TechSpot

BSoD errors and other various issues

Inactive
By NasuChi
Dec 16, 2011
  1. Hello~ I'm having troubles with my older brothers laptop, it has been giving me constant BSoD errors on startup as well as other random times. Not only that, but alot of my files like to randomly become corrupted. The thing is, everything will run fine for like a week, no errors whatsoever. Then I'll get a BSoD and it will start acting up again. Anyway...I'll get to posting my logs.
  2. NasuChi

    NasuChi TS Rookie Topic Starter Posts: 30

    Malewarebytes

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8378

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 8.0.7601.17514

    12/16/2011 4:00:28 AM
    mbam-log-2011-12-16 (04-00-28).txt

    Scan type: Quick scan
    Objects scanned: 161633
    Time elapsed: 4 minute(s), 30 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
  3. NasuChi

    NasuChi TS Rookie Topic Starter Posts: 30

    My gmer log is like, 120k letters long, so its in 3 big parts, did I do something wrong? Did I accidentally do a full scan or something? I'll wait till confirmation before posting it ;x
  4. NasuChi

    NasuChi TS Rookie Topic Starter Posts: 30

    DDS Log 1 first half


    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29
    Run by FAG at 4:33:16 on 2011-12-16
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3062.1547 [GMT -5:00]
    .
    AV: AVG Internet Security *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Internet Security *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Tablet\Pen\Pen_TouchService.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
    C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
    C:\Windows\system32\svchost.exe -k HsfXAudioService
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    C:\Windows\System32\alg.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\Bamboo Dock\BambooCore.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Users\FAG\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\FAG\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\FAG\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\FAG\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\FAG\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\rundll32.exe
    C:\Users\FAG\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Windows\system32\wuauclt.exe
    C:\Users\FAG\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Users\FAG\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\ctfmon.exe
    C:\Users\FAG\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\conhost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.bing.com/?pc=Z015&form=ZGAPHP
    uInternet Settings,ProxyOverride = *.local
    BHO: ooVoo Toolbar: {59c6f12b-f004-43e5-9997-08f2123119b6} - c:\program files\oovootoolbar\oovootoolbarX.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: ooVoo Toolbar: {59c6f12b-f004-43e5-9997-08f2123119b6} - c:\program files\oovootoolbar\oovootoolbarX.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    uRun: [Google Update] "c:\users\fag\appdata\local\google\update\GoogleUpdate.exe" /c
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [BambooCore] c:\program files\bamboo dock\BambooCore.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
    TCP: Interfaces\{04A64E48-5D43-43F3-BA7D-CACE7172D049} : DhcpNameServer = 75.75.76.76 75.75.75.75
    TCP: Interfaces\{04A64E48-5D43-43F3-BA7D-CACE7172D049}\2627F636B6 : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{04A64E48-5D43-43F3-BA7D-CACE7172D049}\6657C6D65627 : DhcpNameServer = 192.168.0.1
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: igfxcui - igfxdev.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
  5. NasuChi

