Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random full CPU usage


  • This topic is locked This topic is locked
21 replies to this topic

#1 Whitewizard67676

Whitewizard67676

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA, NY
  • Local time:04:52 AM

Posted 03 October 2010 - 09:09 PM

Ok.. I was bored so I installed 4 new games; Battleforge, Battleswarm, World of Tanks and Sudden Attack SEA on or around 9/22/10. Its the last one which I'm concerned about because it disabled Microsoft Security Essentials on startup, and ever since random full CPU usages would occur, looking in the task manager than process explorer it came to be schedsvc.dll in a bundle of svchost.exe -netsvcs but virscan.com showed it was fine. Hence my posting here;


DDS (Ver_10-03-17.01) - NTFSx86
Run by Whitewizard at 20:47:49.61 on Sun 10/03/2010
Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_21
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.2047.1238 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\atashost.exe
C:\Windows\system32\lxdxcoms.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Whitewizard\Desktop\dds.scr
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe

============== Pseudo HJT Report ===============

uSearch Bar = Preserve
uStart Page = hxxp://www.facebook.com/
uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0908&m=et1641-02w
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0908&m=et1641-02w
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [lxdxmon.exe] "c:\program files\lexmark 3600-4600 series\lxdxmon.exe"
mRun: [lxdxamon] "c:\program files\lexmark 3600-4600 series\lxdxamon.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Uninstall Adobe Download Manager] "c:\windows\system32\rundll32.exe" "c:\program files\nos\bin\getPlus_Helper_3004.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1259972315328
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1259971978206
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: {25494EE8-6B38-404C-8727-478488C9F05D} = 192.168.50.1
TCP: {3D7728CC-4BEB-4CF9-9E80-811E1EF0038B} = 192.168.50.1,209.18.47.62
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\whitew~1\appdata\roaming\mozilla\firefox\profiles\ctqhlx9q.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.pointlesssites.com/
FF - component: c:\users\whitewizard\appdata\roaming\mozilla\firefox\profiles\ctqhlx9q.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\users\whitewizard\appdata\roaming\mozilla\firefox\profiles\ctqhlx9q.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 151216]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-3-31 20376]
R2 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\hwinfo32\HWiNFO32.SYS [2009-1-31 16872]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-9-10 369256]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-12-2 42368]
R3 netr28u;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2010-3-31 724992]
R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [2009-3-9 38304]
R3 SaiH0004;SaiH0004;c:\windows\system32\drivers\SaiH0004.sys [2007-5-1 132232]
R3 SaiL0004;SaiL0004;c:\windows\system32\drivers\SaiL0004.sys [2007-5-1 15488]
R3 SaiU0004;SaiU0004;c:\windows\system32\drivers\SaiU0004.sys [2007-5-1 28416]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2010-7-4 119016]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 16896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-4-28 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 netr73;Belkin Wireless G Plus MIMO USB Network Adapter Driver for Vista;c:\windows\system32\drivers\netr73.sys [2007-11-12 468480]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-1-20 21504]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SaiK0CEA;SaiK0CEA;c:\windows\system32\drivers\SaiK0CEA.sys [2008-4-4 104960]
S3 SaiU0CEA;SaiU0CEA;c:\windows\system32\drivers\SaiU0CEA.sys [2008-4-4 28544]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 ETService;Empowering Technology Service;c:\program files\emachines\emachines recovery management\service\ETService.exe [2008-9-23 24576]

=============== Created Last 30 ================

2010-10-04 00:44:14 20 ----a-w- c:\users\whitewizard\defogger_reenable
2010-10-03 17:13:43 0 d-----w- c:\programdata\NOS
2010-10-03 16:51:26 0 d-----w- c:\program files\Sophos
2010-09-28 18:16:33 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-25 18:04:02 0 d-----w- c:\users\whitew~1\appdata\roaming\W
2010-09-25 18:02:07 0 d-----w- c:\users\whitew~1\appdata\roaming\wargaming.net
2010-09-25 17:48:14 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-09-25 17:48:14 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-09-25 17:48:14 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-09-25 17:48:14 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-09-25 17:48:13 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-09-25 17:48:13 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-09-25 17:48:13 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-09-25 17:48:13 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-09-25 17:48:13 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-09-25 17:48:13 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-09-25 17:48:12 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-09-25 17:48:12 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-09-25 05:35:54 0 d-----w- c:\programdata\WindowsSearch
2010-09-22 23:13:18 0 d-----w- C:\Reality Gap
2010-09-22 22:16:36 0 d-----w- C:\Electronic Arts
2010-09-20 01:47:21 0 d-----w- C:\Sony Online Entertainment
2010-09-15 21:08:11 60928 ----a-w- c:\users\whitewizard\G92.bin
2010-09-15 20:00:29 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 20:00:28 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 20:00:27 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 19:59:44 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-13 22:24:37 0 d-----w- C:\Face of Mankind
2010-09-12 03:37:19 0 d-----w- c:\windows\.jagex_cache_32
2010-09-11 23:25:01 0 d-----w- c:\users\whitew~1\appdata\roaming\Splitscreen Studios
2010-09-11 04:02:38 600680 ----a-w- c:\windows\system32\nvvsvc.exe
2010-09-11 04:02:38 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-09-11 04:02:36 66664 ----a-w- c:\windows\system32\nvshext.dll
2010-09-11 04:02:34 3359848 ----a-w- c:\windows\system32\nvcpl.dll
2010-09-11 04:02:30 2065512 ----a-w- c:\windows\system32\nvsvc.dll
2010-09-07 00:34:42 0 d-----w- c:\users\whitew~1\appdata\roaming\Mumble
2010-09-07 00:33:21 0 d-----w- c:\program files\Mumble

==================== Find3M ====================

2010-10-03 17:11:46 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-27 02:37:54 51200 ----a-w- c:\windows\inf\infpub.dat
2010-09-27 02:37:54 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-09-27 02:37:52 143360 ----a-w- c:\windows\inf\infstor.dat
2010-09-12 03:39:35 46 ----a-w- c:\users\whitewizard\jagex_runescape_preferences.dat
2010-09-12 03:39:17 99 ----a-w- c:\users\whitewizard\jagex_runescape_preferences2.dat
2010-07-07 17:46:46 604776 ----a-w- c:\windows\system32\nvuninst.exe
2009-11-11 18:47:02 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-01-24 20:06:48 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2010-01-24 20:06:48 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2010-01-24 20:06:48 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2010-01-24 20:06:48 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 20:50:38.02 ===============

Attached Files


Edited by Whitewizard67676, 03 October 2010 - 09:17 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:52 AM

Posted 10 October 2010 - 08:05 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 Whitewizard67676

Whitewizard67676
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA, NY
  • Local time:04:52 AM

Posted 11 October 2010 - 12:55 AM

Here's a link a pic of the problem: http://i54.tinypic.com/50fvo0.jpg It's set affinity to one of two 2 cores so it can only max 50%

Hi!

