Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Display Driver Crashes + BSOD


  • This topic is locked This topic is locked
11 replies to this topic

#1 SashyCakes

SashyCakes

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:51 AM

Posted 05 January 2013 - 12:12 PM

Hi, I am posting here as I was requested to. To recap I am facing display driver crashes while playing League of Legends: the screen goes blank for several seconds (about 3-10) and then the game resumes with the error that the display driver stopped responding. It can happen multiple times in games (each game about 40 mins) or it can only happen about once every 3 games. It seems to be random, but the problem makes the game almost impossible to play.

This is the DDS Log:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
Run by Brett at 13:01:14 on 2013-01-05
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.2.1033.18.4091.2388 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\conime.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [SteelSeries Engine] C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [VolPanel] "C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe" /r
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WMEtNQy1FOVZVVy1FVzBWQS1VVTNYTC1GRVc5Ny1PVTZF"&"inst=NzctNjM4NzkwNDc0LVhMKzEtVDUtRkwxMCsxLVhPMTArMTEtTElDKzgtRERUKzI0NjktREQxMEYrMS1TVDEwRkFQUCsx"&"prod=90"&"ver=10.0.1410
dRun: [CtxfiReg] CTXFIREG.exe /FAIL2
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab
TCP: NameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{B24C23BC-BA5A-4036-A358-CDC22FEC7AF2} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{F7CB808A-2EBF-469B-B42D-2DE9584CEA9D} : DHCPNameServer = 192.168.2.1 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-Explorer: NoDrives = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\6hnn71k3.default-1357105440785\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-01-01 23:16; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-01-03 17:47; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\6hnn71k3.default-1357105440785\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-1-1 984144]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-1-1 370288]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-1-1 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-1-1 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-1-1 44808]
R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-9-28 212232]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-1 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-1 682344]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-9-28 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R3 busenum;SteelBusSvc;C:\Windows\System32\drivers\SteelBus64.sys [2012-11-11 131072]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2009-7-14 230424]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2009-7-14 1445912]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2009-7-14 95256]
R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\System32\drivers\ha20x22k.sys [2009-7-14 1613336]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2009-9-28 24176]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\System32\drivers\netr28x.sys [2007-11-21 392192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-9-28 79360]
S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2009-7-14 230424]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2009-7-14 1445912]
S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2009-7-14 95256]
S3 ENTECH64;ENTECH64;C:\Windows\System32\drivers\Entech64.sys [2009-9-28 12744]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-1-29 36720]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-28 89920]
.
=============== File Associations ===============
.
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-12-16 13:31:20 48128 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 13:12:54 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-16 11:08:21 368128 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 10:50:29 293376 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-14 20:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-11-26 18:43:05 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-26 18:42:59 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-11-26 18:42:59 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-11-26 18:42:59 246760 ----a-w- C:\Windows\SysWow64\javaws.exe
2012-11-26 18:42:59 174056 ----a-w- C:\Windows\SysWow64\javaw.exe
2012-11-26 18:42:59 174056 ----a-w- C:\Windows\SysWow64\java.exe
2012-11-14 07:06:18 17811968 ----a-w- C:\Windows\System32\mshtml.dll
2012-11-14 06:32:33 10925568 ----a-w- C:\Windows\System32\ieframe.dll
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:44 1346048 ----a-w- C:\Windows\System32\urlmon.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 06:02:04 237056 ----a-w- C:\Windows\System32\url.dll
2012-11-14 05:59:52 85504 ----a-w- C:\Windows\System32\jsproxy.dll
2012-11-14 05:58:36 816640 ----a-w- C:\Windows\System32\jscript.dll
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:55:45 2144768 ----a-w- C:\Windows\System32\iertutil.dll
2012-11-14 05:55:26 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2012-11-14 05:53:22 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 05:46:25 248320 ----a-w- C:\Windows\System32\ieui.dll
2012-11-14 02:48:26 12320256 ----a-w- C:\Windows\SysWow64\mshtml.dll
2012-11-14 02:14:59 9738240 ----a-w- C:\Windows\SysWow64\ieframe.dll
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:44 1103872 ----a-w- C:\Windows\SysWow64\urlmon.dll
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:55:46 231936 ----a-w- C:\Windows\SysWow64\url.dll
2012-11-14 01:51:44 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:49:19 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:47:20 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2012-11-14 01:46:38 1793024 ----a-w- C:\Windows\SysWow64\iertutil.dll
2012-11-14 01:45:01 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-14 01:41:30 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2012-11-13 01:55:22 2770432 ----a-w- C:\Windows\System32\win32k.sys
2012-11-13 01:45:48 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-13 01:29:51 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-11 23:40:38 131072 ----a-w- C:\Windows\System32\drivers\SteelBus64.sys
2012-11-02 10:45:52 477696 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 10:45:51 68096 ----a-w- C:\Windows\System32\dpnathlp.dll
2012-11-02 10:18:17 376320 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-11-02 08:59:56 26112 ----a-w- C:\Windows\System32\dpnsvr.exe
2012-11-02 08:26:06 23040 ----a-w- C:\Windows\SysWow64\dpnsvr.exe
2012-10-30 23:51:56 59728 ----a-w- C:\Windows\System32\drivers\aswTdi.sys
2012-10-30 23:51:55 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-10-30 23:51:55 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-10-30 23:51:55 44272 ----a-w- C:\Windows\System32\drivers\aswRdr.sys
2012-10-30 23:51:55 370288 ----a-w- C:\Windows\System32\drivers\aswSP.sys
2012-10-30 23:51:53 25232 ----a-w- C:\Windows\System32\drivers\aswFsBlk.sys
2012-10-30 23:51:07 41224 ----a-w- C:\Windows\avastSS.scr
2012-10-30 23:50:59 227648 ----a-w- C:\Windows\SysWow64\aswBoot.exe
2012-10-30 23:50:30 285328 ----a-w- C:\Windows\System32\aswBoot.exe
2012-10-11 01:22:54 2428776 ----a-w- C:\Windows\SysWow64\nvapi.dll
2012-10-11 01:22:52 26331496 ----a-w- C:\Windows\System32\nvoglv64.dll
2012-10-11 01:22:52 1760104 ----a-w- C:\Windows\System32\nvdispco64.dll
2012-10-11 01:22:32 15309160 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2012-10-11 01:22:26 2747240 ----a-w- C:\Windows\System32\nvcuvid.dll
2012-10-11 01:22:24 19906920 ----a-w- C:\Windows\SysWow64\nvoglv32.dll
2012-10-11 01:22:18 13443944 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys
2012-10-11 01:22:14 17559912 ----a-w- C:\Windows\SysWow64\nvcompiler.dll
.
============= FINISH: 13:01:52.25 ===============

