Lagging in Return to castle wolfenstein ET. Please review combofix log

Cpcannon · Oct 24, 2010

ComboFix 10-10-23.02 - Chris 10/24/2010 11:00:49.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3327.1979 [GMT -5:00]
Running from: e:\downloads\ComboFix.exe
AV: Symantec AntiVirus *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Symantec AntiVirus *enabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Chris\AppData\Local\Temp\E3BE.tmp

.
((((((((((((((((((((((((( Files Created from 2010-09-24 to 2010-10-24 )))))))))))))))))))))))))))))))
.

2010-10-24 16:03 . 2010-10-24 16:06 -------- d-----w- c:\users\Chris\AppData\Local\temp
2010-10-24 16:03 . 2010-10-24 16:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-22 22:49 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6A089B16-8349-41CA-9D3F-5785CA9B56A2}\mpengine.dll
2010-10-21 12:07 . 2010-10-21 12:08 -------- d-----w- c:\users\Chris\AppData\Roaming\PDF Reading
2010-10-21 12:07 . 2010-10-21 12:07 -------- d-----w- c:\program files\PDFReading
2010-10-13 20:32 . 2010-10-13 20:32 -------- d-----w- c:\users\Chris\AppData\Roaming\NVIDIA
2010-10-13 20:32 . 2010-10-13 20:32 -------- d-sh--w- c:\programdata\DSS
2010-10-13 20:32 . 2010-02-04 15:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-10-13 20:32 . 2010-02-04 15:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-10-13 20:32 . 2010-02-04 15:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-10-13 20:32 . 2010-02-04 15:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-10-13 20:31 . 2010-10-13 20:31 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP
2010-10-13 20:31 . 2010-10-13 20:31 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-10-10 18:59 . 2010-10-10 18:59 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-10-10 18:56 . 2010-10-10 18:56 -------- d-----w- c:\users\Chris\AppData\Local\Sunbelt Software
2010-10-10 18:56 . 2010-10-13 00:00 -------- d-----w- c:\programdata\Lavasoft
2010-10-09 12:51 . 2010-10-09 12:51 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2010-10-09 12:50 . 2010-10-09 12:50 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-10-09 12:50 . 2010-10-09 12:50 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2010-10-09 12:50 . 2010-10-09 12:50 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-10-05 01:46 . 2010-10-05 01:46 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2010-10-05 01:46 . 2010-10-05 01:46 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-10-05 01:45 . 2010-10-05 01:45 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-10-05 01:45 . 2010-10-05 01:45 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-10-02 02:41 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-10-01 19:40 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-01 19:40 . 2010-08-27 05:30 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-24 15:43 . 2010-09-13 03:25 138608 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-10-24 15:43 . 2010-09-13 03:26 234576 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-10-24 15:43 . 2010-09-13 03:25 234576 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-10-19 16:41 . 2010-09-12 21:29 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-05 22:40 . 2010-09-13 03:25 138056 ----a-w- c:\users\Chris\AppData\Roaming\PnkBstrK.sys
2010-10-05 22:39 . 2010-09-13 03:25 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-09-19 03:56 . 2010-09-12 20:32 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-09-19 03:56 . 2010-09-12 20:32 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-09-18 02:28 . 2009-05-14 00:11 6504 ----a-w- c:\windows\system32\drivers\ASACPI.sys
2010-09-18 02:21 . 2010-09-18 02:22 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-09-18 02:18 . 2010-09-18 02:19 11448 ----a-w- c:\windows\system32\drivers\AsUpIO.sys
2010-09-18 02:18 . 2010-09-18 02:19 11296 ----a-w- c:\windows\system32\drivers\AsIO.sys
2010-09-18 02:18 . 2010-09-18 02:19 24576 ----a-w- c:\windows\system32\AsIO.dll
2010-09-14 05:17 . 2009-06-05 22:42 34304 ----a-w- c:\windows\system32\SmaxCo.dll
2010-09-14 05:17 . 2009-06-05 22:42 90112 ----a-w- c:\windows\system32\AEADISRV.EXE
2010-09-14 05:17 . 2009-06-05 22:42 70144 ----a-w- c:\windows\system32\SFFXSAPO.dll
2010-09-14 05:17 . 2009-06-05 22:42 69632 ----a-w- c:\windows\system32\SFFXHAPO.dll
2010-09-14 05:17 . 2009-06-05 22:42 69632 ----a-w- c:\windows\system32\SFFXDAPO.dll
2010-09-14 05:17 . 2009-06-05 22:42 62464 ----a-w- c:\windows\system32\SFFXComm.dll
2010-09-14 05:17 . 2009-06-05 22:42 53760 ----a-w- c:\windows\system32\SFFXMAPO.dll
2010-09-14 05:17 . 2009-06-05 22:42 364544 ----a-w- c:\windows\system32\AEADIExt.dll
2010-09-14 05:17 . 2009-06-05 22:42 208896 ----a-w- c:\windows\system32\SFFXProc.dll
2010-09-14 05:17 . 2009-06-05 22:42 156672 ----a-w- c:\windows\system32\SFFXCPBL.dll
2010-09-14 05:17 . 2009-06-05 22:42 122880 ----a-w- c:\windows\system32\SFFXCPStr.dll
2010-09-14 05:17 . 2009-06-05 22:42 50176 ----a-w- c:\windows\system32\AEADIAPR.dll