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:52 AM

Posted 11 October 2010 - 01:53 PM

Can you run the TDSSKiller program
  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#5 Whitewizard67676

Whitewizard67676
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA, NY
  • Local time:04:52 AM

Posted 11 October 2010 - 03:37 PM

Here you are! Another exciting installment of what's wrong with my PC:)


2010/10/11 16:34:34.0303 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2010/10/11 16:34:34.0319 ================================================================================
2010/10/11 16:34:34.0319 SystemInfo:
2010/10/11 16:34:34.0319
2010/10/11 16:34:34.0319 OS Version: 6.0.6002 ServicePack: 2.0
2010/10/11 16:34:34.0319 Product type: Workstation
2010/10/11 16:34:34.0319 ComputerName: WHITEWIZARD-PC
2010/10/11 16:34:34.0319 UserName: Whitewizard
2010/10/11 16:34:34.0319 Windows directory: C:\Windows
2010/10/11 16:34:34.0319 System windows directory: C:\Windows
2010/10/11 16:34:34.0319 Processor architecture: Intel x86
2010/10/11 16:34:34.0319 Number of processors: 2
2010/10/11 16:34:34.0319 Page size: 0x1000
2010/10/11 16:34:34.0319 Boot type: Normal boot
2010/10/11 16:34:34.0319 ================================================================================
2010/10/11 16:34:34.0880 Initialize success
2010/10/11 16:34:38.0593 ================================================================================
2010/10/11 16:34:38.0593 Scan started
2010/10/11 16:34:38.0593 Mode: Manual;
2010/10/11 16:34:38.0593 ================================================================================
2010/10/11 16:34:39.0030 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/10/11 16:34:39.0108 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2010/10/11 16:34:39.0217 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2010/10/11 16:34:39.0280 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2010/10/11 16:34:39.0342 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2010/10/11 16:34:39.0436 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/10/11 16:34:39.0514 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2010/10/11 16:34:39.0576 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/10/11 16:34:39.0638 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2010/10/11 16:34:39.0701 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2010/10/11 16:34:39.0732 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2010/10/11 16:34:39.0763 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2010/10/11 16:34:39.0794 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2010/10/11 16:34:39.0872 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2010/10/11 16:34:39.0919 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2010/10/11 16:34:39.0982 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/10/11 16:34:40.0044 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/10/11 16:34:40.0075 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/10/11 16:34:40.0138 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2010/10/11 16:34:40.0200 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/10/11 16:34:40.0262 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/10/11 16:34:40.0309 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/10/11 16:34:40.0387 Bridge (b1564976d98e91fc764d5dc28a0297da) C:\Windows\system32\DRIVERS\bridge.sys
2010/10/11 16:34:40.0450 BridgeMP (b1564976d98e91fc764d5dc28a0297da) C:\Windows\system32\DRIVERS\bridge.sys
2010/10/11 16:34:40.0512 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/10/11 16:34:40.0574 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/10/11 16:34:40.0652 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/10/11 16:34:40.0715 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/10/11 16:34:40.0793 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/10/11 16:34:40.0840 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/10/11 16:34:40.0902 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/10/11 16:34:40.0964 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2010/10/11 16:34:41.0027 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/10/11 16:34:41.0089 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2010/10/11 16:34:41.0167 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2010/10/11 16:34:41.0276 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2010/10/11 16:34:41.0323 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2010/10/11 16:34:41.0448 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/10/11 16:34:41.0542 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/10/11 16:34:41.0620 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/10/11 16:34:41.0682 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/10/11 16:34:41.0760 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/10/11 16:34:41.0854 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/10/11 16:34:41.0932 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2010/10/11 16:34:42.0025 ENTECH (fd9fc82f134b1c91004ffc76a5ae494b) C:\Windows\system32\DRIVERS\ENTECH.sys
2010/10/11 16:34:42.0103 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2010/10/11 16:34:42.0212 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/10/11 16:34:42.0290 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/10/11 16:34:42.0353 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2010/10/11 16:34:42.0431 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/10/11 16:34:42.0478 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/10/11 16:34:42.0509 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/10/11 16:34:42.0587 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/10/11 16:34:42.0665 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\Windows\system32\DRIVERS\fssfltr.sys
2010/10/11 16:34:42.0727 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/10/11 16:34:42.0774 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2010/10/11 16:34:42.0868 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2010/10/11 16:34:42.0946 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/10/11 16:34:43.0008 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/10/11 16:34:43.0039 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/10/11 16:34:43.0117 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/10/11 16:34:43.0180 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2010/10/11 16:34:43.0258 HSF_DPV (1882827f41dee51c70e24c567c35bfb5) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2010/10/11 16:34:43.0382 HSXHWBS2 (5f60f0ad32d43b9ab9ac9373117d8e54) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
2010/10/11 16:34:43.0476 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/10/11 16:34:43.0554 HWiNFO32 (fba8b631be54c5fa7f9b792b92ec69a3) C:\Program Files\HWiNFO32\HWiNFO32.SYS
2010/10/11 16:34:43.0663 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2010/10/11 16:34:43.0726 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/10/11 16:34:43.0772 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2010/10/11 16:34:43.0835 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/10/11 16:34:43.0928 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys
2010/10/11 16:34:44.0022 IntcAzAudAddService (4c01298060cf930d26a75a86b874b6ae) C:\Windows\system32\drivers\RTKVHDA.sys
2010/10/11 16:34:44.0162 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2010/10/11 16:34:44.0209 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/10/11 16:34:44.0272 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/10/11 16:34:44.0350 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2010/10/11 16:34:44.0396 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/10/11 16:34:44.0443 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/10/11 16:34:44.0490 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2010/10/11 16:34:44.0552 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/10/11 16:34:44.0599 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/10/11 16:34:44.0662 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/10/11 16:34:44.0693 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/10/11 16:34:44.0740 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/10/11 16:34:44.0802 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/10/11 16:34:44.0896 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/10/11 16:34:44.0989 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2010/10/11 16:34:45.0020 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2010/10/11 16:34:45.0083 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2010/10/11 16:34:45.0130 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/10/11 16:34:45.0192 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2010/10/11 16:34:45.0254 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2010/10/11 16:34:45.0301 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2010/10/11 16:34:45.0410 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/10/11 16:34:45.0457 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/10/11 16:34:45.0488 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/10/11 16:34:45.0520 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/10/11 16:34:45.0551 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/10/11 16:34:45.0613 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\Windows\system32\DRIVERS\MpFilter.sys
2010/10/11 16:34:45.0660 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2010/10/11 16:34:45.0722 MpNWMon (aeb186afff5d9cfed823c15d846aac3b) C:\Windows\system32\DRIVERS\MpNWMon.sys
2010/10/11 16:34:45.0769 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/10/11 16:34:45.0816 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/10/11 16:34:45.0910 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/10/11 16:34:45.0988 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/10/11 16:34:46.0019 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/10/11 16:34:46.0050 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/10/11 16:34:46.0112 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2010/10/11 16:34:46.0144 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2010/10/11 16:34:46.0206 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/10/11 16:34:46.0237 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/10/11 16:34:46.0315 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/10/11 16:34:46.0393 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/10/11 16:34:46.0424 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/10/11 16:34:46.0487 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/10/11 16:34:46.0534 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/10/11 16:34:46.0580 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/10/11 16:34:46.0627 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/10/11 16:34:46.0690 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/10/11 16:34:46.0799 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/10/11 16:34:46.0861 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/10/11 16:34:46.0892 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/10/11 16:34:47.0002 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/10/11 16:34:47.0033 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/10/11 16:34:47.0080 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/10/11 16:34:47.0111 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/10/11 16:34:47.0220 netr28u (972e4066510017fd59e2806cff99fa16) C:\Windows\system32\DRIVERS\netr28u.sys
