TechSpot

Black screen after Win 7 desktop load up

Inactive
By Swerner
May 20, 2012
  1. Hi there, I've had the same problem as this guy: http://www.techspot.com/community/topics/black-screen-after-desktop-loads.146290/reply

    I followed the instructions given, but now instead of having a black screen after 10 seconds of Desktop loading up, I get vertical blue and white lines all across my screen.

    Combofix said I had avast running but I couldn't find the program running anywhere, it was gone from my processes as well.

    Do you need any of the logs I've taken with the programs mentioned in the thread?

    If its easier to re-instal windows at this point, please let me know.

    Thank you,

    -Werner

    Edit: well, I just now read the sticky above that says not to try suggestions given to other people. Unfortunately, the thread I copy/pasted was given to me through a Google search while trying to solve this problem, thus I did not see the stickied warning thread before reading the instructions... Apologies.
     
  2. Swerner

    Swerner TS Rookie Topic Starter

    Alright, I used RegcurePro and now the I'm back to the black screen after desktop loads.
     
  3. Broni

    Broni Malware Annihilator Posts: 47,066   +257

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ================================================================================

    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    ==========================================================================

    Did you try to boot to safe mode?
     
  4. Swerner

    Swerner TS Rookie Topic Starter

    Everything I do, including typing on this forum is done through safe mode with network. if I try to boot normally, my screen goes black after a few seconds. I opened my task manager to see which processes loaded up that I couldn't recognize. This may just be co-incidence, but it seems at some point that a process shows up in the list but right away my screen goes black and I don't have time to read. I wonder if it is this process that triggers the black screen, or if its purely coincidental.
     
  5. Broni

    Broni Malware Annihilator Posts: 47,066   +257

    While in safe mode....

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.
     
  6. Swerner

    Swerner TS Rookie Topic Starter

    Gmer gave no Log


    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.05.20.05

    Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
    Internet Explorer 9.0.8112.16421
    Steve :: STEVE-PC [administrator]

    2012-05-20 13:22:33
    mbam-log-2012-05-20 (13-22-33).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 401181
    Time elapsed: 37 minute(s), 39 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Users\Steve\Downloads\setup.exe (Rogue.Installer.SFXGen1) -> Quarantined and deleted successfully.

    (end)



