Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ran without recommendation by mistake


  • This topic is locked This topic is locked
2 replies to this topic

#1 ShawnPet

ShawnPet

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 29 November 2012 - 06:45 AM

Hi there,
I ran combo fix on my PC because i thought it might have malware of some kind. i didn't see the warning not to run it withoput being told to and now i'm worried i might have caused issues.
At present i'm not actually suffering any problems since running it, but i did run it because googling the rror i was receiving (The WinRing0_1_2_0 service failed to start due to the following error: the system can't find the file specified.) suggested that i may have rootkit/malware infections.

I would really appreciate if you'd look through the log and tell me if anything is wrong or if i need to do anything at all. Really appreaciate it.


ComboFix 12-11-29.01 - Shawn 29/11/2012 11:25:22.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8154.5872 [GMT 0:00]
Running from: c:\users\Shawn\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Shawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3RVX.lnk
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-28 to 2012-11-29 )))))))))))))))))))))))))))))))
.
.
2012-11-29 11:28 . 2012-11-29 11:28 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-11-29 11:28 . 2012-11-29 11:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-29 11:15 . 2012-11-29 11:15 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{867D0E31-104E-4B3D-91FC-4AC8B0243251}\offreg.dll
2012-11-29 11:15 . 2012-11-29 11:15 -------- d-----w- c:\users\Shawn\AppData\Local\Max Secure Software
2012-11-29 11:14 . 2012-11-29 11:15 -------- d-----w- c:\users\Shawn\AppData\Roaming\GetRightToGo
2012-11-27 13:16 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{867D0E31-104E-4B3D-91FC-4AC8B0243251}\mpengine.dll
2012-11-26 20:50 . 2012-11-26 20:50 -------- d-----w- c:\program files (x86)\Geeks3D
2012-11-23 14:25 . 2012-11-23 14:25 -------- d-----w- c:\program files (x86)\GameSpy
2012-11-23 14:22 . 2012-11-23 14:22 669184 ----a-w- c:\windows\SysWow64\pbsvc.exe
2012-11-21 11:36 . 2012-11-21 11:36 -------- d-----w- c:\users\Shawn\AppData\Local\SCE
2012-11-21 11:35 . 2012-11-21 11:35 -------- d-----w- C:\Crash
2012-11-21 11:35 . 2012-11-21 11:36 -------- d-----w- c:\users\Shawn\AppData\Local\Sony Online Entertainment
2012-11-21 11:35 . 2012-11-21 11:35 -------- d-----w- c:\users\Public\Sony Online Entertainment
2012-11-21 10:01 . 2012-07-11 17:09 64856 ----a-w- c:\windows\system32\klfphc.dll
2012-11-21 10:01 . 2012-11-21 10:01 -------- d-----w- c:\windows\ELAMBKUP
2012-11-15 15:21 . 2012-11-21 17:14 -------- d-----w- C:\Fraps
2012-11-15 09:24 . 2012-11-15 09:24 -------- d-----w- c:\program files\Microsoft Silverlight
2012-11-15 09:24 . 2012-11-15 09:24 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-11-15 09:18 . 2012-10-08 11:13 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-15 09:15 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-15 09:15 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-15 09:15 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-15 09:15 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-15 09:15 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-15 09:15 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-15 09:15 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-15 09:08 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-11-15 09:08 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2012-11-15 09:08 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2012-11-15 09:08 . 2012-08-24 18:04 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-11-15 09:08 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2012-11-15 09:08 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2012-11-15 09:08 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-11-15 09:08 . 2012-08-24 16:57 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-11-15 09:08 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-11-15 08:48 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-15 08:48 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-08 13:06 . 2008-10-15 06:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2012-11-08 13:06 . 2008-10-15 06:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2012-11-08 13:06 . 2008-07-31 10:41 72200 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2012-11-08 13:06 . 2008-07-31 10:41 68616 ----a-w- c:\windows\SysWow64\XAPOFX1_1.dll