    NasuChi TS Rookie Topic Starter Posts: 30

    DDS Log 1 second half

    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\fag\appdata\roaming\mozilla\firefox\profiles\tadpvum0.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z015&form=ZGAPHP
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z015&form=ZGAADF&q=
    FF - component: c:\users\fag\appdata\roaming\mozilla\firefox\profiles\tadpvum0.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCoreGecko19.dll
    FF - component: c:\users\fag\appdata\roaming\mozilla\firefox\profiles\tadpvum0.default\extensions\{59c6f12b-f004-43e5-9997-08f2123119b6}\components\dtTransparency.dll
    FF - component: c:\users\fag\appdata\roaming\mozilla\firefox\profiles\tadpvum0.default\extensions\{59c6f12b-f004-43e5-9997-08f2123119b6}\components\dtTransparency3.5.dll
    FF - component: c:\users\fag\appdata\roaming\mozilla\firefox\profiles\tadpvum0.default\extensions\{59c6f12b-f004-43e5-9997-08f2123119b6}\components\dtTransparency3.6.dll
    FF - component: c:\users\fag\appdata\roaming\mozilla\firefox\profiles\tadpvum0.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
    FF - plugin: c:\program files\tabletplugins\npwacom.dll
    FF - plugin: c:\program files\tabletplugins\npWacomTabletPlugin.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\programdata\nexon\ngm\npnxgame.dll
    FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
    FF - plugin: c:\users\fag\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
    FF - plugin: c:\users\fag\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\users\fag\appdata\roaming\mozilla\plugins\np-mswmp.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
    FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
    FF - Ext: Softonic-Eng7 Community Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - %profile%\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
    FF - Ext: LimeWire Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
    FF - Ext: ooVooToolbar: {59c6f12b-f004-43e5-9997-08f2123119b6} - %profile%\extensions\{59c6f12b-f004-43e5-9997-08f2123119b6}
    FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-10-25 442200]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-10-25 320856]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-10-25 20568]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-10-25 54616]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-10-25 44768]
    R2 DAZContentManagementService;DAZ Content Management Service;c:\program files\daz 3d\content management service\ContentManagementServer.exe [2011-11-14 18432]
    R2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files\freemake\capturelib\CaptureLibService.exe [2011-11-27 8704]
    R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
    R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2011-11-27 5554552]
    R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2011-11-27 451960]
    R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-10-26 15872]
    S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-10-26 52224]
    S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2011-11-27 10752]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-11-10 1343400]
    .
    =============== Created Last 30 ================
    .
    2011-12-14 22:19:50 2342912 ----a-w- c:\windows\system32\win32k.sys
    2011-12-14 22:19:40 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-12-14 22:19:28 534528 ----a-w- c:\windows\system32\EncDec.dll
    2011-12-14 22:19:27 38912 ----a-w- c:\windows\system32\csrsrv.dll
