Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

100% CPU infections found


  • Please log in to reply

#1
ident

ident

    Member

  • Member
  • PipPipPip
  • 745 posts
Hello, since i booted this afternoon my CPU has been at 100%. My first troubles started earlier this week when my screen went funny and after diagnosing the issue i brought a new Video Card. The thread can be found Here

The video card is GeForce GT 520 1gb DDR3
My Computer is a Compaq Presairo SR1639UK

The computer run perfectly fine with the new card and drivers updated and the computer was left on. I booted today and noticed the CPU was at 100% EVEN when system idle was at 99% Here is a picture...

Posted Image

Any new process opened auto becomes that 100% BTW

I opened process explorer and interrupts was the offender. Now this is not a process but googling showed other users had recently installed a video card with same issues. Could not resolve it. I then noticed a new game that a family member torrented which i removed and rebooted. After 5 minutes the PC resumed normal. I help the program suspect. After another reboot the problem come back which then i reinstalled all new drivers. Took the video card out and blow it. Still same.

6 hours of googling, Uninstalling drivers, reinstalling, disablign drivers, trying a limited startup in msconfig i gave up assumed i was infected and ran combofix. (yes i know i shouldn't of but was fed up.)

It did find infected files rebooted and still the same.

Is it my card being to new on a 6 year old machine? or infected still.... Thinking of reformatting.