2012-11-08 13:06 . 2008-07-31 10:40 513544 ----a-w- c:\windows\system32\XAudio2_2.dll
2012-11-08 13:06 . 2008-07-31 10:40 509448 ----a-w- c:\windows\SysWow64\XAudio2_2.dll
2012-11-08 13:06 . 2008-07-31 10:41 238088 ----a-w- c:\windows\SysWow64\xactengine3_2.dll
2012-11-08 13:06 . 2008-07-31 10:41 177672 ----a-w- c:\windows\system32\xactengine3_2.dll
2012-11-03 21:43 . 2012-11-03 21:43 -------- d-----w- c:\users\Shawn\AppData\Local\DDMSettings
2012-11-03 21:41 . 2012-11-22 15:56 -------- d-----w- c:\users\Shawn\AppData\Roaming\DivX
2012-11-03 21:41 . 2012-11-03 21:41 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2012-11-03 21:41 . 2012-11-03 21:41 -------- d-----w- c:\program files\DivX
2012-11-03 21:41 . 2012-11-03 21:41 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
2012-11-03 21:38 . 2012-11-03 21:42 -------- d-----w- c:\program files (x86)\DivX
2012-11-03 21:37 . 2012-11-03 21:42 -------- d-----w- c:\programdata\DivX
2012-11-02 14:50 . 2012-11-02 14:50 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2012-11-02 14:50 . 2010-06-02 04:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
2012-11-02 14:50 . 2010-06-02 04:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
2012-11-02 14:50 . 2010-06-02 04:55 239960 ----a-w- c:\windows\SysWow64\xactengine3_7.dll
2012-11-02 14:50 . 2010-05-26 11:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2012-11-02 14:50 . 2010-05-26 11:41 1868128 ----a-w- c:\windows\SysWow64\d3dcsx_43.dll
2012-11-02 14:50 . 2010-05-26 11:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll
2012-11-02 14:50 . 2010-05-26 11:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2012-11-02 14:50 . 2010-05-26 11:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2012-11-02 14:26 . 2012-11-02 14:37 -------- d-----w- c:\program files (x86)\Origin Games
2012-11-02 14:26 . 2012-11-02 14:36 -------- d-----w- c:\users\Shawn\AppData\Roaming\Origin
2012-11-02 14:26 . 2012-11-02 14:50 -------- d-----w- c:\users\Shawn\AppData\Local\Origin
2012-11-02 14:22 . 2012-11-03 10:23 -------- d-----w- c:\programdata\Origin
2012-11-02 14:22 . 2012-11-02 14:26 -------- d-----w- c:\program files (x86)\Origin
2012-11-01 17:52 . 2012-11-03 21:42 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2012-11-01 16:01 . 2007-07-19 18:14 508264 ----a-w- c:\windows\system32\d3dx10_35.dll
2012-11-01 15:55 . 2012-11-01 15:55 -------- d-----w- c:\users\Shawn\AppData\Local\Oblivion
2012-10-31 22:54 . 2012-11-02 14:19 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-29 09:17 . 2012-07-12 13:54 25640 ----a-w- c:\windows\etdrv.sys
2012-11-29 09:17 . 2012-07-12 13:54 30528 ----a-w- c:\windows\GVTDrv64.sys
2012-11-29 09:17 . 2012-07-12 13:48 25640 ----a-w- c:\windows\gdrv.sys
2012-11-23 14:22 . 2012-07-17 09:24 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-11-23 14:22 . 2012-07-17 09:24 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-11-21 10:40 . 2012-07-25 14:53 29528 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2012-11-21 10:40 . 2012-06-08 11:38 54104 ----a-w- c:\windows\system32\drivers\kltdi.sys
2012-11-21 10:40 . 2012-05-25 19:38 29016 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2012-11-21 10:40 . 2012-08-13 18:24 613720 ----a-w- c:\windows\system32\drivers\klif.sys