    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
    Internet Explorer: 9.0.8112.16421
    Run by Steve at 14:45:19 on 2012-05-20
    Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.2.1036.18.8175.7333 [GMT -4:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\Explorer.EXE
    C:\Windows\system32\ctfmon.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    mRunOnce: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xporter vers Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    TCP: Interfaces\{75064987-6D9D-4139-A556-F5FB759E841C} : DhcpNameServer = 192.168.1.1 24.48.19.13 24.202.72.13
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
    {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
    {326E768D-4182-46FD-9C16-1449A49795F4}
    {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
    {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
    {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
    mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun-x64: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun-x64: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    mRunOnce-x64: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe
    SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\gtun55fu.default\
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Users\Steve\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-28 2343816]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]
    S1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
    S1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
    S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
    S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    S2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
    S2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
    S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-3-29 44768]
    S2 DES2 Service;DES2 Service for Energy Saving.;C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2012-2-23 68136]
    S2 gupdate;Service Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-23 136176]
    S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-23 654408]
    S2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2012-2-23 114688]
    S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
    S3 etdrv;etdrv;C:\Windows\etdrv.sys [2012-2-23 25640]
    S3 gupdatem;Service Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-23 136176]
    S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2012-2-23 30528]
    S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Service Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-05-20 18:35:27 -------- d-----w- C:\Users\Steve\AppData\Local\ElevatedDiagnostics
    2012-05-20 17:16:41 -------- d-----w- C:\Users\Steve\AppData\Local\Temp
    2012-05-20 16:57:04 -------- d-----w- C:\Users\Steve\AppData\Roaming\ParetoLogic
    2012-05-20 16:57:04 -------- d-----w- C:\Users\Steve\AppData\Roaming\DriverCure
    2012-05-20 16:57:02 -------- d-----w- C:\Program Files (x86)\Common Files\ParetoLogic
    2012-05-20 16:57:01 -------- d-----w- C:\ProgramData\ParetoLogic
    2012-05-20 16:57:01 -------- d-----w- C:\Program Files (x86)\ParetoLogic
    2012-05-20 16:20:50 -------- d-sh--w- C:\$RECYCLE.BIN
    2012-05-18 17:53:15 -------- d-----w- C:\Users\Steve\AppData\Local\Chromium
    2012-05-18 16:29:06 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{86B4077A-F743-477F-B1D6-064CB4ED5208}\mpengine.dll
    2012-05-16 03:16:38 -------- d-----w- C:\ProgramData\AMD
    2012-05-16 03:16:37 -------- d-----w- C:\Program Files (x86)\AMD AVT
    2012-05-16 03:16:34 -------- d-----w- C:\Program Files (x86)\AMD APP
    2012-05-16 03:16:30 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
    2012-05-16 03:12:55 -------- d-----w- C:\AMD
    2012-05-16 00:54:00 -------- d-----w- C:\Users\Steve\AppData\Local\Funcom
    2012-05-16 00:50:21 -------- d-----w- C:\ProgramData\media center programs
    2012-05-16 00:50:20 -------- d-----w- C:\Program Files (x86)\Funcom
    2012-05-13 21:00:12 -------- d-----w- C:\Users\Steve\AppData\Local\SniperV2
    2012-05-13 00:44:09 -------- d-----w- C:\Users\Steve\.swt
    2012-05-13 00:44:07 -------- d-----w- C:\Users\Steve\AppData\Roaming\Azureus
    2012-05-13 00:43:37 -------- d-----w- C:\Program Files (x86)\Vuze
    2012-05-10 19:13:11 1544704 ----a-w- C:\Windows\System32\DWrite.dll
    2012-05-10 19:13:10 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2012-05-10 19:13:05 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-05-10 19:13:05 3146240 ----a-w- C:\Windows\System32\win32k.sys
    2012-05-10 19:13:03 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-05-10 19:13:03 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-05-10 19:12:47 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
    2012-05-10 19:12:28 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-05-10 19:12:20 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2012-05-10 19:12:20 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
    2012-05-10 19:12:20 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
    2012-05-10 19:12:19 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
    2012-05-10 19:12:19 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
    2012-05-08 20:07:06 -------- d-----w- C:\Users\Steve\AppData\Roaming\NationRed
    2012-05-08 20:06:53 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