    2011-12-14 22:19:22 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-12-14 22:19:21 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-12-14 05:11:04 163329 ----a-w- c:\windows\Ahriman's Prophecy Uninstaller.exe
    2011-12-14 05:10:59 -------- d-----w- c:\program files\Ahriman's Prophecy
    2011-12-14 02:40:44 -------- d-----w- c:\program files\rpg2003
    2011-12-13 22:38:28 -------- d-----w- c:\program files\BandiMPEG1
    2011-12-11 02:08:13 -------- d-----w- c:\users\fag\appdata\local\{D084CC5C-EB19-425F-A96F-B6D4EA8F92F2}
    2011-12-11 02:08:02 -------- d-----w- c:\users\fag\appdata\local\{FDF338C8-580E-461B-9B8F-3F1CC153CAA1}
    2011-12-10 09:38:40 -------- d-----w- c:\users\fag\appdata\local\{07AD3984-9EF3-4967-9E37-589A2374F4AF}
    2011-12-10 09:38:28 -------- d-----w- c:\users\fag\appdata\local\{1063CB94-944C-450A-8B3B-99E356AF8F00}
    2011-12-08 22:37:14 40960 ----a-r- c:\users\fag\appdata\roaming\microsoft\installer\{9559f7ca-5e34-4237-a2d9-d856464ad727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
    2011-12-08 22:37:14 40960 ----a-r- c:\users\fag\appdata\roaming\microsoft\installer\{9559f7ca-5e34-4237-a2d9-d856464ad727}\ARPPRODUCTICON.exe
    2011-12-08 22:37:00 -------- d-----w- c:\program files\Project64 1.6
    2011-12-08 02:58:34 61440 ----a-r- c:\users\fag\appdata\roaming\microsoft\installer\{3f6d3f2c-3dba-4d20-96d6-d5676f7db642}\NewShortcut2_3F6D3F2C3DBA4D2096D6D5676F7DB642.exe
    2011-12-08 02:58:33 61440 ----a-r- c:\users\fag\appdata\roaming\microsoft\installer\{3f6d3f2c-3dba-4d20-96d6-d5676f7db642}\NewShortcut21_3F6D3F2C3DBA4D2096D6D5676F7DB642.exe
    2011-12-08 02:58:23 -------- d-----w- c:\program files\Zenosoft
    2011-12-08 02:57:38 -------- d-----w- c:\windows\Downloaded Installations
    2011-12-08 01:23:28 -------- d-----w- c:\windows\lhsp
    2011-12-08 01:23:25 -------- d-----w- c:\program files\CoolSpeech
    2011-12-07 23:37:14 -------- d-----w- c:\users\fag\appdata\local\{A829C79C-C4C0-4073-8673-722F62ED35A3}
    2011-12-07 23:37:03 -------- d-----w- c:\users\fag\appdata\local\{145D1B4D-F88B-47AB-BA63-23F56BF36533}
    2011-12-07 00:20:22 -------- d-----w- c:\users\fag\appdata\local\{365D7265-7F51-415E-92AA-8F48F1B55BAF}
    2011-12-07 00:20:11 -------- d-----w- c:\users\fag\appdata\local\{0C1D30CC-F88D-43BC-9C1A-7D87BBD8D988}
    2011-12-06 05:43:07 805376 ----a-w- c:\windows\system32\FntCache.dll
    2011-12-06 05:43:06 739840 ----a-w- c:\windows\system32\d2d1.dll
    2011-12-06 05:43:06 1076736 ----a-w- c:\windows\system32\DWrite.dll
    2011-12-06 03:09:12 -------- d-----w- c:\users\fag\appdata\local\{0F277621-8AB5-4451-98C7-C4BEC9E71489}
    2011-12-06 03:08:59 -------- d-----w- c:\users\fag\appdata\local\{5B940928-61FA-44BB-8FAF-4C9A16A2FF84}
    2011-12-04 20:29:38 -------- d-----w- c:\users\fag\appdata\local\{9E54CDA8-4AC8-47C0-970E-ACA43BE30748}
    2011-12-04 20:29:28 -------- d-----w- c:\users\fag\appdata\local\{5C73461A-CF5D-4714-BE94-D507D09207FE}
    2011-12-04 08:01:27 -------- d-----w- c:\users\fag\appdata\local\{F4EE781D-1915-4A16-8BA9-AD9F97E1FBB8}
    2011-12-04 08:01:08 -------- d-----w- c:\users\fag\appdata\local\{64A36BDA-48A9-48B9-B4B7-E7A2020B5EB3}
    2011-12-04 08:01:07 -------- d-----w- c:\users\fag\appdata\local\{83921791-188E-4C29-B7D2-70B18E25333D}
    2011-12-03 20:00:33 -------- d-----w- c:\users\fag\appdata\local\{98BC93CC-A08C-4D76-8262-C03143CFEC8D}
    2011-12-03 20:00:22 -------- d-----w- c:\users\fag\appdata\local\{7E5D6FC4-6D82-4A16-8C05-79BFB7BEA5B4}
    2011-12-01 22:49:07 -------- d-----w- c:\users\fag\appdata\local\{BC0C6482-9962-4072-8439-8B2388A8A787}
