The video card is GeForce GT 520 1gb DDR3
My Computer is a Compaq Presairo SR1639UK
The computer run perfectly fine with the new card and drivers updated and the computer was left on. I booted today and noticed the CPU was at 100% EVEN when system idle was at 99% Here is a picture...
Any new process opened auto becomes that 100% BTW
I opened process explorer and interrupts was the offender. Now this is not a process but googling showed other users had recently installed a video card with same issues. Could not resolve it. I then noticed a new game that a family member torrented which i removed and rebooted. After 5 minutes the PC resumed normal. I help the program suspect. After another reboot the problem come back which then i reinstalled all new drivers. Took the video card out and blow it. Still same.
6 hours of googling, Uninstalling drivers, reinstalling, disablign drivers, trying a limited startup in msconfig i gave up assumed i was infected and ran combofix. (yes i know i shouldn't of but was fed up.)
It did find infected files rebooted and still the same.
Is it my card being to new on a 6 year old machine? or infected still.... Thinking of reformatting.
thanks
Log
ComboFix 11-09-29.06 - Administrator 29/09/2011 21:21:24.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1022.676 [GMT 1:00]
Running from: i:\documents and settings\Administrator\My Documents\Morzilla\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
i:\documents and settings\Administrator\Start Menu\Internet Explorer.lnk
i:\documents and settings\Administrator\WINDOWS
i:\documents and settings\All Users\Application Data\AMMYY
i:\documents and settings\All Users\Application Data\AMMYY\hr
i:\documents and settings\All Users\Application Data\AMMYY\settings.bin
i:\windows\mirc.ini
i:\windows\system\MSNChatX.ocx
i:\windows\system\VI30AUT.DLL
i:\windows\system32\AutoRun.inf
i:\windows\system32\comct332.ocx
i:\windows\system32\d3d9caps.dat
.
Infected copy of i:\windows\system32\ntkrnlpa.exe was found and disinfected
Restored copy from - i:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
.
Infected copy of i:\windows\system32\ntoskrnl.exe was found and disinfected
Restored copy from - i:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-08-28 to 2011-09-29 )))))))))))))))))))))))))))))))
.
.
2011-09-29 19:51 . 2011-09-29 19:51 -------- d-----w- i:\windows\LastGood.Tmp
2011-09-29 19:46 . 2011-09-29 19:46 -------- d-----w- i:\documents and settings\UpdatusUser
2011-09-29 19:46 . 2011-09-29 19:46 -------- d-----w- i:\documents and settings\All Users\Application Data\NVIDIA
2011-09-29 19:46 . 2011-09-29 19:46 -------- d-----w- i:\documents and settings\All Users\Application Data\NVIDIA Corporation
2011-09-29 18:59 . 2011-09-29 19:03 -------- d-----w- i:\documents and settings\Administrator\Application Data\FixCleaner
2011-09-29 18:58 . 2011-09-29 19:45 -------- d-----w- i:\program files\FixCleaner
2011-09-29 18:56 . 2011-09-29 19:45 -------- d-----w- i:\program files\SlimDrivers
2011-09-29 16:51 . 2011-09-29 17:08 -------- d-----w- i:\windows\SxsCaPendDel
2011-09-29 15:53 . 2011-09-29 15:53 41272 ----a-w- i:\windows\system32\drivers\mbamswissarmy.sys
2011-09-28 19:20 . 2008-07-31 09:41 238088 ----a-w- i:\windows\system32\xactengine3_2.dll
2011-09-28 19:19 . 2005-05-26 14:34 2297552 ----a-w- i:\windows\system32\d3dx9_26.dll
2011-09-28 17:45 . 2011-09-29 16:07 -------- d-----w- i:\program files\Activision
2011-09-24 07:55 . 2011-09-24 07:55 -------- d-----w- I:\Hosts
2011-09-22 22:36 . 2011-09-22 22:36 20992 ----a-w- i:\windows\system32\msscript.oca
2011-09-19 17:28 . 2011-09-25 18:49 -------- d-----w- i:\program files\mIRC
