/>2012-08-24 10:12 . 2012-08-24 10:12 449024 ----a-w- c:\windows\apppatch\AcSpecfc.dll <br/>2012-08-24 10:12 . 2012-08-24 10:12 2143744 ----a-w- c:\windows\apppatch\AcGenral.dll <br/>2012-08-24 10:12 . 2012-08-24 10:12 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll <br/>. <br/>. <br/>((((((((((((((((((((((((((((( [url=SnapShot@2012-09-04_00.19.16]SnapShot@2012-09-04_00.19.16[/url] ))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>+ 2012-08-23 19:49 . 2012-09-05 00:22 26370 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin <br/>+ 2006-11-02 13:05 . 2012-09-05 00:22 58762 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin <br/>- 2006-11-02 13:02 . 2012-08-27 21:51 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat <br/>+ 2006-11-02 13:02 . 2012-09-04 23:11 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat <br/>- 2006-11-02 13:02 . 2012-08-27 21:51 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat <br/>+ 2006-11-02 13:02 . 2012-09-04 23:11 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat <br/>+ 2006-11-02 13:02 . 2012-09-04 23:11 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat <br/>- 2006-11-02 13:02 . 2012-08-27 21:51 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat <br/>+ 2012-08-24 20:05 . 2012-09-04 00:28 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat <br/>- 2012-08-24 20:05 . 2012-09-04 00:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat <br/>- 2012-08-24 20:05 . 2012-09-04 00:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat <br/>+ 2012-08-24 20:05 . 2012-09-04 00:28 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat <br/>- 2012-08-23 19:52 . 2012-09-04 00:12 16608 c:\windows\gdrv.sys <br/>+ 2012-08-23 19:52 . 2012-09-05 00:22 16608 c:\windows\gdrv.sys <br/>+ 2012-08-23 19:49 . 2012-09-04 23:10 5482 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1963017673-917373318-2746995141-1000_UserData.bin <br/>+ 2012-09-05 00:19 . 2012-09-05 00:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat <br/>- 2012-09-04 00:11 . 2012-09-04 00:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat <br/>- 2012-09-04 00:11 . 2012-09-04 00:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat <br/>+ 2012-09-05 00:19 . 2012-09-05 00:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat <br/>+ 2006-11-02 10:33 . 2012-09-04 23:11 617662 c:\windows\System32\perfh009.dat <br/>- 2006-11-02 10:33 . 2012-09-04 00:18 617662 c:\windows\System32\perfh009.dat <br/>+ 2006-11-02 10:33 . 2012-09-04 23:11 103440 c:\windows\System32\perfc009.dat <br/>- 2006-11-02 10:33 . 2012-09-04 00:18 103440 c:\windows\System32\perfc009.dat <br/>. <br/>((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>*Note* empty entries & legit default entries are not shown <br/>REGEDIT4 <br/>. <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2012-08-24 1232896] <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2012-08-24 2042208] <br/>"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904] <br/>"57xxSteelVine"="c:\program files\Silicon Image\57xx SteelVine\SteelVineManager.exe" [2007-08-20 1720320] <br/>"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864] <br/>"Trend Micro RUBotted V2.0 Beta"="c:\program files\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-12-17 1103184] <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] <br/>"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll <br/>. <br/>S2 57xx SteelVine Manager;57xx SteelVine;c:\program files\Silicon Image\57xx SteelVine\SteelVine.exe [x] <br/>. <br/>. <br/>Contents of the 'Scheduled Tasks' folder <br/>. <br/>2012-08-23 c:\windows\Tasks\SpeedyPC Pro.job <br/>- c:\program files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-08-09 20:44] <br/>. <br/>2012-08-25 c:\windows\Tasks\SpeedyPC Registration3.job <br/>- c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2012-07-06 20:52] <br/>. <br/>2012-09-05 c:\windows\Tasks\SpeedyPC Update Version3 Startup Task.job <br/>- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-07-06 20:52] <br/>. <br/>2012-08-23 c:\windows\Tasks\SpeedyPC Update Version3.job <br/>- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-07-06 20:52] <br/>. <br/>. <br/>------- Supplementary Scan ------- <br/>. <br/>TCP: DhcpNameServer = 192.168.69.1 <br/>. <br/>. <br/>************************************************************************** <br/>scanning hidden processes ... <br/>. <br/>scanning hidden autostart entries ... <br/>. <br/>scanning hidden files ... <br/>. <br/>scan completed successfully <br/>hidden files: <br/>. <br/>************************************************************************** <br/>. <br/>------------------------ Other Running Processes ------------------------ <br/>. <br/>c:\progra~1\AVG\AVG8\avgwdsvc.exe <br/>c:\program files\GIGABYTE\EnergySaver\GSvr.exe <br/>c:\program files\Trend Micro\RUBotted\RUBotSrv.exe <br/>c:\progra~1\AVG\AVG8\avgemc.exe <br/>c:\progra~1\AVG\AVG8\avgrsx.exe <br/>c:\progra~1\AVG\AVG8\avgnsx.exe <br/>c:\program files\AVG\AVG8\avgcsrvx.exe <br/>c:\ccwindows\system32\WUDFHost.exe <br/>c:\program files\AVG\AVG8\avgtray.exe <br/>c:\windows\RtHDVCpl.exe <br/>. <br/>************************************************************************** <br/>. <br/>Completion time: 2012-09-04 17:23:51 - machine was rebooted <br/>ComboFix-quarantined-files.txt 2012-09-05 00:23 <br/>ComboFix2.txt 2012-09-04 00:34 <br/>ComboFix3.txt 2012-09-04 00:20 <br/>. <br/>Pre-Run: 286,006,059,008 bytes free <br/>Post-Run: 286,418,595,840 bytes free <br/>. <br/>- - End Of File - - 8C2B646D102FFDC007CD8115C6B64146
Posted 9/14/2012 2:57 AM
#94357
User avatar

Chips Member

Date Joined Nov 2016
Total Posts: 8
Thought I had it figured out, but it's still here.
Posted 9/14/2012 6:48 AM
#94358
User avatar