thanks

Log

ComboFix 11-09-29.06 - Administrator 29/09/2011 21:21:24.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1022.676 [GMT 1:00]
Running from: i:\documents and settings\Administrator\My Documents\Morzilla\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
i:\documents and settings\Administrator\Start Menu\Internet Explorer.lnk
i:\documents and settings\Administrator\WINDOWS
i:\documents and settings\All Users\Application Data\AMMYY
i:\documents and settings\All Users\Application Data\AMMYY\hr
i:\documents and settings\All Users\Application Data\AMMYY\settings.bin
i:\windows\mirc.ini
i:\windows\system\MSNChatX.ocx
i:\windows\system\VI30AUT.DLL
i:\windows\system32\AutoRun.inf
i:\windows\system32\comct332.ocx
i:\windows\system32\d3d9caps.dat
.
Infected copy of i:\windows\system32\ntkrnlpa.exe was found and disinfected
Restored copy from - i:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
.
Infected copy of i:\windows\system32\ntoskrnl.exe was found and disinfected
Restored copy from - i:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-08-28 to 2011-09-29 )))))))))))))))))))))))))))))))
.
.
2011-09-29 19:51 . 2011-09-29 19:51 -------- d-----w- i:\windows\LastGood.Tmp
2011-09-29 19:46 . 2011-09-29 19:46 -------- d-----w- i:\documents and settings\UpdatusUser
2011-09-29 19:46 . 2011-09-29 19:46 -------- d-----w- i:\documents and settings\All Users\Application Data\NVIDIA
2011-09-29 19:46 . 2011-09-29 19:46 -------- d-----w- i:\documents and settings\All Users\Application Data\NVIDIA Corporation
2011-09-29 18:59 . 2011-09-29 19:03 -------- d-----w- i:\documents and settings\Administrator\Application Data\FixCleaner
2011-09-29 18:58 . 2011-09-29 19:45 -------- d-----w- i:\program files\FixCleaner
2011-09-29 18:56 . 2011-09-29 19:45 -------- d-----w- i:\program files\SlimDrivers
2011-09-29 16:51 . 2011-09-29 17:08 -------- d-----w- i:\windows\SxsCaPendDel
2011-09-29 15:53 . 2011-09-29 15:53 41272 ----a-w- i:\windows\system32\drivers\mbamswissarmy.sys
2011-09-28 19:20 . 2008-07-31 09:41 238088 ----a-w- i:\windows\system32\xactengine3_2.dll
2011-09-28 19:19 . 2005-05-26 14:34 2297552 ----a-w- i:\windows\system32\d3dx9_26.dll
2011-09-28 17:45 . 2011-09-29 16:07 -------- d-----w- i:\program files\Activision
2011-09-24 07:55 . 2011-09-24 07:55 -------- d-----w- I:\Hosts
2011-09-22 22:36 . 2011-09-22 22:36 20992 ----a-w- i:\windows\system32\msscript.oca
2011-09-19 17:28 . 2011-09-25 18:49 -------- d-----w- i:\program files\mIRC
2011-09-18 11:58 . 2011-09-20 16:52 -------- d-----w- i:\program files\NovaLogic
2011-09-12 22:10 . 2011-09-12 22:10 240128 ----a-w- i:\windows\system32\COMCTL32.oca
2011-09-12 17:27 . 2011-09-12 17:27 -------- d-sh--w- i:\windows\ftpcache
2011-09-12 14:59 . 2011-09-20 16:48 -------- d-----w- I:\BackUps
2011-09-08 17:43 . 2011-09-22 21:52 -------- d-----w- i:\documents and settings\Administrator\Application Data\X-Chat 2
2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- i:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-09-05 16:06 . 2011-09-05 16:29 -------- d-----w- i:\documents and settings\Administrator\Desktop_.Net
2011-09-04 22:24 . 2011-09-04 22:24 64000 ----a-w- i:\windows\system32\ieframe.oca
2011-09-04 22:24 . 2011-09-04 22:24 43008 ----a-w- i:\windows\system32\TABCTL32.oca
2011-09-04 22:24 . 2011-09-04 22:24 35328 ----a-w- i:\windows\system32\comct332.oca
2011-09-04 22:24 . 2011-09-04 22:24 135168 ----a-w- i:\windows\system32\MSCOMCT2.oca
2011-09-01 21:15 . 2011-09-08 17:43 -------- d-----w- i:\program files\xchat
2011-09-01 17:54 . 2011-09-01 17:59 -------- d-----w- i:\documents and settings\Administrator\Application Data\Simple_Coders
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 09:12 . 2008-04-14 04:41 599040 ----a-w- i:\windows\system32\crypt32.dll
2011-09-07 16:48 . 2011-05-26 21:13 404640 ----a-w- i:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-31 16:00 . 2011-05-31 20:30 22216 ----a-w- i:\windows\system32\drivers\mbam.sys
2011-08-29 18:56 . 2011-06-08 00:58 265728 ----a-w- i:\windows\system32\mscomctl.oca
2011-08-29 18:56 . 2011-08-29 18:56 22016 ----a-w- i:\windows\system32\MSWINSCK.oca
2011-08-26 15:08 . 2011-06-08 00:58 64000 ----a-w- i:\windows\system32\RICHTX32.oca
2011-08-15 14:06 . 2011-05-27 01:45 158512 ----a-w- i:\windows\system32\drivers\VBoxDrv.sys
2011-08-15 14:06 . 2011-05-27 01:44 90928 ----a-w- i:\windows\system32\drivers\VBoxUSBMon.sys
2011-08-15 14:06 . 2011-05-16 18:01 116016 ----a-w- i:\windows\system32\drivers\VBoxNetFlt.sys
2011-08-15 14:06 . 2011-05-16 18:01 104752 ----a-w- i:\windows\system32\drivers\VBoxNetAdp.sys
2011-08-15 14:06 . 2011-08-15 14:06 135472 ----a-w- i:\windows\system32\VBoxNetFltNobj.dll
2011-07-15 13:29 . 2008-04-13 23:47 456320 ----a-w- i:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2008-04-13 23:27 10496 ----a-w- i:\windows\system32\drivers\ndistapi.sys
2011-07-04 11:43 . 2011-05-26 20:24 40112 ----a-w- i:\windows\avastSS.scr