    2011-12-01 22:48:56 -------- d-----w- c:\users\fag\appdata\local\{57BE44B1-8359-4515-B45A-11E4FF36EA5D}
    2011-12-01 22:47:51 -------- d-----w- c:\windows\en
    2011-12-01 22:46:40 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2011-12-01 22:45:52 -------- d-----w- c:\windows\PCHEALTH
    2011-12-01 22:40:30 94040 ----a-w- c:\program files\common files\windows live\.cache\38ae6d071ccb07a03\DSETUP.dll
    2011-12-01 22:40:30 525656 ----a-w- c:\program files\common files\windows live\.cache\38ae6d071ccb07a03\DXSETUP.exe
    2011-12-01 22:40:30 1691480 ----a-w- c:\program files\common files\windows live\.cache\38ae6d071ccb07a03\dsetup32.dll
    2011-12-01 22:40:17 94040 ----a-w- c:\program files\common files\windows live\.cache\31cc3d7a1ccb07a02\DSETUP.dll
    2011-12-01 22:40:17 525656 ----a-w- c:\program files\common files\windows live\.cache\31cc3d7a1ccb07a02\DXSETUP.exe
    2011-12-01 22:40:17 1691480 ----a-w- c:\program files\common files\windows live\.cache\31cc3d7a1ccb07a02\dsetup32.dll
    2011-12-01 22:39:38 -------- d-----w- c:\users\fag\appdata\local\Windows Live
    2011-12-01 22:39:33 -------- d-----w- c:\program files\common files\Windows Live
    2011-12-01 21:52:38 -------- d-----w- C:\Fraps
    2011-11-30 17:45:51 -------- d--h--w- c:\windows\msdownld.tmp
    2011-11-30 17:45:43 -------- d-----w- c:\windows\system32\directx
    2011-11-27 20:12:33 -------- d-----w- c:\users\fag\appdata\roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
    2011-11-27 20:12:15 -------- d-----w- c:\users\fag\appdata\roaming\Wacom
    2011-11-27 20:11:59 -------- d-----w- c:\programdata\Wacom
    2011-11-27 20:10:16 -------- d-----w- c:\users\fag\appdata\local\Adobe
    2011-11-27 20:09:35 -------- d-----w- c:\program files\Bamboo Dock
    2011-11-27 20:05:15 -------- d-----w- c:\users\fag\appdata\roaming\WTablet
    2011-11-27 20:05:14 1107832 ----a-w- c:\windows\system32\Pen_Touch_Tablet.dll
    2011-11-27 20:05:00 -------- d-----w- c:\program files\TabletPlugins
    2011-11-27 20:04:53 10752 ----a-w- c:\windows\system32\drivers\wacmoumonitor.sys
    2011-11-27 20:03:47 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
    2011-11-27 20:02:33 14120 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
    2011-11-27 20:02:24 1152888 ----a-w- c:\windows\system32\WacomMT.dll
    2011-11-27 20:02:22 1369464 ----a-w- c:\windows\system32\Pen_Tablet.dll
    2011-11-27 20:02:22 1156472 ----a-w- c:\windows\system32\Wintab32.dll
    2011-11-27 20:02:13 -------- d-----w- c:\program files\Tablet
    2011-11-27 19:50:07 -------- d-----w- c:\users\fag\appdata\roaming\SYSTEMAX Software Development
    2011-11-27 19:50:07 -------- d-----w- c:\programdata\SYSTEMAX Software Development
    2011-11-27 18:45:32 -------- d-----w- c:\program files\WinPcap
    2011-11-27 18:44:55 -------- d-----w- c:\programdata\Freemake
    2011-11-27 18:44:29 -------- d-----w- c:\program files\Freemake
    2011-11-27 09:41:20 -------- d-sh--w- C:\found.000
    2011-11-17 01:33:42 -------- d-----w- c:\program files\REACTOR
    .
    ==================== Find3M ====================
    .
    2011-11-06 03:01:22 152576 ----a-w- c:\windows\system32\msclmd.dll
    2011-11-05 04:35:00 981504 ----a-w- c:\windows\system32\wininet.dll
    2011-11-05 02:48:51 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-10-03 10:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-09-29 16:03:04 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
    .
    ============= FINISH: 4:33:53.62 ===============
  6. NasuChi