Also adding the attached from the DDS.

Here is a new combofix log: I deleted the old one from several days ago so I had to run a new one.


ComboFix 13-01-05.01 - Brett 01/05/2013 4:09.2.8 - x64
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.2.1033.18.4091.2376 [GMT -4:00]
Running from: c:\users\Brett\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Brett\AppData\Local\Temp\34d80461-26c7-4268-b914-6f5055c6a1d2\CliSecureRT64.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-12-05 to 2013-01-05 )))))))))))))))))))))))))))))))
.
.
2013-01-05 08:32 . 2013-01-05 08:32 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-01-05 08:32 . 2013-01-05 08:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-05 08:32 . 2013-01-05 08:32 -------- d-----w- c:\users\Brett\AppData\Local\temp
2013-01-05 07:55 . 2013-01-05 07:55 -------- d--h--w- c:\windows\msdownld.tmp
2013-01-05 07:55 . 2013-01-05 07:56 -------- d-----w- c:\program files (x86)\MSI Afterburner
2013-01-02 17:47 . 2013-01-02 17:47 -------- d-----w- c:\program files (x86)\NirSoft
2013-01-02 03:13 . 2012-10-30 23:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-01-02 03:13 . 2012-10-30 23:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-01-02 03:13 . 2012-10-30 23:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-01-02 03:13 . 2012-10-30 23:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-01-02 03:13 . 2012-10-30 23:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-01-02 03:13 . 2012-10-30 23:51 44272 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-01-02 03:13 . 2012-10-30 23:51 41224 ----a-w- c:\windows\avastSS.scr
2013-01-02 03:13 . 2012-10-30 23:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2013-01-01 19:41 . 2013-01-01 19:41 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-01 19:17 . 2013-01-01 19:17 -------- d-----w- c:\users\Brett\AppData\Roaming\NVIDIA
2013-01-01 19:16 . 2013-01-01 19:17 -------- d-----w- c:\program files (x86)\MSI Kombustor 2.4
2013-01-01 16:59 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BB0974AA-CCB0-42F6-A772-BD96A7D9B0FD}\mpengine.dll
2012-12-30 04:15 . 2012-08-21 17:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-12-30 04:14 . 2012-12-30 04:14 -------- d-----w- c:\program files\iPod
2012-12-30 04:14 . 2012-12-30 04:15 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-30 04:14 . 2012-12-30 04:15 -------- d-----w- c:\program files\iTunes
2012-12-30 04:14 . 2012-12-30 04:15 -------- d-----w- c:\program files (x86)\iTunes
2012-12-30 04:08 . 2012-12-30 04:08 -------- d-----w- c:\program files\Bonjour
2012-12-30 04:08 . 2012-12-30 04:08 -------- d-----w- c:\program files (x86)\Bonjour
2012-12-30 00:22 . 2012-12-30 00:22 -------- d-----w- c:\users\Brett\AppData\Local\SteelSeries_ApS
2012-12-30 00:22 . 2012-12-30 00:22 -------- d-----w- c:\users\Brett\AppData\Roaming\SteelSeries
2012-12-30 00:21 . 2012-12-30 00:21 -------- d-----w- c:\programdata\SteelSeries
2012-12-30 00:10 . 2012-12-30 00:10 -------- d-----w- c:\program files\SteelSeries
2012-12-22 22:53 . 2012-12-27 17:17 -------- d-----w- c:\program files (x86)\GoforFiles
2012-12-22 22:53 . 2012-12-22 22:53 -------- d-----w- c:\users\Brett\AppData\Roaming\GoforFiles
2012-12-22 07:01 . 2012-12-16 13:31 48128 ----a-w- c:\windows\system32\atmlib.dll
2012-12-22 07:01 . 2012-12-16 13:12 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-22 07:01 . 2012-12-16 11:08 368128 ----a-w- c:\windows\system32\atmfd.dll
2012-12-22 07:01 . 2012-12-16 10:50 293376 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-13 07:02 . 2012-11-14 05:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-12-13 06:20 . 2012-09-28 16:34 1210368 ----a-w- c:\windows\system32\kernel32.dll
2012-12-13 06:20 . 2012-08-21 11:50 267648 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-12-13 06:20 . 2012-11-13 01:55 2770432 ----a-w- c:\windows\system32\win32k.sys
2012-12-13 06:20 . 2012-11-13 01:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-13 06:20 . 2012-11-13 01:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-13 06:20 . 2012-11-02 10:45 477696 ----a-w- c:\windows\system32\dpnet.dll
2012-12-13 06:20 . 2012-11-02 10:45 68096 ----a-w- c:\windows\system32\dpnathlp.dll
2012-12-13 06:20 . 2012-11-02 08:59 26112 ----a-w- c:\windows\system32\dpnsvr.exe
2012-12-13 06:20 . 2012-11-02 10:18 376320 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-12-13 06:20 . 2012-11-02 08:26 23040 ----a-w- c:\windows\SysWow64\dpnsvr.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-14 20:49 . 2009-09-28 16:21 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-26 18:43 . 2012-11-26 18:43 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-26 18:42 . 2012-11-26 18:43 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-11-26 18:42 . 2012-11-26 18:43 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-11-11 23:40 . 2012-11-11 23:40 131072 ----a-w- c:\windows\system32\drivers\SteelBus64.sys