2011-07-04 11:43 . 2011-05-26 20:24 199304 ----a-w- i:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-05-26 20:24 441176 ----a-w- i:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2011-05-26 20:24 309848 ----a-w- i:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2011-05-26 20:24 102616 ----a-w- i:\windows\system32\drivers\aswmon2.sys
2011-07-04 11:35 . 2011-05-26 20:24 96344 ----a-w- i:\windows\system32\drivers\aswmon.sys
2011-07-04 11:32 . 2011-05-26 20:24 25432 ----a-w- i:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2011-05-26 20:24 30808 ----a-w- i:\windows\system32\drivers\aavmker4.sys
2011-07-04 11:32 . 2011-05-26 20:24 19544 ----a-w- i:\windows\system32\drivers\aswFsBlk.sys
2011-09-07 14:49 . 2011-05-26 19:42 134104 ----a-w- i:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-08-06 . A4425B538E4087E33FF89A378FF0C8D0 . 68832 . . [7.4.7600.226] . . i:\windows\system32\wuauclt.exe
[-] 2009-08-06 . A4425B538E4087E33FF89A378FF0C8D0 . 68832 . . [7.4.7600.226] . . i:\windows\system32\dllcache\wuauclt.exe
[7] 2009-08-06 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . i:\windows\Tango Patcher 2600\Backup\wuauclt.exe
.
[-] 2010-08-23 . A866E7CC4230531436A5B56D35859E99 . 657408 . . [5.82] . . i:\windows\system32\comctl32.dll
[-] 2010-08-23 . A866E7CC4230531436A5B56D35859E99 . 657408 . . [5.82] . . i:\windows\system32\dllcache\comctl32.dll
[7] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . i:\windows\Tango Patcher 2600\Backup\comctl32.dll
[7] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . i:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[-] 2008-04-14 . B21238D66C47AC2EB7C1AC1D4727A0C3 . 1025536 . . [6.0] . . i:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[7] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . i:\windows\$NtUninstallKB2296011$\comctl32.dll
[-] 2004-08-04 . 60EFE97A10F25486BE2608DA0A473AFD . 892416 . . [6.0] . . i:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
.
[-] 2008-04-14 . 1B90A0E3706926A36A4DBAD8DD5CF68E . 542208 . . [5.1.2600.5512] . . i:\windows\system32\user32.dll
[-] 2008-04-14 . 1B90A0E3706926A36A4DBAD8DD5CF68E . 542208 . . [5.1.2600.5512] . . i:\windows\system32\dllcache\user32.dll
[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . i:\windows\Tango Patcher 2600\Backup\user32.dll
.
[-] 2008-04-14 . 8D3E9FE48BA710EAC6E03F52B7ECA41F . 978944 . . [6.00.2900.5512] . . i:\windows\explorer.exe
[-] 2008-04-14 . 8D3E9FE48BA710EAC6E03F52B7ECA41F . 978944 . . [6.00.2900.5512] . . i:\windows\system32\dllcache\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . i:\windows\Tango Patcher 2600\Backup\explorer.exe
.
[-] 2008-04-14 . 384B4987195C3E1F5D86EE9799A94219 . 206336 . . [5.1.2600.5512] . . i:\windows\regedit.exe
[-] 2008-04-14 . 384B4987195C3E1F5D86EE9799A94219 . 206336 . . [5.1.2600.5512] . . i:\windows\system32\dllcache\regedit.exe
[7] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . i:\windows\Tango Patcher 2600\Backup\regedit.exe
.
[-] 2009-07-08 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . i:\windows\system32\sfcfiles.dll
.
[-] 2009-03-08 . D1E5133872AD8EAFBE1B06B5981EBE97 . 316768 . . [8.00.6001.18702] . . i:\windows\system32\dllcache\iexplore.exe
[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . i:\windows\Tango Patcher 2600\Backup\iexplore.exe
[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . i:\windows\ie8\iexplore.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- i:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="i:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
i:\documents and settings\Istria\Start Menu\Programs\Startup\
E-mail.lnk - [N/A]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 01000000
"NoSMMyDocs"= 01000000
"NoSMMyPictures"= 01000000
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2011-06-08 01:24 210168 ----a-w- i:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=i:\windows\system32\wbsys.dll
.
[HKLM\~\startupfolder\I:^Documents and Settings^Administrator^Start Menu^Programs^Startup^StartUp.lnk]
path=i:\documents and settings\Administrator\Start Menu\Programs\Startup\StartUp.lnk
backup=i:\windows\pss\StartUp.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-04-07 21:15 13891176 ----a-w- i:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Simple Search]
2011-07-18 17:03 253952 ----a-w- i:\documents and settings\Administrator\My Documents\Visual Studio 2010\Projects\Net\Planet Source\Submissions\SimpleSearch\SimpleSearch\bin\Debug\SimpleSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SwitchBoard"=3 (0x3)
"osppsvc"=3 (0x3)
"ose"=3 (0x3)
"idsvc"=3 (0x3)
"nvUpdatusService"=2 (0x2)
"NVSvc"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"i:\\Program Files\\uTorrent\\uTorrent.exe"=
"i:\\Program Files\\Opera\\opera.exe"=
"i:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"i:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"i:\\Program Files\\SoulseekNS\\slsk.exe"=
"i:\\Program Files\\Microsoft Visual Studio\\Common\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