    NasuChi TS Rookie Topic Starter Posts: 30

    DDS Log 2


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 5/24/2010 9:50:54 PM
    System Uptime: 12/16/2011 3:27:16 AM (1 hours ago)
    .
    Motherboard: Wistron | | 30CD
    Processor: Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz | U2E1 | 1833/667mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 233 GiB total, 90.655 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: Base System Device
    Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_30CD103C&REV_12\4&CAA9F97&0&4BF0
    Manufacturer:
    Name: Base System Device
    PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_30CD103C&REV_12\4&CAA9F97&0&4BF0
    Service:
    .
    Class GUID:
    Description: Base System Device
    Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_30CD103C&REV_12\4&CAA9F97&0&4AF0
    Manufacturer:
    Name: Base System Device
    PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_30CD103C&REV_12\4&CAA9F97&0&4AF0
    Service:
    .
    ==== System Restore Points ===================
    .
    RP188: 12/16/2011 3:30:04 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Ahriman's Prophecy
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Ask Toolbar
    avast! Free Antivirus
    Bamboo
    Bamboo Dock
    Bandisoft MPEG-1 Decoder
    Bonjour
    CCleaner
    Conexant HD Audio
    CoolSpeech
    CyberLink YouCam
    D3DX10
    Dark Eternal- Dissolution
    DAZ Content Management Service
    DAZ Studio 4
    DS4 Default Content
    Elsword version 1.17
    ESET Online Scanner v3
    Eusing Free Registry Cleaner
    Facebook Video Calling 1.0.0.8714
    Facebook Video Calling 1.0.0.8953
    File Shredder 2.0
    Fraps (remove only)
    Free Window Registry Repair
    Freemake Video Downloader
    Game Booster 3
    Google Chrome
    Grand Chase
    HDAUDIO Soft Data Fax Modem with SmartCP
    HyperCam 2
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) TV Wizard
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 29
    Lernout & Hauspie TruVoice American English TTS Engine
    LimeWire 5.5.16
    Mabinogi
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Text-to-Speech Engine 4.0 (English)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Mozilla Firefox (3.6.22)
    MSVCRT
    Nexon Game Manager
    ooVoo
    ooVoo Toolbar
    Pale Moon project (3.6.6)
    Pando Media Booster
    Portal 2
    Project64 1.6
    QuickTime
    RPG Maker 2003 v1.08
    RuneScape Launcher 1.0.4
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    SUPERAntiSpyware
    TuneUp Companion 1.9.0
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Vuze
    WebTablet FB Plugin
    WebTablet IE Plugin
    WebTablet Netscape Plugin
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Mobile Device Center
    WinPcap 4.1.2
    WinRAR 4.01 (32-bit)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/9/2011 8:11:44 PM, Error: yukonw7 [101] - Driver status 1
    12/16/2011 3:28:24 AM, Error: Service Control Manager [7023] - The Block Level Backup Engine Service service terminated with the following error: %%-2147024713
    12/16/2011 3:28:00 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
    12/16/2011 3:27:36 AM, Error: Microsoft-Windows-Eventlog [22] - The event logging service encountered an error while initializing publishing resources for channel Security. If channel type is Analytic or Debug, then this could mean there was an error initializing logging resources as well.
    12/16/2011 3:25:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    12/16/2011 3:24:52 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi cdrom discache SASDIFSV SASKUTIL spldr Wanarpv6
    12/16/2011 3:24:51 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000004e (0x00000099, 0x00047c8c, 0x00000000, 0x00047ccc). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121611-20701-01.
    12/16/2011 3:24:35 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\SystemRoot\System32\Config\SOFTWARE' was corrupted and it has been recovered. Some data might have been lost.
    12/16/2011 3:19:45 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    12/16/2011 3:19:44 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    12/16/2011 3:19:44 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    12/16/2011 3:19:43 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    12/16/2011 3:19:04 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000004e (0x00000099, 0x00064f49, 0x00000002, 0x000886bf). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121611-24148-01.
    12/16/2011 3:15:24 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000004e (0x00000099, 0x00043dd4, 0x00000000, 0x00043e14). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121611-20997-01.
    12/16/2011 3:10:01 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1005] - Unable to produce a minidump file from the full dump file.
    12/16/2011 3:10:01 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x00041201, 0xc01b7f20, 0x5563d867, 0x87b20098). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: .
    12/16/2011 3:06:00 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc000001d, 0x8b3ac81b, 0x8cf13588, 0x8cf13160). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121611-24819-01.
    12/16/2011 3:01:38 AM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
    12/16/2011 3:01:16 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x8b3bcf3a, 0x8cf23968, 0x8cf23540). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121611-21372-01.
    12/16/2011 2:19:01 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000024 (0x001904fb, 0x919e970c, 0x919e92f0, 0x8ba8e943). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: .
    12/15/2011 8:28:42 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
    12/15/2011 8:27:56 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort2.
    12/15/2011 3:50:03 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x00005003, 0xc0802000, 0x0000019a, 0x0019c374). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121511-19671-01.
    12/15/2011 10:41:44 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/14/2011 5:14:21 PM, Error: Microsoft-Windows-HttpEvent [15006] - Owner of the log file or directory \SystemRoot\System32\LogFiles\HTTPERR\httperr1.log is invalid. This could be because another user has already created the log file or the directory.
    12/12/2011 5:05:45 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x00041790, 0xc0802090, 0x0000ffff, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: .
    12/12/2011 4:59:16 PM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    12/12/2011 4:59:16 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    12/12/2011 4:59:16 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/12/2011 4:59:16 PM, Error: Service Control Manager [7031] - The Tablet PC Input Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/12/2011 4:59:16 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/12/2011 4:59:16 PM, Error: Service Control Manager [7031] - The Offline Files service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    12/12/2011 4:59:16 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    12/12/2011 4:59:16 PM, Error: Service Control Manager [7031] - The HomeGroup Listener service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/12/2011 4:59:16 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    12/12/2011 4:59:16 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    12/12/2011 2:57:13 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x00041790, 0xc080209a, 0x0000ffff, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: .
    12/12/2011 12:43:30 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x82c8c8a3, 0x8cf23a70, 0x8cf23650). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121211-26426-01.
    12/10/2011 2:18:43 PM, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
    12/10/2011 12:52:27 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
    .
    ==== End Of File ===========================
  7. Broni

    Broni Malware Annihilator Posts: 46,748   +254

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================================

    Upload GMER log here: http://www.filedropper.com/
    Post download link (copy URL: link):
    [​IMG]
  8. NasuChi

    NasuChi TS Rookie Topic Starter Posts: 30

    Hello again Broni :3 (you helped me a while back with my laptop, don't worry! I didn't break mine, my older brother's just doesn't seem to work right...)