2012-10-30 23:50 . 2011-10-11 22:45 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-11 01:23 . 2012-10-11 01:23 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-10-11 01:23 . 2012-10-11 01:23 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-10-11 01:23 . 2012-10-11 01:23 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-10-11 01:23 . 2012-10-11 01:23 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-10-11 01:23 . 2012-10-11 01:23 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-10-11 01:23 . 2012-10-11 01:23 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-11 01:23 . 2012-10-11 01:23 7414632 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-11 01:23 . 2009-08-17 03:57 2731880 ----a-w- c:\windows\system32\nvapi64.dll
2012-10-11 01:23 . 2012-10-11 01:23 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-10-11 01:23 . 2012-10-11 01:23 9146728 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-11 01:23 . 2012-10-11 01:23 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-10-11 01:23 . 2012-10-11 01:23 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-11 01:23 . 2011-05-27 14:35 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-10-11 01:22 . 2009-08-17 03:57 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-10-11 01:22 . 2012-10-11 01:22 26331496 ----a-w- c:\windows\system32\nvoglv64.dll
2012-10-11 01:22 . 2012-10-11 01:22 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-10-11 01:22 . 2009-08-17 03:57 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-10-11 01:22 . 2012-10-11 01:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-11 01:22 . 2012-10-11 01:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-10-11 01:22 . 2012-10-11 01:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-11 01:22 . 2012-10-11 01:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SteelSeries Engine"="c:\program files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe" [2012-11-28 237056]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"VolPanel"="c:\program files (x86)\Creative\Volume Panel\VolPanlu.exe" [2008-08-06 233576]
"CTxfiHlp"="CTXFIHLP.EXE" [2009-07-14 24576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WMEtNQy1FOVZVVy1FVzBWQS1VVTNYTC1GRVc5Ny1PVTZF&inst=NzctNjM4NzkwNDc0LVhMKzEtVDUtRkwxMCsxLVhPMTArMTEtTElDKzgtRERUKzI0NjktREQxMEYrMS1TVDEwRkFQUCsx&prod=90&ver=10.0.1410" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CtxfiReg"="CTXFIREG.exe" [2009-07-14 47104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-02 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-01-02 23:50]
.
2011-10-11 c:\windows\Tasks\User_Feed_Synchronization-{11841231-5612-4C8D-9DFD-7BC0579F41F6}.job
- c:\windows\system32\msfeedssync.exe [2012-03-16 06:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-06-25 1833504]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-06-25 7883296]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\6hnn71k3.default-1357105440785\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - ExtSQL: 2013-01-01 23:16; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-01-03 17:47; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\6hnn71k3.default-1357105440785\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-avast - c:\program files\AVAST Software\Avast\aswRunDll.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2013-01-05 04:35:12
ComboFix-quarantined-files.txt 2013-01-05 08:35
ComboFix2.txt 2013-01-02 05:19
.
Pre-Run: 1,630,786,576,384 bytes free
Post-Run: 1,630,726,111,232 bytes free
.
- - End Of File - - CBFE2F25F1BB39B9C3812C5585773769

Attached Files



BC AdBot (Login to Remove)

 


#2 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:08:51 AM

Posted 08 January 2013 - 06:53 PM

Hello SashyCakes, and welcome to the Malware Removal forum! :thumbsup:

My name is bloopie and I'll be helping you with your problems as best I can! :thumbup2:

A quick question: How long have you been experiencing this problem?

If you've already deleted the first Combofix log, we can still have a look at some things removed by the tool.

First though, from your last CF log:

ComboFix2.txt 2013-01-02 05:19


This is indicating that the first log that you ran on January 2nd may still be present. Have a look in your C:\ drive for the log called C:\Combofix2.txt

Copy and paste that log here if it's present. :thumbup2:

==========

And also, I'd like you to post the contents of a file for me:

  • Hold the "WindowsPosted Image" key and press "R" to open the runbox.
  • Please copy and paste the contents of the codebox below into the empty runbox:
  • C:\QooBox\ComboFix-quarantined-files.txt
  • Then click Ok.
Now, copy and paste the contents of the file that opens into your next reply.