2011-09-18 11:58 . 2011-09-20 16:52 -------- d-----w- i:\program files\NovaLogic
2011-09-12 22:10 . 2011-09-12 22:10 240128 ----a-w- i:\windows\system32\COMCTL32.oca
2011-09-12 17:27 . 2011-09-12 17:27 -------- d-sh--w- i:\windows\ftpcache
2011-09-12 14:59 . 2011-09-20 16:48 -------- d-----w- I:\BackUps
2011-09-08 17:43 . 2011-09-22 21:52 -------- d-----w- i:\documents and settings\Administrator\Application Data\X-Chat 2
2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- i:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-09-05 16:06 . 2011-09-05 16:29 -------- d-----w- i:\documents and settings\Administrator\Desktop_.Net
2011-09-04 22:24 . 2011-09-04 22:24 64000 ----a-w- i:\windows\system32\ieframe.oca
2011-09-04 22:24 . 2011-09-04 22:24 43008 ----a-w- i:\windows\system32\TABCTL32.oca
2011-09-04 22:24 . 2011-09-04 22:24 35328 ----a-w- i:\windows\system32\comct332.oca
2011-09-04 22:24 . 2011-09-04 22:24 135168 ----a-w- i:\windows\system32\MSCOMCT2.oca
2011-09-01 21:15 . 2011-09-08 17:43 -------- d-----w- i:\program files\xchat
2011-09-01 17:54 . 2011-09-01 17:59 -------- d-----w- i:\documents and settings\Administrator\Application Data\Simple_Coders
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 09:12 . 2008-04-14 04:41 599040 ----a-w- i:\windows\system32\crypt32.dll
2011-09-07 16:48 . 2011-05-26 21:13 404640 ----a-w- i:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-31 16:00 . 2011-05-31 20:30 22216 ----a-w- i:\windows\system32\drivers\mbam.sys
2011-08-29 18:56 . 2011-06-08 00:58 265728 ----a-w- i:\windows\system32\mscomctl.oca
2011-08-29 18:56 . 2011-08-29 18:56 22016 ----a-w- i:\windows\system32\MSWINSCK.oca
2011-08-26 15:08 . 2011-06-08 00:58 64000 ----a-w- i:\windows\system32\RICHTX32.oca
2011-08-15 14:06 . 2011-05-27 01:45 158512 ----a-w- i:\windows\system32\drivers\VBoxDrv.sys
2011-08-15 14:06 . 2011-05-27 01:44 90928 ----a-w- i:\windows\system32\drivers\VBoxUSBMon.sys
2011-08-15 14:06 . 2011-05-16 18:01 116016 ----a-w- i:\windows\system32\drivers\VBoxNetFlt.sys
2011-08-15 14:06 . 2011-05-16 18:01 104752 ----a-w- i:\windows\system32\drivers\VBoxNetAdp.sys
2011-08-15 14:06 . 2011-08-15 14:06 135472 ----a-w- i:\windows\system32\VBoxNetFltNobj.dll
2011-07-15 13:29 . 2008-04-13 23:47 456320 ----a-w- i:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2008-04-13 23:27 10496 ----a-w- i:\windows\system32\drivers\ndistapi.sys
2011-07-04 11:43 . 2011-05-26 20:24 40112 ----a-w- i:\windows\avastSS.scr
2011-07-04 11:43 . 2011-05-26 20:24 199304 ----a-w- i:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-05-26 20:24 441176 ----a-w- i:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2011-05-26 20:24 309848 ----a-w- i:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2011-05-26 20:24 102616 ----a-w- i:\windows\system32\drivers\aswmon2.sys
2011-07-04 11:35 . 2011-05-26 20:24 96344 ----a-w- i:\windows\system32\drivers\aswmon.sys
2011-07-04 11:32 . 2011-05-26 20:24 25432 ----a-w- i:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2011-05-26 20:24 30808 ----a-w- i:\windows\system32\drivers\aavmker4.sys
2011-07-04 11:32 . 2011-05-26 20:24 19544 ----a-w- i:\windows\system32\drivers\aswFsBlk.sys
2011-09-07 14:49 . 2011-05-26 19:42 134104 ----a-w- i:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-08-06 . A4425B538E4087E33FF89A378FF0C8D0 . 68832 . . [7.4.7600.226] . . i:\windows\system32\wuauclt.exe
[-] 2009-08-06 . A4425B538E4087E33FF89A378FF0C8D0 . 68832 . . [7.4.7600.226] . . i:\windows\system32\dllcache\wuauclt.exe
[7] 2009-08-06 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . i:\windows\Tango Patcher 2600\Backup\wuauclt.exe
.
