VGA corrupt (Kernel code patch) - Free Antivirus Forum

ComboFix 12-09-03.07 - Norm 09/04/2012 17:16:44.3.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6000.0.1252.1.1033.18.3326.2377 [GMT -7:00]
Running from: F:\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Norm\AppData\Local\Temp\apmB22E.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2012-08-05 to 2012-09-05 )))))))))))))))))))))))))))))))
.
.
2012-09-05 00:18 . 2012-09-05 00:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-29 16:32 . 2012-08-29 16:33 -------- d-----w- c:\program files\stinger
2012-08-27 00:41 . 2012-08-27 00:41 123904 ----a-w- c:\windows\system32\L2SecHC.dll
2012-08-27 00:41 . 2012-08-27 00:41 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2012-08-27 00:41 . 2012-08-27 00:41 502272 ----a-w- c:\windows\system32\wlansvc.dll
2012-08-27 00:41 . 2012-08-27 00:41 47104 ----a-w- c:\windows\system32\wlanapi.dll
2012-08-27 00:41 . 2012-08-27 00:41 297984 ----a-w- c:\windows\system32\wlansec.dll
2012-08-27 00:41 . 2012-08-27 00:41 290816 ----a-w- c:\windows\system32\wlanmsm.dll
2012-08-27 00:41 . 2012-08-27 00:41 378368 ----a-w- c:\windows\system32\winhttp.dll
2012-08-27 00:40 . 2012-08-27 00:40 268800 ----a-w- c:\windows\system32\es.dll
2012-08-25 15:25 . 2012-08-26 15:31 -------- d-----w- C:\bd_logs
2012-08-25 14:14 . 2012-08-25 14:14 -------- d-----w- C:\found.000
2012-08-25 00:53 . 2012-08-25 00:53 -------- d-----w- c:\programdata\Kaspersky Lab
2012-08-25 00:53 . 2012-08-25 10:04 489048 ------w- c:\windows\system32\drivers\9204181drv.sys
2012-08-24 22:13 . 2012-08-24 23:30 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-08-24 22:06 . 2012-09-04 23:17 -------- d-----w- C:\$AVG8.VAULT$
2012-08-24 20:15 . 2012-08-24 20:15 -------- d-----w- c:\programdata\Trend Micro
2012-08-24 17:12 . 2012-08-24 17:44 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-08-24 10:58 . 2012-08-24 10:58 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-08-24 10:58 . 2012-08-24 10:58 289792 ----a-w- c:\windows\system32\atmfd.dll
2012-08-24 10:58 . 2012-08-24 10:58 156672 ----a-w- c:\windows\system32\t2embed.dll
2012-08-24 10:58 . 2012-08-24 10:58 72704 ----a-w- c:\windows\system32\fontsub.dll
2012-08-24 10:58 . 2012-08-24 10:58 24064 ----a-w- c:\windows\system32\lpk.dll
2012-08-24 10:58 . 2012-08-24 10:58 10240 ----a-w- c:\windows\system32\dciman32.dll
2012-08-24 10:55 . 2012-08-24 10:55 61440 ----a-w- c:\windows\system32\winipsec.dll
2012-08-24 10:55 . 2012-08-24 10:55 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2012-08-24 10:55 . 2012-08-24 10:55 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2012-08-24 10:55 . 2012-08-24 10:55 272896 ----a-w- c:\windows\system32\polstore.dll
2012-08-24 10:54 . 2012-08-24 10:54 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys
2012-08-24 10:54 . 2012-08-24 10:54 306688 ----a-w- c:\windows\system32\drivers\srv.sys
2012-08-24 10:52 . 2012-08-24 10:52 15360 ----a-w- c:\windows\system32\netevent.dll
2012-08-24 10:52 . 2012-08-24 10:52 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2012-08-24 10:52 . 2012-08-24 10:52 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2012-08-24 10:52 . 2012-08-24 10:52 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2012-08-24 10:52 . 2012-08-24 10:52 19968 ----a-w- c:\windows\system32\ARP.EXE
2012-08-24 10:52 . 2012-08-24 10:52 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2012-08-24 10:52 . 2012-08-24 10:52 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2012-08-24 10:52 . 2012-08-24 10:52 103936 ----a-w- c:\windows\system32\netiohlp.dll
2012-08-24 10:52 . 2012-08-24 10:52 10240 ----a-w- c:\windows\system32\finger.exe
2012-08-24 10:51 . 2012-08-24 10:51 704000 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2012-08-24 10:51 . 2012-08-24 10:51 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll
2012-08-24 10:51 . 2012-08-24 10:51 258232 ----a-w- c:\windows\system32\drivers\acpi.sys
2012-08-24 10:51 . 2012-08-24 10:51 24064 ----a-w- c:\windows\system32\wtsapi32.dll
2012-08-24 10:51 . 2012-08-24 10:51 542720 ----a-w- c:\windows\system32\sysmain.dll
2012-08-24 10:50 . 2012-08-24 10:50 194560 ----a-w- c:\windows\system32\WebClnt.dll
2012-08-24 10:50 . 2012-08-24 10:50 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2012-08-24 10:50 . 2012-08-24 10:50 1260032 ----a-w- c:\windows\system32\msxml3.dll
2012-08-24 10:50 . 2012-08-24 10:50 2048 ----a-w- c:\windows\system32\msxml6r.dll
2012-08-24 10:50 . 2012-08-24 10:50 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-08-24 10:50 . 2012-08-24 10:50 1406464 ----a-w- c:\windows\system32\msxml6.dll
2012-08-24 10:49 . 2012-08-24 10:49 216576 ----a-w- c:\windows\system32\msv1_0.dll
2012-08-24 10:48 . 2012-08-24 10:48 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2012-08-24 10:48 . 2012-08-24 10:48 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2012-08-24 10:48 . 2012-08-24 10:48 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2012-08-24 10:48 . 2012-08-24 10:48 49664 ----a-w- c:\windows\system32\csrsrv.dll
2012-08-24 10:48 . 2012-08-24 10:48 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-08-24 10:47 . 2012-08-24 10:47 98816 ----a-w- c:\windows\system32\mfps.dll
2012-08-24 10:47 . 2012-08-24 10:47 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2012-08-24 10:47 . 2012-08-24 10:47 2855424 ----a-w- c:\windows\system32\mf.dll
2012-08-24 10:47 . 2012-08-24 10:47 24576 ----a-w- c:\windows\system32\mfpmp.exe
2012-08-24 10:47 . 2012-08-24 10:47 2048 ----a-w- c:\windows\system32\mferror.dll
2012-08-24 10:46 . 2012-08-24 10:46 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-24 10:46 . 2012-08-24 10:46 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-24 10:44 . 2012-08-24 10:44 434176 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:43 . 2012-08-24 10:43 71680 ----a-w- c:\windows\system32\atl.dll
2012-08-24 10:42 . 2012-08-24 10:42 297472 ----a-w- c:\windows\system32\gdi32.dll
2012-08-24 10:41 . 2012-08-24 10:41 41984 ----a-w- c:\windows\system32\drivers\monitor.sys
2012-08-24 10:41 . 2012-08-24 10:41 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-24 10:40 . 2012-08-24 10:40 374456 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
2012-08-24 10:39 . 2012-08-24 10:39 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2012-08-24 10:39 . 2012-08-24 10:39 30208 ----a-w- c:\windows\system32\xolehlp.dll
2012-08-24 10:39 . 2012-08-24 10:39 156160 ----a-w- c:\windows\system32\wkssvc.dll
2012-08-24 10:38 . 2012-08-24 10:38 36352 ----a-w- c:\windows\system32\tsgqec.dll
2012-08-24 10:38 . 2012-08-24 10:38 1871872 ----a-w- c:\windows\system32\mstscax.dll
2012-08-24 10:38 . 2012-08-24 10:38 116736 ----a-w- c:\windows\system32\aaclient.dll
2012-08-24 10:37 . 2012-08-24 10:37 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2012-08-24 10:36 . 2012-08-24 10:36 414208 ----a-w- c:\windows\system32\msscp.dll
2012-08-24 10:35 . 2012-08-24 10:35 713728 ----a-w- c:\windows\system32\timedate.cpl
2012-08-24 10:35 . 2012-08-24 10:35 356864 ----a-w- c:\windows\system32\MediaMetadataHandler.dll
2012-08-24 10:34 . 2012-08-24 10:34 86016 ----a-w- c:\windows\system32\icfupgd.dll
2012-08-24 10:34 . 2012-08-24 10:34 63488 ----a-w- c:\windows\system32\drivers\mpsdrv.sys
2012-08-24 10:34 . 2012-08-24 10:34 61952 ----a-w- c:\windows\system32\cmifw.dll
2012-08-24 10:34 . 2012-08-24 10:34 396800 ----a-w- c:\windows\system32\MPSSVC.dll
2012-08-24 10:34 . 2012-08-24 10:34 392192 ----a-w- c:\windows\system32\FirewallAPI.dll
2012-08-24 10:34 . 2012-08-24 10:34 16896 ----a-w- c:\windows\system32\wfapigp.dll