==========

After you have done the above, I'd like to get a couple of other logs to work with:

Step :step1:

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters


    Posted Image

  • Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


    Posted Image
  • Click Start Scan and allow the scan process to run


    Posted Image

  • If threats are detected select Skip or Cure (if available) for all of them unless otherwise instructed.
    ***Do NOT select Delete!
  • Click Continue


    Posted Image

  • Click Reboot computer
  • Please zip the TDSSKiller.[Version]_[Date]_[Time]_log.txt file found in your root directory (typically c:\) and attach it to your reply

==========

Step :step2:

Run RogueKiller

Download RogueKiller from here or here and save it to your desktop.

  • Close all programs and disconnect any USB or external drives before running the tool.
  • Right-click RogueKiller.exe and select Run as Administrator.
  • Once the Prescan has finished, click Scan.
  • Once the Status box shows "Scan Finished", click Delete.
  • When the Status box shows "Deleting Finished", click Report and then copy and paste the log in your next reply.
  • The log can also be found at RKreport[1].txt on your desktop.

==========

In your next reply, please include the following:

  • The first CF log at C:\Combofix2.txt
  • The C:\QooBox\ComboFix-quarantined-files.txt
  • The TDSSKiller log
  • The RogueKiller log

bloopie

Edited by bloopie, 08 January 2013 - 07:05 PM.


#3 SashyCakes

SashyCakes
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:51 AM

Posted 09 January 2013 - 01:43 AM

Hi, thanks so much for helping me with the problem!

The display driver crashing has been happening since about the beginning of Novemeber-- I installed this game in September and it ran fine until then with no problems. The BSOD's have been pretty frequent though, this computer was sent in for a repair about 6 months ago to fix the BSOD problems but it only seemed to help for a bit/got worse again overtime.

I've attached the TDS Killer logs ( I ran this once before about a week ago), this will be in 2 posts as it won't let me zip them... says access is denied.

Unfortunately it doesn't seem to be there, the old combofix log, but here is the results of the command line you gave me to run:

2013-01-02 05:32:02 . 2013-01-02 05:32:03 89,915 ----a-w- C:\Qoobox\Quarantine\C\Users\Brett\AppData\Local\Temp\34d80461-26c7-4268-b914-6f5055c6a1d2\CliSecureRT64.dll.vir
2013-01-02 05:17:22 . 2013-01-02 05:17:22 534 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-WudfRd.reg.dat
2013-01-02 05:17:22 . 2013-01-02 05:17:22 534 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-WudfPf.reg.dat
2013-01-02 05:17:16 . 2013-01-02 05:17:16 181 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKLM-Run-DivXUpdate.reg.dat
2013-01-02 05:17:16 . 2013-01-02 05:17:16 158 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKLM-Run-RaidCall.reg.dat
2013-01-02 05:17:16 . 2013-01-02 05:17:16 149 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKLM-Run-JMB36X IDE Setup.reg.dat
2013-01-02 05:10:52 . 2013-01-05 08:28:15 5,855 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2013-01-02 03:06:30 . 2013-01-05 08:08:33 255 ----a-w- C:\Qoobox\Quarantine\catchme.log
2010-05-25 18:13:16 . 2010-05-20 14:44:24 117 ----a-w- C:\Qoobox\Quarantine\C\Users\Brett\AppData\Roaming\Windows\Start Menu\Programs\DATA.INI.vir
2010-05-25 18:13:16 . 2010-04-27 21:53:02 25,836,715 ----a-w- C:\Qoobox\Quarantine\C\Users\Brett\AppData\Roaming\Windows\Start Menu\Programs\ArcVanity.grf.vir
2010-05-25 18:13:15 . 2010-04-12 18:10:02 3,883,125 ----a-w- C:\Qoobox\Quarantine\C\Users\Brett\AppData\Roaming\Windows\Start Menu\Programs\ArcRO.exe.vir
2010-05-25 18:13:15 . 2005-10-11 16:16:44 307,200 ----a-w- C:\Qoobox\Quarantine\C\Users\Brett\AppData\Roaming\Windows\Start Menu\Programs\ArcRO Patcher.exe.vir
2010-05-25 18:13:15 . 2010-05-20 14:18:25 19,312,527 ----a-w- C:\Qoobox\Quarantine\C\Users\Brett\AppData\Roaming\Windows\Start Menu\Programs\ArcMaps.grf.vir
2010-05-25 18:13:14 . 2010-05-03 23:53:35 18,354,153 ----a-w- C:\Qoobox\Quarantine\C\Users\Brett\AppData\Roaming\Windows\Start Menu\Programs\ArcGraphics.grf.vir
2010-05-25 18:13:14 . 2010-05-20 14:42:19 4,264,048 ----a-w- C:\Qoobox\Quarantine\C\Users\Brett\AppData\Roaming\Windows\Start Menu\Programs\ArcData.grf.vir
2010-05-25 18:13:14 . 2010-04-12 12:40:59 1,102,861 ----a-w- C:\Qoobox\Quarantine\C\Users\Brett\AppData\Roaming\Windows\Start Menu\Programs\ArcClasses.grf.vir
2010-05-25 18:13:14 . 2005-05-27 16:22:58 8,152 ----a-w- C:\Qoobox\Quarantine\C\Users\Brett\AppData\Roaming\Windows\Start Menu\Programs\neoncube\_skin_template\startgame_hover.bmp.vir
2010-05-25 18:13:14 . 2005-05-27 16:22:58 8,152 ----a-w- C:\Qoobox\Quarantine\C\Users\Brett\AppData\Roaming\Windows\Start Menu\Programs\neoncube\_skin_template\startgame.bmp.vir
2010-05-25 18:13:14 . 2005-05-27 16:22:58 8,152 ----a-w- C:\Qoobox\Quarantine\C\Users\Brett\AppData\Roaming\Windows\Start Menu\Programs\neoncube\_skin_template\register.bmp.vir
2010-05-25 18:13:14 . 2005-05-27 16:22:58 8,152 ----a-w- C:\Qoobox\Quarantine\C\Users\Brett\AppData\Roaming\Windows\Start Menu\Programs\neoncube\_skin_template\register_hover.bmp.vir
2010-05-25 18:13:14 . 2005-09-21 10:22:08 1,098 ----a-w- C:\Qoobox\Quarantine\C\Users\Brett\AppData\Roaming\Windows\Start Menu\Programs\neoncube\_skin_template\neoncube.style.vir
2010-05-25 18:13:14 . 2005-05-27 16:22:58 1,008 ----a-w- C:\Qoobox\Quarantine\C\Users\Brett\AppData\Roaming\Windows\Start Menu\Programs\neoncube\_skin_template\minimize.bmp.vir
2010-05-25 18:13:14 . 2005-05-27 16:22:58 1,008 ----a-w- C:\Qoobox\Quarantine\C\Users\Brett\AppData\Roaming\Windows\Start Menu\Programs\neoncube\_skin_template\minimize_hover.bmp.vir
2010-05-25 18:13:14 . 2005-05-27 16:22:58 1,008 ----a-w- C:\Qoobox\Quarantine\C\Users\Brett\AppData\Roaming\Windows\Start Menu\Programs\neoncube\_skin_template\close_hover.bmp.vir
2010-05-25 18:13:14 . 2005-05-27 16:22:58 8,152 ----a-w- C:\Qoobox\Quarantine\C\Users\Brett\AppData\Roaming\Windows\Start Menu\Programs\neoncube\_skin_template\cancel_hover.bmp.vir
2010-05-25 18:13:14 . 2005-05-27 16:22:58 1,008 ----a-w- C:\Qoobox\Quarantine\C\Users\Brett\AppData\Roaming\Windows\Start Menu\Programs\neoncube\_skin_template\close.bmp.vir
2010-05-25 18:13:14 . 2005-05-27 16:22:58 8,152 ----a-w- C:\Qoobox\Quarantine\C\Users\Brett\AppData\Roaming\Windows\Start Menu\Programs\neoncube\_skin_template\cancel.bmp.vir
2010-05-25 18:13:14 . 2005-05-27 16:22:58 750,056 ----a-w- C:\Qoobox\Quarantine\C\Users\Brett\AppData\Roaming\Windows\Start Menu\Programs\neoncube\_skin_template\bg.bmp.vir
2010-05-25 18:13:14 . 2010-05-14 12:50:00 8,150 ----a-w- C:\Qoobox\Quarantine\C\Users\Brett\AppData\Roaming\Windows\Start Menu\Programs\neoncube\skin_arc\template_hover.bmp.vir
2010-05-25 18:13:14 . 2010-05-14 12:50:00 8,150 ----a-w- C:\Qoobox\Quarantine\C\Users\Brett\AppData\Roaming\Windows\Start Menu\Programs\neoncube\skin_arc\startgame_hover.bmp.vir
2010-05-25 18:13:14 . 2010-05-14 12:50:00 8,150 ----a-w- C:\Qoobox\Quarantine\C\Users\Brett\AppData\Roaming\Windows\Start Menu\Programs\neoncube\skin_arc\template.bmp.vir
2010-05-25 18:13:14 . 2010-05-14 12:50:00 8,150 ----a-w- C:\Qoobox\Quarantine\C\Users\Brett\AppData\Roaming\Windows\Start Menu\Programs\neoncube\skin_arc\startgame.bmp.vir
2010-05-25 18:13:14 . 2010-05-14 12:50:00 8,150 ----a-w- C:\Qoobox\Quarantine\C\Users\Brett\AppData\Roaming\Windows\Start Menu\Programs\neoncube\skin_arc\register.bmp.vir
2010-05-25 18:13:14 . 2010-05-14 12:50:00 8,150 ----a-w- C:\Qoobox\Quarantine\C\Users\Brett\AppData\Roaming\Windows\Start Menu\Programs\neoncube\skin_arc\register_hover.bmp.vir
2010-05-25 18:13:14 . 2010-05-14 12:50:00 1,008 ----a-w- C:\Qoobox\Quarantine\C\Users\Brett\AppData\Roaming\Windows\Start Menu\Programs\neoncube\skin_arc\minimize_hover.bmp.vir
2010-05-25 18:13:14 . 2010-05-14 12:50:00 1,904 ----a-w- C:\Qoobox\Quarantine\C\Users\Brett\AppData\Roaming\Windows\Start Menu\Programs\neoncube\skin_arc\neoncube.style.vir
2010-05-25 18:13:14 . 2010-05-14 12:50:00 1,008 ----a-w- C:\Qoobox\Quarantine\C\Users\Brett\AppData\Roaming\Windows\Start Menu\Programs\neoncube\skin_arc\minimize.bmp.vir
2010-05-25 18:13:14 . 2010-05-14 12:50:00 1,008 ----a-w- C:\Qoobox\Quarantine\C\Users\Brett\AppData\Roaming\Windows\Start Menu\Programs\neoncube\skin_arc\close_hover.bmp.vir
2010-05-25 18:13:14 . 2010-05-14 12:50:00 1,008 ----a-w- C:\Qoobox\Quarantine\C\Users\Brett\AppData\Roaming\Windows\Start Menu\Programs\neoncube\skin_arc\close.bmp.vir
2010-05-25 18:13:14 . 2010-05-14 12:50:00 8,150 ----a-w- C:\Qoobox\Quarantine\C\Users\Brett\AppData\Roaming\Windows\Start Menu\Programs\neoncube\skin_arc\cancel.bmp.vir
2010-05-25 18:13:14 . 2010-05-14 12:50:00 8,150 ----a-w- C:\Qoobox\Quarantine\C\Users\Brett\AppData\Roaming\Windows\Start Menu\Programs\neoncube\skin_arc\cancel_hover.bmp.vir
2010-05-25 18:13:14 . 2010-05-20 14:44:52 3,514 ----a-w- C:\Qoobox\Quarantine\C\Users\Brett\AppData\Roaming\Windows\Start Menu\Programs\neoncube\neoncube.ini.vir
2010-05-25 18:13:14 . 2010-05-14 12:50:00 750,054 ----a-w- C:\Qoobox\Quarantine\C\Users\Brett\AppData\Roaming\Windows\Start Menu\Programs\neoncube\skin_arc\bg.bmp.vir
2010-05-25 18:13:14 . 2008-01-29 13:14:44 46,460 ----a-w- C:\Qoobox\Quarantine\C\Users\Brett\AppData\Roaming\Windows\Start Menu\Programs\data\RixSquirrel_12.eot.vir
2010-05-25 18:13:14 . 2008-03-19 16:01:08 46,253 ----a-w- C:\Qoobox\Quarantine\C\Users\Brett\AppData\Roaming\Windows\Start Menu\Programs\data\RixNHCgogo_10.eot.vir
2010-05-25 18:13:14 . 2008-03-19 16:01:08 42,850 ----a-w- C:\Qoobox\Quarantine\C\Users\Brett\AppData\Roaming\Windows\Start Menu\Programs\data\RixSquirrel_10.eot.vir
2010-05-25 18:13:14 . 2008-03-26 12:53:22 41,273 ----a-w- C:\Qoobox\Quarantine\C\Users\Brett\AppData\Roaming\Windows\Start Menu\Programs\data\RixMiniHeart_10.eot.vir
2010-05-25 18:13:14 . 2008-03-26 12:53:22 45,347 ----a-w- C:\Qoobox\Quarantine\C\Users\Brett\AppData\Roaming\Windows\Start Menu\Programs\data\RixMagic_10.eot.vir
2010-05-25 18:13:14 . 2008-01-29 13:14:44 47,196 ----a-w- C:\Qoobox\Quarantine\C\Users\Brett\AppData\Roaming\Windows\Start Menu\Programs\data\RixLoveangel_12.eot.vir
2010-05-25 18:13:14 . 2008-03-19 16:01:08 40,190 ----a-w- C:\Qoobox\Quarantine\C\Users\Brett\AppData\Roaming\Windows\Start Menu\Programs\data\RixLoveangel_10.eot.vir
2010-05-25 18:13:14 . 2008-03-26 12:53:22 38,534 ----a-w- C:\Qoobox\Quarantine\C\Users\Brett\AppData\Roaming\Windows\Start Menu\Programs\data\RixKid_10.eot.vir
2010-05-25 18:13:14 . 2008-03-26 12:53:22 38,396 ----a-w- C:\Qoobox\Quarantine\C\Users\Brett\AppData\Roaming\Windows\Start Menu\Programs\data\RixJJangu_10.eot.vir
2010-05-25 18:13:14 . 2008-03-26 12:53:22 40,277 ----a-w- C:\Qoobox\Quarantine\C\Users\Brett\AppData\Roaming\Windows\Start Menu\Programs\data\RixFreshman_10.eot.vir
2010-05-25 18:13:14 . 2008-03-26 12:53:22 41,775 ----a-w- C:\Qoobox\Quarantine\C\Users\Brett\AppData\Roaming\Windows\Start Menu\Programs\data\RixDiary_10.eot.vir
2010-05-25 18:13:14 . 2008-01-29 13:14:44 51,867 ----a-w- C:\Qoobox\Quarantine\C\Users\Brett\AppData\Roaming\Windows\Start Menu\Programs\data\NHCgogo_12.eot.vir
2010-05-25 18:13:14 . 2008-01-29 13:14:44 46,673 ----a-w- C:\Qoobox\Quarantine\C\Users\Brett\AppData\Roaming\Windows\Start Menu\Programs\data\NHCgogo_10.eot.vir
2010-05-25 18:13:14 . 2010-01-15 02:32:16 2,993 ----a-w- C:\Qoobox\Quarantine\C\Users\Brett\AppData\Roaming\Windows\Start Menu\Programs\data\chatwndinfo.lua.vir
2010-05-25 01:18:05 . 2010-05-25 01:18:05 655,160 ----a-w- C:\Qoobox\Quarantine\C\Users\Brett\Documents\BitTorrent.exe.10841.tmp.vir
2010-05-25 01:18:05 . 2011-08-05 15:24:59 400,760 ----a-w- C:\Qoobox\Quarantine\C\Users\Brett\Documents\BitTorrent.exe.16256.tmp.vir
2010-04-23 11:05:38 . 2010-04-23 11:05:38 48,640 ----a-w- C:\Qoobox\Quarantine\C\Users\Brett\Documents\~WRL0127.tmp.vir