[-] 2010-08-23 . A866E7CC4230531436A5B56D35859E99 . 657408 . . [5.82] . . i:\windows\system32\comctl32.dll
[-] 2010-08-23 . A866E7CC4230531436A5B56D35859E99 . 657408 . . [5.82] . . i:\windows\system32\dllcache\comctl32.dll
[7] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . i:\windows\Tango Patcher 2600\Backup\comctl32.dll
[7] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . i:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[-] 2008-04-14 . B21238D66C47AC2EB7C1AC1D4727A0C3 . 1025536 . . [6.0] . . i:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[7] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . i:\windows\$NtUninstallKB2296011$\comctl32.dll
[-] 2004-08-04 . 60EFE97A10F25486BE2608DA0A473AFD . 892416 . . [6.0] . . i:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
.
[-] 2008-04-14 . 1B90A0E3706926A36A4DBAD8DD5CF68E . 542208 . . [5.1.2600.5512] . . i:\windows\system32\user32.dll
[-] 2008-04-14 . 1B90A0E3706926A36A4DBAD8DD5CF68E . 542208 . . [5.1.2600.5512] . . i:\windows\system32\dllcache\user32.dll
[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . i:\windows\Tango Patcher 2600\Backup\user32.dll
.
[-] 2008-04-14 . 8D3E9FE48BA710EAC6E03F52B7ECA41F . 978944 . . [6.00.2900.5512] . . i:\windows\explorer.exe
[-] 2008-04-14 . 8D3E9FE48BA710EAC6E03F52B7ECA41F . 978944 . . [6.00.2900.5512] . . i:\windows\system32\dllcache\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . i:\windows\Tango Patcher 2600\Backup\explorer.exe
.
[-] 2008-04-14 . 384B4987195C3E1F5D86EE9799A94219 . 206336 . . [5.1.2600.5512] . . i:\windows\regedit.exe
[-] 2008-04-14 . 384B4987195C3E1F5D86EE9799A94219 . 206336 . . [5.1.2600.5512] . . i:\windows\system32\dllcache\regedit.exe
[7] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . i:\windows\Tango Patcher 2600\Backup\regedit.exe
.
[-] 2009-07-08 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . i:\windows\system32\sfcfiles.dll
.
[-] 2009-03-08 . D1E5133872AD8EAFBE1B06B5981EBE97 . 316768 . . [8.00.6001.18702] . . i:\windows\system32\dllcache\iexplore.exe
[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . i:\windows\Tango Patcher 2600\Backup\iexplore.exe
[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . i:\windows\ie8\iexplore.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- i:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="i:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
i:\documents and settings\Istria\Start Menu\Programs\Startup\
E-mail.lnk - [N/A]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 01000000
"NoSMMyDocs"= 01000000
"NoSMMyPictures"= 01000000
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2011-06-08 01:24 210168 ----a-w- i:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=i:\windows\system32\wbsys.dll
.