2010/10/11 16:34:47.0360 netr73 (fbbdcacbc128670983cca59345be5454) C:\Windows\system32\DRIVERS\netr73.sys
2010/10/11 16:34:47.0454 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/10/11 16:34:47.0532 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/10/11 16:34:47.0610 NPPTNT2 (9131fe60adfab595c8da53ad6a06aa31) C:\Windows\system32\npptNT2.sys
2010/10/11 16:34:47.0672 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/10/11 16:34:47.0766 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/10/11 16:34:47.0844 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/10/11 16:34:47.0922 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/10/11 16:34:48.0172 nvlddmkm (a85091649861ae1a0c900105ea068a0d) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/10/11 16:34:48.0374 nvoclock (6cc3c3be2de12310a35a6ab2aed141d6) C:\Windows\system32\DRIVERS\nvoclock.sys
2010/10/11 16:34:48.0437 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2010/10/11 16:34:48.0468 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2010/10/11 16:34:48.0515 nvstor32 (fa7b8eca6e845b244b7e30a9dcd82c6c) C:\Windows\system32\DRIVERS\nvstor32.sys
2010/10/11 16:34:48.0577 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2010/10/11 16:34:48.0718 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2010/10/11 16:34:48.0827 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/10/11 16:34:48.0936 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/10/11 16:34:48.0998 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/10/11 16:34:49.0061 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/10/11 16:34:49.0108 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2010/10/11 16:34:49.0154 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/10/11 16:34:49.0217 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/10/11 16:34:49.0373 pnarp (63200893c9d5934a7504d20f68276cc7) C:\Windows\system32\DRIVERS\pnarp.sys
2010/10/11 16:34:49.0482 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/10/11 16:34:49.0544 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
2010/10/11 16:34:49.0638 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/10/11 16:34:49.0669 purendis (748bcab4eff5959ed347c05a1c1a0af8) C:\Windows\system32\DRIVERS\purendis.sys
2010/10/11 16:34:49.0810 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2010/10/11 16:34:49.0872 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/10/11 16:34:49.0903 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/10/11 16:34:49.0934 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/10/11 16:34:49.0981 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/10/11 16:34:50.0044 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/10/11 16:34:50.0090 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/10/11 16:34:50.0137 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/10/11 16:34:50.0168 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/10/11 16:34:50.0324 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2010/10/11 16:34:50.0418 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/10/11 16:34:50.0496 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/10/11 16:34:50.0590 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/10/11 16:34:50.0652 RT73 (7436bfd3a542cf6ff55097200031b293) C:\Windows\system32\DRIVERS\rt73.sys
2010/10/11 16:34:50.0746 RTL8169 (17b1d7ce7af11fb24db1def9621c033b) C:\Windows\system32\DRIVERS\Rtlh86.sys
2010/10/11 16:34:50.0808 SaiH0004 (de7a2fc379671998865122a08fd9db52) C:\Windows\system32\DRIVERS\SaiH0004.sys
2010/10/11 16:34:50.0964 SaiK0CEA (4992828f8774c86c641add9901be1563) C:\Windows\system32\DRIVERS\SaiK0CEA.sys
2010/10/11 16:34:50.0995 SaiL0004 (de81d15969207900f06b0f9454a9b215) C:\Windows\system32\DRIVERS\SaiL0004.sys
2010/10/11 16:34:51.0058 SaiMini (a79fbdbc6a979259e38dea7d29b57619) C:\Windows\system32\DRIVERS\SaiMini.sys
2010/10/11 16:34:51.0120 SaiNtBus (bb20eba89e0ef39697a1a8728c5685fe) C:\Windows\system32\drivers\SaiBus.sys
2010/10/11 16:34:51.0167 SaiU0004 (1890bd6b225d8e612b81c9c7171bca83) C:\Windows\system32\DRIVERS\SaiU0004.sys
2010/10/11 16:34:51.0229 SaiU0CEA (4e0f96b9659c88c3bd924456b3b3f5d2) C:\Windows\system32\DRIVERS\SaiU0CEA.sys
2010/10/11 16:34:51.0338 SbieDrv (2cdab8553e703c7754be9ce1c4454eb5) C:\Program Files\Sandboxie\SbieDrv.sys
2010/10/11 16:34:51.0416 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/10/11 16:34:51.0510 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/10/11 16:34:51.0572 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/10/11 16:34:51.0619 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/10/11 16:34:51.0682 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/10/11 16:34:51.0775 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2010/10/11 16:34:51.0838 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2010/10/11 16:34:51.0884 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2010/10/11 16:34:51.0931 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/10/11 16:34:51.0994 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2010/10/11 16:34:52.0025 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2010/10/11 16:34:52.0087 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2010/10/11 16:34:52.0165 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/10/11 16:34:52.0228 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/10/11 16:34:52.0290 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\System32\Drivers\sptd.sys
2010/10/11 16:34:52.0368 srv (96a5e2c642af8f591a7366429809506b) C:\Windows\system32\DRIVERS\srv.sys
2010/10/11 16:34:52.0430 srv2 (71da2d64880c97e5ffc3c81761632751) C:\Windows\system32\DRIVERS\srv2.sys
2010/10/11 16:34:52.0477 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys
2010/10/11 16:34:52.0571 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/10/11 16:34:52.0618 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/10/11 16:34:52.0664 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/10/11 16:34:52.0696 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/10/11 16:34:52.0805 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/10/11 16:34:52.0883 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/10/11 16:34:52.0945 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/10/11 16:34:52.0992 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/10/11 16:34:53.0054 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/10/11 16:34:53.0101 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/10/11 16:34:53.0164 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/10/11 16:34:53.0226 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/10/11 16:34:53.0273 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/10/11 16:34:53.0320 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/10/11 16:34:53.0366 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2010/10/11 16:34:53.0429 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/10/11 16:34:53.0507 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2010/10/11 16:34:53.0554 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2010/10/11 16:34:53.0600 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/10/11 16:34:53.0647 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/10/11 16:34:53.0694 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/10/11 16:34:53.0741 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys
2010/10/11 16:34:53.0881 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/10/11 16:34:53.0944 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/10/11 16:34:54.0006 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/10/11 16:34:54.0053 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/10/11 16:34:54.0115 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2010/10/11 16:34:54.0178 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2010/10/11 16:34:54.0271 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2010/10/11 16:34:54.0334 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/10/11 16:34:54.0380 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/10/11 16:34:54.0458 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/10/11 16:34:54.0521 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/10/11 16:34:54.0568 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2010/10/11 16:34:54.0599 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2010/10/11 16:34:54.0646 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2010/10/11 16:34:54.0692 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/10/11 16:34:54.0739 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/10/11 16:34:54.0786 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/10/11 16:34:54.0864 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2010/10/11 16:34:54.0973 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/10/11 16:34:55.0051 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/11 16:34:55.0098 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/11 16:34:55.0145 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2010/10/11 16:34:55.0176 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/10/11 16:34:55.0316 winachsf (e096ffb754f1e45ae1bddac1275ae2c5) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2010/10/11 16:34:55.0472 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/10/11 16:34:55.0582 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/10/11 16:34:55.0628 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/10/11 16:34:55.0706 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
2010/10/11 16:34:55.0784 XAudio (e3fcf2870b5d7979b3bf10e98a71c847) C:\Windows\system32\DRIVERS\xaudio.sys
2010/10/11 16:34:56.0034 ================================================================================
2010/10/11 16:34:56.0034 Scan finished
2010/10/11 16:34:56.0034 ================================================================================
2010/10/11 16:35:48.0282 Deinitialize success



