Somthing messing with my CPU....

2 posters

GeekPolice :: GeekPolice tech support archive :: Technical Support

Somthing messing with my CPU....14th February 2011, 8:01 pm

I've started to notice that my Computer has been running slowly lately.

and I checked my CPU usage, svchost.exe is using way more then it usually does, along with OUTLOOK.exe running about 9 times.

I'm currently running a scan with Malwarebytes but I'm not sure what I should do as of right now.

Re: Somthing messing with my CPU....14th February 2011, 8:20 pm

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

Re: Somthing messing with my CPU....14th February 2011, 9:08 pm

Okay here it is:

Code:


ComboFix 11-02-13.04 - Steven 02/14/2011  15:47:22.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2047.1710 [GMT -5:00]
Running from: c:\documents and settings\Steven\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Steven\Application Data\Local
c:\documents and settings\Steven\Application Data\Local\Temp\DDM\Settings\133228646741152_12796.mp4.ddr
c:\documents and settings\Steven\Application Data\Local\Temp\DDM\Settings\4.ddi
c:\documents and settings\Steven\Application Data\Local\Temp\DDM\Settings\settings.ddi
c:\documents and settings\Steven\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2).ddp
c:\documents and settings\Steven\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(3).ddp
c:\documents and settings\Steven\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(4).ddp
c:\documents and settings\Steven\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(5).ddp
c:\documents and settings\Steven\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(6).ddp
c:\documents and settings\Steven\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(7).ddp
c:\documents and settings\Steven\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(8).ddp
c:\documents and settings\Steven\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
c:\documents and settings\Steven\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\133228646741152_12796.mp4
C:\Thumbs.db
c:\windows\settings.reg
c:\windows\system32\Data

.
(((((((((((((((((((((((((   Files Created from 2011-01-14 to 2011-02-14  )))))))))))))))))))))))))))))))
.

2011-02-14 20:27 . 2011-02-14 20:31   --------   d-----w-   C:\32788R22FWJFW
2011-02-13 22:30 . 2011-02-13 22:30   --------   d-----w-   c:\windows\system32\wbem\Repository
2011-02-13 22:20 . 2011-02-13 22:29   --------   d-s---w-   c:\documents and settings\Administrator
2011-02-13 17:15 . 2011-02-13 17:15   --------   d-sh--w-   c:\documents and settings\NetworkService\IETldCache
2011-02-09 23:35 . 2010-06-02 09:55   74072   ----a-w-   c:\windows\system32\XAPOFX1_5.dll
2011-02-09 23:35 . 2010-06-02 09:55   527192   ----a-w-   c:\windows\system32\XAudio2_7.dll
2011-02-09 23:35 . 2010-06-02 09:55   239960   ----a-w-   c:\windows\system32\xactengine3_7.dll
2011-02-09 23:35 . 2010-05-26 16:41   2106216   ----a-w-   c:\windows\system32\D3DCompiler_43.dll
2011-02-09 23:35 . 2010-05-26 16:41   248672   ----a-w-   c:\windows\system32\d3dx11_43.dll
2011-02-09 23:35 . 2010-05-26 16:41   1868128   ----a-w-   c:\windows\system32\d3dcsx_43.dll
2011-02-09 23:35 . 2010-05-26 16:41   470880   ----a-w-   c:\windows\system32\d3dx10_43.dll
2011-02-09 23:35 . 2010-05-26 16:41   1998168   ----a-w-   c:\windows\system32\D3DX9_43.dll
2011-02-06 05:45 . 2011-02-06 05:45   --------   d-----w-   c:\program files\ATI Stream
2011-02-06 05:44 . 2011-02-06 05:45   --------   d-----w-   c:\program files\ATI
2011-02-05 23:44 . 2011-02-06 00:34   --------   d-----w-   c:\documents and settings\Steven\Application Data\Tunngle
2011-02-05 23:44 . 2011-02-05 23:44   --------   d-----w-   c:\documents and settings\All Users\Application Data\Tunngle
2011-02-05 23:44 . 2009-09-16 12:02   27136   ----a-w-   c:\windows\system32\drivers\tap0901t.sys
2011-02-05 23:44 . 2011-02-05 23:45   --------   d-----w-   c:\program files\Tunngle
2011-02-05 01:25 . 2011-02-05 01:25   --------   d-----w-   c:\documents and settings\Steven\Application Data\Jasc
2011-02-05 01:23 . 2011-02-05 01:23   --------   d-----w-   c:\program files\Jasc Software Inc
2011-02-04 02:04 . 2011-02-14 21:00   --------   d-----w-   c:\program files\Steam