2010-09-14 05:17 . 2009-06-05 22:42 380416 ----a-w- c:\windows\system32\drivers\ADIHdAud.sys
2010-09-14 05:17 . 2009-06-05 22:42 139264 ----a-w- c:\windows\system32\AEADIAPO.dll
2010-09-13 03:25 . 2010-09-13 03:25 794408 ----a-w- c:\windows\system32\pbsvc.exe
2010-09-12 22:17 . 2010-09-12 22:17 109744 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-08-21 05:32 . 2010-09-14 23:38 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-29 06:30 . 2010-09-14 01:22 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-09-14 01:22 82944 ----a-w- c:\windows\system32\iccvid.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PowerPanel Personal Edition User Interaction"="d:\applications\GEEK SQUAD POWER MANAGEMENT\pppeuser.exe" [2005-09-21 270336]
"MtdAcqu"="d:\applications\Creative\MediaSource5\MtdAcqu.exe" [2009-04-29 278528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2009-09-28 264040]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 107112]
"vptray"="d:\applic~1\SYMANT~1\VPTray.exe" [2006-11-28 134808]
"Diamondback"="d:\applications\Razer\Diamondback\Razer\Diamondback\razerhid.exe" [2009-10-10 226816]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2010-09-14 1310720]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"Ai Nap"="d:\applications\ASUS\AI Suite\AiNap\AiNap.exe" [2009-07-02 1435136]
"QFan Help"="d:\applications\ASUS\AI Suite\QFan3\QFanHelp.exe" [2009-07-02 601088]
"CPU Power Monitor"="d:\applications\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe" [2008-01-09 627200]
"Cpu Level Up help"="d:\applications\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-12-01 881152]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-06 25600]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 358472]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 1809992]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 3649096]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-09-19 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-09-19 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-05-06 171096]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-05-06 1324120]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-05-06 72792]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;d:\applications\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 SavRoam;SavRoam;d:\applications\Symantec AntiVirus\SavRoam.exe [2006-11-28 122008]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-14 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-04-16 11520]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-09-18 11448]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-07-09 20328]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S2 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Chris\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24[1].gadget\WinRing0.sys [2010-10-13 00:51 14416]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-05-06 171096]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-05-06 1324120]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-05-06 72792]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-08-19 102448]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 14856]
S3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\Drivers\Razerlow.sys [2005-04-25 13225]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
"ImagePath"="\??\c:\users\Chris\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24
[1].gadget\WinRing0.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRing0_1_2_0]
"ImagePath"="\??\c:\users\Chris\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\system32\AEADISRV.EXE
d:\applications\Symantec AntiVirus\DefWatch.exe
c:\windows\system32\PnkBstrA.exe
d:\applications\GEEK SQUAD POWER MANAGEMENT\ppped.exe
d:\applications\Symantec AntiVirus\Rtvscan.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\taskhost.exe
d:\applications\ASUS\AI Suite\CpuLevelUpHookLaunch.exe
d:\applications\ASUS\AI Suite\EnergySaving\PwSave.exe
c:\program files\ASUS\AASP\1.00.95\aaCenter.exe
c:\windows\system32\conhost.exe
d:\applications\Symantec AntiVirus\VPTray.exe
c:\program files\Windows Media Player\WMPSideShowGadget.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDClock.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDMedia.exe
c:\program files\Windows Media Player\wmplayer.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Completion time: 2010-10-24 11:07:14 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-24 16:07

Pre-Run: 293,609,058,304 bytes free
Post-Run: 293,813,129,216 bytes free

- - End Of File - - 1ED43E90B70C288BDCAF26ECA6F82B8E

TimW · Oct 24, 2010

Please read this:
How to attach items to your post.

Now please follow the instructions here:
READ & RUN ME FIRST. Malware Removal Guide

Log in or Sign up

Lagging in Return to castle wolfenstein ET. Please review combofix log

Cpcannon Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member