#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:52 AM

Posted 11 October 2010 - 06:04 PM

Not very exciting unfortunately. That was clean thumbup2.gif

Please run MBRCheck next

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
Posted Image
m0le is a proud member of UNITE

#7 Whitewizard67676

Whitewizard67676
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA, NY
  • Local time:04:52 AM

Posted 11 October 2010 - 06:37 PM

but clean is good! -stress +happiness!

here's your log good sir,

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: eMachines
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: eMachines
System Product Name: ET1641-02w
Logical Drives Mask: 0x000001fc

Kernel Drivers (total 147):
0x8283C000 \SystemRoot\system32\ntkrnlpa.exe
0x82809000 \SystemRoot\system32\hal.dll
0x80408000 \SystemRoot\system32\kdcom.dll
0x8040F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8047F000 \SystemRoot\system32\PSHED.dll
0x80490000 \SystemRoot\system32\BOOTVID.dll
0x80498000 \SystemRoot\system32\CLFS.SYS
0x804D9000 \SystemRoot\system32\CI.dll
0x80607000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80683000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80690000 \SystemRoot\system32\drivers\acpi.sys
0x806D6000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806DF000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E7000 \SystemRoot\system32\drivers\pci.sys
0x8070E000 \SystemRoot\System32\drivers\partmgr.sys
0x8071D000 \SystemRoot\system32\drivers\volmgr.sys
0x8072C000 \SystemRoot\System32\drivers\volmgrx.sys
0x80776000 \SystemRoot\system32\drivers\pciide.sys
0x8077D000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8078B000 \SystemRoot\System32\drivers\mountmgr.sys
0x8079B000 \SystemRoot\system32\drivers\atapi.sys
0x807A3000 \SystemRoot\system32\drivers\ataport.SYS
0x807C1000 \SystemRoot\system32\DRIVERS\nvstor32.sys
0x805B9000 \SystemRoot\system32\DRIVERS\storport.sys
0x82E0D000 \SystemRoot\system32\drivers\fltmgr.sys
0x82E3F000 \SystemRoot\system32\drivers\fileinfo.sys
0x82E4F000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82EC0000 \SystemRoot\system32\drivers\ndis.sys
0x82FCB000 \SystemRoot\system32\drivers\msrpc.sys
0x8860D000 \SystemRoot\system32\drivers\NETIO.SYS
0x88648000 \SystemRoot\System32\drivers\tcpip.sys
0x88732000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8880C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8891C000 \SystemRoot\system32\drivers\wd.sys
0x88924000 \SystemRoot\system32\drivers\volsnap.sys
0x8895D000 \SystemRoot\System32\Drivers\spldr.sys
0x88965000 \SystemRoot\System32\Drivers\mup.sys
0x88974000 \SystemRoot\System32\drivers\ecache.sys
0x8899B000 \SystemRoot\system32\drivers\disk.sys
0x889AC000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x889CD000 \SystemRoot\system32\drivers\crcdisk.sys
0x889E3000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x889EE000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8874D000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8875C000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x88800000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x889D6000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8876F000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x88779000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x887B7000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x887C6000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8C408000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8C606000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8CF9C000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8C495000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8CF9E000 \SystemRoot\System32\drivers\watchdog.sys
0x8CFAA000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8CFB3000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8CFE2000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8C536000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8CFED000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8C54D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8C570000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8C57F000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8C593000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8C5A8000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8C5B8000 \SystemRoot\system32\drivers\SaiBus.sys
0x8CFF8000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8C5C2000 \SystemRoot\system32\DRIVERS\ks.sys
0x8C5EC000 \SystemRoot\system32\DRIVERS\nvoclock.sys
0x8C5F4000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x887DE000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8D203000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8D238000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8D249000 \SystemRoot\system32\DRIVERS\SaiMini.sys
0x8D24D000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8D25D000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8D404000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8D605000 \SystemRoot\system32\drivers\portcls.sys
0x8D632000 \SystemRoot\system32\drivers\drmk.sys
0x8D657000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8D660000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8D668000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x8D68B000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8D694000 \SystemRoot\System32\Drivers\Null.SYS
0x8D69B000 \SystemRoot\System32\Drivers\Beep.SYS
0x8D6A2000 \SystemRoot\System32\drivers\vga.sys