    Here you go~ http://www.filedropper.com/gmer
  9. Broni

    Broni Malware Annihilator Posts: 46,748   +254

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ============================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  10. NasuChi

    NasuChi TS Rookie Topic Starter Posts: 30

    aswMBR Log


    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-12-16 21:44:07
    -----------------------------
    21:44:07.034 OS Version: Windows 6.1.7601 Service Pack 1
    21:44:07.034 Number of processors: 2 586 0xF0D
    21:44:07.036 ComputerName: FAG-PC UserName: FAG
    21:44:09.174 Initialize success
    21:44:09.545 AVAST engine defs: 11112101
    21:44:43.925 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
    21:44:43.928 Disk 0 Vendor: FUJITSU_MHZ2250BH_G2 8909 Size: 238475MB BusType: 11
    21:44:46.058 Disk 0 MBR read successfully
    21:44:46.062 Disk 0 MBR scan
    21:44:46.066 Disk 0 Windows 7 default MBR code
    21:44:46.126 Disk 0 scanning sectors +488394752
    21:44:46.703 Disk 0 scanning C:\Windows\system32\drivers
    21:46:35.193 Service scanning
    21:46:36.816 Modules scanning
    21:49:38.400 Disk 0 trace - called modules:
    21:49:38.494 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys dxgkrnl.sys igdkmd32.sys dxgmms1.sys
    21:49:38.509 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x827a6460]
    21:49:38.509 3 CLASSPNP.SYS[881bb59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x819fa908]
    21:49:39.820 AVAST engine scan C:\Windows
    21:51:36.196 AVAST engine scan C:\Windows\system32
    22:09:37.309 AVAST engine scan C:\Windows\system32\drivers
    22:09:58.385 AVAST engine scan C:\Users\FAG
    22:28:55.814 AVAST engine scan C:\ProgramData
    22:29:30.352 Scan finished successfully
    22:30:24.484 Disk 0 MBR has been saved successfully to "C:\Users\FAG\Desktop\MBR.dat"
    22:30:24.500 The log file has been saved successfully to "C:\Users\FAG\Desktop\aswMBR.txt"
  11. NasuChi