Advanced member

Here is something that I don't understand. Your hijackthis and gmer logs are for Windows 7 and the Combofix log is for Windows Vista. The GMER log is newer, so is it safe to assume that you had vista and you have Windows 7 now?
Andreea-Luciana Ostache
Support Team Leader
[url]support@bullguard.com[/url]
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security 16

You have a BullGuard related problem? Post your question on these forums, contact Support or contact me on Twitter!
Posted 9/14/2012 5:50 PM
#94362
User avatar

Chips Member

Date Joined Nov 2016
Total Posts: 8
Sorry, I have a Vista machine with a similar problem and posted the wrong log. Here is the log for WIN7: <br/> <br/>ComboFix 12-09-13.03 - Norm 09/13/2012 17:01:46.4.2 - x86 <br/>Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1013.388 [GMT -7:00] <br/>Running from: E:\ComboFix.exe <br/>SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} <br/>. <br/>. <br/>((((((((((((((((((((((((( Files Created from 2012-08-14 to 2012-09-14 ))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>2012-09-14 00:11 . 2012-09-14 00:11 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F1C8B781-EC60-4679-80B0-6EC572454DB6}\offreg.dll <br/>2012-09-14 00:11 . 2012-09-14 00:11 -------- d-----w- c:\users\Default\AppData\Local\temp <br/>2012-09-13 23:24 . 2012-09-13 23:24 -------- d-----w- c:\program files\7-Zip <br/>2012-09-13 22:34 . 2012-09-13 22:34 -------- d-----w- c:\users\Norm\AppData\Roaming\Dell <br/>2012-09-13 22:33 . 2012-09-13 22:33 -------- d-----w- c:\programdata\PCDr <br/>2012-09-13 22:33 . 2012-09-13 22:33 -------- d-----w- c:\programdata\PC-Doctor for Windows <br/>2012-09-13 22:33 . 2012-09-13 22:33 -------- d-----w- c:\programdata\Dell <br/>2012-09-13 22:32 . 2012-09-13 22:33 -------- d-----w- c:\program files\Dell Support Center <br/>2012-09-13 22:20 . 2012-09-13 22:32 -------- d-----w- c:\users\Norm\AppData\Roaming\PCDr <br/>2012-09-13 22:19 . 2012-09-13 22:20 -------- d-----w- C:\DeLL <br/>2012-09-13 20:09 . 2012-09-13 20:09 -------- d-----w- c:\users\Norm\AppData\Roaming\Free Download Manager <br/>2012-09-13 20:09 . 2012-09-13 20:09 -------- d-----w- c:\users\Norm\AppData\Local\Wajam <br/>2012-09-13 20:08 . 2012-09-13 20:10 -------- d-----w- c:\users\Norm\AppData\Local\antiphishing-vmninternethelper1_1dn <br/>2012-09-13 20:05 . 2012-09-13 20:10 -------- d-----w- c:\programdata\blekko toolbars <br/>2012-09-13 13:43 . 2012-08-28 08:50 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F1C8B781-EC60-4679-80B0-6EC572454DB6}\mpengine.dll <br/>2012-09-13 13:43 . 2012-05-31 19:25 237072 ------w- c:\windows\system32\MpSigStub.exe <br/>2012-09-13 13:40 . 2012-09-13 13:40 -------- d-----w- c:\program files\videofixer <br/>2012-09-12 23:50 . 2012-09-12 23:50 14664 ----a-w- c:\windows\stinger.sys <br/>2012-09-12 23:47 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe <br/>2012-09-12 23:47 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll <br/>2012-09-12 23:47 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll <br/>2012-09-12 23:47 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll <br/>2012-09-12 23:47 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll <br/>2012-09-12 23:47 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll <br/>2012-09-12 23:47 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll <br/>2012-09-12 23:47 . 2012-06-02 22:19 171904 ----a-w- c:\windows\system32\wuwebv.dll <br/>2012-09-12 23:47 . 2012-06-02 22:12 33792 ----a-w- c:\windows\system32\wuapp.exe <br/>2012-09-12 23:44 . 2012-09-13 00:31 -------- d-----w- c:\program files\stinger <br/>2012-09-12 23:42 . 2012-09-13 23:24 -------- d-sh--w- c:\windows\Installer <br/>2012-09-12 23:42 . 2012-09-12 23:42 -------- d-----w- c:\users\Norm\AppData\Roaming\SUPERAntiSpyware.com <br/>2012-09-12 23:42 . 2012-09-12 23:42 -------- d-----w- c:\users\Norm\AppData\Local\Google <br/>2012-09-12 23:42 . 2012-09-12 23:43 -------- d-----w- c:\program files\Google <br/>2012-09-12 23:42 . 2012-09-12 23:42 -------- d-----w- c:\program files\SUPERAntiSpyware <br/>2012-09-12 23:42 . 2012-09-12 23:42 -------- d-----w- c:\programdata\SUPERAntiSpyware.com <br/>2012-09-12 14:49 . 2012-09-12 15:41 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0 <br/>. <br/>. <br/>. <br/>(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>. <br/>((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>*Note* empty entries & legit default entries are not shown <br/>REGEDIT4 <br/>. <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-06 4780928] <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] <br/>"ConsentPromptBehaviorAdmin"= 5 (0x5) <br/>"ConsentPromptBehaviorUser"= 3 (0x3) <br/>"EnableUIADesktopToggle"= 0 (0x0) <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] <br/>"aux"=wdmaud.drv <br/>. <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] <br/>@="" <br/>. <br/>R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x] <br/>R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x] <br/>R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] <br/>R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] <br/>S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x] <br/>S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x] <br/>S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] <br/>S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x] <br/>S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] <br/>. <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] <br/>LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc <br/>. <br/>Contents of the 'Scheduled Tasks' folder <br/>. <br/>2012-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job <br/>- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-12 23:42] <br/>. <br/>2012-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job <br/>- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-12 23:42] <br/>. <br/>. <br/>------- Supplementary Scan ------- <br/>. <br/>IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm <br/>IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm <br/>IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm <br/>IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm <br/>TCP: DhcpNameServer = 192.168.69.1 <br/>. <br/>- - - - ORPHANS REMOVED - - - - <br/>. <br/>HKCU-Run-Free Download Manager - c:\program files\Free Download Manager\fdm.exe <br/>. <br/>. <br/>. <br/>--------------------- LOCKED REGISTRY KEYS --------------------- <br/>. <br/>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] <br/>@Denied: (Full) (Everyone) <br/>. <br/>Completion time: 2012-09-13 17:15:34 <br/>ComboFix-quarantined-files.txt 2012-09-14 00:15 <br/>ComboFix2.txt 2012-09-13 20:48 <br/>ComboFix3.txt 2012-09-13 00:45 <br/>ComboFix4.txt 2012-09-12 21:08 <br/>. <br/>Pre-Run: 149,300,518,912 bytes free <br/>Post-Run: 149,221,670,912 bytes free <br/>. <br/>- - End Of File - - 4CB60A23104EFDEDC6C5E5319ECCD085
Posted 9/14/2012 7:53 PM
#94363
User avatar