0x8D6AE000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8D6CF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8D6D7000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8D6DF000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8D6EA000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8D6F8000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8D701000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8D717000 \SystemRoot\system32\DRIVERS\smb.sys
0x8D72B000 \SystemRoot\system32\drivers\afd.sys
0x8D773000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8D7A5000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8D7BB000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8D7C9000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8D264000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8D7DC000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8D7E6000 \SystemRoot\System32\Drivers\dfsc.sys
0x8D2AD000 \SystemRoot\system32\DRIVERS\SaiU0004.sys
0x8D2B4000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8D7FD000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8D2BD000 \SystemRoot\system32\DRIVERS\SaiH0004.sys
0x8D400000 \SystemRoot\system32\DRIVERS\SaiL0004.sys
0x8D2DC000 \SystemRoot\system32\DRIVERS\netr28u.sys
0x956F0000 \SystemRoot\System32\win32k.sys
0x8D394000 \SystemRoot\System32\drivers\Dxapi.sys
0x8D39E000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x8D3B3000 \SystemRoot\system32\DRIVERS\monitor.sys
0x95910000 \SystemRoot\System32\TSDDD.dll
0x95930000 \SystemRoot\System32\cdd.dll
0x8D3C2000 \SystemRoot\system32\drivers\luafv.sys
0x81E00000 \SystemRoot\system32\drivers\spsys.sys
0x81EB0000 \??\C:\Program Files\Sandboxie\SbieDrv.sys
0x81ECF000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x81EDF000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x81F09000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x81F13000 \SystemRoot\system32\DRIVERS\pnarp.sys
0x81F1D000 \SystemRoot\system32\DRIVERS\purendis.sys
0x81F27000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x81F3A000 \SystemRoot\system32\drivers\HTTP.sys
0x81FA7000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x81FC4000 \SystemRoot\system32\DRIVERS\bowser.sys
0x81FDD000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8D3DD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9B801000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9B83A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9B852000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9B879000 \SystemRoot\System32\DRIVERS\srv.sys
0x9B8C7000 \??\C:\Program Files\HWiNFO32\HWiNFO32.SYS
0x9B8CA000 \??\C:\Windows\system32\drivers\int15.sys
0x9B8D1000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9B8D5000 \SystemRoot\system32\drivers\peauth.sys
0x9B9B3000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9B9BD000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9B9C9000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x9B9D1000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x9B9DA000 \SystemRoot\system32\drivers\tdtcp.sys
0x9B9E5000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0xA3A0F000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xA3A42000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA3A58000 \SystemRoot\system32\DRIVERS\WSDPrint.sys
0x77C30000 \Windows\System32\ntdll.dll

Processes (total 63):
0 System Idle Process
4 System
496 C:\Windows\System32\smss.exe
564 csrss.exe
624 C:\Windows\System32\wininit.exe
636 csrss.exe
668 C:\Windows\System32\services.exe
680 C:\Windows\System32\lsass.exe
688 C:\Windows\System32\lsm.exe
768 C:\Windows\System32\winlogon.exe
876 C:\Windows\System32\svchost.exe
924 C:\Windows\System32\nvvsvc.exe
952 C:\Windows\System32\svchost.exe
992 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
1176 C:\Windows\System32\svchost.exe
1236 C:\Windows\System32\svchost.exe
1256 C:\Windows\System32\svchost.exe
1348 C:\Windows\System32\audiodg.exe
1372 C:\Windows\System32\svchost.exe
1392 C:\Windows\System32\SLsvc.exe
1432 C:\Windows\System32\svchost.exe
1536 C:\Program Files\Sandboxie\SbieSvc.exe
1556 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
1652 C:\Windows\System32\nvvsvc.exe
1748 C:\Windows\System32\svchost.exe
1936 C:\Windows\System32\spoolsv.exe
1964 C:\Windows\System32\svchost.exe
1708 C:\Windows\System32\atashost.exe
440 C:\Windows\System32\lxdxcoms.exe
1420 C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
2076 C:\Windows\System32\PnkBstrA.exe
2136 C:\Windows\System32\PnkBstrB.exe
2152 C:\Windows\System32\svchost.exe
2172 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2216 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
2268 C:\Windows\System32\svchost.exe
2316 C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
2348 C:\Windows\System32\svchost.exe
2368 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2380 C:\Windows\System32\SearchIndexer.exe
2432 C:\Windows\System32\drivers\XAudio.exe
2492 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
2972 C:\Windows\System32\taskeng.exe
2992 C:\Windows\System32\dwm.exe
3024 C:\Windows\explorer.exe
3440 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3508 C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
3660 C:\Program Files\Microsoft Security Essentials\msseces.exe
3688 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3704 C:\Windows\ehome\ehtray.exe
3712 C:\Program Files\Windows Media Player\wmpnscfg.exe
3832 C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
4004 C:\Program Files\Lexmark 3600-4600 Series\lxdxmsdmon.exe
4040 C:\Windows\ehome\ehmsas.exe
3316 C:\Windows\System32\taskeng.exe
1052 C:\Program Files\Mozilla Firefox\firefox.exe
4056 C:\Windows\System32\SearchProtocolHost.exe
780 C:\Windows\System32\SearchFilterHost.exe
1108 C:\Program Files\Mozilla Firefox\plugin-container.exe
1576 C:\Windows\explorer.exe
3624 dllhost.exe
2908 dllhost.exe
2468 C:\Users\Whitewizard\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80100000 (NTFS)