    2012-04-29 20:31:59 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2012-04-29 20:31:02 -------- d-----w- C:\Users\Steve\AppData\Local\PunkBuster
    2012-04-21 18:48:31 419840 ----a-w- C:\Windows\System32\wrap_oal.dll
    2012-04-21 18:48:31 413696 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
    2012-04-21 18:48:31 133632 ----a-w- C:\Windows\System32\OpenAL32.dll
    2012-04-21 18:48:31 110592 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
    2012-04-21 18:48:31 -------- d-----w- C:\Program Files (x86)\OpenAL
    2012-04-21 18:48:31 -------- d-----w- C:\Program Files (x86)\Grinding Gear Games
    2012-04-21 03:48:17 1313792 ----a-w- C:\Windows\System32\ac3filter64.acm
    2012-04-21 03:48:17 1075200 ----a-w- C:\Windows\SysWow64\ac3filter.acm
    2012-04-21 03:48:16 -------- d-----w- C:\Program Files (x86)\AC3Filter
    2012-04-20 20:38:09 -------- d-----w- C:\ProgramData\Blizzard Entertainment
    2012-04-20 19:22:36 -------- d-----w- C:\Program Files (x86)\Diablo III Beta
    2012-04-20 19:22:36 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
    2012-04-20 19:21:47 -------- d-----w- C:\ProgramData\Battle.net
    .
    ==================== Find3M ====================
    .
    2012-05-20 18:40:11 30528 ----a-w- C:\Windows\GVTDrv64.sys
    2012-05-20 18:40:03 25640 ----a-w- C:\Windows\gdrv.sys
    2012-05-04 03:05:40 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2012-05-03 01:40:51 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2012-05-01 01:53:35 25640 ----a-w- C:\Windows\etdrv.sys
    2012-04-06 05:22:40 11174400 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
    2012-04-06 02:34:26 187392 ----a-w- C:\Windows\System32\clinfo.exe
    2012-04-06 02:34:10 74752 ----a-w- C:\Windows\System32\OpenVideo64.dll
    2012-04-06 02:34:04 64512 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
    2012-04-06 02:33:56 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
    2012-04-06 02:33:52 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
    2012-04-06 02:33:44 16457216 ----a-w- C:\Windows\System32\amdocl64.dll
    2012-04-06 02:32:56 13007872 ----a-w- C:\Windows\SysWow64\amdocl.dll
    2012-04-06 02:32:08 54784 ----a-w- C:\Windows\System32\OpenCL.dll
    2012-04-06 02:32:04 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll
    2012-04-06 02:22:00 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
    2012-04-06 02:21:52 909312 ----a-w- C:\Windows\SysWow64\aticfx32.dll
    2012-04-06 02:20:04 1067520 ----a-w- C:\Windows\System32\aticfx64.dll
    2012-04-06 02:16:52 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
    2012-04-06 02:16:46 503808 ----a-w- C:\Windows\System32\atieclxx.exe
    2012-04-06 02:16:02 236544 ----a-w- C:\Windows\System32\atiesrxx.exe
    2012-04-06 02:14:44 120320 ----a-w- C:\Windows\System32\atitmm64.dll
    2012-04-06 02:14:30 21504 ----a-w- C:\Windows\System32\atimuixx.dll
    2012-04-06 02:14:26 59392 ----a-w- C:\Windows\System32\atiedu64.dll
    2012-04-06 02:14:20 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
    2012-04-06 02:13:42 6800896 ----a-w- C:\Windows\SysWow64\atidxx32.dll
    2012-04-06 02:10:50 26181632 ----a-w- C:\Windows\System32\atio6axx.dll
    2012-04-06 02:00:10 64000 ----a-w- C:\Windows\System32\coinst.dll
    2012-04-06 01:54:46 7479296 ----a-w- C:\Windows\System32\atidxx64.dll
    2012-04-06 01:50:56 19753984 ----a-w- C:\Windows\SysWow64\atioglxx.dll
    2012-04-06 01:35:24 1120768 ----a-w- C:\Windows\System32\atiumd6v.dll
    2012-04-06 01:34:50 1831424 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
    2012-04-06 01:34:34 4731904 ----a-w- C:\Windows\System32\atiumd6a.dll
    2012-04-06 01:34:04 6203392 ----a-w- C:\Windows\SysWow64\atiumdag.dll
    2012-04-06 01:30:16 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
    2012-04-06 01:30:14 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
    2012-04-06 01:30:08 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
    2012-04-06 01:30:06 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
    2012-04-06 01:29:54 16090624 ----a-w- C:\Windows\System32\aticaldd64.dll
    2012-04-06 01:25:30 13764096 ----a-w- C:\Windows\SysWow64\aticaldd.dll
    2012-04-06 01:23:24 7431680 ----a-w- C:\Windows\System32\atiumd64.dll
    2012-04-06 01:22:54 4795904 ----a-w- C:\Windows\SysWow64\atiumdva.dll
    2012-04-06 01:11:28 514560 ----a-w- C:\Windows\System32\atiadlxx.dll
    2012-04-06 01:11:20 360448 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
    2012-04-06 01:11:06 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
    2012-04-06 01:11:04 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
    2012-04-06 01:11:04 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
    2012-04-06 01:11:00 41984 ----a-w- C:\Windows\System32\atig6txx.dll
    2012-04-06 01:10:52 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
    2012-04-06 01:10:44 343040 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
    2012-04-06 01:09:56 54784 ----a-w- C:\Windows\System32\atiuxp64.dll
    2012-04-06 01:09:48 41984 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
    2012-04-06 01:09:42 44544 ----a-w- C:\Windows\System32\atiu9p64.dll
    2012-04-06 01:09:34 32256 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
    2012-04-06 01:09:02 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
    2012-04-06 01:06:08 54784 ----a-w- C:\Windows\System32\atimpc64.dll
    2012-04-06 01:06:08 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