Advanced member

Uninstall PC-Doctor for Windows and blekko toolbars. <br/> <br/>Run http://public.avast.com/~gmerek/aswMBR.exe <br/>Click the "Scan" button to start scan <br/>On completion of the scan click save log, save it to your desktop and post in your next reply <br/> <br/>Also open notepad and copy/paste the text in the quotebox below into it: <br/>[code]RegLock:: <br/>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security][/code] <br/> <br/>Save this as CFScript.txt, in the same location as ComboFix.exe <br/> <br/>User image <br/>drag CFScript into ComboFix.exe <br/>When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Andreea-Luciana Ostache
Support Team Leader
[url]support@bullguard.com[/url]
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security 16

You have a BullGuard related problem? Post your question on these forums, contact Support or contact me on Twitter!
Posted 9/15/2012 1:12 AM
#94364
User avatar

Chips Member

Date Joined Nov 2016
Total Posts: 8
Thanks again for your help. Here are the logs you requested: <br/> <br/>aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software <br/>Run date: 2012-09-14 17:20:31 <br/>----------------------------- <br/>17:20:31.716 OS Version: Windows 6.1.7601 Service Pack 1 <br/>17:20:31.716 Number of processors: 2 586 0x1C0A <br/>17:20:31.716 ComputerName: NORM-PC UserName: Norm <br/>17:20:33.993 Initialize success <br/>17:20:34.914 AVAST engine defs: 12091400 <br/>17:20:41.185 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 <br/>17:20:41.185 Disk 0 Vendor: ST9160314AS D005DEM1 Size: 152626MB BusType: 11 <br/>17:20:41.232 Disk 0 MBR read successfully <br/>17:20:41.247 Disk 0 MBR scan <br/>17:20:41.278 Disk 0 Windows 7 default MBR code <br/>17:20:41.310 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 <br/>17:20:41.356 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152524 MB offset 206848 <br/>17:20:41.450 Disk 0 scanning sectors +312576000 <br/>17:20:41.590 Disk 0 scanning C:\Windows\system32\drivers <br/>17:20:57.112 Service scanning <br/>17:21:24.647 Modules scanning <br/>17:21:46.377 Disk 0 trace - called modules: <br/>17:21:46.471 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys <br/>17:21:46.487 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x83f32ac8] <br/>17:21:46.502 3 CLASSPNP.SYS[863b559e] -> nt!IofCallDriver -> [0x83e54918] <br/>17:21:46.549 5 ACPI.sys[85e9b3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x83e2b908] <br/>17:21:47.594 AVAST engine scan C:\Windows <br/>17:21:51.947 AVAST engine scan C:\Windows\system32 <br/>17:24:07.464 AVAST engine scan C:\Windows\system32\drivers <br/>17:24:19.710 AVAST engine scan C:\Users\Norm <br/>17:25:04.342 Disk 0 MBR has been saved successfully to "E:\MBR.dat" <br/>17:25:04.560 The log file has been saved successfully to "E:\aswMBR Log.txt" <br/> <br/> <br/>ComboFix 12-09-13.03 - Norm 09/14/2012 17:38:21.5.2 - x86 <br/>Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1013.488 [GMT -7:00] <br/>Running from: E:\ComboFix.exe <br/>Command switches used :: E:\CFScript.txt <br/>AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} <br/>SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} <br/>SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} <br/>. <br/>. <br/>((((((((((((((((((((((((( Files Created from 2012-08-15 to 2012-09-15 ))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>2012-09-15 00:52 . 2012-09-15 00:52 -------- d-----w- c:\users\Default\AppData\Local\temp <br/>2012-09-14 23:47 . 2012-08-28 08:50 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5C4D4E49-E0F7-45C5-8957-3A0541DDB136}\mpengine.dll <br/>2012-09-14 22:56 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys <br/>2012-09-14 22:56 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll <br/>2012-09-14 22:56 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll <br/>2012-09-14 22:56 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll <br/>2012-09-14 22:42 . 2012-09-14 22:42 131344 ----a-w- c:\windows\system32\drivers\tmrkb.sys <br/>2012-09-14 22:42 . 2012-09-14 22:42 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys <br/>2012-09-14 04:35 . 2012-09-14 04:35 -------- d-----w- c:\programdata\Kaspersky Lab <br/>2012-09-14 00:56 . 2012-08-21 09:13 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys <br/>2012-09-14 00:56 . 2012-08-21 09:13 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys <br/>2012-09-14 00:56 . 2012-08-21 09:13 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys <br/>2012-09-14 00:56 . 2012-08-21 09:13 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys <br/>2012-09-14 00:56 . 2012-08-21 09:13 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys <br/>2012-09-14 00:56 . 2012-08-21 09:13 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys <br/>2012-09-14 00:55 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr <br/>2012-09-14 00:55 . 2012-08-21 09:12 227648 ----a-w- c:\windows\system32\aswBoot.exe <br/>2012-09-14 00:54 . 2012-09-14 01:07 -------- d-----w- c:\programdata\AVAST Software <br/>2012-09-14 00:54 . 2012-09-14 00:54 -------- d-----w- c:\program files\AVAST Software <br/>2012-09-13 23:24 . 2012-09-13 23:24 -------- d-----w- c:\program files\7-Zip <br/>2012-09-13 22:34 . 2012-09-13 22:34 -------- d-----w- c:\users\Norm\AppData\Roaming\Dell <br/>2012-09-13 22:33 . 2012-09-13 22:33 -------- d-----w- c:\programdata\Dell <br/>2012-09-13 22:32 . 2012-09-13 22:33 -------- d-----w- c:\program files\Dell Support Center <br/>2012-09-13 22:20 . 2012-09-13 22:32 -------- d-----w- c:\users\Norm\AppData\Roaming\PCDr <br/>2012-09-13 22:19 . 2012-09-13 22:20 -------- d-----w- C:\DeLL <br/>2012-09-13 20:09 . 2012-09-13 20:09 -------- d-----w- c:\users\Norm\AppData\Roaming\Free Download Manager <br/>2012-09-13 20:09 . 2012-09-13 20:09 -------- d-----w- c:\users\Norm\AppData\Local\Wajam <br/>2012-09-13 20:08 . 2012-09-13 20:10 -------- d-----w- c:\users\Norm\AppData\Local\antiphishing-vmninternethelper1_1dn <br/>2012-09-13 14:10 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys <br/>2012-09-13 14:10 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys <br/>2012-09-13 14:08 . 2012-06-02 04:40 369336 ----a-w- c:\windows\system32\drivers\cng.sys <br/>2012-09-13 14:07 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\explorer.exe <br/>2012-09-13 13:59 . 2011-02-03 05:54 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys <br/>2012-09-13 13:43 . 2012-05-31 19:25 237072 ------w- c:\windows\system32\MpSigStub.exe <br/>2012-09-13 13:40 . 2012-09-13 13:40 -------- d-----w- c:\program files\videofixer <br/>2012-09-13 13:40 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll <br/>2012-09-13 13:40 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys <br/>2012-09-12 23:50 . 2012-09-12 23:50 14664 ----a-w- c:\windows\stinger.sys <br/>2012-09-12 23:47 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe <br/>2012-09-12 23:47 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll <br/>2012-09-12 23:47 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll <br/>2012-09-12 23:47 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll <br/>2012-09-12 23:47 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll <br/>2012-09-12 23:47 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll <br/>2012-09-12 23:47 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll <br/>2012-09-12 23:47 . 2012-06-02 22:19 171904 ----a-w- c:\windows\system32\wuwebv.dll <br/>2012-09-12 23:47 . 2012-06-02 22:12 33792 ----a-w- c:\windows\system32\wuapp.exe <br/>2012-09-12 23:44 . 2012-09-13 00:31 -------- d-----w- c:\program files\stinger <br/>2012-09-12 23:42 . 2012-09-14 01:07 -------- d-sh--w- c:\windows\Installer <br/>2012-09-12 23:42 . 2012-09-12 23:42 -------- d-----w- c:\users\Norm\AppData\Roaming\SUPERAntiSpyware.com <br/>2012-09-12 23:42 . 2012-09-12 23:42 -------- d-----w- c:\users\Norm\AppData\Local\Google <br/>2012-09-12 23:42 . 2012-09-12 23:43 -------- d-----w- c:\program files\Google <br/>2012-09-12 23:42 . 2012-09-12 23:42 -------- d-----w- c:\program files\SUPERAntiSpyware <br/>2012-09-12 23:42 . 2012-09-12 23:42 -------- d-----w- c:\programdata\SUPERAntiSpyware.com <br/>2012-09-12 14:49 . 2012-09-12 15:41 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0 <br/>. <br/>. <br/>. <br/>(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>. <br/>((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>*Note* empty entries & legit default entries are not shown <br/>REGEDIT4 <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] <br/>@="{472083B0-C522-11CF-8763-00608CC02F24}" <br/>[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] <br/>2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll <br/>. <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-06 4780928] <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728] <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] <br/>"ConsentPromptBehaviorAdmin"= 5 (0x5) <br/>"ConsentPromptBehaviorUser"= 3 (0x3) <br/>"EnableUIADesktopToggle"= 0 (0x0) <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] <br/>"aux"=wdmaud.drv <br/>. <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] <br/>@="" <br/>. <br/>R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x] <br/>R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x] <br/>R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] <br/>R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] <br/>S1 aswSnx;aswSnx; [x] <br/>S1 aswSP;aswSP; [x] <br/>S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x] <br/>S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x] <br/>S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] <br/>S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x] <br/>S2 aswFsBlk;aswFsBlk; [x] <br/>S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] <br/>S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] <br/>. <br/>. <br/>--- Other Services/Drivers In Memory --- <br/>. <br/>*Deregistered* - aswMBR <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] <br/>LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc <br/>. <br/>Contents of the 'Scheduled Tasks' folder <br/>. <br/>2012-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job <br/>- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-12 23:42] <br/>. <br/>2012-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job <br/>- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-12 23:42] <br/>. <br/>. <br/>------- Supplementary Scan ------- <br/>. <br/>IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm <br/>IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm <br/>IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm <br/>IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm <br/>TCP: DhcpNameServer = 192.168.69.1 <br/>. <br/>. <br/>Completion time: 2012-09-14 17:58:20 <br/>ComboFix-quarantined-files.txt 2012-09-15 00:58 <br/>ComboFix2.txt 2012-09-14 00:15 <br/>ComboFix3.txt 2012-09-13 20:48 <br/>ComboFix4.txt 2012-09-13 00:45 <br/>ComboFix5.txt 2012-09-15 00:36 <br/>. <br/>Pre-Run: 146,973,491,200 bytes free <br/>Post-Run: 146,838,061,056 bytes free <br/>. <br/>- - End Of File - - 576C2B4BDF275ABEDF0A84C77B670698
Posted 9/15/2012 5:17 AM
#94365
User avatar

Advanced member

Right. I don't see anything out of place. <br/> <br/>Run CCleaner http://www.piriform.com/ccleaner/download/standard install it with the default settings and run both temp removal and registry scan. Fix everything it finds. <br/> <br/>Then visit the site of the manufacturer of your video card and use the "detection" tool they have to automatically download the driver for your card. If it gives you an error when trying to install, write down the exact error message. <br/> <br/>Make sure you have all the Windows Updates as well. Both optional and important.
Andreea-Luciana Ostache
Support Team Leader
[url]support@bullguard.com[/url]
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security 16

You have a BullGuard related problem? Post your question on these forums, contact Support or contact me on Twitter!
Posted 9/15/2012 5:34 PM
#94367
User avatar

Chips Member

Date Joined Nov 2016
Total Posts: 8
Here is the CCcleaner log: <br/> <br/>7-Zip 9.21 Igor Pavlov 9/13/2012 3.54 MB 9.21.00.0 <br/>avast! Free Antivirus AVAST Software 9/13/2012 7.0.1466.0 <br/>CCleaner Piriform 8/22/2012 3.22 <br/>Dell Support Center PC-Doctor, Inc. 9/13/2012 128 MB 3.2.6032.55 <br/>Google Toolbar for Internet Explorer Google Inc. 9/15/2012 7.4.3203.136 <br/>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 9/13/2012 596 KB 9.0.30729.4148 <br/>SUPERAntiSpyware SUPERAntiSpyware.com 9/12/2012 148 MB 5.5.1016 <br/>Video Fixer 3.23 video-fixer Inc. 9/13/2012 <br/> <br/>This is the log from RootkitBuster FWIW: <br/> <br/>Operating System Hook ZwAddBootEntry; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwAllocateVirtualMemory; hooked by C:\Windows\System32\Drivers\aswSP.SYS Unable to fix false <br/>Operating System Hook ZwAssignProcessToJobObject; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwCreateEvent; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwCreateEventPair; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwCreateIoCompletion; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwCreateMutant; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwCreateSection; hooked by C:\Windows\System32\Drivers\aswSP.SYS Unable to fix false <br/>Operating System Hook ZwCreateSemaphore; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwCreateThread; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwCreateThreadEx; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwCreateTimer; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwDebugActiveProcess; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwDeleteBootEntry; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwFreeVirtualMemory; hooked by C:\Windows\System32\Drivers\aswSP.SYS Unable to fix false <br/>Operating System Hook ZwLoadDriver; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwModifyBootEntry; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwNotifyChangeKey; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwNotifyChangeMultipleKeys; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook Z!!!enEvent; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook Z!!!enEventPair; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook Z!!!enIoCompletion; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook Z!!!enMutant; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook Z!!!enSection; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook Z!!!enSemaphore; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook Z!!!enTimer; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwProtectVirtualMemory; hooked by C:\Windows\System32\Drivers\aswSP.SYS Unable to fix false <br/>Operating System Hook ZwQueryObject; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwQueueApcThreadEx; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwSetBootEntryOrder; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwSetBootOptions; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwSetContextThread; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwSetSystemInformation; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwSetSystemPowerState; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwShutdownSystem; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwSuspendProcess; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwSuspendThread; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwSystemDebugControl; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwTerminateProcess; hooked by C:\Windows\System32\Drivers\aswSP.SYS Unable to fix false <br/>Operating System Hook ZwTerminateThread; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwVdmControl; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwWriteVirtualMemory; hooked by C:\Windows\System32\Drivers\aswSP.SYS Unable to fix false <br/> <br/>Operating System Hook ZwAddBootEntry; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwAllocateVirtualMemory; hooked by C:\Windows\System32\Drivers\aswSP.SYS Unable to fix false <br/>Operating System Hook ZwAssignProcessToJobObject; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwCreateEvent; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwCreateEventPair; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwCreateIoCompletion; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwCreateMutant; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwCreateSection; hooked by C:\Windows\System32\Drivers\aswSP.SYS Unable to fix false <br/>Operating System Hook ZwCreateSemaphore; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwCreateThread; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwCreateThreadEx; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwCreateTimer; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwDebugActiveProcess; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwDeleteBootEntry; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwFreeVirtualMemory; hooked by C:\Windows\System32\Drivers\aswSP.SYS Unable to fix false <br/>Operating System Hook ZwLoadDriver; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwModifyBootEntry; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwNotifyChangeKey; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwNotifyChangeMultipleKeys; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook Z!!!enEvent; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook Z!!!enEventPair; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook Z!!!enIoCompletion; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook Z!!!enMutant; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook Z!!!enSection; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook Z!!!enSemaphore; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook Z!!!enTimer; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwProtectVirtualMemory; hooked by C:\Windows\System32\Drivers\aswSP.SYS Unable to fix false <br/>Operating System Hook ZwQueryObject; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwQueueApcThreadEx; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwSetBootEntryOrder; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwSetBootOptions; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwSetContextThread; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwSetSystemInformation; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwSetSystemPowerState; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwShutdownSystem; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwSuspendProcess; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwSuspendThread; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwSystemDebugControl; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwTerminateProcess; hooked by C:\Windows\System32\Drivers\aswSP.SYS Unable to fix false <br/>Operating System Hook ZwTerminateThread; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwVdmControl; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwWriteVirtualMemory; hooked by C:\Windows\System32\Drivers\aswSP.SYS Unable to fix false <br/> <br/> <br/> <br/>Here is the CCcleaner log: <br/> <br/>7-Zip 9.21 Igor Pavlov 9/13/2012 3.54 MB 9.21.00.0 <br/>avast! Free Antivirus AVAST Software 9/13/2012 7.0.1466.0 <br/>CCleaner Piriform 8/22/2012 3.22 <br/>Dell Support Center PC-Doctor, Inc. 9/13/2012 128 MB 3.2.6032.55 <br/>Google Toolbar for Internet Explorer Google Inc. 9/15/2012 7.4.3203.136 <br/>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 9/13/2012 596 KB 9.0.30729.4148 <br/>SUPERAntiSpyware SUPERAntiSpyware.com 9/12/2012 148 MB 5.5.1016 <br/>Video Fixer 3.23 video-fixer Inc. 9/13/2012 <br/> <br/>This is the log from RootkitBuster FWIW: <br/> <br/>Operating System Hook ZwAddBootEntry; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwAllocateVirtualMemory; hooked by C:\Windows\System32\Drivers\aswSP.SYS Unable to fix false <br/>Operating System Hook ZwAssignProcessToJobObject; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwCreateEvent; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwCreateEventPair; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwCreateIoCompletion; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwCreateMutant; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwCreateSection; hooked by C:\Windows\System32\Drivers\aswSP.SYS Unable to fix false <br/>Operating System Hook ZwCreateSemaphore; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwCreateThread; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwCreateThreadEx; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwCreateTimer; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwDebugActiveProcess; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwDeleteBootEntry; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwFreeVirtualMemory; hooked by C:\Windows\System32\Drivers\aswSP.SYS Unable to fix false <br/>Operating System Hook ZwLoadDriver; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwModifyBootEntry; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwNotifyChangeKey; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwNotifyChangeMultipleKeys; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook Z!!!enEvent; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook Z!!!enEventPair; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook Z!!!enIoCompletion; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook Z!!!enMutant; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook Z!!!enSection; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook Z!!!enSemaphore; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook Z!!!enTimer; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwProtectVirtualMemory; hooked by C:\Windows\System32\Drivers\aswSP.SYS Unable to fix false <br/>Operating System Hook ZwQueryObject; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwQueueApcThreadEx; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwSetBootEntryOrder; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwSetBootOptions; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwSetContextThread; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwSetSystemInformation; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwSetSystemPowerState; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwShutdownSystem; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwSuspendProcess; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwSuspendThread; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwSystemDebugControl; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwTerminateProcess; hooked by C:\Windows\System32\Drivers\aswSP.SYS Unable to fix false <br/>Operating System Hook ZwTerminateThread; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwVdmControl; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwWriteVirtualMemory; hooked by C:\Windows\System32\Drivers\aswSP.SYS Unable to fix false <br/> <br/>Operating System Hook ZwAddBootEntry; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwAllocateVirtualMemory; hooked by C:\Windows\System32\Drivers\aswSP.SYS Unable to fix false <br/>Operating System Hook ZwAssignProcessToJobObject; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwCreateEvent; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwCreateEventPair; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwCreateIoCompletion; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwCreateMutant; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwCreateSection; hooked by C:\Windows\System32\Drivers\aswSP.SYS Unable to fix false <br/>Operating System Hook ZwCreateSemaphore; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwCreateThread; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwCreateThreadEx; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwCreateTimer; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwDebugActiveProcess; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwDeleteBootEntry; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwFreeVirtualMemory; hooked by C:\Windows\System32\Drivers\aswSP.SYS Unable to fix false <br/>Operating System Hook ZwLoadDriver; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwModifyBootEntry; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwNotifyChangeKey; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwNotifyChangeMultipleKeys; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook Z!!!enEvent; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook Z!!!enEventPair; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook Z!!!enIoCompletion; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook Z!!!enMutant; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook Z!!!enSection; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook Z!!!enSemaphore; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook Z!!!enTimer; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwProtectVirtualMemory; hooked by C:\Windows\System32\Drivers\aswSP.SYS Unable to fix false <br/>Operating System Hook ZwQueryObject; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwQueueApcThreadEx; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwSetBootEntryOrder; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwSetBootOptions; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwSetContextThread; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwSetSystemInformation; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwSetSystemPowerState; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwShutdownSystem; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwSuspendProcess; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwSuspendThread; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwSystemDebugControl; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwTerminateProcess; hooked by C:\Windows\System32\Drivers\aswSP.SYS Unable to fix false <br/>Operating System Hook ZwTerminateThread; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwVdmControl; hooked by C:\Windows\System32\Drivers\aswSnx.SYS Unable to fix false <br/>Operating System Hook ZwWriteVirtualMemory; hooked by C:\Windows\System32\Drivers\aswSP.SYS Unable to fix false <br/> <br/>My system is up to date with the latest Dell update, and all 82 Windows updates dowmloaded. <br/> <br/>I still get Illegal operation and operation failed dialog boxes when I try to run programs unless I run rkill first. <br/> <br/>When I tried to run Sysclean, most of the files suddenly had a 'Z' on the end and couldn't run. When I tried to rename them, the z reappeared. <br/> <br/>It took several downloads to finally get it to run. <br/> <br/>If I shut my wireless off, it turns back on. The only way I can keep off the internet is to shut off my modem. <br/> <br/>Earlier, cccleaner reported TSC_Genclean and Troj_SPNR.OBD112 as malware, but no longer. <br/> <br/>I finally deleted PC-Doctor fron the registry. <br/> <br/> <br/>I ran "Rkill" tobe able to run other utilities. It reported: "Security center is not running" <br/> <br/> <br/> <br/>"Sensr Svc (missing)" and "Windows update not running, set to automatic (delayed start)". <br/> <br/> <br/> <br/>I tried to run Bit Defender rescue, but unable to update. <br/> <br/> <br/> <br/> <br/> <br/>I don't know if any of this means anything, but I though I better pass it along. <br/> <br/>Thanks
Posted 9/21/2012 3:12 AM
#94383
User avatar

Advanced member

First of all, sorry for the late reply. I really had a busy week last week. <br/> <br/>Now, the aswSnx.SYS that RootkitBuster is unable to "fix" belongs to Avast and it's a Virtualization Driver. <br/> <br/>From everything you have explained, you are having issues with the system itself. I do not see any infections in your logs. Try and take one issue at a time and search for solutions.
Andreea-Luciana Ostache
Support Team Leader
[url]support@bullguard.com[/url]
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security 16

You have a BullGuard related problem? Post your question on these forums, contact Support or contact me on Twitter!
Posted 9/21/2012 11:08 PM
#94386
User avatar

Chips Member

Date Joined Nov 2016
Total Posts: 8
I am firmly convinced this PC has malware in flash memory somewhere. I've had the BIOS battery out, formatted <br/> <br/>the HDD/u, exchanged the RAM and still get error messages like"Illegal operation attempted on a registry key that has been marked for deletion" and" unspecified error" and the longer it's on the net, the worse it gets. <br/> <br/>I've ordered another motherboard and I'll let you know how it turns out. I hate to let them win, but I've spent <br/> <br/>a lot of time on this and don't seem to be getting anywhere. <br/> <br/>Here is the last ComboFix log from a few minutes ago. <br/> <br/> <br/> <br/>Thank you for your help with this, I can see from the forum just how busy you are and I really appreciate your <br/> <br/>time and effort. <br/> <br/> <br/> <br/>ComboFix 12-09-20.03 - norm 09/21/2012 14:50:16.4.2 - x86 <br/>Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.2037.1334 [GMT -7:00] <br/>Running from: E:\ComboFix.exe <br/>AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} <br/>SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} <br/>SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} <br/> * Created a new restore point <br/>. <br/>. <br/>((((((((((((((((((((((((( Files Created from 2012-08-21 to 2012-09-21 ))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>2012-09-21 22:19 . 2012-09-21 22:19 -------- d-----w- c:\users\Default\AppData\Local\temp <br/>2012-09-21 17:55 . 2012-09-21 17:57 -------- d-----w- c:\program files\CCleaner <br/>2012-09-21 12:31 . 2012-09-21 12:32 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys <br/>2012-09-21 12:29 . 2012-09-21 12:29 -------- d-----w- c:\programdata\Malwarebytes <br/>2012-09-21 12:29 . 2012-09-21 12:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware <br/>2012-09-21 12:29 . 2012-09-08 00:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys <br/>2012-09-20 16:56 . 2012-09-20 19:07 -------- d-----w- c:\program files\Spybot - Search & Destroy <br/>2012-09-20 16:56 . 2012-09-20 19:06 -------- d-----w- c:\programdata\Spybot - Search & Destroy <br/>2012-09-20 16:42 . 2009-07-07 08:05 -------- d-----w- C:\TDSSKiller_Quarantine <br/>2012-09-20 16:23 . 2012-09-20 16:23 -------- d-----w- c:\program files\Microsoft.NET <br/>2012-09-20 16:17 . 2012-09-20 16:17 -------- d-----w- c:\program files\Microsoft WSE <br/>2012-09-20 15:04 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys <br/>2012-09-20 15:04 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll <br/>2012-09-20 15:04 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll <br/>2012-09-20 15:04 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll <br/>2012-09-20 01:03 . 2012-09-20 01:03 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CE43CA50-56C3-4969-9915-3CD5512F5CB4}\offreg.dll <br/>2012-09-20 00:54 . 2012-09-21 12:51 -------- d-----w- c:\program files\SUPERAntiSpyware <br/>2012-09-20 00:54 . 2012-09-20 00:54 -------- d-----w- c:\programdata\SUPERAntiSpyware.com <br/>2012-09-20 00:11 . 2012-09-20 00:11 -------- d-----w- c:\program files\Trend Micro <br/>2012-09-19 22:16 . 2012-09-19 22:16 -------- d-----w- c:\program files\videofixer <br/>2012-09-19 21:35 . 2012-09-19 21:35 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys <br/>2012-09-19 21:25 . 2012-09-19 21:25 -------- d-----w- C:\Combo123 <br/>2012-09-19 20:55 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe <br/>2012-09-19 20:55 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe <br/>2012-09-19 19:21 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys <br/>2012-09-19 19:21 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys <br/>2012-09-19 19:20 . 2011-04-29 02:46 311808 ----a-w- c:\windows\system32\drivers\srv.sys <br/>2012-09-19 19:20 . 2011-04-29 02:46 310272 ----a-w- c:\windows\system32\drivers\srv2.sys <br/>2012-09-19 19:20 . 2011-04-29 02:46 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys <br/>2012-09-19 19:20 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys <br/>2012-09-19 19:20 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll <br/>2012-09-19 19:20 . 2011-02-18 05:39 31232 ----a-w- c:\windows\system32\prevhost.exe <br/>2012-09-19 19:19 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys <br/>2012-09-19 19:19 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys <br/>2012-09-19 19:19 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS <br/>2012-09-19 19:18 . 2012-05-05 07:46 400896 ----a-w- c:\windows\system32\srcore.dll <br/>2012-09-19 19:18 . 2011-03-03 05:38 132608 ----a-w- c:\windows\system32\dnsrslvr.dll <br/>2012-09-19 19:18 . 2011-03-03 05:36 28672 ----a-w- c:\windows\system32\dnscacheugc.exe <br/>2012-09-19 19:17 . 2011-02-19 06:30 34304 ----a-w- c:\windows\system32\atmlib.dll <br/>2012-09-19 19:17 . 2011-02-19 04:34 294912 ----a-w- c:\windows\system32\atmfd.dll <br/>2012-09-19 19:17 . 2010-09-30 06:47 70656 ----a-w- c:\windows\system32\fontsub.dll <br/>2012-09-19 19:17 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll <br/>2012-09-19 19:17 . 2011-08-17 04:24 465408 ----a-w- c:\windows\system32\psisdecd.dll <br/>2012-09-19 19:17 . 2011-08-17 04:19 75776 ----a-w- c:\windows\system32\psisrndr.ax <br/>2012-09-19 19:17 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl <br/>2012-09-19 19:17 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys <br/>2012-09-19 19:11 . 2011-05-04 04:32 1401344 ----a-w- c:\windows\system32\mssrch.dll <br/>2012-09-19 19:10 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\explorer.exe <br/>2012-09-19 19:07 . 2011-01-17 05:47 161792 ----a-w- c:\windows\system32\d3d10_1.dll <br/>2012-09-19 19:07 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe <br/>2012-09-19 19:07 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys <br/>2012-09-19 18:46 . 2012-09-19 21:20 -------- d-----w- C:\5edbdbda54630c9129708afe0fef39 <br/>2012-09-19 18:44 . 2012-09-19 18:44 -------- d-----w- c:\program files\AnalogX <br/>2012-09-18 14:40 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll <br/>2012-09-18 14:40 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe <br/>2012-09-18 14:40 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll <br/>2012-09-18 14:40 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll <br/>2012-09-18 14:40 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys <br/>2012-09-18 14:40 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll <br/>2012-09-18 14:40 . 2012-05-14 04:33 769024 ----a-w- c:\windows\system32\localspl.dll <br/>2012-09-18 14:40 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll <br/>2012-09-18 14:39 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll <br/>2012-09-18 14:39 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\system32\mfc42.dll <br/>2012-09-18 14:39 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\system32\mfc42u.dll <br/>2012-09-18 14:39 . 2011-02-23 04:47 69632 ----a-w- c:\windows\system32\drivers\bowser.sys <br/>2012-09-18 14:39 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll <br/>2012-09-18 14:39 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll <br/>2012-09-18 14:39 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll <br/>2012-09-18 14:39 . 2011-02-03 05:54 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys <br/>2012-09-18 14:17 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll <br/>2012-09-18 14:17 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys <br/>2012-09-18 13:36 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll <br/>2012-09-18 13:36 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe <br/>2012-09-18 13:36 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll <br/>2012-09-18 13:36 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll <br/>2012-09-18 13:36 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll <br/>2012-09-18 13:36 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll <br/>2012-09-18 13:36 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll <br/>2012-09-18 13:35 . 2012-06-02 22:19 171904 ----a-w- c:\windows\system32\wuwebv.dll <br/>2012-09-18 13:35 . 2012-06-02 22:12 33792 ----a-w- c:\windows\system32\wuapp.exe <br/>2012-09-18 04:32 . 2012-09-18 04:32 -------- d-----w- c:\programdata\Kaspersky Lab <br/>2012-09-17 22:32 . 2012-09-21 17:59 -------- d-----w- c:\windows\Panther <br/>2012-09-17 22:32 . 2012-09-17 22:32 -------- d-----w- C:\Hotfix <br/>2012-09-17 22:32 . 2012-09-17 22:32 -------- d-----w- C:\Drivers <br/>2012-09-17 22:32 . 2012-09-17 21:39 -------- d-----w- c:\windows\system32\OEM <br/>2012-09-17 22:12 . 2012-08-28 08:50 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CE43CA50-56C3-4969-9915-3CD5512F5CB4}\mpengine.dll <br/>2012-09-17 22:12 . 2012-05-31 19:25 237072 ------w- c:\windows\system32\MpSigStub.exe <br/>2012-09-17 22:07 . 2012-09-20 19:38 -------- d-----w- c:\program files\Google <br/>2012-09-17 22:06 . 2012-08-21 09:13 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys <br/>2012-09-17 22:06 . 2012-08-21 09:13 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys <br/>2012-09-17 22:06 . 2012-08-21 09:13 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys <br/>2012-09-17 22:06 . 2012-08-21 09:13 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys <br/>2012-09-17 22:06 . 2012-08-21 09:13 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys <br/>2012-09-17 22:06 . 2012-08-21 09:13 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys <br/>2012-09-17 22:06 . 2012-09-21 12:59 -------- d-sh--w- c:\windows\Installer <br/>2012-09-17 22:06 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr <br/>2012-09-17 22:06 . 2012-08-21 09:12 227648 ----a-w- c:\windows\system32\aswBoot.exe <br/>2012-09-17 22:05 . 2012-09-17 22:05 -------- d-----w- c:\programdata\AVAST Software <br/>2012-09-17 22:05 . 2012-09-17 22:05 -------- d-----w- c:\program files\AVAST Software <br/>2012-09-17 21:44 . 2009-07-07 11:52 -------- d-----w- c:\users\norm <br/>2012-09-17 21:43 . 2012-09-17 21:43 -------- d-----w- C:\Recovery <br/>. <br/>. <br/>. <br/>(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>. <br/>((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>*Note* empty entries & legit default entries are not shown <br/>REGEDIT4 <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] <br/>@="{472083B0-C522-11CF-8763-00608CC02F24}" <br/>[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] <br/>2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll <br/>. <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-06 4780928] <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728] <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] <br/>"EnableUIADesktopToggle"= 0 (0x0) <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] <br/>"aux"=wdmaud.drv <br/>. <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] <br/>@="" <br/>. <br/>R3 ESFODCY;ESFODCY;c:\users\norm\AppData\Local\Temp\ESFODCY.exe [x] <br/>R3 LLT;LLT;c:\users\norm\AppData\Local\Temp\LLT.exe [x] <br/>R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x] <br/>R3 QXZYMYYPCG;QXZYMYYPCG;c:\users\norm\AppData\Local\Temp\QXZYMYYPCG.exe [x] <br/>R3 SQKJFMCSF;SQKJFMCSF;c:\users\norm\AppData\Local\Temp\SQKJFMCSF.exe [x] <br/>R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] <br/>R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] <br/>R3 XCPIQEYC;XCPIQEYC;c:\users\norm\AppData\Local\Temp\XCPIQEYC.exe [x] <br/>R3 YVD;YVD;c:\users\norm\AppData\Local\Temp\YVD.exe [x] <br/>S1 aswSnx;aswSnx; [x] <br/>S1 aswSP;aswSP; [x] <br/>S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x] <br/>S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x] <br/>S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] <br/>S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x] <br/>S2 aswFsBlk;aswFsBlk; [x] <br/>S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] <br/>S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] <br/>S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x] <br/>S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] <br/>S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] <br/>. <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] <br/>LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc <br/>. <br/>. <br/>------- Supplementary Scan ------- <br/>. <br/>uStart Page = about:blank <br/>mStart Page = about:blank <br/>TCP: DhcpNameServer = 192.168.1.1 <br/>. <br/>. <br/>--------------------- LOCKED REGISTRY KEYS --------------------- <br/>. <br/>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] <br/>@Denied: (Full) (Everyone) <br/>. <br/>Completion time: 2012-09-21 15:24:03 <br/>ComboFix-quarantined-files.txt 2012-09-21 22:24 <br/>ComboFix2.txt 2012-09-21 18:59 <br/>ComboFix3.txt 2012-09-21 18:28 <br/>. <br/>Pre-Run: 147,793,272,832 bytes free <br/>Post-Run: 147,753,783,296 bytes free <br/>. <br/>- - End Of File - - 1D0B619C587DB7E0FB00113BC5B37162
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Saturday, December 10, 2016, 3:51 PM (GMT +1)
There are a total of 61,164 posts in 13,450 threads.
In the last 3 days there were 1 new threads and 4 reply posts.

Who's online

This forum has 37,970 registered members. Please welcome our newest member, MJD.
There are currently no users on-line.