PhysicalDrive0 Model Number: WDC WD3200AAJS-22B4A, Rev: 01.0

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: B8E77474865C5257302C104C20871DAE18A9FB42


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:52 AM

Posted 11 October 2010 - 06:40 PM

Faked MBR isn't necessarily as bad as it sounds. What make/model are you running?


Posted Image
m0le is a proud member of UNITE

#9 Whitewizard67676

Whitewizard67676
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA, NY
  • Local time:04:52 AM

Posted 11 October 2010 - 08:22 PM

eMachines
ET1641-02w
Everything is stock except for an added NVIDIA GeForce 9600 GSO Farcry 2 edition and a PSU.

Edited by Whitewizard67676, 11 October 2010 - 08:22 PM.


#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:52 AM

Posted 12 October 2010 - 02:45 PM

Please run Combofix, this is a powerful removal tool so please read the instructions carefully

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#11 Whitewizard67676

Whitewizard67676
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA, NY
  • Local time:04:52 AM

Posted 12 October 2010 - 04:46 PM

All is done and done! should I mention the compy beeped twice? and here is asked for log,

ComboFix 10-10-11.05 - Whitewizard 10/12/2010 17:25:25.1.2 - x86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.2047.1303 [GMT -4:00]
Running from: c:\users\Whitewizard\Desktop\comfix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Install.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb

.
((((((((((((((((((((((((( Files Created from 2010-09-12 to 2010-10-12 )))))))))))))))))))))))))))))))
.

2010-10-12 21:36 . 2010-10-12 21:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-12 21:36 . 2010-10-12 21:36 -------- d-----w- c:\users\Whitewizard\AppData\Local\temp
2010-10-12 21:36 . 2010-10-12 21:36 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2010-10-12 21:36 . 2010-10-12 21:36 -------- d-----w- c:\users\mahly\AppData\Local\temp
2010-10-12 21:36 . 2010-10-12 21:36 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-10-12 10:55 . 2010-09-25 04:54 6084944 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{63A1CE7C-F0A5-41C0-85D9-7BF2075D2CAD}\mpengine.dll
2010-10-04 00:57 . 2010-10-04 00:57 93056 ----a-w- C:\kgliruow.sys
2010-10-03 17:12 . 2010-10-03 17:12 -------- d-----w- c:\program files\Common Files\Java
2010-10-03 17:11 . 2010-10-03 17:11 -------- d-----w- c:\program files\Java
2010-10-03 16:51 . 2010-10-03 16:51 -------- d-----w- c:\program files\Sophos
2010-09-28 18:16 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-28 18:16 . 2010-08-26 04:23 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-09-27 02:36 . 2010-09-11 06:46 887912 ----a-w- c:\windows\system32\nvdispco322050.dll
2010-09-27 02:36 . 2010-09-11 06:46 813672 ----a-w- c:\windows\system32\nvgenco322030.dll
2010-09-27 02:36 . 2010-09-11 06:46 57960 ----a-w- c:\windows\system32\OpenCL.dll
2010-09-27 02:36 . 2010-09-11 06:46 5399656 ----a-w- c:\windows\system32\nvwgf2um.dll
2010-09-27 02:36 . 2010-09-11 06:46 4836456 ----a-w- c:\windows\system32\nvcuda.dll
2010-09-27 02:36 . 2010-09-11 06:46 2912360 ----a-w- c:\windows\system32\nvcuvid.dll
2010-09-27 02:36 . 2010-09-11 06:46 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-09-27 02:36 . 2010-09-11 06:46 1718376 ----a-w- c:\windows\system32\nvapi.dll
2010-09-27 02:36 . 2010-09-11 06:46 14899816 ----a-w- c:\windows\system32\nvoglv32.dll
2010-09-27 02:36 . 2010-09-11 06:46 13019752 ----a-w- c:\windows\system32\nvcompiler.dll
2010-09-27 02:36 . 2010-09-11 06:46 10055112 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2010-09-27 02:36 . 2010-09-11 06:46 10022504 ----a-w- c:\windows\system32\nvd3dum.dll
2010-09-25 18:04 . 2010-09-25 18:11 -------- d-----w- c:\users\Whitewizard\AppData\Roaming\W
2010-09-25 18:02 . 2010-09-25 18:02 -------- d-----w- c:\users\Whitewizard\AppData\Roaming\wargaming.net
2010-09-25 17:48 . 2010-06-02 08:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-09-25 17:48 . 2010-06-02 08:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-09-25 17:48 . 2010-06-02 08:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-09-25 17:48 . 2010-05-26 15:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-09-25 17:48 . 2010-05-26 15:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-09-25 17:48 . 2010-05-26 15:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-09-25 17:48 . 2010-05-26 15:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-09-25 17:48 . 2010-05-26 15:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-09-25 17:48 . 2010-02-04 14:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-09-25 17:48 . 2010-02-04 14:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-09-25 17:48 . 2010-02-04 14:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-09-25 17:48 . 2010-02-04 14:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-09-25 05:35 . 2010-09-25 05:35 -------- d-----w- c:\programdata\WindowsSearch
2010-09-22 23:13 . 2010-09-22 23:13 -------- d-----w- C:\Reality Gap
2010-09-22 22:16 . 2010-09-22 22:16 -------- d-----w- C:\Electronic Arts
2010-09-20 01:47 . 2010-09-20 01:47 -------- d-----w- c:\users\Whitewizard\AppData\Local\SCE
2010-09-20 01:47 . 2010-09-20 01:47 -------- d-----w- C:\Sony Online Entertainment
2010-09-15 21:08 . 2010-09-15 21:08 60928 ----a-w- c:\users\Whitewizard\G92.bin
2010-09-15 20:00 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 20:00 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 20:00 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 20:00 . 2010-08-17 10:52 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-09-15 19:59 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-13 22:24 . 2010-09-14 01:02 -------- d-----w- C:\Face of Mankind