"i:\\Program Files\\Microsoft Visual Studio\\VB98\\VB6.EXE"=
"i:\\Program Files\\Winamp\\winamp.exe"=
"i:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"i:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"i:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"i:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"i:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"i:\\Program Files\\Microsoft Visual Studio 10.0\\Common7\\IDE\\UserControlTestContainer.exe"=
"i:\\Program Files\\xchat\\xchat.exe"=
"i:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"i:\\Program Files\\mIRC\\mirc.exe"=
.
R3 FsUsbExDisk;FsUsbExDisk;i:\windows\system32\FsUsbExDisk.SYS [2010-07-05 36608]
R3 Revoflt;Revoflt;i:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27064]
R3 SWDUMon;SWDUMon;i:\windows\system32\DRIVERS\SWDUMon.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;i:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [2009-12-08 48128]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;i:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 FsUsbExService;FsUsbExService;i:\windows\system32\FsUsbExService.Exe [2010-07-19 238952]
R4 osppsvc;Office Software Protection Platform;i:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R4 SwitchBoard;SwitchBoard;i:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 VBoxDrv;VirtualBox Service;i:\windows\system32\DRIVERS\VBoxDrv.sys [2011-08-15 158512]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;i:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-08-15 90928]
S2 aswFsBlk;aswFsBlk; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;i:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AvcPWilo;Adaptec Willow PCI;i:\windows\system32\DRIVERS\avcpwilo.sys [2003-05-21 722400]
S3 dc3d;MS Hardware Device Detection Driver (USB);i:\windows\system32\DRIVERS\dc3d.sys [2010-07-21 44432]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;i:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-08-15 104752]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;i:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-08-15 116016]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
2009-03-08 03:32 128512 ----a-w- i:\windows\system32\advpack.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA844-CC51-11CF-AAFA-00AA00B6015C}]
2009-03-08 03:32 128512 ----a-w- i:\windows\system32\advpack.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
2009-03-08 03:32 128512 ----a-w- i:\windows\system32\advpack.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
2009-03-08 03:32 128512 ----a-w- i:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-24 i:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- i:\program files\Microsoft IntelliType Pro\itype.exe [2008-06-10 19:56]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: &Download by Orbit - i:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - i:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - i:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - i:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - i:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - i:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y3ho58zx.default\
.
- - - - ORPHANS REMOVED - - - -
.
Notify-TPSvc - TPSvc.dll
SafeBoot-Wdf01000.sys
MSConfigStartUp-FixCleaner - i:\program files\FixCleaner\FixCleaner.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-29 22:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
I:\## aswSnx private storage
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1715567821-823518204-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,48,3a,39,fb,62,45,8d,4c,a3,21,9f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,48,3a,39,fb,62,45,8d,4c,a3,21,9f,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(912)
i:\program files\Stardock\Object Desktop\WindowBlinds\WBSrv.dll
.
- - - - - - - > 'explorer.exe'(3032)
i:\windows\system32\SHDOCVW.dll
i:\windows\system32\WININET.dll
i:\windows\system32\msi.dll
i:\windows\system32\ieframe.dll
i:\windows\system32\webcheck.dll
i:\windows\system32\credui.dll
.
------------------------ Other Running Processes ------------------------
.
i:\program files\AVAST Software\Avast\AvastSvc.exe
i:\windows\system32\wdfmgr.exe
i:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-09-29 23:02:35 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-29 22:02
.
Pre-Run: 63,013,761,024 bytes free
Post-Run: 63,046,963,200 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(1)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 512EBF8B8114C989AE38D73552981A94

Edited by ident, 29 September 2011 - 05:08 PM.

  • 0

Advertisements


#2
ident

ident

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 745 posts
Leaving the PC on all night has dropped CPU to normal. I am reluctant to reboot the machine in case the problem comes back and need to do a few scans for you guys.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP