Inactive Win7 randomly freezing - possible malware?

R

rotary9k

Posts: 10   +0
Hi,

Just a couple days ago, my system randomly crashed and restarted. Ever since then, my system has been randomly hanging, sometimes while loading windows on the "Welcome" screen, and others during random times (usually within 5-10minutes or so). I can use Safe Mode just fine though. I've tried to disable "automatic restart on crash" to try and get a blue screen and see what's wrong from there. However, when I disable that feature, the system freezes to a blank white screen.

I've scanned for viruses using AVG and malware using MalwareBytes - both indicated nothing harmful. Yes, both were updated prior to scanning.

Not able to try system restore as I run on SSD's and turned off system restore point for the sake of saving space.

I thought it was a hardware issue at first (memory maybe?), but since I can run in safe mode just fine, then it can't be hardware right?

I've tried numerous things and can't seem to fix it. Wanted to check here to see if anyone could assist. Please advise what logs I should post for assistance. Thanks in advanced!
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Step 2: Malwarebytes Anti-Malware

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8121

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

11/8/2011 8:08:44 PM
mbam-log-2011-11-08 (20-08-44).txt

Scan type: Quick scan
Objects scanned: 185332
Time elapsed: 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Step 3: GMER

Wasn't sure if I was supposed to only do the automatic scan, or manually click Scan button. Automatic scan showed nothing, so empty log. Next post shows the log from manually clicking on Scan button.
 
Step 3: GMER

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-08 20:19:00
Windows 6.1.7600
Running: 2ubqn33q.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\services\LanmanServer\Linkage@Bind ???M?M??@%SystemRoot%\system32\drivers\fltmgr.sys,-10000????????????????????????????????????t??????????????g?????M?M?M?M?M?M?M?M?M???????M??????p???system32\DRIVERS\kbdhid.sys?\kbdhid.sys???????(??M?????????e????Keyboard Port??????????????g?????????????????????M?M?M?M?M?M?M?????????????????e?????????M??????p???Cryptography??????:??M????????h?????System32\Drivers\ksecpkg.sys????????????????????????????????????t??????????????g?????????????????????M?M?M?M?M?M?M?????????????????e??????0??M?????????e????Kernel Streaming Thunks??????????M??????p???PNP Filter????????R??M????????h?????\SystemRoot\system32\drivers\ksthunk.sys????????????????????????????????????t????????????????????M?M?M?M?M?M?????????????u???????????.???????????/???????M??? ??????????????????????????????system32\DRIVERS\intelppm.sys?ntelppm.sys???? ???????????????????J?;????????????&???????????????????????system32\DRIVERS\kbdclass.sys?bdclass.sys????????????????????????????????L???????.?????M?M??????????????????????????????????????????????????g??????
Reg HKLM\SYSTEM\ControlSet001\services\LanmanServer\Linkage@Route ???M?M???M???????????????????????????????????????????????????????M???????????????M?L?M?M?M?M?M?M????????????????????????????????FSFilter Bottom???????????????????????????<??M????????h???????&??M?????????e????system32\drivers\fltmgr.sys???????b??M?????????n?????????????????????????????v???????G???????????e?????????nab???????M???????????????????N?N?N?N?N??? B??M??????????????CSCFlags=2048?MaxUses=4294967295?Path=C:\Users?Permissions=0?Remark=?ShareName=Users?Type=0?????CSCFlags=768?MaxUses=4294967295?Path=C:\Windows\system32\spool\drivers?Permissions=0?Remark=Printer Drivers?ShareName=print$?Type=0?????CSCFlags=0?MaxUses=4294967295?Path=W:\Games\Steam\steamapps\common\killingfloor?Permissions=0?Remark=?ShareName=killingfloor?Type=0??????????M???????????????????M?M?M?M?M?M??????0?@??????????????????????? ?????????????????????d??M??????s?????8??N????????h?????????t?????????????????????^??M?????????n????@%SystemRoot%\system32\drivers\fvevol.sys,-100???????M?M?M?M?M?M?M?M?????? ??J???C?????eE1???????????B??4c???M?
Reg HKLM\SYSTEM\ControlSet001\services\LanmanServer\Linkage@Export ???M?M????8??M????????h?????@%SystemRoot%\system32\drivers\http.sys,-1????????V??M?????????n????@%SystemRoot%\system32\drivers\http.sys,-2???????????????????????????????????????????M?M?M?M?M?M??????b??M?????????e????????????????t?????<??M????????h?????system32\drivers\RTKVHD64.sys?????F??M??????????????Service for Realtek HD Audio (WDM)??????cpu.inf_amd64_neutral_ae5de2e1bf2793c3?????????????????g?????M?M?M?M?M?M?M?Mel??? ???S??????????e????????????????????????e???????????l???????????????????M???}??sT???M?M?M?N?????????????o???????????????????*???*??CSCFlags=0?MaxUses=4294967295?Path=C:\Users\X-25M-WT\Shared?Permissions=9?ShareName=Shared?Type=0????????????M???.???g????\??M???????????M?N?N?N?N????.??M?????????e????Intel Processor Driver???????????M??????p???????????????????????????????????????????????? J??M??????????s?????<??M????????h???????,??M?????????e????r???Extended Base???????????????t?????N??M???????????d???N?K?N?N?N???????????????????t??????????????????????????????t????????????????????????M??????p??
Reg HKLM\SYSTEM\ControlSet001\services\LanmanWorkstation\Linkage@Bind ???M?M??????????????????????????????????????????????????g????????M???????????????????????M?M?M?M?M?M?M?M?M?M?M?M?M?M?.???????M???-???????M??%SystemRoot%\System32\srvsvc.dll???????M?M????????????????e?????? ???J???p?????"{1????b??M?????????n????@%SystemRoot%\system32\drivers\fileinfo.sys,-101????????????????t??????????????????????????????????e??????????????????????????8??M????????h?????System32\DRIVERS\fvevol.sys?????????????????t??????????????g????\??\C:\Windows\gdrv.sys?-D??@%systemroot%\system32\drivers\hwpolicy.sys,-101??????<??M????????h?????System32\drivers\hwpolicy.sys?????b??M?????????n????@%systemroot%\system32\drivers\hwpolicy.sys,-102?????????????????????????????????????????M?M?M?M?M?M????????????????????????Network?????@%SystemRoot%\system32\drivers\fltmgr.sys,-10001??????0??M??????p???FSFilter Infrastructure???????8??M????????h?????File System??????????????????????????????M????????????????H?X??????4?????????? ????????????????? ?????????????H?X??????4???????????????????? ??????? ??????? ?????????t
Reg HKLM\SYSTEM\ControlSet001\services\LanmanWorkstation\Linkage@Route ???M?M????????????????e?????? ???J???p?????"{1????b??M?????????n????@%SystemRoot%\system32\drivers\fileinfo.sys,-101????????????????t??????????????????????????????????e??????????????????????????8??M????????h?????System32\DRIVERS\fvevol.sys?????????????????t??????????????g????\??\C:\Windows\gdrv.sys?-D??@%systemroot%\system32\drivers\hwpolicy.sys,-101??????<??M????????h?????System32\drivers\hwpolicy.sys?????b??M?????????n????@%systemroot%\system32\drivers\hwpolicy.sys,-102?????????????????????????????????????????M?M?M?M?M?M????????????????????????Network?????@%SystemRoot%\system32\drivers\fltmgr.sys,-10001??????0??M??????p???FSFilter Infrastructure???????8??M????????h?????File System??????????????????????????????M????????????????H?X??????4?????????? ????????????????? ?????????????H?X??????4???????????????????? ??????? ??????? ?????????t??M????????????????H?X??????4?????????? ????????????????? ????????????????????????M????????????H?d??????4?????????? ????????????????????????????????????????? #???????M?????????
Reg HKLM\SYSTEM\ControlSet001\services\LanmanWorkstation\Linkage@Export ???M??????8??M????????h?????Keyboard HID Driver??????????M??????p???????????????t???????????????t?????8??M????????h????????????????????g?????M?M?M?M?M?M?M?Mb5??System32\Drivers\ksecdd.sys?????????????????????????????????????????????t????M????????????????<??M????????h???????b??M?????????n??????`??M?????????e????@%SystemRoot%\system32\drivers\partmgr.sys,-100???????$??M??????p???Boot Bus Extender?????:??M????????h?????System32\drivers\partmgr.sys??????`??N?????????n????pcmcia.inf_amd64_neutral_1678e66e0cbb04b2????????M?????????e????PCI Bus Driver??????????????????t?????$??M??????p???Boot Bus Extender??????????????g?????N?N?N?M?M?M?M?Mb0????????????????????????????????????????8??M????????h??????M????2??M????????h?????system32\DRIVERS\pci.sys??????T??M???????????d??system32\DRIVERS\pciide.sys???????(??M??????p???System Bus Extender???????R??M???????????d??mshdc.inf_amd64_neutral_a69a58a4286f0b22?????M?M?M?M?M?M?M????????????????????P??M?????????e????Performance Counters for Windows Driver??????? ??J??????p?????2
Reg HKLM\SYSTEM\ControlSet003\services\LanmanServer\Linkage@Bind ????????@%SystemRoot%\system32\FirewallAPI.dll,-23093???????????????????????@%systemroot%\system32\wkssvc.dll,-1004?????system32\DRIVERS\mrxsmb20.sys?????P????????????n????????????????????????????????????t???NDIS?2???????????????????? ?????????p???????D???Network???????\????????????n??????6???????????h?????? ??D????:?????:?:??? ??????????????????????????????????????? ???????E?????B2C??@%systemroot%\system32\wkssvc.dll,-1003?????Base?$????8???????????h?????? ???????????????????????????.???.??????????????t???Network?????????????????????????????????????????Base?#??_tcp????Network???????R??????????????d??????????????????????????????p?????????????????????N????????????e????system32\DRIVERS\mrxsmb.sys?????system32\DRIVERS\msahci.sys?\msahci.sys?????????????????????????Tcpip???????@%systemroot%\system32\wkssvc.dll,-1006?????????????????p?????<???????????h?????????????????????????A??????g????File system?????system32\DRIVERS\msisadrv.sys??????????????g??????X????????????e??????X????????????e??????<???????????h???????P
Reg HKLM\SYSTEM\ControlSet003\services\LanmanServer\Linkage@Route ????????????????????????ServiceMain?????????????????????????????????????????t?????<???????????h?????System32\DRIVERS\srv.sys????????????????t???C:\ProgramData\Microsoft\MF?????????????????????*6to4mp??????????????????2??@%SystemRoot%\system32\drivers\mountmgr.sys,-100????network?????????W???????????????????SCSI Miniport???Security Driver???????2???????????h?????Microsoft???????????????????????????PnkBstrA?5??????????????p?????????????????????????&????????????e??????????????????????????????????????????????????????????????????????????????????????????????????????V????????????e????????????????t???Boot File System????????????????????@%systemroot%\system32\drivers\luafv.sys,-100???????????????t?????????????????????????N????????????n??????????????????????????????????????????????????????????????N????????????n?????????????v???????G???????????????????????z??????????????????{9??????????????????pci\cc_0101?c.??? R??????8??????????Standard Dual Channel PCI IDE Controller?8??????????????????????? ?????????????????????????
Reg HKLM\SYSTEM\ControlSet003\services\LanmanServer\Linkage@Export ?????????????????????????????????????????????????????*???*???????????????????0??0???? B?????????????????????????????%SystemRoot%\system32\srvsvc.dll?????????????:???:??????????????t????????????o???????????????????s??ep?????????????????g????@%systemroot%\system32\drivers\luafv.sys,-101???FltMgr??????????????????????System Bus Extender?????system32\DRIVERS\mouclass.sys?ouclass.sys?????b????????????e??????\????????????e????????????????????????\Device\{42DA8D02-5161-478E-A6C3-750FE767DBF7}?\Device\{DEE2C8CD-EB78-4377-870A-2F72F813D6BF}?\Device\{265F1749-DF60-4A90-AC91-1BD5FDD482E3}?\Device\{5169FA04-9A9E-4C73-81A5-5B57695D73AE}?\Device\{1AB45A29-DE57-4A64-A6C1-366EE12BFB2C}?\Device\{646B663C-842D-4E8D-92D9-DD4CBEC24B7F}??12B???????????2???????????????????????????n??\SystemRoot\system32\drivers\luafv.sys??????????????????t?????????????????????\????????????e????????????????????????PNP_TDI?????Mouse Class Driver??????????????????????????System32\drivers\mpsdrv.sys???????P????????????e????NDIS?~????????????????????<
Reg HKLM\SYSTEM\ControlSet003\services\LanmanWorkstation\Linkage@Bind ?????????????????????*???*???????????????????0??0???? B?????????????????????????????%SystemRoot%\system32\srvsvc.dll?????????????:???:??????????????t????????????o???????????????????s??ep?????????????????g????@%systemroot%\system32\drivers\luafv.sys,-101???FltMgr??????????????????????System Bus Extender?????system32\DRIVERS\mouclass.sys?ouclass.sys?????b????????????e??????\????????????e????????????????????????\Device\{42DA8D02-5161-478E-A6C3-750FE767DBF7}?\Device\{DEE2C8CD-EB78-4377-870A-2F72F813D6BF}?\Device\{265F1749-DF60-4A90-AC91-1BD5FDD482E3}?\Device\{5169FA04-9A9E-4C73-81A5-5B57695D73AE}?\Device\{1AB45A29-DE57-4A64-A6C1-366EE12BFB2C}?\Device\{646B663C-842D-4E8D-92D9-DD4CBEC24B7F}??12B???????????2???????????????????????????n??\SystemRoot\system32\drivers\luafv.sys??????????????????t?????????????????????\????????????e????????????????????????PNP_TDI?????Mouse Class Driver??????????????????????????System32\drivers\mpsdrv.sys???????P????????????e????NDIS?~????????????????????<???????????h?????udfs??????8????
Reg HKLM\SYSTEM\ControlSet003\services\LanmanWorkstation\Linkage@Route ????????@%SystemRoot%\system32\drivers\ndis.sys,-201????Network?????????????????????????????????????????t???srvnet??????????????????t???????????????p??????????????? ??????g??????????????????????z?????????????tcpip???????????????????????????????base?????? ?????????p???File system?????4&1a1c9fdc&0?d??192.168.1.75????????????B3????????????????????????????????????????????????????????????????(??? ?????????????????? ????????????????????????V?????????&???????????????????????? ??????????????????????????????????????P7??? ??????????????????????????????????????????? ???????????????????????????????????????A??? ???????6??????d3??? ????????????????????????????????????????b5DB??? ??????????????????????????????????+??????????????????????0A6????????????????????????}"?"NetB??? ?????????????????????,????????????&????????????????????????????????????:??????????????p?????????????"?????????p???? ???????C??????\D??????????????????????????????t?????????????8??????????????????????????????????????????m????<????????????e???????????????
Reg HKLM\SYSTEM\ControlSet003\services\LanmanWorkstation\Linkage@Export ?????????????????????????????e???????????u???????????.????0?@??????????????????????? ????????????????????? ???????????????\????????????n??????<?????????????????Network?????????????????????????????????Pointer Class??????????????????????g????????????????????FSFilter Virtualization?????system32\DRIVERS\mouhid.sys?\mouhid.sys?????????????????????????????????????????????????????????????????????????????ServiceMain?????????????????????????????????????????t?????<???????????h?????System32\DRIVERS\srv.sys????????????????t???C:\ProgramData\Microsoft\MF?????????????????????*6to4mp??????????????????2??@%SystemRoot%\system32\drivers\mountmgr.sys,-100????network?????????W???????????????????SCSI Miniport???Security Driver???????2???????????h?????Microsoft???????????????????????????PnkBstrA?5??????????????p?????????????????????????&????????????e??????????????????????????????????????????????????????????????????????????????????????????????????????V????????????e????????????????t???Boot File System????????????????????@%systemroo
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind ??? ? ??????????????t?????????????????????????????????????????<?? ????????h?????system32\DRIVERS\kbdclass.sys?bdclass.sys??????????????g????? ? ? ? ? ? ? ? ??????8?? ????????h?????System32\Drivers\ksecdd.sys???????????????????????????? ? ??? ?????????????g????????????????????? ? ? ? ? ? ? ?????????????????e????????? ??????p???p???????????????t???????????????????????? ???:??????? ????????????????????????????????????8?? ????????h???????(?? ?????????e????Cryptography??????:?? ????????h?????System32\Drivers\ksecpkg.sys????????????????????????????????????t??????????????g????????????????????? ? ? ? ? ? ? ?????????????????e??????0?? ?????????e????Kernel Streaming Thunks?????????? ??????p???PNP Filter????????R?? ????????h?????\SystemRoot\system32\drivers\ksthunk.sys????????????????????????????????????t???????????????????? ? ? ? ? ? tr??????? ???s??eF??????? ??? ? ? ??????? ???????:????? ? ??????????? ??????????????????HdAudModel????????? ?#??????????????????????????g??????/?7????????? ? ???0?4? ??????? ???-??????CSC
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route ??? ? ??? ?????????????g????????????????????? ? ? ? ? ? ? ?????????????????e????????? ??????p???p???????????????t???????????????????????? ???:??????? ????????????????????????????????????8?? ????????h???????(?? ?????????e????Cryptography??????:?? ????????h?????System32\Drivers\ksecpkg.sys????????????????????????????????????t??????????????g????????????????????? ? ? ? ? ? ? ?????????????????e??????0?? ?????????e????Kernel Streaming Thunks?????????? ??????p???PNP Filter????????R?? ????????h?????\SystemRoot\system32\drivers\ksthunk.sys????????????????????????????????????t???????????????????? ? ? ? ? ? tr??????? ???s??eF??????? ??? ? ? ??????? ???????:????? ? ??????????? ??????????????????HdAudModel????????? ?#??????????????????????????g??????/?7????????? ? ???0?4? ??????? ???-??????CSCFlags=0?MaxUses=4294967295?Path=C:\Users\X-25M-WT\Shared?Permissions=9?ShareName=Shared?Type=0????????????#???}??sT???????#???????????????#??????????????????? ???:???:??????????? ???????????o???????????????????v???????G????????*????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ??? ? ??????????? ??????????????????HdAudModel????????? ?#??????????????????????????g??????/?7????????? ? ???0?4? ??????? ???-??????CSCFlags=0?MaxUses=4294967295?Path=C:\Users\X-25M-WT\Shared?Permissions=9?ShareName=Shared?Type=0????????????#???}??sT???????#???????????????#??????????????????? ???:???:??????????? ???????????o???????????????????v???????G????????*??????????????e?????????nab???????????????????????e???????????*???*???????????l???????????????????????u???????????.??????????????????????????????? ???s??ep????? ?:??????????? B?? ??????????????%SystemRoot%\System32\srvsvc.dll????????????????????????????? ? ? ??????? ???0????????? ti???????????????????0??0???????????????t???NDIS???????????????????????????????????g????FltMgr????????8?? ????????h?????network?????system32\DRIVERS\lltdio.sys???????`?? ?????????e????Link-Layer Topology Discovery Mapper I/O Driver???????????????????????????0?? ??????p????? ?? ??????????????????????????????? ? ? ? ? ? ? ? ? ??FSFilter Virtualization???????N?? ????????h?????\Sy
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind ??? ?#??????????????????????????g??????/?7????????? ? ???0?4? ??????? ???-??????CSCFlags=0?MaxUses=4294967295?Path=C:\Users\X-25M-WT\Shared?Permissions=9?ShareName=Shared?Type=0????????????#???}??sT???????#???????????????#??????????????????? ???:???:??????????? ???????????o???????????????????v???????G????????*??????????????e?????????nab???????????????????????e???????????*???*???????????l???????????????????????u???????????.??????????????????????????????? ???s??ep????? ?:??????????? B?? ??????????????%SystemRoot%\System32\srvsvc.dll????????????????????????????? ? ? ??????? ???0????????? ti???????????????????0??0???????????????t???NDIS???????????????????????????????????g????FltMgr????????8?? ????????h?????network?????system32\DRIVERS\lltdio.sys???????`?? ?????????e????Link-Layer Topology Discovery Mapper I/O Driver???????????????????????????0?? ??????p????? ?? ??????????????????????????????? ? ? ? ? ? ? ? ? ??FSFilter Virtualization???????N?? ????????h?????\SystemRoot\system32\drivers\luafv.sys????????\?? ?????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route ??? ?:??????????? B?? ??????????????%SystemRoot%\System32\srvsvc.dll????????????????????????????? ? ? ??????? ???0????????? ti???????????????????0??0???????????????t???NDIS???????????????????????????????????g????FltMgr????????8?? ????????h?????network?????system32\DRIVERS\lltdio.sys???????`?? ?????????e????Link-Layer Topology Discovery Mapper I/O Driver???????????????????????????0?? ??????p????? ?? ??????????????????????????????? ? ? ? ? ? ? ? ? ??FSFilter Virtualization???????N?? ????????h?????\SystemRoot\system32\drivers\luafv.sys????????\?? ?????????n????@%systemroot%\system32\drivers\luafv.sys,-101???????????????????????????????????????????????????????????? ???????????e??????????????t???-1???????-????\?? ?????????e????????????????t???? ? ? ? ? ??????@%systemroot%\system32\drivers\luafv.sys,-100?????????????????????????:?? ????????h?????system32\DRIVERS\monitor.sys??????`?? ?????????e????Microsoft Monitor Class Function Driver Service?????????????????????????????????????????????????????????Network?????? ?
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ??? ti???????????????????0??0???????????????t???NDIS???????????????????????????????????g????FltMgr????????8?? ????????h?????network?????system32\DRIVERS\lltdio.sys???????`?? ?????????e????Link-Layer Topology Discovery Mapper I/O Driver???????????????????????????0?? ??????p????? ?? ??????????????????????????????? ? ? ? ? ? ? ? ? ??FSFilter Virtualization???????N?? ????????h?????\SystemRoot\system32\drivers\luafv.sys????????\?? ?????????n????@%systemroot%\system32\drivers\luafv.sys,-101???????????????????????????????????????????????????????????? ???????????e??????????????t???-1???????-????\?? ?????????e????????????????t???? ? ? ? ? ??????@%systemroot%\system32\drivers\luafv.sys,-100?????????????????????????:?? ????????h?????system32\DRIVERS\monitor.sys??????`?? ?????????e????Microsoft Monitor Class Function Driver Service?????????????????????????????????????????????????????????Network?????? ??????????????Mouse Class Driver??????????? ??????????Pointer Class???????????????t?????V?? ??????????????machine.inf_amd

---- EOF - GMER 1.0.15 ----
 
Step 4: DDS [DDS.txt]

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 8.0.7600.16385
Run by X-25M-WT at 20:32:22 on 2011-11-08
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6142.4935 [GMT -8:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
M:\avira_free_antivirus_en.exe
C:\Users\X-25M-WT\AppData\Local\Temp\RarSFX0\presetup.exe
M:\avira_free_antivirus_en.exe
C:\Users\X-25M-WT\AppData\Local\Temp\RarSFX1\presetup.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - W:\Program Files (x86)\AVG\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - W:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Steam] "W:\Games\Steam\Steam.exe" -silent
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe -update activex
mRun: [SunJavaUpdateSched] "W:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "W:\Program Files (x86)\Adobe\Reader\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA"&"inst=NwA3AC0AOQA5ADYANQAxADQAMQAyADkALQBGAFAAOQArADYALQBCAEEAUgA5AEcAKwAxAC0AVABCADkAKwAyAC0ARgBMACsAOQAtAFgATwAzADYAKwAxAC0ARgA5AE0ANwBDACsANQAtAEYAOQBNADEAMABCACsAMQAtAFgATwA5ACsAMQAtAEYAOQBNADIAKwAxAC0ARABEAFQAKwAwAC0AUwBUADkAMABGAEEAUABQACsAMQA"&"prod=90"&"ver=9.0.894
StartupFolder: C:\Users\X-25M-WT\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CHROME~1.LNK - C:\Users\X-25M-WT\AppData\Local\Google\Chrome\Application\chrome.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{1AB45A29-DE57-4A64-A6C1-366EE12BFB2C} : NameServer = 192.168.1.254
TCP: Interfaces\{265F1749-DF60-4A90-AC91-1BD5FDD482E3} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{42DA8D02-5161-478E-A6C3-750FE767DBF7} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{646B663C-842D-4E8D-92D9-DD4CBEC24B7F} : DhcpNameServer = 192.168.0.1
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - W:\Program Files (x86)\AVG\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - W:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [SunJavaUpdateSched] "W:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe Reader Speed Launcher] "W:\Program Files (x86)\Adobe\Reader\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA"&"inst=NwA3AC0AOQA5ADYANQAxADQAMQAyADkALQBGAFAAOQArADYALQBCAEEAUgA5AEcAKwAxAC0AVABCADkAKwAyAC0ARgBMACsAOQAtAFgATwAzADYAKwAxAC0ARgA5AE0ANwBDACsANQAtAEYAOQBNADEAMABCACsAMQAtAFgATwA5ACsAMQAtAEYAOQBNADIAKwAxAC0ARABEAFQAKwAwAC0AUwBUADkAMABGAEEAUABQACsAMQA"&"prod=90"&"ver=9.0.894
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R3 DAdderFltr;DeathAdder Mouse;C:\Windows\system32\drivers\dadder.sys --> C:\Windows\system32\drivers\dadder.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-6-7 2214504]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-11-09 02:07:34 6231376 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-11-09 02:07:33 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{894E88F7-E453-4932-B2A1-2942B651AB3D}\mpengine.dll
2011-11-09 02:07:33 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{894E88F7-E453-4932-B2A1-2942B651AB3D}\offreg.dll
2011-11-09 02:00:31 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
2011-11-09 02:00:22 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys
2011-11-09 01:58:01 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 01:58:01 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 01:58:01 3141120 ----a-w- C:\Windows\System32\win32k.sys
2011-11-09 01:58:01 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-08 15:17:51 -------- d-----w- C:\$RECYCLE.BIN
2011-11-08 06:36:20 98816 ----a-w- C:\Windows\sed.exe
2011-11-08 06:36:20 518144 ----a-w- C:\Windows\SWREG.exe
2011-11-08 06:36:20 256000 ----a-w- C:\Windows\PEV.exe
2011-11-08 06:36:20 208896 ----a-w- C:\Windows\MBR.exe
2011-10-25 22:54:31 6144 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2011-10-25 22:54:31 6144 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
.
==================== Find3M ====================
.
2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-01 01:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-27 05:40:28 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-27 05:40:28 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-27 04:43:07 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-27 04:43:06 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-08-20 05:45:20 1197568 ----a-w- C:\Windows\System32\wininet.dll
2011-08-20 05:41:16 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-08-20 04:38:10 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-08-20 04:35:20 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-08-20 04:20:23 482816 ----a-w- C:\Windows\System32\html.iec
2011-08-20 03:26:38 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-08-17 05:32:24 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-08-17 05:27:46 75776 ----a-w- C:\Windows\System32\MSDvbNP.ax
2011-08-17 05:27:46 288256 ----a-w- C:\Windows\System32\MSNP.ax
2011-08-17 05:27:46 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-08-17 05:27:46 104960 ----a-w- C:\Windows\System32\Mpeg2Data.ax
2011-08-17 04:26:02 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-08-17 04:22:23 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-08-17 04:22:23 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax
2011-08-17 04:22:23 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax
2011-08-17 04:22:23 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
.
============= FINISH: 20:32:29.81 ===============
 
Step 4: DDS [Attach.txt]

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 12/13/2009 1:42:08 PM
System Uptime: 11/8/2011 6:08:49 PM (2 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | X58A-UD3R
Processor: Intel(R) Core(TM) i7 CPU 950 @ 3.07GHz | Socket 1366 | 3103/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 18 GiB total, 0.309 GiB free.
D: is FIXED (NTFS) - 149 GiB total, 52.738 GiB free.
E: is FIXED (NTFS) - 466 GiB total, 256.975 GiB free.
F: is CDROM (UDF)
M: is FIXED (NTFS) - 17 GiB total, 12.736 GiB free.
W: is FIXED (NTFS) - 114 GiB total, 14.346 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
Class GUID:
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_50071458&REV_03\4&115A8633&0&0010
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_50071458&REV_03\4&115A8633&0&0010
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
AIM 7
Alien Swarm
Aliens versus Predator Classic 2000
Archon:Classic
Bandisoft MPEG-1 Decoder
Beat Hazard
BitTornado 0.3.17
Call of Duty: Black Ops
Call of Duty: Black Ops - Multiplayer
Darkspore™
Diablo II
DivX Plus Web Player
Dungeon Defenders
EVGA Precision 2.0.0
GameSpy Comrade
Geometry Wars
Google Chrome
Ion Assault
Java(TM) 6 Update 17
Killing Floor
Left 4 Dead 2
Magic: The Gathering - Duels of the Planeswalkers
Magic: The Gathering — Duels of the Planeswalkers 2012
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.1
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Monday Night Combat
Nation Red
Nexon Game Manager
NVIDIA PhysX
OpenAL
Pando Media Booster
Plants vs. Zombies: Game of the Year
PunkBuster Services
Puzzle Kingdoms
Puzzle Quest 2
QuickTime
Rainmeter (remove only)
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
RIFT™
Sanctum
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Serious Sam HD: The Second Encounter
SHIFT 2 UNLEASHED™
StarCraft II
StarCraft II Beta
Steam
Street Fighter IV
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
VC80CRTRedist - 8.0.50727.4053
Vindictus
Visual C++ 8.0 Runtime Setup Package (x64)
VLC media player 1.0.3
Warcraft III
Xfire (remove only)
Xvid Video Codec
.
==== Event Viewer Messages From Past Week ========
.
11/8/2011 8:29:59 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
11/8/2011 8:29:58 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
11/8/2011 7:16:20 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11/8/2011 7:14:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
11/8/2011 6:46:38 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
11/8/2011 6:46:38 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/8/2011 6:20:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
11/8/2011 6:16:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
11/8/2011 6:16:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
11/8/2011 6:09:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/8/2011 6:09:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/8/2011 6:09:28 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6
11/8/2011 6:01:00 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft Security Essentials - KB2267621.
11/7/2011 10:40:45 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx64 AvgMfx64 discache spldr Wanarpv6
11/7/2011 10:38:25 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
11/7/2011 10:32:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
.
==== End Of File ===========================
 
Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

=====================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
aswMBR Log