    2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
    2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
    2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-03-09 18:07:04 29184 ----a-w- C:\Windows\System32\kdbsdk64.dll
    2012-03-09 18:06:14 24576 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
    2012-03-06 23:15:19 41184 ----a-w- C:\Windows\avastSS.scr
    2012-03-06 23:04:06 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2012-03-06 23:02:20 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2012-03-06 23:01:52 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2012-03-01 19:07:41 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
    2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll
    2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll
    2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll
    2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
    2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
    2012-02-29 21:45:41 3123272 ----a-w- C:\Windows\SysWow64\pbsvc.exe
    2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
    2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
    2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-02-25 19:45:09 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2012-02-25 19:45:08 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2012-02-25 13:54:25 1 ----a-w- C:\Windows\SysWow64\SI.bin
    2012-02-24 04:46:25 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-02-23 17:54:28 0 ----a-w- C:\Windows\ativpsrm.bin
    2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
    2012-02-23 12:32:04 95760 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys
    .
    ============= FINISH: 14:45:44,20 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Édition Familiale Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2012-02-23 11:38:51
    System Uptime: 2012-05-20 14:42:05 (0 hours ago)
    .
    Motherboard: Gigabyte Technology Co., Ltd. | | P67A-UD3-B3
    Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz | Socket 1155 | 3292/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 931 GiB total, 774,366 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Security Processor Loader Driver
    Device ID: ROOT\LEGACY_SPLDR\0000
    Manufacturer:
    Name: Security Processor Loader Driver
    PNP Device ID: ROOT\LEGACY_SPLDR\0000
    Service: spldr
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: avast! Network Shield Support
    Device ID: ROOT\LEGACY_ASWTDI\0000
    Manufacturer:
    Name: avast! Network Shield Support
    PNP Device ID: ROOT\LEGACY_ASWTDI\0000
    Service: aswTdi
    .
    ==== System Restore Points ===================
    .
    RP62: 2012-05-08 16:05:31 - DirectX est installé
    RP63: 2012-05-10 15:08:04 - Windows Update
    RP64: 2012-05-10 23:07:18 - Windows Update
    RP65: 2012-05-12 20:48:31 - DirectX est installé
    RP66: 2012-05-15 15:36:17 - Windows Update
    RP67: 2012-05-15 23:19:58 - Installed Application Profiles
    .
    ==== Installed Programs ======================
    .
    @BIOS
    AC3Filter 2.1a
    Adobe AIR
    Adobe Reader X (10.1.2)
    Apple Application Support
    Apple Software Update
    Application Profiles
    Assassin's Creed Revelations
    AutoGreen B10.1021.1
    avast! Free Antivirus
    Call of Duty 4: Modern Warfare
    Catalyst Control Center
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Coby Media Manager
    Crusader Kings II
    Dead Island
    DES 2.0
    Diablo III Beta
    DivX Setup
    Dropbox
    Easy Tune 6 B10.1024.1
    Fallen Earth
    Free Internet Window Washer
    GamersFirst LIVE!
    Google Chrome
    Google Update Helper
    Heroes of Might and Magic V - Tribes of the East
    HydraVision
    Intel(R) Control Center
    Intel(R) Management Engine Components
    LogMeIn Hamachi
    Malwarebytes Anti-Malware version 1.61.0.1400
    McAfee Security Scan Plus
    Men of War: Assault Squad
    Microsoft Office Access MUI (French) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (French) 2007
    Microsoft Office Groove MUI (French) 2007
    Microsoft Office InfoPath MUI (French) 2007
    Microsoft Office OneNote MUI (French) 2007
    Microsoft Office Outlook MUI (French) 2007
    Microsoft Office PowerPoint MUI (French) 2007
    Microsoft Office Proof (Arabic) 2007
    Microsoft Office Proof (Dutch) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (German) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (French) 2007
    Microsoft Office Publisher MUI (French) 2007
    Microsoft Office Shared MUI (French) 2007
    Microsoft Office Word MUI (French) 2007
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Might & Magic Heroes VI
    Mount & Blade: Warband
    Mozilla Firefox 10.0.2 (x86 en-US)
    Mumble 1.2.3
    Nation Red
    Network Magic
    NVIDIA PhysX
    ON_OFF Charge B10.0427.1
    OpenAL
    Pando Media Booster
    Path of Exile
    PunkBuster Services
    Pure Networks Platform
    QuickTime
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    RegCure Pro
    Renesas Electronics USB 3.0 Host Controller Driver
    Smart 6 B10.1023.1
    Sniper Elite V2
    Steam
    TeamSpeak 3 Client
    The Secret World
    Trine 2
    Ubisoft Game Launcher
    Unity Web Player
    VC80CRTRedist - 8.0.50727.6195
    Ventrilo Client
    Vuze
    World of Battles
    .
    ==== End Of File ===========================
     