    NasuChi TS Rookie Topic Starter Posts: 30

    ComboFix Log


    ComboFix 11-12-16.03 - FAG 12/16/2011 22:34:58.2.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3062.1577 [GMT -5:00]
    Running from: c:\users\FAG\Desktop\ComboFix.exe
    AV: AVG Internet Security *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
    SP: AVG Internet Security *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\FAG\AppData\Roaming\Mozilla\Firefox\Profiles\tadpvum0.default\searchplugins\bing-zugo.xml
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-17 to 2011-12-17 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-17 03:48 . 2011-12-17 03:48 -------- d-----w- c:\users\FAG\AppData\Local\temp
    2011-12-17 03:48 . 2011-12-17 03:48 -------- d-----w- c:\users\Public\AppData\Local\temp
    2011-12-17 03:48 . 2011-12-17 03:48 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-12-14 22:19 . 2011-11-24 04:25 2342912 ----a-w- c:\windows\system32\win32k.sys
    2011-12-14 22:19 . 2011-11-05 04:26 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-12-14 22:19 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll
    2011-12-14 22:19 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
    2011-12-14 22:19 . 2011-10-26 04:47 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-12-14 22:19 . 2011-10-26 04:47 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-12-14 05:11 . 2011-12-14 05:11 163329 ----a-w- c:\windows\Ahriman's Prophecy Uninstaller.exe
    2011-12-14 05:10 . 2011-12-14 05:11 -------- d-----w- c:\program files\Ahriman's Prophecy
    2011-12-14 02:40 . 2011-12-14 02:40 -------- d-----w- c:\program files\rpg2003
    2011-12-13 22:38 . 2011-12-13 22:38 -------- d-----w- c:\program files\BandiMPEG1
    2011-12-08 22:37 . 2011-12-08 22:37 40960 ----a-r- c:\users\FAG\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
    2011-12-08 22:37 . 2011-12-08 22:37 40960 ----a-r- c:\users\FAG\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
    2011-12-08 22:37 . 2011-12-08 22:37 -------- d-----w- c:\program files\Project64 1.6
    2011-12-08 02:58 . 2011-12-08 02:58 61440 ----a-r- c:\users\FAG\AppData\Roaming\Microsoft\Installer\{3F6D3F2C-3DBA-4D20-96D6-D5676F7DB642}\NewShortcut2_3F6D3F2C3DBA4D2096D6D5676F7DB642.exe
    2011-12-08 02:58 . 2011-12-08 02:58 61440 ----a-r- c:\users\FAG\AppData\Roaming\Microsoft\Installer\{3F6D3F2C-3DBA-4D20-96D6-D5676F7DB642}\NewShortcut21_3F6D3F2C3DBA4D2096D6D5676F7DB642.exe
    2011-12-08 02:58 . 2011-12-08 02:58 -------- d-----w- c:\program files\Zenosoft
    2011-12-08 02:57 . 2011-12-08 02:57 -------- d-----w- c:\windows\Downloaded Installations
    2011-12-08 01:23 . 2011-12-08 01:23 -------- d-----w- c:\windows\lhsp
    2011-12-08 01:23 . 2011-12-08 01:23 -------- d-----w- c:\program files\CoolSpeech
    2011-12-06 05:43 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll
    2011-12-06 05:43 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\system32\DWrite.dll
    2011-12-06 05:43 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll
    2011-12-01 22:47 . 2011-12-01 22:47 -------- d-----w- c:\windows\en
    2011-12-01 22:46 . 2011-12-01 22:46 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2011-12-01 22:45 . 2011-12-01 22:45 -------- d-----w- c:\windows\PCHEALTH
    2011-12-01 22:45 . 2011-12-01 22:46 -------- d-----w- c:\program files\Windows Live
    2011-12-01 22:39 . 2011-12-11 02:08 -------- d-----w- c:\users\FAG\AppData\Local\Windows Live
    2011-12-01 22:39 . 2011-12-01 22:39 -------- d-----w- c:\program files\Common Files\Windows Live
    2011-12-01 21:52 . 2011-12-01 21:52 -------- d-----w- C:\Fraps
    2011-11-30 17:45 . 2011-11-30 17:47 -------- d--h--w- c:\windows\msdownld.tmp
    2011-11-27 20:12 . 2011-11-27 20:12 -------- d-----w- c:\users\FAG\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
    2011-11-27 20:12 . 2011-11-27 20:12 -------- d-----w- c:\users\FAG\AppData\Roaming\Wacom
    2011-11-27 20:11 . 2011-11-27 20:12 -------- d-----w- c:\programdata\Wacom
    2011-11-27 20:11 . 2011-11-27 20:11 -------- d-----w- c:\program files\Common Files\Adobe AIR
    2011-11-27 20:10 . 2011-11-27 20:10 -------- d-----w- c:\users\FAG\AppData\Local\Adobe
    2011-11-27 20:09 . 2011-11-27 20:12 -------- d-----w- c:\program files\Bamboo Dock
    2011-11-27 20:05 . 2011-11-27 20:05 -------- d-----w- c:\users\FAG\AppData\Roaming\WTablet
    2011-11-27 20:05 . 2011-09-08 22:48 1107832 ----a-w- c:\windows\system32\Pen_Touch_Tablet.dll
    2011-11-27 20:04 . 2011-09-08 22:49 10752 ----a-w- c:\windows\system32\drivers\wacmoumonitor.sys
    2011-11-27 20:03 . 2011-09-08 22:49 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
    2011-11-27 20:02 . 2011-09-08 22:49 14120 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
    2011-11-27 20:02 . 2011-09-08 22:48 1152888 ----a-w- c:\windows\system32\WacomMT.dll
    2011-11-27 20:02 . 2011-09-08 22:48 1156472 ----a-w- c:\windows\system32\Wintab32.dll
    2011-11-27 20:02 . 2011-09-08 22:48 1369464 ----a-w- c:\windows\system32\Pen_Tablet.dll
    2011-11-27 20:02 . 2011-11-27 20:05 -------- d-----w- c:\program files\Tablet
    2011-11-27 19:50 . 2011-11-27 19:50 -------- d-----w- c:\users\FAG\AppData\Roaming\SYSTEMAX Software Development
    2011-11-27 19:50 . 2011-11-27 19:50 -------- d-----w- c:\programdata\SYSTEMAX Software Development
    2011-11-27 18:45 . 2011-11-27 18:45 -------- d-----w- c:\program files\WinPcap
    2011-11-27 18:44 . 2011-11-27 18:46 -------- d-----w- c:\programdata\Freemake
    2011-11-27 18:44 . 2011-11-27 18:44 -------- d-----w- c:\program files\Freemake