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2008-04-14 12:00   439296   ----a-w-   c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2008-04-14 12:00   290048   ----a-w-   c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2008-04-14 12:00   1854976   ----a-w-   c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2008-04-14 12:00   301568   ----a-w-   c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2008-04-14 12:00   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2008-04-14 12:00   43520   ------w-   c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2008-04-14 12:00   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2008-04-14 12:00   730112   ----a-w-   c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2008-04-14 12:00   385024   ----a-w-   c:\windows\system32\html.iec
2010-12-09 15:15 . 2008-04-14 12:00   718336   ----a-w-   c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2008-04-14 12:00   33280   ----a-w-   c:\windows\system32\csrsrv.dll
2010-12-09 13:42 . 2008-04-14 12:00   2148864   ----a-w-   c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2008-04-14 00:01   2027008   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2010-12-07 17:14 . 2010-12-07 17:14   51200   ----a-w-   c:\windows\system32\OpenCL.dll
2010-11-18 18:12 . 2010-05-30 06:36   81920   ----a-w-   c:\windows\system32\isign32.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-05-30 3872080]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-02-04 395640]
"Steam"="c:\program files\Steam\Steam.exe" [2011-02-06 1242448]
"SetDefaultMIDI"="MIDIDef.exe" [2002-12-03 49152]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"P17Helper"="P17.dll" [2009-02-26 65536]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

c:\documents and settings\Steven\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-7-9 576000]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Tunngle\\TnglCtrl.exe"=
"c:\\Program Files\\Tunngle\\Tunngle.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\oizenx\\garrysmod\\hl2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57310:TCP"= 57310:TCP:Pando Media Booster
"57310:UDP"= 57310:UDP:Pando Media Booster
"57469:TCP"= 57469:TCP:Pando Media Booster
"57469:UDP"= 57469:UDP:Pando Media Booster

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/21/2010 12:00 AM 685816]
R2 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [2/5/2011 6:44 PM 718072]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2/5/2011 6:44 PM 27136]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=Z006&form=ZGAPHP
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Steven\Application Data\Mozilla\Firefox\Profiles\9mensqvs.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z006&form=ZGAADF&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Ad blocker: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C} - %profile%\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
FF - Ext: Black Steel: {e2c58150-9d72-11dd-ad8b-0800200c9a66} - %profile%\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Mabinogi Avatar Renderer: {077a24e9-0db5-435f-9010-5261c53e5925} - %profile%\extensions\{077a24e9-0db5-435f-9010-5261c53e5925}
FF - Ext: Virtus Search Opt-in: extension@virtusdesigns.com - %profile%\extensions\extension@virtusdesigns.com
FF - Ext: Aero Fox XL: {5c8bfb7c-9a54-11dc-8314-0800200c9a66} - %profile%\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - user.js: yahoo.homepage.dontask - true
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-14 16:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(780)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3232)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\Rundll32.exe
.
**************************************************************************
.
Completion time: 2011-02-14  16:07:10 - machine was rebooted
ComboFix-quarantined-files.txt  2011-02-14 21:07

Pre-Run: 8,010,858,496 bytes free
Post-Run: 12,872,126,464 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - D2B5C72C7900248E4A5D4B56E198F348

Re: Somthing messing with my CPU....14th February 2011, 9:10 pm

Scan with Malwarebytes' Anti-Malware

Please open Malwarebytes' Anti-Malware, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.

Re: Somthing messing with my CPU....14th February 2011, 9:26 pm

Code:


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5764

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/14/2011 4:25:23 PM
mbam-log-2011-02-14 (16-25-23).txt

Scan type: Quick scan
Objects scanned: 156686
Time elapsed: 3 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Re: Somthing messing with my CPU....14th February 2011, 11:09 pm

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1

Link 2

Link 3

Double-click on MBRCheck.exe to run it.
It will open a black window...please do not fix anything (if it gives you an option).
When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
Please copy and paste the contents of that log in your next reply.

Re: Somthing messing with my CPU....15th February 2011, 3:42 am

Code:


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:         
Windows Version:      Windows XP Home Edition
Windows Information:      Service Pack 3 (build 2600)
Logical Drives Mask:      0x000007fd