  7. Broni

    Broni Malware Annihilator Posts: 47,066   +257

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.

    ===========================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  8. Swerner

    Swerner TS Rookie Topic Starter

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
    , 64-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`06500000
    Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff

    Size Device Name MBR Status
    --------------------------------------------
    931 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...


    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-05-20 15:31:38
    -----------------------------
    15:31:38.114 OS Version: Windows x64 6.1.7601 Service Pack 1
    15:31:38.114 Number of processors: 4 586 0x2A07
    15:31:38.114 ComputerName: STEVE-PC UserName: Steve
    15:31:39.182 Initialize success
    15:31:40.101 AVAST engine defs: 12051901
    15:31:56.757 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    15:31:56.758 Disk 0 Vendor: WDC_WD10EARS-00Y5B1 80.00A80 Size: 953869MB BusType: 11
    15:31:56.773 Disk 0 MBR read successfully
    15:31:56.774 Disk 0 MBR scan
    15:31:57.144 Disk 0 Windows 7 default MBR code
    15:31:57.149 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    15:31:57.334 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
    15:31:57.499 Disk 0 scanning C:\Windows\system32\drivers
    15:32:07.583 Service scanning
    15:32:19.966 Modules scanning
    15:32:19.970 Disk 0 trace - called modules:
    15:32:19.983 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
    15:32:19.986 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80076f8060]
    15:32:19.988 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa80074c7090]
    15:32:19.991 5 ACPI.sys[fffff88000f4f7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80074d3060]
    15:32:20.937 AVAST engine scan C:\Windows
    15:32:22.960 AVAST engine scan C:\Windows\system32
    15:33:42.470 AVAST engine scan C:\Windows\system32\drivers
    15:33:49.259 AVAST engine scan C:\Users\Steve
    15:35:57.924 AVAST engine scan C:\ProgramData
    15:36:07.166 Scan finished successfully
    15:43:03.316 Disk 0 MBR has been saved successfully to "C:\Users\Steve\Desktop\MBR.dat"
    15:43:03.319 The log file has been saved successfully to "C:\Users\Steve\Desktop\aswMBR.txt"
     
  9. Broni

    Broni Malware Annihilator Posts: 47,066   +257

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  10. Swerner

    Swerner TS Rookie Topic Starter

    Sorry, my OS is in french; here is the combofix log, thank you.