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lxdxmon.exe"="c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe" [2008-03-20 668328]
"lxdxamon"="c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe" [2008-03-20 16040]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Whitewizard^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Whitewizard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Linksys Wireless Manager]
2009-06-24 02:57 1366064 ----a-r- c:\program files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
2009-06-18 19:41 647216 ----a-w- c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-03-26 18:21 5369856 ----a-w- c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-08-30 04:29 1242448 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-27 23:03 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-01-07 18:38 158448 ----a-w- c:\program files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2188834616-2602567752-721388112-1000]
"EnableNotificationsRef"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 cpuz129;cpuz129;c:\program files\PC Wizard 2008\pcwiz32.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\A5BB.tmp [x]
R3 netr73;Belkin Wireless G Plus MIMO USB Network Adapter Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2007-11-12 468480]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-07-30 3686240]
R4 ETService;Empowering Technology Service;c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [2008-06-11 24576]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-03-06 20376]
S2 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [2009-01-15 16872]
S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [2008-02-28 594600]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]
S3 netr28u;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-05-14 724992]
S3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclock.sys [2009-03-09 38304]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-10-12 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-27 23:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0908&m=et1641-02w
TCP: {25494EE8-6B38-404C-8727-478488C9F05D} = 192.168.50.1
TCP: {3D7728CC-4BEB-4CF9-9E80-811E1EF0038B} = 192.168.50.1,209.18.47.62
FF - ProfilePath - c:\users\Whitewizard\AppData\Roaming\Mozilla\Firefox\Profiles\ctqhlx9q.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.pointlesssites.com/
FF - component: c:\users\Whitewizard\AppData\Roaming\Mozilla\Firefox\Profiles\ctqhlx9q.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe



[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\A5BB.tmp"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cf,6b,b7,b9,5a,b4,54,47,bc,00,9b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cf,6b,b7,b9,5a,b4,54,47,bc,00,9b,\

[HKEY_USERS\S-1-5-21-2188834616-2602567752-721388112-1000\Software\SecuROM\License information*]
"datasecu"=hex:23,c0,b4,b2,68,23,f2,92,80,eb,73,d6,82,de,25,69,05,49,96,a7,e4,
32,1e,ed,db,24,45,ca,4b,78,49,47,c7,b0,e3,3a,0a,90,10,e1,bf,ae,a7,6c,9c,ec,\
"rkeysecu"=hex:82,c3,15,4f,bb,1d,3b,7f,84,f5,53,93,76,d6,d1,ff

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-10-12 17:40:07
ComboFix-quarantined-files.txt 2010-10-12 21:40

Pre-Run: 160,054,534,144 bytes free
Post-Run: 159,943,118,848 bytes free

- - End Of File - - 0BAFFD58C628F225A18843094D20B968

Edited by Whitewizard67676, 12 October 2010 - 04:48 PM.


#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:52 AM

Posted 12 October 2010 - 05:10 PM

Yeah, Combofix makes it do that. smile.gif

Please rerun the program as below

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the box below into it:

QUOTE
File::
C:\kgliruow.sys

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]


Save this as CFScript.txt, in the same location as Comfix.exe (called ComboFix.exe in the below graphic)




Refering to the picture above, drag CFScript into ComboFix.exe

If the program requests for you to update Combofix then click Yes.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Then please run MBAM

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.
Posted Image
m0le is a proud member of UNITE

#13 Whitewizard67676

Whitewizard67676
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA, NY
  • Local time:04:52 AM

Posted 13 October 2010 - 05:40 AM

Doing this reminds me of the time like a month ago when every startup/shutdown my HDD would have +/- 10GB in free space...
Alrighty than, here's Comfix:

ComboFix 10-10-11.05 - Whitewizard 10/12/2010 20:01:09.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2047.1220 [GMT -4:00]
Running from: c:\users\Whitewizard\Desktop\Comfix.exe
Command switches used :: c:\users\Whitewizard\Desktop\CFScript.txt

FILE ::
"C:\kgliruow.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\kgliruow.sys

.
((((((((((((((((((((((((( Files Created from 2010-09-13 to 2010-10-13 )))))))))))))))))))))))))))))))
.