Kernel Drivers (total 123):
  0x804D7000 \WINDOWS\system32\ntoskrnl.exe
  0x80700000 \WINDOWS\system32\hal.dll
  0xF7987000 \WINDOWS\system32\KDCOM.DLL
  0xF7897000 \WINDOWS\system32\BOOTVID.dll
  0xF74EC000 sptd.sys
  0xF7989000 \WINDOWS\System32\Drivers\WMILIB.SYS
  0xF74D4000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
  0xF74A6000 ACPI.sys
  0xF7495000 pci.sys
  0xF75F7000 ohci1394.sys
  0xF7607000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
  0xF7617000 isapnp.sys
  0xF7A4F000 PCIIde.sys
  0xF7707000 \WINDOWS\System32\Drivers\PCIIDEX.SYS
  0xF798B000 intelide.sys
  0xF7627000 MountMgr.sys
  0xF7868000 ftdisk.sys
  0xF770F000 PartMgr.sys
  0xF7637000 VolSnap.sys
  0xF7850000 atapi.sys
  0xF7647000 disk.sys
  0xF7657000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
  0xF7830000 fltMgr.sys
  0xF7975000 sr.sys
  0xF7667000 PxHelp20.sys
  0xBA7E9000 KSecDD.sys
  0xBA75C000 Ntfs.sys
  0xBA72F000 NDIS.sys
  0xBA715000 Mup.sys
  0xF7677000 agp440.sys
  0xF76A7000 \SystemRoot\system32\DRIVERS\nic1394.sys
  0xBA0B9000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0xB9C1E000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
  0xB9C0A000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
  0xF77C7000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0xB9BE6000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0xF77CF000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0xB9A8C000 \SystemRoot\system32\drivers\P17.sys
  0xB9A68000 \SystemRoot\system32\drivers\portcls.sys
  0xBA0A9000 \SystemRoot\system32\drivers\drmk.sys
  0xB9A45000 \SystemRoot\system32\drivers\ks.sys
  0xB9A15000 \SystemRoot\system32\DRIVERS\ctoss2k.sys
  0xB99EF000 \SystemRoot\system32\DRIVERS\ctsfm2k.sys
  0xBA099000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0xF77D7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0xF77DF000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0xF77E7000 \SystemRoot\system32\DRIVERS\fdc.sys
  0xB9984000 \SystemRoot\system32\DRIVERS\parport.sys
  0xBA089000 \SystemRoot\system32\DRIVERS\imapi.sys
  0xBA079000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0xBA069000 \SystemRoot\system32\DRIVERS\redbook.sys
  0xB991C000 \SystemRoot\System32\Drivers\ahn5p78x.SYS
  0xF7A82000 \SystemRoot\system32\DRIVERS\audstub.sys
  0xBA059000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0xBA5E1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0xB98BF000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0xBA049000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0xF76C7000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0xF774F000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0xB98AE000 \SystemRoot\system32\DRIVERS\psched.sys
  0xF76D7000 \SystemRoot\system32\DRIVERS\msgpc.sys
  0xF7757000 \SystemRoot\system32\DRIVERS\ptilink.sys
  0xF775F000 \SystemRoot\system32\DRIVERS\raspti.sys
  0xF76E7000 \SystemRoot\system32\DRIVERS\tap0901t.sys
  0xF76F7000 \SystemRoot\system32\DRIVERS\termdd.sys
  0xB9891000 \SystemRoot\system32\DRIVERS\mcdbus.sys
  0xF79B7000 \SystemRoot\system32\DRIVERS\swenum.sys
  0xB9833000 \SystemRoot\system32\DRIVERS\update.sys
  0xBA041000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0xF7485000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0xF7445000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0xF79B9000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0xF777F000 \SystemRoot\system32\DRIVERS\flpydisk.sys
  0xF79BB000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0xF7A62000 \SystemRoot\System32\Drivers\Null.SYS
  0xF79BD000 \SystemRoot\System32\Drivers\Beep.SYS
  0xF778F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0xF7797000 \SystemRoot\System32\drivers\vga.sys
  0xF79BF000 \SystemRoot\System32\Drivers\mnmdd.SYS
  0xF79C1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0xF779F000 \SystemRoot\System32\Drivers\Msfs.SYS
  0xF77A7000 \SystemRoot\System32\Drivers\Npfs.SYS
  0xBA631000 \SystemRoot\system32\DRIVERS\rasacd.sys
  0xB5678000 \SystemRoot\system32\DRIVERS\ipsec.sys
  0xB561F000 \SystemRoot\system32\DRIVERS\tcpip.sys
  0xB55F7000 \SystemRoot\system32\DRIVERS\netbt.sys
  0xB55D1000 \SystemRoot\system32\DRIVERS\ipnat.sys
  0xB55AF000 \SystemRoot\System32\drivers\afd.sys
  0xF7425000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0xF7415000 \SystemRoot\system32\DRIVERS\netbios.sys
  0xB5584000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0xF7405000 \SystemRoot\system32\DRIVERS\arp1394.sys
  0xB5514000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xF7887000 \SystemRoot\System32\Drivers\Fips.SYS
  0xF77AF000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0xBA6E5000 \SystemRoot\System32\Drivers\Cdfs.SYS
  0xB54D4000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0xF79CB000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
  0xBF800000 \SystemRoot\System32\win32k.sys
  0xBA5ED000 \SystemRoot\System32\drivers\Dxapi.sys
  0xF77EF000 \SystemRoot\System32\watchdog.sys
  0xBF000000 \SystemRoot\System32\drivers\dxg.sys
  0xB9F71000 \SystemRoot\System32\drivers\dxgthk.sys
  0xBF012000 \SystemRoot\System32\ati2dvag.dll
  0xBF055000 \SystemRoot\System32\ati2cqag.dll
  0xBF09A000 \SystemRoot\System32\atikvmag.dll
  0xBF0D0000 \SystemRoot\System32\ati3duag.dll
  0xBF362000 \SystemRoot\System32\ativvaxx.dll
  0xBF4BA000 \SystemRoot\System32\ATMFD.DLL
  0xF7817000 \SystemRoot\system32\DRIVERS\AegisP.sys
  0xB33C8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xB3097000 \SystemRoot\system32\DRIVERS\mrxdav.sys
  0xF7993000 \SystemRoot\System32\Drivers\ParVdm.SYS
  0xB2FEF000 \SystemRoot\system32\DRIVERS\srv.sys
  0xB2EC2000 \SystemRoot\system32\drivers\wdmaud.sys
  0xB30E4000 \SystemRoot\system32\drivers\sysaudio.sys
  0xB29BB000 \SystemRoot\system32\DRIVERS\RT61.sys
  0xB2AC6000 \??\C:\WINDOWS\system32\GTNDIS5.SYS
  0xB26FA000 \SystemRoot\System32\Drivers\HTTP.sys
  0xB56EB000 \??\C:\ComboFix\catchme.sys
  0xF79D3000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
  0xADDC0000 \SystemRoot\system32\drivers\kmixer.sys
  0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 42):
       0 System Idle Process
       4 System
     696 C:\WINDOWS\system32\smss.exe
     752 csrss.exe
     780 C:\WINDOWS\system32\winlogon.exe
     824 C:\WINDOWS\system32\services.exe
     836 C:\WINDOWS\system32\lsass.exe
    1004 C:\WINDOWS\system32\ati2evxx.exe
    1020 C:\WINDOWS\system32\svchost.exe
    1080 svchost.exe
    1176 C:\WINDOWS\system32\svchost.exe
    1312 svchost.exe
    1352 svchost.exe
    1596 C:\WINDOWS\system32\spoolsv.exe
    1692 svchost.exe
    1764 C:\Program Files\Java\jre6\bin\jqs.exe
    1944 C:\Program Files\Tunngle\TnglCtrl.exe
     420 C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
     496 C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
    1032 C:\WINDOWS\system32\ati2evxx.exe
    1496 alg.exe
    1876 C:\WINDOWS\system32\wscntfy.exe
     516 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    2028 C:\WINDOWS\system32\rundll32.exe
    1880 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
     208 C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
     288 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
     320 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
     328 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
     448 C:\Program Files\Steam\Steam.exe
     544 C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
     756 C:\Program Files\MagicDisc\MagicDisc.exe
    3756 C:\WINDOWS\system32\ctfmon.exe
    2368 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    2484 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    3232 C:\WINDOWS\explorer.exe
    3592 C:\Program Files\Windows Live\Contacts\wlcomm.exe
    3328 C:\Program Files\Internet Explorer\iexplore.exe
    1744 C:\Program Files\Internet Explorer\iexplore.exe
    3300 C:\Program Files\Mozilla Firefox\firefox.exe
    3752 C:\Program Files\Mozilla Firefox\plugin-container.exe
     640 C:\Documents and Settings\Steven\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`805e2000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000010`809d5000  (NTFS)

PhysicalDrive0 Model Number: ST380011A, Rev: 3.04    

      Size  Device Name          MBR Status
  --------------------------------------------
     74 GB  \\.\PhysicalDrive0   Windows XP MBR code detected
            SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

Re: Somthing messing with my CPU....15th February 2011, 7:46 pm

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

Somthing messing with my CPU....

descriptionSomthing messing with my CPU....14th February 2011, 8:01 pm

descriptionRe: Somthing messing with my CPU....14th February 2011, 8:20 pm

descriptionRe: Somthing messing with my CPU....14th February 2011, 9:08 pm

descriptionRe: Somthing messing with my CPU....14th February 2011, 9:10 pm

descriptionRe: Somthing messing with my CPU....14th February 2011, 9:26 pm

descriptionRe: Somthing messing with my CPU....14th February 2011, 11:09 pm

descriptionRe: Somthing messing with my CPU....15th February 2011, 3:42 am

descriptionRe: Somthing messing with my CPU....15th February 2011, 7:46 pm

descriptionRe: Somthing messing with my CPU....