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-08 20:52:40
-----------------------------
20:52:40.036 OS Version: Windows x64 6.1.7600
20:52:40.036 Number of processors: 8 586 0x1A05
20:52:40.036 ComputerName: X-25M UserName:
20:52:40.597 Initialize success
20:59:49.255 AVAST engine defs: 11110802
21:00:01.189 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-8
21:00:01.189 Disk 0 Vendor: WDC_WD1600JD-75HBB0 08.02D08 Size: 152586MB BusType: 3
21:00:01.189 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T0L0-a
21:00:01.189 Disk 1 Vendor: WDC_WD5000AAKS-00A7B2 01.03B01 Size: 476938MB BusType: 3
21:00:01.189 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP16T0L0-18
21:00:01.189 Disk 2 Vendor: INTEL_SSDSA2M080G2GC 2CV102HD Size: 76319MB BusType: 11
21:00:01.205 Disk 3 (boot) \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP17T0L0-19
21:00:01.205 Disk 3 Vendor: INTEL_SSDSA2M080G2GC 2CV102HD Size: 76318MB BusType: 11
21:00:03.217 Disk 3 MBR read successfully
21:00:03.217 Disk 3 MBR scan
21:00:03.217 Disk 3 Windows 7 default MBR code
21:00:03.217 Service scanning
21:00:04.231 Modules scanning
21:00:04.231 Disk 3 trace - called modules:
21:00:04.231 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
21:00:04.231 1 nt!IofCallDriver -> \Device\Harddisk3\DR3[0xfffffa8005860060]
21:00:04.231 3 CLASSPNP.SYS[fffff8800198c43f] -> nt!IofCallDriver -> [0xfffffa80055fa500]
21:00:04.262 5 ACPI.sys[fffff88000ef3781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP17T0L0-19[0xfffffa80055fe060]
21:00:04.683 AVAST engine scan C:\Windows
21:00:04.715 AVAST engine scan C:\Windows\system32
21:00:04.715 AVAST engine scan C:\Windows\system32\drivers
21:00:04.715 AVAST engine scan C:\Users\X-25M-WT
21:00:04.715 AVAST engine scan C:\ProgramData
21:00:04.730 Scan finished successfully
21:00:24.308 Disk 3 MBR has been saved successfully to "C:\Users\X-25M-WT\Desktop\MBR.dat"
21:00:24.308 The log file has been saved successfully to "C:\Users\X-25M-WT\Desktop\aswMBR.txt"
 