2012-11-20 13:42 . 2012-08-27 06:59 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-11-15 16:52 . 2012-07-17 09:24 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-11-07 07:57 . 2012-07-12 19:23 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-07 07:57 . 2012-07-12 19:23 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-29 21:04 . 2012-07-12 20:30 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-10-16 08:38 . 2012-11-28 09:23 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 09:23 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 09:23 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-10 02:22 . 2012-10-10 02:22 80384 ----a-w- c:\windows\system32\igdde64.dll
2012-10-10 02:22 . 2012-10-10 02:22 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc
2012-10-10 02:22 . 2012-10-10 02:22 21818368 ----a-w- c:\windows\SysWow64\igdfcl32.dll
2012-10-10 02:22 . 2012-10-10 02:22 216064 ----a-w- c:\windows\system32\iglhcp64.dll
2012-10-10 02:22 . 2012-10-10 02:22 180224 ----a-w- c:\windows\SysWow64\iglhcp32.dll
2012-10-10 02:22 . 2012-10-10 02:22 5903392 ----a-w- c:\windows\system32\GfxUI.exe
2012-10-10 02:22 . 2012-10-10 02:22 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc
2012-10-10 02:22 . 2012-10-10 02:22 438272 ----a-w- c:\windows\system32\igfxrhun.lrc
2012-10-10 02:22 . 2012-10-10 02:22 3776512 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll
2012-10-10 02:22 . 2012-10-10 02:22 27438080 ----a-w- c:\windows\system32\igdfcl64.dll
2012-10-10 02:22 . 2012-10-10 02:22 64512 ----a-w- c:\windows\SysWow64\igdde32.dll
2012-10-10 02:22 . 2012-10-10 02:22 501760 ----a-w- c:\windows\system32\igfxcmrt64.dll
2012-10-10 02:22 . 2012-10-10 02:22 439296 ----a-w- c:\windows\system32\igfxrrus.lrc
2012-10-10 02:22 . 2012-10-10 02:22 431104 ----a-w- c:\windows\system32\igfxrkor.lrc
2012-10-10 02:22 . 2012-10-10 02:22 410624 ----a-w- c:\windows\system32\igfxTMM.dll
2012-10-10 02:22 . 2012-10-10 02:22 27664896 ----a-w- c:\windows\system32\igdrcl64.dll
2012-10-10 02:22 . 2012-03-19 22:22 12836864 ----a-w- c:\windows\system32\igd10umd64.dll
2012-10-10 02:22 . 2012-03-19 21:17 110592 ----a-w- c:\windows\system32\hccutils.dll
2012-10-10 02:22 . 2012-10-10 02:22 598780 ----a-w- c:\windows\system32\igvpkrng700.bin
2012-10-10 02:22 . 2012-10-10 02:22 330240 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2012-10-10 02:22 . 2012-10-10 02:22 12604416 ----a-w- c:\windows\system32\igdumd64.dll
2012-10-10 02:22 . 2012-10-10 02:22 56832 ----a-w- c:\windows\system32\Intel_OpenCL_ICD64.dll
2012-10-10 02:22 . 2012-10-10 02:22 441888 ----a-w- c:\windows\system32\igfxpers.exe
2012-10-10 02:22 . 2012-10-10 02:22 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc
2012-10-10 02:22 . 2012-10-10 02:22 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc
2012-10-10 02:22 . 2012-10-10 02:22 3582976 ----a-w- c:\windows\system32\igdbcl64.dll
2012-10-10 02:22 . 2012-10-10 02:22 25088 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2012-10-10 02:22 . 2012-03-19 21:09 56832 ----a-w- c:\windows\system32\OpenCL.dll
2012-10-10 02:22 . 2012-10-10 02:22 5343584 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2012-10-10 02:22 . 2012-10-10 02:22 448512 ----a-w- c:\windows\SysWow64\igfx11cmrt32.dll
2012-10-10 02:22 . 2012-10-10 02:22 438784 ----a-w- c:\windows\system32\igfxrnld.lrc
2012-10-10 02:22 . 2012-10-10 02:22 399392 ----a-w- c:\windows\system32\hkcmd.exe
2012-10-10 02:22 . 2012-10-10 02:22 241664 ----a-w- c:\windows\system32\IntelOpenCL64.dll
2012-10-10 02:22 . 2012-10-10 02:22 195584 ----a-w- c:\windows\SysWow64\IntelOpenCL32.dll
2012-10-10 02:22 . 2012-10-10 02:22 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2012-10-10 02:22 . 2012-10-10 02:22 116224 ----a-w- c:\windows\system32\igfxCoIn_v2867.dll
2012-10-10 02:22 . 2012-03-19 21:17 63488 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-10-10 02:22 . 2012-03-19 21:17 441856 ----a-w- c:\windows\system32\igfxdev.dll
2012-10-10 02:22 . 2012-03-19 21:16 9007616 ----a-w- c:\windows\system32\igfxress.dll
2012-10-10 02:22 . 2012-10-10 02:22 604160 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2012-10-10 02:22 . 2012-10-10 02:22 4571136 ----a-w- c:\windows\system32\igfxcmjit64.dll
2012-10-10 02:22 . 2012-10-10 02:22 439808 ----a-w- c:\windows\system32\igfxresn.lrc