[HKLM\~\startupfolder\I:^Documents and Settings^Administrator^Start Menu^Programs^Startup^StartUp.lnk]
path=i:\documents and settings\Administrator\Start Menu\Programs\Startup\StartUp.lnk
backup=i:\windows\pss\StartUp.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-04-07 21:15 13891176 ----a-w- i:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Simple Search]
2011-07-18 17:03 253952 ----a-w- i:\documents and settings\Administrator\My Documents\Visual Studio 2010\Projects\Net\Planet Source\Submissions\SimpleSearch\SimpleSearch\bin\Debug\SimpleSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SwitchBoard"=3 (0x3)
"osppsvc"=3 (0x3)
"ose"=3 (0x3)
"idsvc"=3 (0x3)
"nvUpdatusService"=2 (0x2)
"NVSvc"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"i:\\Program Files\\uTorrent\\uTorrent.exe"=
"i:\\Program Files\\Opera\\opera.exe"=
"i:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"i:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"i:\\Program Files\\SoulseekNS\\slsk.exe"=
"i:\\Program Files\\Microsoft Visual Studio\\Common\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
"i:\\Program Files\\Microsoft Visual Studio\\VB98\\VB6.EXE"=
"i:\\Program Files\\Winamp\\winamp.exe"=
"i:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"i:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"i:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"i:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"i:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"i:\\Program Files\\Microsoft Visual Studio 10.0\\Common7\\IDE\\UserControlTestContainer.exe"=
"i:\\Program Files\\xchat\\xchat.exe"=
"i:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"i:\\Program Files\\mIRC\\mirc.exe"=
.
R3 FsUsbExDisk;FsUsbExDisk;i:\windows\system32\FsUsbExDisk.SYS [2010-07-05 36608]
R3 Revoflt;Revoflt;i:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27064]
R3 SWDUMon;SWDUMon;i:\windows\system32\DRIVERS\SWDUMon.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;i:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [2009-12-08 48128]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;i:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 FsUsbExService;FsUsbExService;i:\windows\system32\FsUsbExService.Exe [2010-07-19 238952]
R4 osppsvc;Office Software Protection Platform;i:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R4 SwitchBoard;SwitchBoard;i:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 VBoxDrv;VirtualBox Service;i:\windows\system32\DRIVERS\VBoxDrv.sys [2011-08-15 158512]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;i:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-08-15 90928]
S2 aswFsBlk;aswFsBlk; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;i:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AvcPWilo;Adaptec Willow PCI;i:\windows\system32\DRIVERS\avcpwilo.sys [2003-05-21 722400]
S3 dc3d;MS Hardware Device Detection Driver (USB);i:\windows\system32\DRIVERS\dc3d.sys [2010-07-21 44432]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;i:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-08-15 104752]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;i:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-08-15 116016]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
2009-03-08 03:32 128512 ----a-w- i:\windows\system32\advpack.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA844-CC51-11CF-AAFA-00AA00B6015C}]
2009-03-08 03:32 128512 ----a-w- i:\windows\system32\advpack.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
2009-03-08 03:32 128512 ----a-w- i:\windows\system32\advpack.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
2009-03-08 03:32 128512 ----a-w- i:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-24 i:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- i:\program files\Microsoft IntelliType Pro\itype.exe [2008-06-10 19:56]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: &Download by Orbit - i:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - i:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - i:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - i:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - i:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - i:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y3ho58zx.default\
.
- - - - ORPHANS REMOVED - - - -
.
Notify-TPSvc - TPSvc.dll
SafeBoot-Wdf01000.sys
MSConfigStartUp-FixCleaner - i:\program files\FixCleaner\FixCleaner.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-29 22:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
I:\## aswSnx private storage
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1715567821-823518204-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,48,3a,39,fb,62,45,8d,4c,a3,21,9f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,48,3a,39,fb,62,45,8d,4c,a3,21,9f,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(912)
i:\program files\Stardock\Object Desktop\WindowBlinds\WBSrv.dll
.
- - - - - - - > 'explorer.exe'(3032)
i:\windows\system32\SHDOCVW.dll
i:\windows\system32\WININET.dll
i:\windows\system32\msi.dll
i:\windows\system32\ieframe.dll
i:\windows\system32\webcheck.dll
i:\windows\system32\credui.dll
.
------------------------ Other Running Processes ------------------------
.
i:\program files\AVAST Software\Avast\AvastSvc.exe
i:\windows\system32\wdfmgr.exe
i:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-09-29 23:02:35 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-29 22:02
.
Pre-Run: 63,013,761,024 bytes free
Post-Run: 63,046,963,200 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(1)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 512EBF8B8114C989AE38D73552981A94
Edited by ident, 29 September 2011 - 05:08 PM.