    ComboFix 12-05-20.09 - Steve 2012-05-20 17:02:34.2.4 - x64 NETWORK
    Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.2.1036.18.8175.6968 [GMT -4:00]
    Lancé depuis: c:\users\Steve\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Un nouveau point de restauration a été créé
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2012-04-20 au 2012-05-20 ))))))))))))))))))))))))))))))))))))
    .
    .
    2012-05-20 21:07 . 2012-05-20 21:07 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-05-20 18:35 . 2012-05-20 18:36 -------- d-----w- c:\users\Steve\AppData\Local\ElevatedDiagnostics
    2012-05-20 17:16 . 2012-05-20 21:10 -------- d-----w- c:\users\Steve\AppData\Local\Temp
    2012-05-20 16:57 . 2012-05-20 16:57 -------- d-----w- c:\users\Steve\AppData\Roaming\ParetoLogic
    2012-05-20 16:57 . 2012-05-20 16:57 -------- d-----w- c:\users\Steve\AppData\Roaming\DriverCure
    2012-05-20 16:57 . 2012-05-20 16:57 -------- d-----w- c:\program files (x86)\Common Files\ParetoLogic
    2012-05-20 16:57 . 2012-05-20 16:57 -------- d-----w- c:\programdata\ParetoLogic
    2012-05-20 16:57 . 2012-05-20 16:57 -------- d-----w- c:\program files (x86)\ParetoLogic
    2012-05-18 17:53 . 2012-05-18 17:53 -------- d-----w- c:\users\Steve\AppData\Local\Chromium
    2012-05-18 16:29 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{86B4077A-F743-477F-B1D6-064CB4ED5208}\mpengine.dll
    2012-05-16 03:16 . 2012-05-16 03:16 -------- d-----w- c:\programdata\ATI
    2012-05-16 03:16 . 2012-05-16 03:16 -------- d-----w- c:\programdata\AMD
    2012-05-16 03:16 . 2012-05-16 03:16 -------- d-----w- c:\program files (x86)\AMD AVT
    2012-05-16 03:16 . 2012-05-16 03:16 -------- d-----w- c:\program files (x86)\AMD APP
    2012-05-16 03:16 . 2012-05-16 03:16 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
    2012-05-16 03:12 . 2012-05-16 03:19 -------- d-----w- C:\AMD
    2012-05-16 00:54 . 2012-05-16 00:54 -------- d-----w- c:\users\Steve\AppData\Local\Funcom
    2012-05-16 00:50 . 2012-05-16 00:50 -------- d-----w- c:\programdata\media center programs
    2012-05-16 00:50 . 2012-05-16 00:50 -------- d-----w- c:\program files (x86)\Funcom
    2012-05-13 21:00 . 2012-05-13 21:04 -------- d-----w- c:\users\Steve\AppData\Local\SniperV2
    2012-05-13 00:44 . 2012-05-13 00:44 -------- d-----w- c:\users\Steve\.swt
    2012-05-13 00:44 . 2012-05-20 17:15 -------- d-----w- c:\users\Steve\AppData\Roaming\Azureus
    2012-05-13 00:43 . 2012-05-13 00:43 -------- d-----w- c:\program files (x86)\Vuze
    2012-05-10 19:13 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
    2012-05-10 19:13 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
    2012-05-10 19:13 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-10 19:13 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
    2012-05-10 19:13 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-05-10 19:13 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-05-10 19:12 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
    2012-05-10 19:12 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-05-10 19:12 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
    2012-05-10 19:12 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
    2012-05-10 19:12 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2012-05-10 19:12 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
    2012-05-10 19:12 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
    2012-05-08 20:07 . 2012-05-08 21:14 -------- d-----w- c:\users\Steve\AppData\Roaming\NationRed
    2012-05-08 20:06 . 2012-05-08 20:06 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
    2012-04-29 20:31 . 2012-05-04 03:05 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-04-29 20:31 . 2012-04-29 20:31 -------- d-----w- c:\users\Steve\AppData\Local\PunkBuster
    2012-04-21 18:48 . 2012-04-21 18:48 419840 ----a-w- c:\windows\system32\wrap_oal.dll
    2012-04-21 18:48 . 2012-04-21 18:48 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll
    2012-04-21 18:48 . 2012-04-21 18:48 133632 ----a-w- c:\windows\system32\OpenAL32.dll
    2012-04-21 18:48 . 2012-04-21 18:48 110592 ----a-w- c:\windows\SysWow64\OpenAL32.dll
    2012-04-21 18:48 . 2012-04-21 18:48 -------- d-----w- c:\program files (x86)\OpenAL
    2012-04-21 18:48 . 2012-04-21 18:48 -------- d-----w- c:\program files (x86)\Grinding Gear Games
    2012-04-21 03:48 . 2012-04-11 00:37 1313792 ----a-w- c:\windows\system32\ac3filter64.acm
    2012-04-21 03:48 . 2012-04-11 00:31 1075200 ----a-w- c:\windows\SysWow64\ac3filter.acm
    2012-04-21 03:48 . 2012-04-21 03:48 -------- d-----w- c:\program files (x86)\AC3Filter
    .
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-20 21:10 . 2012-02-23 17:21 30528 ----a-w- c:\windows\GVTDrv64.sys
    2012-05-20 21:10 . 2012-02-23 17:05 25640 ----a-w- c:\windows\gdrv.sys
    2012-05-04 03:05 . 2012-03-01 19:07 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-05-03 01:40 . 2012-03-01 19:07 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-05-01 01:53 . 2012-02-23 17:21 25640 ----a-w- c:\windows\etdrv.sys
    2012-04-06 05:22 . 2012-04-06 05:22 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2012-04-06 02:34 . 2012-04-06 02:34 187392 ----a-w- c:\windows\system32\clinfo.exe
    2012-04-06 02:34 . 2012-04-06 02:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