    2011-11-27 09:41 . 2011-11-27 09:41 -------- d-----w- C:\found.000
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-01 22:44 . 2011-03-28 23:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-11-06 03:01 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
    2011-10-03 10:06 . 2010-05-25 03:25 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-09-29 16:03 . 2011-11-10 08:08 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59c6f12b-f004-43e5-9997-08f2123119b6}]
    2011-01-06 04:30 81920 ----a-w- c:\program files\oovootoolbar\oovootoolbarX.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2010-10-11 20:12 1244040 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-10-11 1244040]
    "{59c6f12b-f004-43e5-9997-08f2123119b6}"= "c:\program files\oovootoolbar\oovootoolbarX.dll" [2011-01-06 81920]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CLASSES_ROOT\clsid\{59c6f12b-f004-43e5-9997-08f2123119b6}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-10-11 1244040]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
    "BambooCore"="c:\program files\Bamboo Dock\BambooCore.exe" [2011-09-27 646232]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKLM\~\startupfolder\C:^Users^FAG^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    path=c:\users\FAG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
    backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
    2011-09-13 03:36 137536 ----atw- c:\users\FAG\AppData\Local\Facebook\Update\FacebookUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooVoo.exe]
    2011-05-18 13:25 22631608 ----a-w- c:\program files\ooVoo\ooVoo.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-10-29 18:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2011-12-16 08:07 4616064 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
    2009-05-20 02:16 222504 ----a-w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
    2007-05-31 14:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Mirror Tray icon]
    2009-06-11 17:14 162912 ----a-w- c:\program files\CyberLink\YouCam\YouCamTray.exe
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files\Freemake\CaptureLib\CaptureLibService.exe [2011-11-24 8704]
    R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2011-08-21 4178784]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
    R3 Synth3dVsc;Synth3dVsc; [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 tsusbhub;tsusbhub; [x]
    R3 VGPU;VGPU; [x]
    R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2011-09-08 10752]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-10 1343400]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616]
    S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
    S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-02-11 35088]
    S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 5554552]
    S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 451960]
    S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
    S3 XDva391;XDva391;c:\windows\system32\XDva391.sys [x]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - aswMBR
    *Deregistered* - dump_wmimmc
    *Deregistered* - uwldypow
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HsfXAudioService REG_MULTI_SZ HsfXAudioService
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-12-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4092775245-913444807-781344819-1000Core.job
    - c:\users\FAG\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-13 03:36]
    .
    2011-12-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4092775245-913444807-781344819-1000UA.job
    - c:\users\FAG\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-13 03:36]
    .
    2011-12-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4092775245-913444807-781344819-1000Core.job
    - c:\users\FAG\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-07 17:22]
    .
    2011-12-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4092775245-913444807-781344819-1000UA.job
    - c:\users\FAG\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-07 17:22]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.bing.com/?pc=Z015&form=ZGAPHP
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
    FF - ProfilePath - c:\users\FAG\AppData\Roaming\Mozilla\Firefox\Profiles\tadpvum0.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z015&form=ZGAPHP
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z015&form=ZGAADF&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
    FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
    FF - Ext: Softonic-Eng7 Community Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - %profile%\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
    FF - Ext: LimeWire Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
    FF - Ext: ooVooToolbar: {59c6f12b-f004-43e5-9997-08f2123119b6} - %profile%\extensions\{59c6f12b-f004-43e5-9997-08f2123119b6}
    FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-12-16 22:58:42
    ComboFix-quarantined-files.txt 2011-12-17 03:58
    ComboFix2.txt 2011-11-01 23:00
    .
    Pre-Run: 108,187,795,456 bytes free
    Post-Run: 111,487,619,072 bytes free
    .
    - - End Of File - - CEA3FCB72322470A1BD3CF0E8E30142C
     
  12. Broni

    Broni Malware Annihilator Posts: 46,748   +254

    I don't see anything malicious.
    I suggest you start new topic in Windows forum.
  13. NasuChi

    NasuChi TS Rookie Topic Starter Posts: 30

    Otays, thanks for looking for me, I'll get on it~
  14. Broni

    Broni Malware Annihilator Posts: 46,748   +254

    :)..............


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.