============================================================================
Here are the results of Rogue Killer:

RogueKiller V8.4.3 [Jan 8 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Brett [Admin rights]
Mode : Remove -- Date : 01/09/2013 02:29:21

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD20EADS-00R6B0 ATA Device +++++
--- User ---
[MBR] a1ccdf97b5d854078656df737606d83d
[BSP] bd82e5aeee795c2934c558d65f4ef8c1 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_01092013_02d0229.txt >>
RKreport[1]_S_01092013_02d0228.txt ; RKreport[2]_D_01092013_02d0229.txt

Attached Files



#4 SashyCakes

SashyCakes
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:51 AM

Posted 09 January 2013 - 01:46 AM

Here is the second TDSS killer log ( I had to move this out of C to be able to zip it , I'm not sure why). Sorry for the second post.

Also if its not too much of a hassle let me know if the logs find anything alarming..if all these issues are malware/virus related it would be great to know so I can keep on top of it. Thanks!

Attached Files


Edited by SashyCakes, 09 January 2013 - 01:48 AM.


#5 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:08:51 AM

Posted 09 January 2013 - 07:13 PM

Hello again,

Thanks for posting that information for me.

Hi, thanks so much for helping me with the problem!

It's my pleasure! :)

Also if its not too much of a hassle let me know if the logs find anything alarming..if all these issues are malware/virus related it would be great to know so I can keep on top of it.

That's my job! :thumbup2:

The only thing worth noting so far is the fact that you ran Combofix on the 2nd, and it removed some things that aren't too invasive or troubling...however, you ran it again on the 5th, and it removed this file:
c:\users\Brett\AppData\Local\Temp\34d80461-26c7-4268-b914-6f5055c6a1d2\CliSecureRT64.dll

By the looks of it, that seems to be part of a computer "booster" program. Those third party programs can cause some trouble. Have a look here and let me know if you remember installing any software like this.

That probably isn't the cause of your initial issues, but it's worth taking note of.

==========

I also noticed that CF has removed some components of BitTorrent.

BitTorrent is a P2P file sharing program that is certainly not recommended. Please check in Programs and Features to see if this program is installed. If it is, I recommend uninstalling it as you can get a plethora of malware with those types of programs.

==========

Everything else looks pretty clean, although I see a remnant of AVG Antivirus. Did you uninstall AVG and then install Avast recently? Your logs seem to indicate an entry regarding AVG.

As of yet your issues don't seem to be related to malware, but I'd like to make sure your machine is clean before moving you back to the Vista or Internal Hardware subforums.

==========

Let's get a few other logs that shouldn't take too much of your time, but they may provide some insight regarding malware. And don't worry, we'll be removing all of these tools once we're done here. :thumbup2:

Step :step1:

Please download Rkill by Grinler and save it to your desktop.Link 1
Link 2
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
Do not reboot the computer after running RKill, or you will need to run the application again.

==========

Step :step2:

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

==========

Step :step3:

Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

==========

In your next reply, please include the following:

  • An answer to my questions :)
  • The RKill log
  • The AdwCleaner log
  • The aswMBR log

bloopie

#6 SashyCakes

SashyCakes
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:51 AM

Posted 10 January 2013 - 12:41 PM

Yes, I received a new headset for Xmas made by Steel Series so that's where that booster program seems to have come from. It's odd though as it was installed before I ran Combofix both times, so I'm not sure why it didn't pick it up the first time.

AVG was uninstalled a few months ago, however about a week and a half ago I had to uninstall Avast and reinstall as it wouldn't run or open and was broken.

I had to run the last scan twice as I actually blue screened during it the first time: it was a Memory error. In fact the computer was running somewhat smoother recently, but it blue screened again this morning and I had to boot it multiple times for it to boot sucessfully.

Here are the logs:

RogueKiller V8.4.3 [Jan 8 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Brett [Admin rights]
Mode : Remove -- Date : 01/09/2013 02:29:21

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD20EADS-00R6B0 ATA Device +++++
--- User ---
[MBR] a1ccdf97b5d854078656df737606d83d
[BSP] bd82e5aeee795c2934c558d65f4ef8c1 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_01092013_02d0229.txt >>
RKreport[1]_S_01092013_02d0228.txt ; RKreport[2]_D_01092013_02d0229.txt



# AdwCleaner v2.105 - Logfile created 01/10/2013 at 02:00:00
# Updated 08/01/2013 by Xplode
# Operating system : Windows ™ Vista Home Basic Service Pack 2 (64 bits)
# User : Brett - BRETT-PC
# Boot Mode : Normal
# Running from : C:\Users\Brett\Downloads\AdwCleaner(1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\853d68ab739e845
Key Deleted : HKLM\Software\SweetIM
Key Deleted : HKLM\SOFTWARE\Wow6432Node\853d68ab739e845

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-GB)

File : C:\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\6hnn71k3.default-1357105440785\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4194 octets] - [02/01/2013 01:52:37]
AdwCleaner[S1].txt - [3928 octets] - [02/01/2013 01:53:11]
AdwCleaner[S2].txt - [1000 octets] - [10/01/2013 02:00:00]