2010-10-13 00:12 . 2010-10-13 00:12 -------- d-----w- c:\users\Whitewizard\AppData\Local\temp
2010-10-13 00:12 . 2010-10-13 00:12 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2010-10-13 00:12 . 2010-10-13 00:12 -------- d-----w- c:\users\mahly\AppData\Local\temp
2010-10-13 00:12 . 2010-10-13 00:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-13 00:12 . 2010-10-13 00:12 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-10-12 23:58 . 2010-10-12 23:59 -------- d-----w- C:\32788R22FWJFW
2010-10-12 21:42 . 2010-09-25 04:54 6084944 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{165A4ECD-F4CD-4A23-813D-32E15A8053D9}\mpengine.dll
2010-10-03 17:12 . 2010-10-03 17:12 -------- d-----w- c:\program files\Common Files\Java
2010-10-03 17:11 . 2010-10-03 17:11 -------- d-----w- c:\program files\Java
2010-10-03 16:51 . 2010-10-03 16:51 -------- d-----w- c:\program files\Sophos
2010-09-28 18:16 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-28 18:16 . 2010-08-26 04:23 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-09-27 02:36 . 2010-09-11 06:46 887912 ----a-w- c:\windows\system32\nvdispco322050.dll
2010-09-27 02:36 . 2010-09-11 06:46 813672 ----a-w- c:\windows\system32\nvgenco322030.dll
2010-09-27 02:36 . 2010-09-11 06:46 57960 ----a-w- c:\windows\system32\OpenCL.dll
2010-09-27 02:36 . 2010-09-11 06:46 5399656 ----a-w- c:\windows\system32\nvwgf2um.dll
2010-09-27 02:36 . 2010-09-11 06:46 4836456 ----a-w- c:\windows\system32\nvcuda.dll
2010-09-27 02:36 . 2010-09-11 06:46 2912360 ----a-w- c:\windows\system32\nvcuvid.dll
2010-09-27 02:36 . 2010-09-11 06:46 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-09-27 02:36 . 2010-09-11 06:46 1718376 ----a-w- c:\windows\system32\nvapi.dll
2010-09-27 02:36 . 2010-09-11 06:46 14899816 ----a-w- c:\windows\system32\nvoglv32.dll
2010-09-27 02:36 . 2010-09-11 06:46 13019752 ----a-w- c:\windows\system32\nvcompiler.dll
2010-09-27 02:36 . 2010-09-11 06:46 10055112 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2010-09-27 02:36 . 2010-09-11 06:46 10022504 ----a-w- c:\windows\system32\nvd3dum.dll
2010-09-25 18:04 . 2010-09-25 18:11 -------- d-----w- c:\users\Whitewizard\AppData\Roaming\W
2010-09-25 18:02 . 2010-09-25 18:02 -------- d-----w- c:\users\Whitewizard\AppData\Roaming\wargaming.net
2010-09-25 17:48 . 2010-06-02 08:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-09-25 17:48 . 2010-06-02 08:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-09-25 17:48 . 2010-06-02 08:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-09-25 17:48 . 2010-05-26 15:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-09-25 17:48 . 2010-05-26 15:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-09-25 17:48 . 2010-05-26 15:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-09-25 17:48 . 2010-05-26 15:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-09-25 17:48 . 2010-05-26 15:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-09-25 17:48 . 2010-02-04 14:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-09-25 17:48 . 2010-02-04 14:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-09-25 17:48 . 2010-02-04 14:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-09-25 17:48 . 2010-02-04 14:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-09-25 05:35 . 2010-09-25 05:35 -------- d-----w- c:\programdata\WindowsSearch
2010-09-22 23:13 . 2010-09-22 23:13 -------- d-----w- C:\Reality Gap
2010-09-22 22:16 . 2010-09-22 22:16 -------- d-----w- C:\Electronic Arts
2010-09-20 01:47 . 2010-09-20 01:47 -------- d-----w- c:\users\Whitewizard\AppData\Local\SCE
2010-09-20 01:47 . 2010-09-20 01:47 -------- d-----w- C:\Sony Online Entertainment
2010-09-15 21:08 . 2010-09-15 21:08 60928 ----a-w- c:\users\Whitewizard\G92.bin
2010-09-15 20:00 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 20:00 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 20:00 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 20:00 . 2010-08-17 10:52 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-09-15 19:59 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-13 22:24 . 2010-09-14 01:02 -------- d-----w- C:\Face of Mankind

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lxdxmon.exe"="c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe" [2008-03-20 668328]
"lxdxamon"="c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe" [2008-03-20 16040]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Whitewizard^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Whitewizard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Linksys Wireless Manager]
2009-06-24 02:57 1366064 ----a-r- c:\program files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
2009-06-18 19:41 647216 ----a-w- c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-03-26 18:21 5369856 ----a-w- c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-08-30 04:29 1242448 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-27 23:03 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-01-07 18:38 158448 ----a-w- c:\program files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2188834616-2602567752-721388112-1000]
"EnableNotificationsRef"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 cpuz129;cpuz129;c:\program files\PC Wizard 2008\pcwiz32.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\A5BB.tmp [x]
R3 netr73;Belkin Wireless G Plus MIMO USB Network Adapter Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2007-11-12 468480]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-07-30 3686240]
R4 ETService;Empowering Technology Service;c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [2008-06-11 24576]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-03-06 20376]
S2 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [2009-01-15 16872]
S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [2008-02-28 594600]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]
S3 netr28u;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-05-14 724992]
S3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclock.sys [2009-03-09 38304]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-10-12 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-27 23:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0908&m=et1641-02w
TCP: {25494EE8-6B38-404C-8727-478488C9F05D} = 192.168.50.1
TCP: {3D7728CC-4BEB-4CF9-9E80-811E1EF0038B} = 192.168.50.1,209.18.47.62
FF - ProfilePath - c:\users\Whitewizard\AppData\Roaming\Mozilla\Firefox\Profiles\ctqhlx9q.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.pointlesssites.com/
FF - component: c:\users\Whitewizard\AppData\Roaming\Mozilla\Firefox\Profiles\ctqhlx9q.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\A5BB.tmp"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2188834616-2602567752-721388112-1000\Software\SecuROM\License information*]
"datasecu"=hex:23,c0,b4,b2,68,23,f2,92,80,eb,73,d6,82,de,25,69,05,49,96,a7,e4,
32,1e,ed,db,24,45,ca,4b,78,49,47,c7,b0,e3,3a,0a,90,10,e1,bf,ae,a7,6c,9c,ec,\
"rkeysecu"=hex:82,c3,15,4f,bb,1d,3b,7f,84,f5,53,93,76,d6,d1,ff

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-10-12 20:15:19
ComboFix-quarantined-files.txt 2010-10-13 00:15

Pre-Run: 159,950,274,560 bytes free
Post-Run: 159,921,434,624 bytes free

- - End Of File - - D257D396DD1F47BDF711B81592E650FB




And here's MBAM:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4806

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

10/13/2010 12:20:30 AM
mbam-log-2010-10-13 (00-20-30).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 472243
Time elapsed: 3 hour(s), 52 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:52 AM

Posted 13 October 2010 - 05:06 PM

So far, so good for the cleaning. One more scan to see off any infected files, etc
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Leave the top box checked and then check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.


Let me know how the CPU is behaving.
Posted Image
m0le is a proud member of UNITE

#15 Whitewizard67676

Whitewizard67676
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA, NY
  • Local time:04:52 AM

Posted 13 October 2010 - 09:33 PM

Very short log.. But there's something on it.

C:\Windows\System32\FlyerSaver.scr probably a variant of Win32/Genetik trojan cleaned by deleting - quarantined



and for the CPU.. It doesn't seem to lock up for a good 3 or 4 seconds when I login anymore, I always thought that was weird.
May I ask where the MCX1 user came from? I don't recall ever making one.

Edited by Whitewizard67676, 13 October 2010 - 09:43 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users