    2012-04-06 02:34 . 2012-04-06 02:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
    2012-04-06 02:33 . 2012-04-06 02:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
    2012-04-06 02:33 . 2012-04-06 02:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
    2012-04-06 02:33 . 2012-04-06 02:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
    2012-04-06 02:32 . 2012-04-06 02:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
    2012-04-06 02:32 . 2012-04-06 02:32 54784 ----a-w- c:\windows\system32\OpenCL.dll
    2012-04-06 02:32 . 2012-04-06 02:32 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
    2012-04-06 02:21 . 2012-04-06 02:21 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
    2012-04-06 02:20 . 2010-03-03 04:15 1067520 ----a-w- c:\windows\system32\aticfx64.dll
    2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2012-04-06 02:16 . 2012-04-06 02:16 503808 ----a-w- c:\windows\system32\atieclxx.exe
    2012-04-06 02:16 . 2012-04-06 02:16 236544 ----a-w- c:\windows\system32\atiesrxx.exe
    2012-04-06 02:14 . 2012-04-06 02:14 120320 ----a-w- c:\windows\system32\atitmm64.dll
    2012-04-06 02:14 . 2012-04-06 02:14 21504 ----a-w- c:\windows\system32\atimuixx.dll
    2012-04-06 02:14 . 2012-04-06 02:14 59392 ----a-w- c:\windows\system32\atiedu64.dll
    2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
    2012-04-06 02:13 . 2012-04-06 02:13 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll
    2012-04-06 02:10 . 2012-04-06 02:10 26181632 ----a-w- c:\windows\system32\atio6axx.dll
    2012-04-06 02:00 . 2012-02-23 17:50 64000 ----a-w- c:\windows\system32\coinst.dll
    2012-04-06 01:54 . 2010-03-03 03:57 7479296 ----a-w- c:\windows\system32\atidxx64.dll
    2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll
    2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
    2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
    2012-04-06 01:34 . 2012-04-06 01:34 4731904 ----a-w- c:\windows\system32\atiumd6a.dll
    2012-04-06 01:34 . 2012-04-06 01:34 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
    2012-04-06 01:30 . 2012-04-06 01:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll
    2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
    2012-04-06 01:30 . 2012-04-06 01:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll
    2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
    2012-04-06 01:29 . 2012-04-06 01:29 16090624 ----a-w- c:\windows\system32\aticaldd64.dll
    2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll
    2012-04-06 01:23 . 2012-04-06 01:23 7431680 ----a-w- c:\windows\system32\atiumd64.dll
    2012-04-06 01:22 . 2012-04-06 01:22 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
    2012-04-06 01:11 . 2012-04-06 01:11 514560 ----a-w- c:\windows\system32\atiadlxx.dll
    2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll
    2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll
    2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
    2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
    2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll
    2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
    2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
    2012-04-06 01:09 . 2010-03-03 03:06 54784 ----a-w- c:\windows\system32\atiuxp64.dll
    2012-04-06 01:09 . 2012-04-06 01:09 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
    2012-04-06 01:09 . 2012-04-06 01:09 44544 ----a-w- c:\windows\system32\atiu9p64.dll
    2012-04-06 01:09 . 2012-04-06 01:09 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
    2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\atimpc64.dll
    2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\amdpcom64.dll
    2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
    2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
    2012-04-04 19:56 . 2012-02-23 17:35 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-29 03:33 . 2012-03-29 03:33 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2012-03-29 03:33 . 2012-03-29 03:33 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2012-03-29 03:33 . 2012-03-29 03:33 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2012-03-29 03:33 . 2012-03-29 03:33 85504 ----a-w- c:\windows\system32\iesetup.dll
    2012-03-29 03:33 . 2012-03-29 03:33 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2012-03-29 03:33 . 2012-03-29 03:33 76800 ----a-w- c:\windows\system32\tdc.ocx
    2012-03-29 03:33 . 2012-03-29 03:33 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2012-03-29 03:33 . 2012-03-29 03:33 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2012-03-29 03:33 . 2012-03-29 03:33 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2012-03-29 03:33 . 2012-03-29 03:33 603648 ----a-w- c:\windows\system32\vbscript.dll
    2012-03-29 03:33 . 2012-03-29 03:33 49664 ----a-w- c:\windows\system32\imgutil.dll
    2012-03-29 03:33 . 2012-03-29 03:33 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2012-03-29 03:33 . 2012-03-29 03:33 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2012-03-29 03:33 . 2012-03-29 03:33 448512 ----a-w- c:\windows\system32\html.iec
    2012-03-29 03:33 . 2012-03-29 03:33 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2012-03-29 03:33 . 2012-03-29 03:33 367104 ----a-w- c:\windows\SysWow64\html.iec