########## EOF - C:\AdwCleaner[S2].txt - [1060 octets] ##########


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-10 02:48:09
-----------------------------
02:48:09.277 OS Version: Windows x64 6.0.6002 Service Pack 2
02:48:09.278 Number of processors: 8 586 0x1E05
02:48:09.278 ComputerName: BRETT-PC UserName: Brett
02:48:14.197 Initialize success
02:48:15.011 AVAST engine defs: 13010901
02:48:24.121 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-b
02:48:24.124 Disk 0 Vendor: WDC_WD20EADS-00R6B0 01.00A01 Size: 1907729MB BusType: 3
02:48:24.177 Disk 0 MBR read successfully
02:48:24.181 Disk 0 MBR scan
02:48:24.183 Disk 0 Windows VISTA default MBR code
02:48:24.207 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1907727 MB offset 2048
02:48:24.264 Disk 0 scanning C:\Windows\system32\drivers
02:48:37.344 Service scanning
02:49:17.248 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
02:49:29.017 Modules scanning
02:49:29.018 Disk 0 trace - called modules:
02:49:29.028 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys >>UNKNOWN [0xfffffa800465a2c0]<<sptd.sys ataport.SYS pciide.sys
02:49:29.030 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800618b5e0]
02:49:29.032 3 CLASSPNP.SYS[fffffa6000fcec33] -> nt!IofCallDriver -> [0xfffffa80047c5720]
02:49:29.033 5 acpi.sys[fffffa6000b9efde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T1L0-b[0xfffffa80047df060]
02:49:29.034 \Driver\atapi[0xfffffa8004780e70] -> IRP_MJ_CREATE -> 0xfffffa800465a2c0
02:49:42.047 AVAST engine scan C:\Windows
02:50:36.633 AVAST engine scan C:\Windows\system32
02:57:40.888 AVAST engine scan C:\Windows\system32\drivers
02:59:06.197 AVAST engine scan C:\Users\Brett
03:17:35.857 AVAST engine scan C:\ProgramData
03:20:37.744 Scan finished successfully
10:22:18.582 Disk 0 MBR has been saved successfully to "C:\Users\Brett\Downloads\MBR.dat"
10:22:18.601 The log file has been saved successfully to "C:\Users\Brett\Downloads\aswMBR.txt"

#7 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:08:51 AM

Posted 10 January 2013 - 03:13 PM

Hello again,

My instruction step :step1: from my last post was to run RKill, not RogueKiller again. :) Please run this updated set of scans for me next:

Step :step1:

Please download Rkill by Grinler and save it to your desktop.Link 1
Link 2

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
Do not reboot the computer after running RKill, or you will need to run the application again.


==========

Step :step2:

You have Malwarebytes Antimalware installed, so update that, run a quick scan (remove anything it finds) and post the resultant log in your next reply.

==========

Step :step3:

I'd like us to scan your machine with ESET OnlineScan
  • ***Note: This scan may take some time to run!
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

==========

In your next reply, please include the following:

  • The RKill log
  • The MBAM log
  • The ESET log

Any other problems besides your original issue?

bloopie

#8 SashyCakes

SashyCakes
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:51 AM

Posted 10 January 2013 - 07:15 PM

Sorry about that!

And no, no additional problems but my initial problems are still present (display driver, BSODs). It also boots slow (though it IS vista lol) and sometimes freezes on boot.

The display driver crashing seems to be aggravated by trying to play a video on youtube + a video game at the same time though.

Here are the logs:

Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/10/2013 04:25:04 PM in x64 mode.
Windows Version: Windows Vista ™ Home Basic Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe (PID: 4176) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

* msiserver => %systemroot%\system32\msiexec.exe /V [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 01/10/2013 04:25:15 PM
Execution time: 0 hours(s), 0 minute(s), and 10 seconds(s)

---

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.10.02

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Brett :: BRETT-PC [administrator]

1/10/2013 4:26:26 PM
mbam-log-2013-01-10 (16-26-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 231440
Time elapsed: 2 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


---

C:\Users\Brett\Downloads\winamp563_full_emusic-7plus_all.exe Win32/OpenCandy application cleaned by deleting - quarantined

Edited by SashyCakes, 10 January 2013 - 07:16 PM.


#9 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:08:51 AM

Posted 10 January 2013 - 07:31 PM

Hi again,

Okay thanks. :)

I have to go home now, but I should be back later tonight with some critical updates for you!

Malware is not the issue here, but you'll need the updates. Stay tuned!

bloopie

#10 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:08:51 AM

Posted 11 January 2013 - 09:34 AM

Hi again,

Sorry for the delay...now for the updates :):

==========

Step :step1:
Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:
  • Download the latest version of Adobe Reader Version X. and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
Your Adobe Reader is now up to date!

==========

Step :step2:
Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
    64-bit OS users, should read: Which Java download should I choose for my 64-bit Windows operating system?
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u7-windows-i586.exe (or jre-7u7-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered any unwanted software or toolbars during installation, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

==========

Let me know if you had any trouble with the above steps!

If not, then I'd like you to post a new thread in the Vista subforum for your remaining issues. Feel free to post a link to this topic so all will know what we've done here.

Let me know when you've done this and I'll close this thread. :thumbup2:

bloopie

#11 SashyCakes

SashyCakes
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:51 AM

Posted 11 January 2013 - 01:10 PM

Okay I did this all, thank you so much! :)

#12 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:08:51 AM

Posted 11 January 2013 - 01:17 PM

It's my pleasure! :)

Stay Safe and best regards,

bloopie




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users