Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Gaming Computer slower than p3


  • This topic is locked This topic is locked
20 replies to this topic

#1 rkferris

rkferris

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 16 April 2011 - 12:53 PM

Hi, can someone look at this "highjack this" scan for me and tell me if theres anything obvious showing? My computer just started acting wierd after I let someone on it while I went to work. Biggest complaint I have is now my favorite online game laggs really bad. Ive got :
XFX 780i sli
4GB ram
2x gforce 9800GTX+ SLI
750w PS
and i dont know why its so slow. Thankyou
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:47:46 AM, on 4/16/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\EVGA Precision\EVGAPrecision.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Flash Recorder\mfnsvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\EVGA Precision\Bundle\OSDServer\RTSS.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
E:\mar2010\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2304157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: FlashCatchBHO Class - {88618A96-6D8A-42E7-B932-9073D5B2080F} - D:\robertferris\FlashCatch\flashcatch.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O3 - Toolbar: FlashCatch - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - D:\robertferris\FlashCatch\flashcatch.dll
O4 - HKLM\..\Run: [EVGAPrecision] "C:\Program Files\EVGA Precision\EVGAPrecision.exe" /s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKCU\..\Run: [Desktop Software] "C:\Program Files\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_Plugin.exe -update plugin
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Robert\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: HTTP Debugger (HTTPDebugger) - Unknown owner - C:\Program Files\Flash Recorder\mfnsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

--
End of file - 7334 bytes

Edited by hamluis, 16 April 2011 - 01:44 PM.
Moved from XP to Malware Removal Logs.

XFX 780i SLI Motherboard
EVGA gForce 9800GTX+ Graphics
ASUS BC-1205PT BDROM/DVDRW/CDRW
WD 500GB HDD

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:32 PM

Posted 26 April 2011 - 06:27 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


And

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.


Then

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
Posted Image
m0le is a proud member of UNITE

#3 rkferris

rkferris
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 27 April 2011 - 11:16 PM

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Robert at 21:12:32.45 on Wed 04/27/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2558.1975 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Flash Recorder\mfnsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Steam\steam.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\mar2010\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2304157
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - AskBar BHO
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: FlashCatchBHO Class: {88618a96-6d8a-42e7-b932-9073d5b2080f} - d:\robertferris\flashcatch\flashcatch.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} -
TB: FlashCatch: {10cecf4f-a96e-4803-8ac2-f565fb29ff47} - d:\robertferris\flashcatch\flashcatch.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10l_Plugin.exe -update plugin
mRun: [EVGAPrecision] "c:\program files\evga precision\EVGAPrecision.exe" /s
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\gammat~1.lnk - c:\program files\magictune premium\GammaTray.exe
IE: E&xport to Microsoft Excel - f:\office10\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\robert\application data\dvdvideosoftiehelpers\youtubedownload.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: c:\progra~1\speedb~1\sblsp.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\robert\applic~1\mozilla\firefox\profiles\y0sowvou.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: d:\robertferris\flashcatch\firefox\components\FlashCatch.dll
FF - component: d:\robertferris\flashcatch\firefox\components\FlashCatch191.dll
FF - component: d:\robertferris\flashcatch\firefox\components\FlashCatch192.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\robert\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\itunes\mozilla plugins\npitunes.dll
FF - plugin: d:\robertferris\vlc\npvlc.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: VideoSurf Videos at a Glance: videosurf_enhanced@videosurf.com - %profile%\extensions\videosurf_enhanced@videosurf.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: XULRunner: {932844A5-CF5A-4F65-BCDF-A21717B6BD50} - c:\documents and settings\robert\local settings\application data\{932844A5-CF5A-4F65-BCDF-A21717B6BD50}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: FlashCatch: flashcatch@flashcatch.com - d:\robertferris\flashcatch\firefox
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2002-8-29 14336]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-2-18 22504]
R2 HTTPDebugger;HTTP Debugger;c:\program files\flash recorder\mfnsvc.exe [2009-9-9 64000]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-4-28 20952]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [2009-9-15 38248]
R3 RTCore32;RTCore32;c:\program files\evga precision\RTCore32.sys [2005-5-25 4608]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-4-28 363344]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-4-19 2218600]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2010-4-30 14088]
S2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\speedb~1\videoacceleratorservice.exe -start -scm --> c:\progra~1\speedb~1\VideoAcceleratorService.exe -start -scm [?]
S3 AE1000;Linksys AE1000 Driver;c:\windows\system32\drivers\AE1000XP.sys [2010-8-1 816672]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-4-28 1691480]
S3 BEFCMU10V4XP;Linksys BEFCMU10 ver. 4 Cable Modem;c:\windows\system32\drivers\BEFCMU10V4XP.sys [2010-12-22 14336]
S3 cpuz134;cpuz134;d:\robertferris\pc wizard 2010\pcwiz_x32.sys [2011-3-2 20328]
S3 OAO17Afx;OAO17Afx;c:\windows\system32\drivers\OAO17Afx.sys [2010-4-28 140888]
S3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2010-12-22 709248]
S3 SaiK0CCC;SaiK0CCC;c:\windows\system32\drivers\SaiK0CCC.sys [2010-11-14 138760]
S3 SaiU0CCC;SaiU0CCC;c:\windows\system32\drivers\SaiU0CCC.sys [2010-11-14 35336]
S3 SliceDisk5;SliceDisk5;\??\c:\program files\a-ff find and mount\slicedisk.sys --> c:\program files\a-ff find and mount\slicedisk.sys [?]
.
=============== Created Last 30 ================
.
2011-04-19 16:39:06 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-04-19 16:39:06 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-04-19 05:38:04 14080 ----a-w- c:\windows\system32\drivers\MTiCtwl.sys
2011-04-19 05:37:56 -------- d-----w- c:\program files\MagicTune Premium
2011-04-19 02:16:22 -------- d-----w- c:\program files\MonitorDriver
2011-04-08 05:15:38 81920 ----a-w- c:\windows\system32\nvwddi.dll
2011-04-08 05:15:38 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-04-08 05:15:34 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-04-08 05:15:34 13891176 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-08 05:15:34 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-08 05:15:32 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2011-04-08 05:15:32 145000 ----a-w- c:\windows\system32\nvcolor.exe
.
==================== Find3M ====================
.
2011-04-27 23:25:44 260084 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-04-27 23:25:44 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-04-27 22:52:35 260080 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-04-19 20:40:28 270856 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-04-19 20:40:28 270856 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-04-08 05:14:00 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-08 05:14:00 5210112 ----a-w- c:\windows\system32\nvcuda.dll
2011-04-08 05:14:00 4111232 ----a-w- c:\windows\system32\nv4_disp.dll
2011-04-08 05:14:00 2770536 ----a-w- c:\windows\system32\nvcuvid.dll
2011-04-08 05:14:00 2116894 ----a-w- c:\windows\system32\nvdata.bin
2011-04-08 05:14:00 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-04-08 05:14:00 2027008 ----a-w- c:\windows\system32\nvapi.dll
2011-04-08 05:14:00 14856192 ----a-w- c:\windows\system32\nvoglnt.dll
2011-04-08 05:14:00 13000704 ----a-w- c:\windows\system32\nvcompiler.dll
2011-04-07 08:02:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-04-07 08:02:14 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-04-06 22:01:08 270856 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-03-16 23:39:06 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-02-25 19:34:26 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-25 19:34:26 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 21:12:58.37 ===============
XFX 780i SLI Motherboard
EVGA gForce 9800GTX+ Graphics
ASUS BC-1205PT BDROM/DVDRW/CDRW
WD 500GB HDD

#4 rkferris

rkferris
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 27 April 2011 - 11:23 PM

I forgot to mention that when I reboot my comp. I have to go into bios, disable HD audio, then boot, reboot, re enable HD audio, then boot up otherwise I will not have any sound! any relation to the software problem? my sound is onboard and I forgot to mention that I also installed another gforce 9800gtx+ for SLI and this is when I started to have noticeable slowness.....well around the same time...maybe before the graphics card...cant remember...
XFX 780i SLI Motherboard
EVGA gForce 9800GTX+ Graphics
ASUS BC-1205PT BDROM/DVDRW/CDRW
WD 500GB HDD

#5 rkferris

rkferris
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 28 April 2011 - 12:11 AM

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-27 22:09:14
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 WDC_WD5000AACS-00ZUB0 rev.01.01B01
Running: szm6h9iz.exe; Driver: C:\DOCUME~1\Robert\LOCALS~1\Temp\pglcauod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB54CB3A0, 0x83C195, 0xE8000020]
? C:\DOCUME~1\Robert\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\program files\real\realplayer\update\realsched.exe[1624] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Mozilla Firefox\firefox.exe[3168] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 malicious Win32:MBRoot code @ sector 976767123
Disk \Device\Harddisk0\DR0 PE file @ sector 976767145

---- EOF - GMER 1.0.15 ----
XFX 780i SLI Motherboard
EVGA gForce 9800GTX+ Graphics
ASUS BC-1205PT BDROM/DVDRW/CDRW
WD 500GB HDD

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:32 PM

Posted 28 April 2011 - 06:42 PM

Hi,

Let's see what's going on here:

Disk \Device\Harddisk0\DR0 malicious Win32:MBRoot code @ sector 976767123

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#7 rkferris

rkferris
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 29 April 2011 - 05:18 AM

2011/04/29 03:11:34.0280 1696 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:2


2011/04/29 03:11:34.0811 1696 ================================================================================
2011/04/29 03:11:34.0811 1696 SystemInfo:
2011/04/29 03:11:34.0811 1696
2011/04/29 03:11:34.0811 1696 OS Version: 5.1.2600 ServicePack: 3.0
2011/04/29 03:11:34.0811 1696 Product type: Workstation
2011/04/29 03:11:34.0811 1696 ComputerName: ROBERT-FERRIS
2011/04/29 03:11:34.0811 1696 UserName: Robert
2011/04/29 03:11:34.0811 1696 Windows directory: C:\WINDOWS
2011/04/29 03:11:34.0811 1696 System windows directory: C:\WINDOWS
2011/04/29 03:11:34.0811 1696 Processor architecture: Intel x86
2011/04/29 03:11:34.0811 1696 Number of processors: 2
2011/04/29 03:11:34.0811 1696 Page size: 0x1000
2011/04/29 03:11:34.0811 1696 Boot type: Normal boot
2011/04/29 03:11:34.0811 1696 ================================================================================
2011/04/29 03:11:35.0858 1696 Initialize success
2011/04/29 03:11:43.0905 2796 ================================================================================
2011/04/29 03:11:43.0905 2796 Scan started
2011/04/29 03:11:43.0905 2796 Mode: Manual;
2011/04/29 03:11:43.0905 2796 ================================================================================
2011/04/29 03:11:45.0201 2796 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/29 03:11:45.0248 2796 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/04/29 03:11:45.0311 2796 AE1000 (678c8fdb9d6094d41f322b7159853c54) C:\WINDOWS\system32\DRIVERS\AE1000XP.sys
2011/04/29 03:11:45.0358 2796 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/04/29 03:11:45.0405 2796 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/04/29 03:11:45.0498 2796 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
2011/04/29 03:11:45.0561 2796 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/04/29 03:11:45.0623 2796 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/29 03:11:45.0623 2796 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/29 03:11:45.0655 2796 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/29 03:11:45.0670 2796 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/29 03:11:45.0717 2796 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/29 03:11:45.0748 2796 BEFCMU10V4XP (bc277a864759e6ea5e89a67bd73f4c27) C:\WINDOWS\system32\DRIVERS\BEFCMU10V4XP.sys
2011/04/29 03:11:45.0764 2796 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/04/29 03:11:45.0780 2796 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/04/29 03:11:45.0811 2796 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/29 03:11:45.0858 2796 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/29 03:11:45.0873 2796 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/29 03:11:45.0889 2796 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/29 03:11:46.0061 2796 cpuz134 (75fa19142531cbf490770c2988a7db64) D:\robertferris\PC Wizard 2010\pcwiz_x32.sys
2011/04/29 03:11:46.0092 2796 cpuz135 (6bada94085b6709694f8327c211d12e1) C:\WINDOWS\system32\drivers\cpuz135_x32.sys
2011/04/29 03:11:46.0123 2796 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/29 03:11:46.0155 2796 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/29 03:11:46.0201 2796 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/29 03:11:46.0217 2796 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/29 03:11:46.0233 2796 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/29 03:11:46.0248 2796 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/29 03:11:46.0264 2796 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/29 03:11:46.0280 2796 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/04/29 03:11:46.0311 2796 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/29 03:11:46.0326 2796 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/04/29 03:11:46.0342 2796 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/04/29 03:11:46.0342 2796 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/29 03:11:46.0358 2796 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/29 03:11:46.0373 2796 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/04/29 03:11:46.0405 2796 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
2011/04/29 03:11:46.0451 2796 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/29 03:11:46.0467 2796 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/04/29 03:11:46.0498 2796 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/29 03:11:46.0561 2796 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/29 03:11:46.0608 2796 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
2011/04/29 03:11:46.0623 2796 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/29 03:11:46.0780 2796 IntcAzAudAddService (364d3642ae236c3f2f5f55f43b09ffda) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/04/29 03:11:46.0889 2796 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/04/29 03:11:46.0920 2796 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/04/29 03:11:46.0936 2796 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/29 03:11:46.0951 2796 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/29 03:11:46.0983 2796 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/29 03:11:46.0998 2796 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/29 03:11:47.0030 2796 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/29 03:11:47.0045 2796 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/29 03:11:47.0139 2796 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/29 03:11:47.0139 2796 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/04/29 03:11:47.0170 2796 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/29 03:11:47.0201 2796 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/29 03:11:47.0248 2796 MagicTune (f650ead361bcad08d544db5bbe7e8f35) C:\WINDOWS\system32\drivers\MTiCtwl.sys
2011/04/29 03:11:47.0280 2796 MBAMProtector (836e0e09ca9869be7eb39ef2cf3602c7) C:\WINDOWS\system32\drivers\mbam.sys
2011/04/29 03:11:47.0295 2796 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/29 03:11:47.0326 2796 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/29 03:11:47.0373 2796 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
2011/04/29 03:11:47.0405 2796 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/29 03:11:47.0420 2796 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/29 03:11:47.0436 2796 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/29 03:11:47.0451 2796 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/29 03:11:47.0483 2796 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/29 03:11:47.0498 2796 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/29 03:11:47.0530 2796 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/29 03:11:47.0545 2796 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/29 03:11:47.0545 2796 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/29 03:11:47.0561 2796 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/29 03:11:47.0592 2796 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
2011/04/29 03:11:47.0608 2796 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/29 03:11:47.0623 2796 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/29 03:11:47.0639 2796 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/29 03:11:47.0655 2796 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/29 03:11:47.0670 2796 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/29 03:11:47.0701 2796 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/29 03:11:47.0701 2796 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/29 03:11:47.0717 2796 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/29 03:11:47.0748 2796 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/04/29 03:11:47.0764 2796 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2011/04/29 03:11:47.0811 2796 NPF (6623e51595c0076755c29c00846c4eb2) C:\WINDOWS\system32\drivers\npf.sys
2011/04/29 03:11:47.0826 2796 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/29 03:11:47.0842 2796 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/29 03:11:47.0889 2796 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/29 03:11:48.0201 2796 nv (f1de35c89d98a883d1b4030dc9896855) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/04/29 03:11:48.0467 2796 NVENETFD (7d275ecda4628318912f6c945d5cf963) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/04/29 03:11:48.0498 2796 nvnetbus (b64aacefad2be5bff5353fe681253c67) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/04/29 03:11:48.0530 2796 nvoclock (96c5900331bd17344f338d006888bae5) C:\WINDOWS\system32\DRIVERS\nvoclock.sys
2011/04/29 03:11:48.0576 2796 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/29 03:11:48.0576 2796 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/29 03:11:48.0608 2796 OAO17Afx (dd37c4c7ba28332d3d3444d3e634d794) C:\WINDOWS\system32\DRIVERS\OAO17Afx.sys
2011/04/29 03:11:48.0623 2796 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/04/29 03:11:48.0655 2796 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/04/29 03:11:48.0655 2796 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/29 03:11:48.0686 2796 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/29 03:11:48.0701 2796 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/29 03:11:48.0733 2796 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/29 03:11:48.0748 2796 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/04/29 03:11:48.0905 2796 pnarp (36fcac4fa28b462ca867742dea59b0d0) C:\WINDOWS\system32\DRIVERS\pnarp.sys
2011/04/29 03:11:48.0920 2796 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/29 03:11:48.0936 2796 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/04/29 03:11:48.0936 2796 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/29 03:11:48.0983 2796 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/29 03:11:49.0014 2796 purendis (d8ac00388262b1a4878a7ee12f31d376) C:\WINDOWS\system32\DRIVERS\purendis.sys
2011/04/29 03:11:49.0076 2796 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/29 03:11:49.0092 2796 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/29 03:11:49.0108 2796 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/29 03:11:49.0108 2796 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/29 03:11:49.0139 2796 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/29 03:11:49.0155 2796 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/29 03:11:49.0170 2796 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/29 03:11:49.0201 2796 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/29 03:11:49.0248 2796 rt2870 (ee5ad71a1f576d4d58d8d014560eb856) C:\WINDOWS\system32\DRIVERS\rt2870.sys
2011/04/29 03:11:49.0342 2796 RTCore32 (2c293f0f3295a599fb50d8fcf1fa6ded) C:\Program Files\EVGA Precision\RTCore32.sys
2011/04/29 03:11:49.0373 2796 SaiK0CCC (ea1763e9414a12485c9b7cf92c56cfcf) C:\WINDOWS\system32\DRIVERS\SaiK0CCC.sys
2011/04/29 03:11:49.0405 2796 SaiMini (50d7231c029c7f06d3c449147a273e72) C:\WINDOWS\system32\DRIVERS\SaiMini.sys
2011/04/29 03:11:49.0420 2796 SaiNtBus (41d1a416169725612571e81dfe941440) C:\WINDOWS\system32\drivers\SaiBus.sys
2011/04/29 03:11:49.0451 2796 SaiU0CCC (eadbc1c0580eeabe3af8d50cabf2ec47) C:\WINDOWS\system32\DRIVERS\SaiU0CCC.sys
2011/04/29 03:11:49.0483 2796 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/04/29 03:11:49.0498 2796 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/04/29 03:11:49.0530 2796 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/29 03:11:49.0561 2796 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/29 03:11:49.0576 2796 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/04/29 03:11:49.0608 2796 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/29 03:11:49.0686 2796 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
2011/04/29 03:11:49.0717 2796 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/29 03:11:49.0748 2796 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/29 03:11:49.0764 2796 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/29 03:11:49.0795 2796 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/29 03:11:49.0811 2796 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/29 03:11:49.0858 2796 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/29 03:11:49.0905 2796 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/29 03:11:49.0936 2796 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/29 03:11:49.0967 2796 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/29 03:11:49.0983 2796 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/29 03:11:49.0998 2796 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/29 03:11:50.0045 2796 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/29 03:11:50.0061 2796 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/29 03:11:50.0061 2796 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/29 03:11:50.0076 2796 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/29 03:11:50.0076 2796 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/04/29 03:11:50.0108 2796 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/04/29 03:11:50.0139 2796 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/29 03:11:50.0155 2796 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/04/29 03:11:50.0201 2796 VIAudio (819bf44085104be6527b86a88acf856b) C:\WINDOWS\system32\drivers\ac97via.sys
2011/04/29 03:11:50.0201 2796 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/29 03:11:50.0217 2796 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/29 03:11:50.0248 2796 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/04/29 03:11:50.0280 2796 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/29 03:11:50.0311 2796 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/04/29 03:11:50.0342 2796 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/04/29 03:11:50.0358 2796 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/04/29 03:11:50.0576 2796 ================================================================================
2011/04/29 03:11:50.0576 2796 Scan finished
2011/04/29 03:11:50.0576 2796 ================================================================================
Hello here is the scan results...Thank you for your help....looks like nothing is wrong....but something is definitely not right, system stalls, lags in games...even a delay when playing facebook "bejeweled". Not the performance I expected from the components I put together. again thank you and ill keep checking
Robert
XFX 780i SLI Motherboard
EVGA gForce 9800GTX+ Graphics
ASUS BC-1205PT BDROM/DVDRW/CDRW
WD 500GB HDD

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:32 PM

Posted 29 April 2011 - 05:25 AM

Can you run MBRCheck next

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
Posted Image
m0le is a proud member of UNITE

#9 rkferris

rkferris
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 30 April 2011 - 04:13 AM

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000001fc

Kernel Drivers (total 127):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xB85A8000 \WINDOWS\system32\KDCOM.DLL
0xB84B8000 \WINDOWS\system32\BOOTVID.dll
0xB7F79000 ACPI.sys
0xB85AA000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xB7F68000 pci.sys
0xB80A8000 isapnp.sys
0xB80B8000 ohci1394.sys
0xB80C8000 \WINDOWS\System32\DRIVERS\1394BUS.SYS
0xB8670000 pciide.sys
0xB8328000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xB80D8000 MountMgr.sys
0xB7F49000 ftdisk.sys
0xB8330000 PartMgr.sys
0xB80E8000 VolSnap.sys
0xB7F31000 atapi.sys
0xB80F8000 disk.sys
0xB8108000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xB7F11000 fltmgr.sys
0xB7EFF000 sr.sys
0xB7EE8000 KSecDD.sys
0xB7E5B000 Ntfs.sys
0xB7E2E000 NDIS.sys
0xB85AC000 speedfan.sys
0xB7E14000 Mup.sys
0xB8671000 giveio.sys
0xB8168000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xB54CB000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB54B7000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB8488000 \SystemRoot\System32\DRIVERS\fdc.sys
0xB8198000 \SystemRoot\System32\DRIVERS\serial.sys
0xB7BF4000 \SystemRoot\System32\DRIVERS\serenum.sys
0xB8490000 \SystemRoot\System32\DRIVERS\usbohci.sys
0xB5493000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xB8498000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xB81A8000 \SystemRoot\System32\DRIVERS\imapi.sys
0xB81B8000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xB81C8000 \SystemRoot\System32\DRIVERS\redbook.sys
0xB5470000 \SystemRoot\System32\DRIVERS\ks.sys
0xB84A0000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB544B000 \SystemRoot\System32\DRIVERS\HDAudBus.sys
0xB8208000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xB530A000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xB8702000 \SystemRoot\System32\DRIVERS\audstub.sys
0xB8218000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xB7BEC000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xB52F3000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xB8228000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xB8238000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xB84B0000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xB52E2000 \SystemRoot\System32\DRIVERS\psched.sys
0xB8248000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xB8398000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xB83A0000 \SystemRoot\System32\DRIVERS\raspti.sys
0xB8258000 \SystemRoot\system32\drivers\SaiBus.sys
0xB8268000 \SystemRoot\System32\DRIVERS\termdd.sys
0xB83A8000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xB83B0000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xB85FA000 \SystemRoot\System32\DRIVERS\swenum.sys
0xB5269000 \SystemRoot\System32\DRIVERS\update.sys
0xB7BE0000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xB83C0000 \SystemRoot\system32\DRIVERS\nvoclock.sys
0xB8278000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0xB8288000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB8558000 \SystemRoot\system32\DRIVERS\SaiMini.sys
0xB8298000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB83D0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB8568000 \SystemRoot\System32\DRIVERS\kbdhid.sys
0xB8570000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xB7693000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xB860E000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xB083E000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB081A000 \SystemRoot\system32\drivers\portcls.sys
0xB8148000 \SystemRoot\system32\drivers\drmk.sys
0xB862A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB8694000 \SystemRoot\System32\Drivers\Null.SYS
0xB862C000 \SystemRoot\System32\Drivers\Beep.SYS
0xB8428000 \SystemRoot\System32\drivers\vga.sys
0xB862E000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB8630000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB8430000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB8438000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB7DD8000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xB07BF000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xB0766000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xB0740000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xB0718000 \SystemRoot\System32\DRIVERS\netbt.sys
0xB8178000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xB522D000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xB06CE000 \SystemRoot\System32\drivers\afd.sys
0xB4084000 \SystemRoot\System32\DRIVERS\netbios.sys
0xB06AC000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xB8440000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xB0681000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xB0611000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xB4064000 \SystemRoot\System32\Drivers\Fips.SYS
0xB8470000 \SystemRoot\System32\DRIVERS\usbccgp.sys
0xB8564000 \SystemRoot\System32\DRIVERS\hidusb.sys
0xB8480000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS
0xB0600000 \SystemRoot\System32\Drivers\Udfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB07F6000 \SystemRoot\System32\drivers\Dxapi.sys
0xB41E9000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB87D3000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD3FE000 \SystemRoot\System32\ATMFD.DLL
0xAF9D6000 \??\C:\WINDOWS\system32\drivers\mbam.sys
0xAF8C6000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xB8390000 \SystemRoot\system32\DRIVERS\pnarp.sys
0xB83C8000 \SystemRoot\system32\DRIVERS\purendis.sys
0xAF4A5000 \SystemRoot\system32\drivers\wdmaud.sys
0xAF5EA000 \SystemRoot\system32\drivers\sysaudio.sys
0xAF310000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xAF6FA000 \??\C:\WINDOWS\system32\drivers\cpuz135_x32.sys
0xAF178000 \SystemRoot\System32\DRIVERS\srv.sys
0xAEA7C000 \SystemRoot\System32\Drivers\HTTP.sys
0xAEBA8000 \SystemRoot\system32\drivers\MTiCtwl.sys
0xB85E8000 \??\C:\Program Files\EVGA Precision\RTCore32.sys
0x94B51000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB83F0000 \SystemRoot\system32\drivers\npf.sys
0xAEC20000 \SystemRoot\System32\DRIVERS\NMnt.sys
0x8B400000 \SystemRoot\system32\drivers\kmixer.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xB8340000 \??\C:\DOCUME~1\Robert\LOCALS~1\Temp\mbr.sys
0x8ACCA000 \??\C:\DOCUME~1\Robert\LOCALS~1\Temp\pglcauod.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 30):
0 System Idle Process
4 System
828 C:\WINDOWS\system32\smss.exe
892 csrss.exe
916 C:\WINDOWS\system32\winlogon.exe
960 C:\WINDOWS\system32\services.exe
972 C:\WINDOWS\system32\lsass.exe
1212 C:\WINDOWS\system32\svchost.exe
1264 svchost.exe
1416 C:\WINDOWS\system32\svchost.exe
1552 svchost.exe
1756 svchost.exe
1932 C:\WINDOWS\system32\spoolsv.exe
144 C:\WINDOWS\explorer.exe
872 svchost.exe
1036 C:\WINDOWS\system32\svchost.exe
1408 C:\WINDOWS\system32\svchost.exe
1540 C:\Program Files\Flash Recorder\mfnsvc.exe
616 C:\WINDOWS\system32\PnkBstrA.exe
1632 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
3332 alg.exe
2892 C:\Program Files\SpeedFan\speedfan.exe
6084 C:\WINDOWS\system32\wscntfy.exe
4252 C:\Program Files\Steam\steam.exe
4480 C:\WINDOWS\system32\svchost.exe
864 C:\Program Files\Mozilla Firefox\firefox.exe
4664 C:\Program Files\Mozilla Firefox\plugin-container.exe
4100 C:\WINDOWS\explorer.exe
3272 C:\Program Files\Real\RealPlayer\Update\realsched.exe
1340 C:\Documents and Settings\Robert\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x0000001f`ffb19e00 (NTFS)
\\.\G: --> \\.\PhysicalDrive1 at offset 0x00000045`f94cf200 (NTFS)
\\.\I: --> \\.\PhysicalDrive3 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD5000AACS-00ZUB0, Rev: 01.01B01
PhysicalDrive1 Model Number: WDCWD5000AACS-00G8B0, Rev: 05.04C05
PhysicalDrive2 Model Number: Maxtor6Y080M0, Rev: YAR51EW0
PhysicalDrive3 Model Number: WD5000AAV External, Rev: 1.75

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
465 GB \\.\PhysicalDrive1 Legit MBR code detected
SHA1: 317A49A9E93F077F2D004734D2A7B6CA7E7B9495
76 GB \\.\PhysicalDrive2 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
465 GB \\.\PhysicalDrive3 RE: Unknown MBR code
SHA1: D90653CCC05EE39D4D44E1F67C33297D65F3ED4F


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!here is my scan thanks
XFX 780i SLI Motherboard
EVGA gForce 9800GTX+ Graphics
ASUS BC-1205PT BDROM/DVDRW/CDRW
WD 500GB HDD

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:32 PM

Posted 30 April 2011 - 05:10 AM

Nothing to worry about on that log either.

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:32 PM

Posted 02 May 2011 - 06:54 PM

Hi,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:32 PM

Posted 03 May 2011 - 06:33 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Posted Image
m0le is a proud member of UNITE

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:32 PM

Posted 03 May 2011 - 07:38 PM

Reopened at user's request

-----------------------------------------

Please post your reply. :)
Posted Image
m0le is a proud member of UNITE

#14 rkferris

rkferris
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 03 May 2011 - 08:22 PM

Here is the results of the scan...sure is full....hope this says anyhing useful and thanks.


ComboFix 11-05-03.02 - Robert 05/03/2011 18:06:25.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2558.2094 [GMT -7:00]
Running from: e:\mar2010\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Robert\Local Settings\Application Data\{932844A5-CF5A-4F65-BCDF-A21717B6BD50}
c:\documents and settings\Robert\Local Settings\Application Data\{932844A5-CF5A-4F65-BCDF-A21717B6BD50}\chrome.manifest
c:\documents and settings\Robert\Local Settings\Application Data\{932844A5-CF5A-4F65-BCDF-A21717B6BD50}\chrome\content\_cfg.js
c:\documents and settings\Robert\Local Settings\Application Data\{932844A5-CF5A-4F65-BCDF-A21717B6BD50}\chrome\content\overlay.xul
c:\documents and settings\Robert\Local Settings\Application Data\{932844A5-CF5A-4F65-BCDF-A21717B6BD50}\install.rdf
c:\documents and settings\Robert\Recent\Thumbs.db
c:\documents and settings\Robert\Start Menu\Programs\Memory Fixer
c:\documents and settings\Robert\Start Menu\Programs\Windows Repair
c:\documents and settings\Robert\Start Menu\Programs\Windows Repair\Startup Monitor.lnk
c:\documents and settings\Robert\Start Menu\Programs\Windows Repair\WindowsRepair.lnk
c:\program files\Flash Recorder\mfNCom.dll
c:\windows\emareyil.dll
c:\windows\ivipekamosarev.dll
c:\windows\izeworit.dll
c:\windows\system32\Temp
I:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_HTTPDEBUGGER
-------\Service_HTTPDebugger
.
.
((((((((((((((((((((((((( Files Created from 2011-04-04 to 2011-05-04 )))))))))))))))))))))))))))))))
.
.
2011-04-20 22:24 . 2011-04-20 22:24 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla
2011-04-19 16:40 . 2011-04-19 16:40 -------- d-----w- c:\documents and settings\UpdatusUser
2011-04-19 16:39 . 2011-04-08 05:14 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-04-19 16:39 . 2011-04-08 05:14 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-04-19 05:38 . 2009-06-04 20:53 14080 ----a-w- c:\windows\system32\drivers\MTiCtwl.sys
2011-04-19 05:37 . 2011-04-19 05:38 -------- d-----w- c:\program files\MagicTune Premium
2011-04-19 02:16 . 2011-04-19 02:16 -------- d-----w- c:\program files\MonitorDriver
2011-04-19 02:16 . 2011-04-19 02:16 -------- d-----w- c:\documents and settings\Robert\Application Data\InstallShield
2011-04-08 05:15 . 2011-04-08 05:15 81920 ----a-w- c:\windows\system32\nvwddi.dll
2011-04-08 05:15 . 2011-04-08 05:15 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-04-08 05:15 . 2011-04-08 05:15 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-04-08 05:15 . 2011-04-08 05:15 13891176 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-08 05:15 . 2011-04-08 05:15 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-08 05:15 . 2011-04-08 05:15 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2011-04-08 05:15 . 2011-04-08 05:15 145000 ----a-w- c:\windows\system32\nvcolor.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-03 09:17 . 2010-05-10 20:02 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-05-03 09:17 . 2010-05-10 20:02 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-04-19 20:40 . 2010-11-18 15:44 138440 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-04-19 20:40 . 2010-11-18 15:45 270856 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-04-19 20:40 . 2010-11-18 15:44 270856 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-04-08 05:14 . 2010-12-25 20:55 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-08 05:14 . 2010-12-25 20:55 5210112 ----a-w- c:\windows\system32\nvcuda.dll
2011-04-08 05:14 . 2010-12-25 20:55 2770536 ----a-w- c:\windows\system32\nvcuvid.dll
2011-04-08 05:14 . 2010-12-25 20:55 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-04-08 05:14 . 2010-12-25 20:55 14856192 ----a-w- c:\windows\system32\nvoglnt.dll
2011-04-08 05:14 . 2010-12-25 20:55 2027008 ----a-w- c:\windows\system32\nvapi.dll
2011-04-08 05:14 . 2010-12-25 20:55 13000704 ----a-w- c:\windows\system32\nvcompiler.dll
2011-04-08 05:14 . 2010-04-28 13:35 12501600 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-04-08 05:14 . 2010-04-28 13:35 4111232 ----a-w- c:\windows\system32\nv4_disp.dll
2011-04-06 22:01 . 2010-11-18 15:44 270856 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-03-16 23:39 . 2011-03-16 23:39 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-02-25 19:34 . 2011-02-25 19:34 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-25 19:34 . 2011-02-25 19:34 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EVGAPrecision"="c:\program files\EVGA Precision\EVGAPrecision.exe" [2011-01-17 355432]
"NvMediaCenter"="NvMCTray.dll" [2011-04-08 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-04-08 13891176]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-02-24 1753192]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-21 443728]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-05-03 273544]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
GammaTray.lnk - c:\program files\MagicTune Premium\GammaTray.exe [2011-4-18 36864]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Metacafe.lnk
backup=c:\windows\pss\Metacafe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Robert^Start Menu^Programs^Startup^nettir32.exe]
path=c:\documents and settings\Robert\Start Menu\Programs\Startup\nettir32.exe
backup=c:\windows\pss\nettir32.exeStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 20:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2009-12-26 02:49 64032 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]
2008-04-24 21:25 202560 ----a-w- c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dgoregu]
2008-04-14 00:12 182272 ----a-w- c:\windows\ezeziqip.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 05:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 10:10 421160 ----a-w- d:\itunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kdane]
2008-04-14 00:12 59392 ----a-w- c:\windows\dhex32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-12-21 02:08 443728 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MP4 Player]
2007-09-19 13:00 639488 ----a-w- c:\program files\MP4 Player\Mp4Player.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
2009-07-08 10:53 472112 ----a-w- c:\program files\Pure Networks\Network Magic\nmapp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
2009-07-07 22:48 647216 ----a-w- c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-04-08 05:15 13891176 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-04-08 05:15 111208 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2011-02-24 09:57 1753192 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProfilerU]
2010-04-23 19:40 245760 ----a-w- c:\program files\Saitek\SD6\Software\ProfilerU.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 19:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-12-26 02:50 18789408 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SaiMfd]
2010-04-23 19:40 135168 ----a-w- c:\program files\Saitek\SD6\Software\SaiMfd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Dashboard]
2010-04-30 14:47 79112 ----a-w- c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 22:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-12-14 20:02 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-05-03 09:17 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Laplink\\PCmover\\PCmover.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\medal of honor\\Binaries\\moh.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\empire total war\\Empire.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\medal of honor\\MP\\mohmpgame.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\medal of honor\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\itunes\\iTunes.exe"=
"d:\\robertferris\\VLC\\vlc.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\mafia ii\\pc\\Mafia2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\napoleon total war\\Napoleon.exe"=
"c:\\Program Files\\MagicTune Premium\\MagicTune.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\homefront\\Binaries\\HOMEFRONT.exe"=
"c:\\Program Files\\CyberLink\\BD Solution\\ODDUpdate.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2540:TCP"= 2540:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2/18/2011 7:50 AM 22504]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/28/2010 6:58 AM 363344]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [4/19/2011 9:40 AM 2218600]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [4/30/2010 7:47 AM 14088]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/28/2010 6:58 AM 20952]
R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [9/15/2009 3:59 PM 38248]
R3 RTCore32;RTCore32;c:\program files\EVGA Precision\RTCore32.sys [5/25/2005 12:39 PM 4608]
S3 AE1000;Linksys AE1000 Driver;c:\windows\system32\drivers\AE1000XP.sys [8/1/2010 8:19 PM 816672]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [4/28/2010 10:57 AM 1691480]
S3 BEFCMU10V4XP;Linksys BEFCMU10 ver. 4 Cable Modem;c:\windows\system32\drivers\BEFCMU10V4XP.sys [12/22/2010 4:28 PM 14336]
S3 cpuz134;cpuz134;d:\robertferris\PC Wizard 2010\pcwiz_x32.sys [3/2/2011 3:02 PM 20328]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 1:22 PM 34064]
S3 OAO17Afx;OAO17Afx;c:\windows\system32\drivers\OAO17Afx.sys [4/28/2010 10:50 AM 140888]
S3 SaiK0CCC;SaiK0CCC;c:\windows\system32\drivers\SaiK0CCC.sys [11/14/2010 8:02 AM 138760]
S3 SaiU0CCC;SaiU0CCC;c:\windows\system32\drivers\SaiU0CCC.sys [11/14/2010 8:03 AM 35336]
S3 SliceDisk5;SliceDisk5;\??\c:\program files\A-FF Find and Mount\slicedisk.sys --> c:\program files\A-FF Find and Mount\slicedisk.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2052111302-682003330-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]
.
2011-05-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2052111302-682003330-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]
.
2011-05-03 c:\windows\Tasks\User_Feed_Synchronization-{F1DCC25F-35E7-4759-BC5B-BC9E81E50E6B}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2304157
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - f:\office10\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\Robert\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
LSP: c:\progra~1\SPEEDB~1\sblsp.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Robert\Application Data\Mozilla\Firefox\Profiles\y0sowvou.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: VideoSurf Videos at a Glance: videosurf_enhanced@videosurf.com - %profile%\extensions\videosurf_enhanced@videosurf.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: FlashCatch: flashcatch@flashcatch.com - d:\robertferris\FlashCatch\firefox
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
MSConfigStartUp-Advanced SystemCare 3 - c:\program files\IObit\Advanced SystemCare 3\AWC.exe
MSConfigStartUp-LanguageShortcut - c:\program files\CyberLink\PowerDVD\Language\Language.exe
MSConfigStartUp-Messenger (Yahoo!) - c:\program files\Yahoo!\Messenger\YahooMessenger.exe
MSConfigStartUp-NUSB3MON - j:\application\nusb3mon.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-03 18:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2052111302-682003330-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:03,43,9a,54,89,9a,f7,2a,8a,7d,2a,21,4f,89,3a,53,17,9a,69,ff,4f,
24,c2,bb,e3,41,15,2d,24,ea,51,b7,c7,1d,7c,02,88,bb,20,25,0f,a6,14,3e,72,6b,\
"rkeysecu"=hex:00,53,d8,ff,d8,13,03,7c,a3,2d,7f,e7,0c,33,eb,6a
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(880)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2516)
c:\windows\system32\WININET.dll
c:\program files\EVGA Precision\Bundle\OSDServer\RTSSHooks.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\RunDLL32.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\MagicTune Premium\MagicTuneEngine.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\program files\NVIDIA Corporation\System Update\UpdateCenterService.exe
c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\SPEEDB~1\VideoAcceleratorEngine.exe
c:\program files\EVGA Precision\Bundle\OSDServer\RTSS.exe
c:\program files\MagicTune Premium\MagicTune.exe
.
**************************************************************************
.
Completion time: 2011-05-03 18:17:38 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-04 01:17
.
Pre-Run: 28,738,342,912 bytes free
Post-Run: 29,357,809,664 bytes free
.
- - End Of File - - FF2A682B540FBCCC9594D09EC53C7248
XFX 780i SLI Motherboard
EVGA gForce 9800GTX+ Graphics
ASUS BC-1205PT BDROM/DVDRW/CDRW
WD 500GB HDD

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:32 PM

Posted 04 May 2011 - 02:40 PM

We've found some malware finally. Please rerun Combofix with the instructions below

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the box below into it:

http://www.bleepingcomputer.com/forums/topic391684.html/page__p__2209887__fromsearch__1#entry2209887

Collect::
c:\windows\ezeziqip.dll

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dgoregu]

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]


Save this as CFScript.txt, in the same location as Comfix.exe (called ComboFix.exe in the below graphic)


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

If the program requests for you to update Combofix then click Yes.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users