2012-08-24 10:33 . 2012-08-24 10:33 150016 ----a-w- c:\program files\Movie Maker\MOVIEMK.exe
2012-08-24 10:33 . 2012-08-24 10:33 10922496 ----a-w- c:\program files\Movie Maker\MOVIEMK.dll
2012-08-24 10:33 . 2012-08-24 10:33 23040 ----a-w- c:\program files\Movie Maker\WMM2EXT.dll
2012-08-24 10:33 . 2012-08-24 10:33 195072 ----a-w- c:\program files\Movie Maker\WMM2AE.dll
2012-08-24 10:32 . 2012-08-24 10:32 1244672 ----a-w- c:\windows\system32\mcmde.dll
2012-08-24 10:32 . 2012-08-24 10:32 80896 ----a-w- c:\windows\system32\MSNP.ax
2012-08-24 10:32 . 2012-08-24 10:32 68608 ----a-w- c:\windows\system32\Mpeg2Data.ax
2012-08-24 10:32 . 2012-08-24 10:32 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-08-24 10:32 . 2012-08-24 10:32 428032 ----a-w- c:\windows\system32\EncDec.dll
2012-08-24 10:32 . 2012-08-24 10:32 292352 ----a-w- c:\windows\system32\psisdecd.dll
2012-08-24 10:32 . 2012-08-24 10:32 217088 ----a-w- c:\windows\system32\psisrndr.ax
2012-08-24 10:32 . 2012-08-24 10:32 177152 ----a-w- c:\windows\system32\mpg2splt.ax
2012-08-24 10:30 . 2012-08-24 10:30 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-24 10:29 . 2012-08-24 10:29 696832 ----a-w- c:\windows\system32\localspl.dll
2012-08-24 10:29 . 2012-08-24 10:29 45112 ----a-w- c:\windows\system32\drivers\pciidex.sys
2012-08-24 10:29 . 2012-08-24 10:29 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2012-08-24 10:29 . 2012-08-24 10:29 15928 ----a-w- c:\windows\system32\drivers\pciide.sys
2012-08-24 10:29 . 2012-08-24 10:29 211000 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-08-24 10:29 . 2012-08-24 10:29 154624 ----a-w- c:\windows\system32\drivers\nwifi.sys
2012-08-24 10:29 . 2012-08-24 10:29 109624 ----a-w- c:\windows\system32\drivers\ataport.sys
2012-08-24 10:28 . 2012-08-24 10:28 104448 ----a-w- c:\windows\system32\DWWIN.EXE
2012-08-24 10:28 . 2012-08-24 10:28 2923520 ----a-w- c:\windows\explorer.exe
2012-08-24 10:27 . 2012-08-24 10:27 8704 ----a-w- c:\windows\system32\hcrstco.dll
2012-08-24 10:27 . 2012-08-24 10:27 8704 ----a-w- c:\windows\system32\hccoin.dll
2012-08-24 10:27 . 2012-08-24 10:27 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2012-08-24 10:27 . 2012-08-24 10:27 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-08-24 10:27 . 2012-08-24 10:27 38400 ----a-w- c:\windows\system32\drivers\usbehci.sys
2012-08-24 10:27 . 2012-08-24 10:27 23040 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2012-08-24 10:27 . 2012-08-24 10:27 224768 ----a-w- c:\windows\system32\drivers\usbport.sys
2012-08-24 10:27 . 2012-08-24 10:27 192000 ----a-w- c:\windows\system32\drivers\usbhub.sys
2012-08-24 10:26 . 2012-08-24 10:26 171520 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 10:26 . 2012-08-24 10:26 494592 ----a-w- c:\windows\system32\kerberos.dll
2012-08-24 10:26 . 2012-08-24 10:26 175104 ----a-w- c:\windows\system32\wdigest.dll
2012-08-24 10:26 . 2012-08-24 10:26 7680 ----a-w- c:\windows\system32\lsass.exe
2012-08-24 10:26 . 2012-08-24 10:26 72704 ----a-w- c:\windows\system32\secur32.dll
2012-08-24 10:26 . 2012-08-24 10:26 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-08-24 10:26 . 2012-08-24 10:26 1233920 ----a-w- c:\windows\system32\lsasrv.dll
2012-08-24 10:26 . 2012-08-24 10:26 272384 ----a-w- c:\windows\system32\schannel.dll
2012-08-24 10:26 . 2012-08-24 10:26 24064 ----a-w- c:\windows\system32\netcfg.exe
2012-08-24 10:23 . 2012-08-24 10:23 549888 ----a-w- c:\windows\system32\rpcss.dll
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-27 00:39 . 2012-08-27 00:39 36864 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui
2012-08-24 10:57 . 2012-08-24 10:57 52736 ----a-w- c:\windows\apppatch\iebrshim.dll
2012-08-24 10:40 . 2006-11-02 08:30 134760 ----a-w- c:\windows\system32\halacpi.dll
2012-08-24 10:40 . 2006-11-02 08:30 160872 ----a-w- c:\windows\system32\halmacpi.dll
2012-08-24 10:24 . 2012-08-24 10:24 3072 ----a-w- c:\windows\system32\drivers\en-US\mouhid.sys.mui
2012-08-24 10:24 . 2012-08-24 10:24 5632 ----a-w- c:\windows\system32\drivers\en-US\sermouse.sys.mui
2012-08-24 10:24 . 2012-08-24 10:24 4608 ----a-w- c:\windows\system32\drivers\en-US\mouclass.sys.mui
2012-08-24 10:24 . 2012-08-24 10:24 4608 ----a-w- c:\windows\system32\drivers\en-US\kbdclass.sys.mui
2012-08-24 10:24 . 2012-08-24 10:24 3072 ----a-w- c:\windows\system32\drivers\en-US\kbdhid.sys.mui
2012-08-24 10:24 . 2012-08-24 10:24 10752 ----a-w- c:\windows\system32\drivers\en-US\i8042prt.sys.mui
2012-08-24 10:20 . 2012-08-24 10:20 40960 ----a-w- c:\windows\apppatch\apihex86.dll
2012-08-24 10:12 . 2012-08-24 10:12 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2012-08-24 10:12 . 2012-08-24 10:12 537600 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-08-24 10:12 . 2012-08-24 10:12 449024 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2012-08-24 10:12 . 2012-08-24 10:12 2143744 ----a-w- c:\windows\apppatch\AcGenral.dll
2012-08-24 10:12 . 2012-08-24 10:12 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-09-04_00.19.16   )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-23 19:49 . 2012-09-05 00:22 26370              c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2012-09-05 00:22 58762              c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:02 . 2012-08-27 21:51 16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:02 . 2012-09-04 23:11 16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 13:02 . 2012-08-27 21:51 32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:02 . 2012-09-04 23:11 32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:02 . 2012-09-04 23:11 16384              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2006-11-02 13:02 . 2012-08-27 21:51 16384              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-08-24 20:05 . 2012-09-04 00:28 16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-08-24 20:05 . 2012-09-04 00:11 16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-08-24 20:05 . 2012-09-04 00:11 16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-08-24 20:05 . 2012-09-04 00:28 16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-08-23 19:52 . 2012-09-04 00:12 16608              c:\windows\gdrv.sys
+ 2012-08-23 19:52 . 2012-09-05 00:22 16608              c:\windows\gdrv.sys
+ 2012-08-23 19:49 . 2012-09-04 23:10 5482              c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1963017673-917373318-2746995141-1000_UserData.bin
+ 2012-09-05 00:19 . 2012-09-05 00:19 2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-09-04 00:11 . 2012-09-04 00:11 2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-09-04 00:11 . 2012-09-04 00:11 2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-09-05 00:19 . 2012-09-05 00:19 2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2012-09-04 23:11 617662              c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2012-09-04 00:18 617662              c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2012-09-04 23:11 103440              c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2012-09-04 00:18 103440              c:\windows\System32\perfc009.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2012-08-24 1232896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2012-08-24 2042208]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904]
"57xxSteelVine"="c:\program files\Silicon Image\57xx SteelVine\SteelVineManager.exe" [2007-08-20 1720320]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"Trend Micro RUBotted V2.0 Beta"="c:\program files\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-12-17 1103184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
.
S2 57xx SteelVine Manager;57xx SteelVine;c:\program files\Silicon Image\57xx SteelVine\SteelVine.exe [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-23 c:\windows\Tasks\SpeedyPC Pro.job
- c:\program files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-08-09 20:44]
.
2012-08-25 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2012-07-06 20:52]
.
2012-09-05 c:\windows\Tasks\SpeedyPC Update Version3 Startup Task.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-07-06 20:52]
.
2012-08-23 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-07-06 20:52]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.69.1
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG8\avgwdsvc.exe
c:\program files\GIGABYTE\EnergySaver\GSvr.exe
c:\program files\Trend Micro\RUBotted\RUBotSrv.exe
c:\progra~1\AVG\AVG8\avgemc.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\ccwindows\system32\WUDFHost.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\windows\RtHDVCpl.exe
.
**************************************************************************
.
Completion time: 2012-09-04 17:23:51 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-05 00:23
ComboFix2.txt 2012-09-04 00:34
ComboFix3.txt 2012-09-04 00:20
.
Pre-Run: 286,006,059,008 bytes free
Post-Run: 286,418,595,840 bytes free
.
- - End Of File - - 8C2B646D102FFDC007CD8115C6B64146

ComboFix 12-09-20.03 - norm 09/21/2012 14:50:16.4.2 - x86
Microsoft Windows 7 Starter   6.1.7601.1.1252.1.1033.18.2037.1334 [GMT -7:00]
Running from: E:\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2012-08-21 to 2012-09-21 )))))))))))))))))))))))))))))))
.
.
2012-09-21 22:19 . 2012-09-21 22:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-21 17:55 . 2012-09-21 17:57 -------- d-----w- c:\program files\CCleaner
2012-09-21 12:31 . 2012-09-21 12:32 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-09-21 12:29 . 2012-09-21 12:29 -------- d-----w- c:\programdata\Malwarebytes
2012-09-21 12:29 . 2012-09-21 12:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-21 12:29 . 2012-09-08 00:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-20 16:56 . 2012-09-20 19:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-09-20 16:56 . 2012-09-20 19:06 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-09-20 16:42 . 2009-07-07 08:05 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-20 16:23 . 2012-09-20 16:23 -------- d-----w- c:\program files\Microsoft.NET
2012-09-20 16:17 . 2012-09-20 16:17 -------- d-----w- c:\program files\Microsoft WSE
2012-09-20 15:04 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-09-20 15:04 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-09-20 15:04 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-09-20 15:04 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-09-20 01:03 . 2012-09-20 01:03 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CE43CA50-56C3-4969-9915-3CD5512F5CB4}\offreg.dll
2012-09-20 00:54 . 2012-09-21 12:51 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-20 00:54 . 2012-09-20 00:54 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-09-20 00:11 . 2012-09-20 00:11 -------- d-----w- c:\program files\Trend Micro
2012-09-19 22:16 . 2012-09-19 22:16 -------- d-----w- c:\program files\videofixer
2012-09-19 21:35 . 2012-09-19 21:35 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-09-19 21:25 . 2012-09-19 21:25 -------- d-----w- C:\Combo123
2012-09-19 20:55 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-09-19 20:55 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-09-19 19:21 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-19 19:21 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-19 19:20 . 2011-04-29 02:46 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2012-09-19 19:20 . 2011-04-29 02:46 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2012-09-19 19:20 . 2011-04-29 02:46 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2012-09-19 19:20 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2012-09-19 19:20 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-09-19 19:20 . 2011-02-18 05:39 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-09-19 19:19 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-19 19:19 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-19 19:19 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-19 19:18 . 2012-05-05 07:46 400896 ----a-w- c:\windows\system32\srcore.dll
2012-09-19 19:18 . 2011-03-03 05:38 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2012-09-19 19:18 . 2011-03-03 05:36 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2012-09-19 19:17 . 2011-02-19 06:30 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-09-19 19:17 . 2011-02-19 04:34 294912 ----a-w- c:\windows\system32\atmfd.dll
2012-09-19 19:17 . 2010-09-30 06:47 70656 ----a-w- c:\windows\system32\fontsub.dll
2012-09-19 19:17 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-09-19 19:17 . 2011-08-17 04:24 465408 ----a-w- c:\windows\system32\psisdecd.dll
2012-09-19 19:17 . 2011-08-17 04:19 75776 ----a-w- c:\windows\system32\psisrndr.ax
2012-09-19 19:17 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-09-19 19:17 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-09-19 19:11 . 2011-05-04 04:32 1401344 ----a-w- c:\windows\system32\mssrch.dll
2012-09-19 19:10 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\explorer.exe
2012-09-19 19:07 . 2011-01-17 05:47 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-09-19 19:07 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2012-09-19 19:07 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-09-19 18:46 . 2012-09-19 21:20 -------- d-----w- C:\5edbdbda54630c9129708afe0fef39
2012-09-19 18:44 . 2012-09-19 18:44 -------- d-----w- c:\program files\AnalogX
2012-09-18 14:40 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-09-18 14:40 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-09-18 14:40 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-09-18 14:40 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-09-18 14:40 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-09-18 14:40 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-09-18 14:40 . 2012-05-14 04:33 769024 ----a-w- c:\windows\system32\localspl.dll
2012-09-18 14:40 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-09-18 14:39 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-09-18 14:39 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\system32\mfc42.dll
2012-09-18 14:39 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2012-09-18 14:39 . 2011-02-23 04:47 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-09-18 14:39 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-09-18 14:39 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-09-18 14:39 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-09-18 14:39 . 2011-02-03 05:54 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2012-09-18 14:17 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-09-18 14:17 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-09-18 13:36 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-09-18 13:36 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-09-18 13:36 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-09-18 13:36 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-09-18 13:36 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-09-18 13:36 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-09-18 13:36 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-09-18 13:35 . 2012-06-02 22:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-09-18 13:35 . 2012-06-02 22:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-09-18 04:32 . 2012-09-18 04:32 -------- d-----w- c:\programdata\Kaspersky Lab
2012-09-17 22:32 . 2012-09-21 17:59 -------- d-----w- c:\windows\Panther
2012-09-17 22:32 . 2012-09-17 22:32 -------- d-----w- C:\Hotfix
2012-09-17 22:32 . 2012-09-17 22:32 -------- d-----w- C:\Drivers
2012-09-17 22:32 . 2012-09-17 21:39 -------- d-----w- c:\windows\system32\OEM
2012-09-17 22:12 . 2012-08-28 08:50 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CE43CA50-56C3-4969-9915-3CD5512F5CB4}\mpengine.dll
2012-09-17 22:12 . 2012-05-31 19:25 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-09-17 22:07 . 2012-09-20 19:38 -------- d-----w- c:\program files\Google
2012-09-17 22:06 . 2012-08-21 09:13 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-09-17 22:06 . 2012-08-21 09:13 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-09-17 22:06 . 2012-08-21 09:13 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-09-17 22:06 . 2012-08-21 09:13 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-09-17 22:06 . 2012-08-21 09:13 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-09-17 22:06 . 2012-08-21 09:13 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-09-17 22:06 . 2012-09-21 12:59 -------- d-sh--w- c:\windows\Installer
2012-09-17 22:06 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-09-17 22:06 . 2012-08-21 09:12 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-09-17 22:05 . 2012-09-17 22:05 -------- d-----w- c:\programdata\AVAST Software
2012-09-17 22:05 . 2012-09-17 22:05 -------- d-----w- c:\program files\AVAST Software
2012-09-17 21:44 . 2009-07-07 11:52 -------- d-----w- c:\users\norm
2012-09-17 21:43 . 2012-09-17 21:43 -------- d-----w- C:\Recovery
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-06 4780928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R3 ESFODCY;ESFODCY;c:\users\norm\AppData\Local\Temp\ESFODCY.exe [x]
R3 LLT;LLT;c:\users\norm\AppData\Local\Temp\LLT.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 QXZYMYYPCG;QXZYMYYPCG;c:\users\norm\AppData\Local\Temp\QXZYMYYPCG.exe [x]
R3 SQKJFMCSF;SQKJFMCSF;c:\users\norm\AppData\Local\Temp\SQKJFMCSF.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 XCPIQEYC;XCPIQEYC;c:\users\norm\AppData\Local\Temp\XCPIQEYC.exe [x]
R3 YVD;YVD;c:\users\norm\AppData\Local\Temp\YVD.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ   SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-21 15:24:03
ComboFix-quarantined-files.txt 2012-09-21 22:24
ComboFix2.txt 2012-09-21 18:59
ComboFix3.txt 2012-09-21 18:28
.
Pre-Run: 147,793,272,832 bytes free
Post-Run: 147,753,783,296 bytes free
.
- - End Of File - - 1D0B619C587DB7E0FB00113BC5B37162