2012-10-10 02:22 . 2012-10-10 02:22 439296 ----a-w- c:\windows\system32\igfxrrom.lrc
2012-10-10 02:22 . 2012-10-10 02:22 437760 ----a-w- c:\windows\system32\igfxrsve.lrc
2012-10-10 02:22 . 2012-10-10 02:22 437760 ----a-w- c:\windows\system32\igfxrslv.lrc
2012-10-10 02:22 . 2012-10-10 02:22 437760 ----a-w- c:\windows\system32\igfxrnor.lrc
2012-10-10 02:22 . 2012-10-10 02:22 437248 ----a-w- c:\windows\system32\igfxrdan.lrc
2012-10-10 02:22 . 2012-10-10 02:22 2899968 ----a-w- c:\windows\SysWow64\igdbcl32.dll
2012-10-10 02:22 . 2012-10-10 02:22 277024 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
2012-10-10 02:22 . 2012-10-10 02:22 185376 ----a-w- c:\windows\system32\difx64.exe
2012-10-10 02:22 . 2012-10-10 02:22 173568 ----a-w- c:\windows\system32\gfxSrvc.dll
2012-10-10 02:22 . 2012-10-10 02:22 435712 ----a-w- c:\windows\system32\igfxrheb.lrc
2012-10-10 02:22 . 2012-10-10 02:22 429056 ----a-w- c:\windows\system32\igfxrcht.lrc
2012-10-10 02:22 . 2012-10-10 02:22 171040 ----a-w- c:\windows\system32\igfxtray.exe
2012-10-10 02:22 . 2012-10-10 02:22 11158528 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2012-10-10 02:22 . 2012-10-10 02:22 56320 ----a-w- c:\windows\SysWow64\Intel_OpenCL_ICD32.dll
2012-10-10 02:22 . 2012-10-10 02:22 509984 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-10-10 02:22 . 2012-10-10 02:22 440320 ----a-w- c:\windows\system32\igfxrell.lrc
2012-10-10 02:22 . 2012-10-10 02:22 438784 ----a-w- c:\windows\system32\igfxrptg.lrc
2012-10-10 02:22 . 2012-10-10 02:22 438784 ----a-w- c:\windows\system32\igfxrplk.lrc
2012-10-10 02:22 . 2012-10-10 02:22 438784 ----a-w- c:\windows\system32\igfxrita.lrc
2012-10-10 02:22 . 2012-10-10 02:22 438272 ----a-w- c:\windows\system32\igfxrfin.lrc
2012-10-10 02:22 . 2012-10-10 02:22 437248 ----a-w- c:\windows\system32\igfxrtha.lrc
2012-10-10 02:22 . 2012-10-10 02:22 428544 ----a-w- c:\windows\system32\igfxrchs.lrc
2012-10-10 02:22 . 2012-10-10 02:22 286208 ----a-w- c:\windows\system32\igfxrenu.lrc
2012-10-10 02:22 . 2012-10-10 02:22 27643904 ----a-w- c:\windows\SysWow64\igdrcl32.dll
2012-10-10 02:22 . 2012-10-10 02:22 142336 ----a-w- c:\windows\system32\igfxdo.dll
2012-10-10 02:22 . 2012-03-19 21:09 56320 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-10-10 02:22 . 2012-10-10 02:22 8579584 ----a-w- c:\windows\SysWow64\ig7icd32.dll
2012-10-10 02:22 . 2012-10-10 02:22 482304 ----a-w- c:\windows\system32\igfx11cmrt64.dll
2012-10-10 02:22 . 2012-10-10 02:22 11595776 ----a-w- c:\windows\system32\ig7icd64.dll
2012-10-10 02:22 . 2012-03-19 21:18 386048 ----a-w- c:\windows\system32\igfxpph.dll
2012-10-10 02:22 . 2012-10-10 02:22 438784 ----a-w- c:\windows\system32\igfxrsky.lrc
2012-10-10 02:22 . 2012-10-10 02:22 435712 ----a-w- c:\windows\system32\igfxrara.lrc
2012-10-10 02:22 . 2012-10-10 02:22 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc
2012-10-10 02:22 . 2012-10-10 02:22 28672 ----a-w- c:\windows\system32\igfxexps.dll
2012-10-10 02:22 . 2012-10-10 02:22 252448 ----a-w- c:\windows\system32\igfxext.exe
2012-10-10 02:22 . 2012-03-19 22:26 11040256 ----a-w- c:\windows\SysWow64\igdumd32.dll
2012-10-10 02:22 . 2012-10-10 02:22 9728 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2012-10-10 02:22 . 2012-10-10 02:22 755048 ----a-w- c:\windows\system32\igcodeckrng700.bin
2012-10-10 02:22 . 2012-10-10 02:22 439808 ----a-w- c:\windows\system32\igfxrfra.lrc
2012-10-10 02:22 . 2012-10-10 02:22 437760 ----a-w- c:\windows\system32\igfxrptb.lrc
2012-10-02 22:21 . 2012-07-18 08:48 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-18 18:54 222712 ----a-w- c:\users\Shawn\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-18 18:54 222712 ----a-w- c:\users\Shawn\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-18 18:54 222712 ----a-w- c:\users\Shawn\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-11-29 1354736]
"3RVX"="c:\program files (x86)\3RVX\3RVX.exe" [2008-10-13 159232]
"SkyDrive"="c:\users\Shawn\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2012-11-18 255992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-27 291608]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2012-11-21 356376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-10-02 131912]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2012-11-29 25640]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-11-29 30528]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2012-05-12 121416]
R3 MSICDSetup;MSICDSetup;D:\CDriver64.sys [x]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-10-14 1147232]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SaiK0CEA;SaiK0CEA;c:\windows\system32\DRIVERS\SaiK0CEA.sys [2008-04-04 129024]
R3 SaiU0CEA;SaiU0CEA;c:\windows\system32\DRIVERS\SaiU0CEA.sys [2008-04-04 34432]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-12 1255736]
R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-27 16152]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2012-11-21 54104]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2012-08-13 178008]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-08-30 8704]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2011-12-08 607456]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-16 363800]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2012-01-10 27760]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2012-01-06 59392]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2012-01-06 84608]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-27 356120]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-27 787736]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2012-11-21 29016]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2012-11-21 29528]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-08-11 104560]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 694888]
S3 SaiK0CCD;SaiK0CCD;c:\windows\system32\DRIVERS\SaiK0CCD.sys [2011-10-07 182080]
S3 SaiU0CCD;SaiU0CCD;c:\windows\system32\DRIVERS\SaiU0CCD.sys [2011-10-07 47168]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2012-01-10 2184816]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Shawn\AppData\Local\Temp\tmpECCD.tmp [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WINRING0_1_2_0
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 07:57]
.
2012-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1392152438-3275658429-1924924293-1000Core.job
- c:\users\Shawn\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-12 17:43]
.
2012-11-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1392152438-3275658429-1924924293-1000UA.job
- c:\users\Shawn\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-12 17:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-18 18:54 261624 ----a-w- c:\users\Shawn\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-18 18:54 261624 ----a-w- c:\users\Shawn\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-18 18:54 261624 ----a-w- c:\users\Shawn\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2012-06-25 455680]
"SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2012-06-25 158208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 441888]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRing0_1_2_0]
"ImagePath"="\??\c:\users\Shawn\AppData\Local\Temp\tmpECCD.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1392152438-3275658429-1924924293-1000\Software\SecuROM\License information*]
"datasecu"=hex:b0,c3,51,2b,07,18,2e,30,e0,25,05,09,af,9c,1c,03,5a,e6,ad,13,6f,
cd,d4,39,85,a6,78,aa,26,f4,cb,d6,4b,88,34,5a,b3,53,59,3b,cb,4e,3c,cf,c8,e8,\
"rkeysecu"=hex:7d,40,10,cb,c7,39,e0,67,0a,69,a8,47,07,da,5b,5c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-29 11:29:22
ComboFix-quarantined-files.txt 2012-11-29 11:29
.
Pre-Run: 241,366,474,752 bytes free
Post-Run: 241,713,283,072 bytes free
.
- - End Of File - - 08C40A1325F14FE58D12DC8BE2E06737

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:33 PM

Posted 30 November 2012 - 06:34 PM

Please do the following:

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:33 PM

Posted 05 December 2012 - 07:43 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users