ComboFix Log

ComboFix 11-11-08.02 - X-25M-WT 11/08/2011 21:04:07.4.8 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6142.4980 [GMT -8:00]
Running from: c:\users\X-25M-WT\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-10-09 to 2011-11-09 )))))))))))))))))))))))))))))))
.
.
2011-11-09 05:05 . 2011-11-09 05:05 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-11-09 05:05 . 2011-11-09 05:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-09 02:13 . 2011-11-09 02:13 -------- d-----w- c:\windows\LastGood
2011-11-09 02:07 . 2011-10-18 09:27 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{894E88F7-E453-4932-B2A1-2942B651AB3D}\mpengine.dll
2011-11-09 02:00 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2011-11-09 02:00 . 2009-10-10 03:17 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2011-11-09 01:58 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 01:58 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 01:58 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 01:58 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys
2011-10-25 22:54 . 2011-08-15 05:08 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-10-25 22:54 . 2011-08-15 04:25 6144 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-08 05:10 . 2011-04-13 03:27 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
2011-09-01 01:00 . 2011-01-16 16:55 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-08_06.40.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-13 22:01 . 2011-11-09 02:04 43068 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-11-08 04:35 56966 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-09 02:04 56966 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-13 21:49 . 2011-11-09 02:04 16950 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2238488861-3354607265-2008635832-1001_UserData.bin
- 2009-07-14 05:30 . 2011-08-15 04:38 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2011-11-09 02:13 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-11-09 02:00 . 2009-10-10 03:17 14336 c:\windows\system32\DriverStore\FileRepository\sffdisk.inf_amd64_neutral_2790a2fc3fcffde4\sffp_sd.sys
+ 2009-07-14 00:01 . 2009-07-14 00:01 13824 c:\windows\system32\DriverStore\FileRepository\sffdisk.inf_amd64_neutral_2790a2fc3fcffde4\sffp_mmc.sys
+ 2009-07-14 00:01 . 2009-07-14 00:01 14336 c:\windows\system32\DriverStore\FileRepository\sffdisk.inf_amd64_neutral_2790a2fc3fcffde4\sffdisk.sys
- 2009-12-13 21:40 . 2011-11-02 01:50 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-13 21:40 . 2011-11-09 02:02 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-13 21:40 . 2011-11-02 01:50 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-13 21:40 . 2011-11-09 02:02 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-02 01:50 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-09 02:02 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-13 21:48 . 2011-11-08 04:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-13 21:48 . 2011-11-09 02:04 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2011-11-09 02:02 87624 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-12-13 21:48 . 2011-11-09 02:04 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-13 21:48 . 2011-11-08 04:34 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-13 21:48 . 2011-11-09 02:04 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-13 21:48 . 2011-11-08 04:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-13 21:48 . 2011-11-09 02:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-13 21:48 . 2011-11-08 05:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-13 21:48 . 2011-11-09 02:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-13 21:48 . 2011-11-08 05:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-09 05:07 . 2011-11-09 05:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-08 06:39 . 2011-11-08 06:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-09 05:07 . 2011-11-09 05:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2011-11-09 02:37 793896 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-09 02:37 164982 c:\windows\system32\perfc009.dat
+ 2009-12-13 21:55 . 2011-05-25 02:14 270720 c:\windows\system32\MpSigStub.exe
+ 2009-07-14 04:45 . 2011-11-09 01:59 268856 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 04:45 . 2011-10-14 12:25 268856 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 05:30 . 2011-08-15 04:38 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-11-09 02:01 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-11-09 02:01 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2011-08-15 04:38 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2011-11-09 02:00 . 2009-10-10 02:41 109056 c:\windows\system32\DriverStore\FileRepository\sdbus.inf_amd64_neutral_788ac264b4f52f85\sdbus.sys
- 2009-07-14 05:31 . 2011-07-13 10:16 399360 c:\windows\system32\DriverStore\drvindex.dat
+ 2009-07-14 05:31 . 2011-11-09 02:01 399360 c:\windows\system32\DriverStore\drvindex.dat
- 2009-07-14 05:01 . 2011-11-07 15:16 228008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-11-09 02:01 228008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-08 08:45 . 2009-07-08 08:45 2769400 c:\windows\system32\DriverStore\FileRepository\bcmwl664.inf_amd64_neutral_6d44a3453ea31c85\BCMWL664.SYS
+ 2009-07-14 04:45 . 2011-11-09 02:01 3864902 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-10-27 01:58 3864902 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-12-14 00:14 . 2011-11-07 15:16 1504740 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2238488861-3354607265-2008635832-1001-8192.dat
+ 2009-12-14 00:14 . 2011-11-09 02:01 1504740 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2238488861-3354607265-2008635832-1001-8192.dat
+ 2011-11-09 02:13 . 2009-07-08 08:45 2769400 c:\windows\LastGood\system32\DRIVERS\BCMWL664.SYS
+ 2011-11-09 02:00 . 2011-08-30 04:28 12868096 c:\windows\SysWOW64\shell32.dll
- 2009-07-14 02:34 . 2011-11-08 06:37 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-11-09 02:01 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-11-09 02:00 . 2011-08-30 05:21 14164480 c:\windows\system32\shell32.dll
+ 2009-12-13 21:55 . 2011-11-09 01:56 52174280 c:\windows\system32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="w:\games\Steam\Steam.exe" [2011-08-02 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="w:\program files (x86)\Java\jre6\bin\jusched.exe" [2009-12-14 149280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"Adobe Reader Speed Launcher"="w:\program files (x86)\Adobe\Reader\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA&inst=NwA3AC0AOQA5ADYANQAxADQAMQAyADkALQBGAFAAOQArADYALQBCAEEAUgA5AEcAKwAxAC0AVABCADkAKwAyAC0ARgBMACsAOQAtAFgATwAzADYAKwAxAC0ARgA5AE0ANwBDACsANQAtAEYAOQBNADEAMABCACsAMQAtAFgATwA5ACsAMQAtAEYAOQBNADIAKwAxAC0ARABEAFQAKwAwAC0AUwBUADkAMABGAEEAUABQACsAMQA&prod=90&ver=9.0.894" [?]
.
c:\users\X-25M-WT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
chrome - Shortcut.lnk - c:\users\X-25M-WT\AppData\Local\Google\Chrome\Application\chrome.exe [2010-8-18 1036344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2238488861-3354607265-2008635832-1001Core.job
- c:\users\X-25M-WT\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-19 01:49]
.
2011-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2238488861-3354607265-2008635832-1001UA.job
- c:\users\X-25M-WT\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-19 01:49]
.
2011-01-16 c:\windows\Tasks\SidebarExecute.job
- c:\program files\Windows Sidebar\sidebar.exe [2009-07-13 01:39]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-09-03 11464296]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{1AB45A29-DE57-4A64-A6C1-366EE12BFB2C}: NameServer = 192.168.1.254
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2238488861-3354607265-2008635832-1001\Software\SecuROM\License information*]
"datasecu"=hex:75,c0,8f,0c,8a,6a,d9,e1,fc,85,ad,01,71,6d,0c,01,2c,36,8b,dc,eb,
5d,c2,47,f1,a3,0d,e3,94,64,6e,a9,13,63,44,da,83,16,35,c0,23,6d,44,3c,39,07,\
"rkeysecu"=hex:1e,c5,4e,a3,84,35,57,c2,bc,11,78,82,53,01,c8,6d
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-11-08 21:08:03 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-09 05:08
ComboFix2.txt 2011-11-08 15:18
ComboFix3.txt 2011-11-08 06:57
ComboFix4.txt 2011-11-08 06:41
.
Pre-Run: 262,848,512 bytes free
Post-Run: 501,899,264 bytes free
.
- - End Of File - - 2C49977630CF1E8EE10A8A9839B5224C
 
I don't see anything malicious.

In this forum, we make sure, your computer is free of malware and your computer is clean :)
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.
 
Broni,

Thanks for helping to look through my logs!
Not sure if its a good thing that there's no malware though - hope its not hardware!

Anyhow, thanks again! Appreciate your help.
 
You must log in or register to reply here.

Similar threads

S
Dell Latitude E5470 Video Issues
Replies
1
Views
694
Mark Fuller
M
S
Restoring function to Optical scanner
Replies
1
Views
559
Sebastian42
S
D
Avira update is causing Windows PCs to freeze up, no fix in sight
Replies
0
Views
200
DragonSlayer101
D

Latest posts

Back