    2012-03-29 03:33 . 2012-03-29 03:33 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2012-03-29 03:33 . 2012-03-29 03:33 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2012-03-29 03:33 . 2012-03-29 03:33 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2012-03-29 03:33 . 2012-03-29 03:33 222208 ----a-w- c:\windows\system32\msls31.dll
    2012-03-29 03:33 . 2012-03-29 03:33 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-03-29 03:33 . 2012-03-29 03:33 165888 ----a-w- c:\windows\system32\iexpress.exe
    2012-03-29 03:33 . 2012-03-29 03:33 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2012-03-29 03:33 . 2012-03-29 03:33 160256 ----a-w- c:\windows\system32\wextract.exe
    2012-03-29 03:33 . 2012-03-29 03:33 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2012-03-29 03:33 . 2012-03-29 03:33 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2012-03-29 03:33 . 2012-03-29 03:33 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-03-29 03:33 . 2012-03-29 03:33 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2012-03-29 03:33 . 2012-03-29 03:33 12288 ----a-w- c:\windows\system32\mshta.exe
    2012-03-29 03:33 . 2012-03-29 03:33 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2012-03-29 03:33 . 2012-03-29 03:33 114176 ----a-w- c:\windows\system32\admparse.dll
    2012-03-29 03:33 . 2012-03-29 03:33 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2012-03-29 03:33 . 2012-03-29 03:33 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2012-03-29 03:33 . 2012-03-29 03:33 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2012-03-09 18:07 . 2012-03-09 18:07 29184 ----a-w- c:\windows\system32\kdbsdk64.dll
    2012-03-09 18:06 . 2012-03-09 18:06 24576 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
    2012-03-06 23:15 . 2012-02-23 17:32 41184 ----a-w- c:\windows\avastSS.scr
    2012-03-06 23:15 . 2012-02-23 17:32 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2012-03-06 23:15 . 2012-03-29 14:20 258520 ----a-w- c:\windows\system32\aswBoot.exe
    2012-03-06 23:04 . 2012-03-29 14:20 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    .
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
    "ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    "nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-04-07 642856]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
    "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "EasyTuneVI"="c:\program files (x86)\GIGABYTE\ET6\ETCall.exe" [2007-07-26 20480]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    R2 gupdate;Service Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-23 136176]
    R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
    R3 etdrv;etdrv;c:\windows\etdrv.sys [2012-05-01 25640]
    R3 gupdatem;Service Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-23 136176]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]
    S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
    S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
    S3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-05-20 30528]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    .
    .
    Contenu du dossier 'Tâches planifiées'
    .
    2012-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-23 17:34]
    .
    2012-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-23 17:34]
    .
    2012-05-20 c:\windows\Tasks\ParetoLogic Registration3.job
    - c:\windows\system32\rundll32.exe [2009-07-13 01:14]
    .
    2012-05-20 c:\windows\Tasks\ParetoLogic Update Version3.job
    - c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-11-25 02:25]
    .
    2012-05-20 c:\windows\Tasks\RegCure Pro.job
    - c:\program files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe [2011-12-21 00:20]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}]
    2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{1d09c093-f71e-43c3-b948-19316cbd695e}"= "mscoree.dll" [2010-11-05 444752]
    .
    [HKEY_CLASSES_ROOT\CLSID\{1d09c093-f71e-43c3-b948-19316cbd695e}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-09-03 11464296]
    .
    ------- Examen supplémentaire -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\gtun55fu.default\
    .
    - - - - ORPHELINS SUPPRIMES - - - -
    .
    AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
    .
    .
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
    "value"="?\05\00\0d\00+1Û"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    c:\program files (x86)\GIGABYTE\ET6\GUI.exe
    .
    **************************************************************************
    .
    Heure de fin: 2012-05-20 17:13:23 - La machine a redémarré
    ComboFix-quarantined-files.txt 2012-05-20 21:13
    ComboFix2.txt 2012-05-20 16:23
    .
    Avant-CF: 836 405 686 272 octets libres
    Après-CF: 836 243 324 928 octets libres
    .
    - - End Of File - - 49D42F857AF7122F1D59F8C60A8084C0
     
  11. Broni

    Broni Malware Annihilator Posts: 47,066   +257

    We're not dealing with any infection here.

    I suggest you start new topic in Windows forum.

    My guess would be overheating/video driver/video card problem but It's be a subject to a different forum.
     
     
  12. Swerner

    Swerner TS Rookie Topic Starter

    Alright, thank you so much for your help and time!
     
  13. Broni

    Broni Malware Annihilator Posts: 47,066   +257

    You're very welcome [​IMG]
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.