Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Performance Drop


  • Please log in to reply
12 replies to this topic

#1 Scratch

Scratch

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:19 AM

Posted 01 February 2008 - 02:20 PM

I just formatted this computer a little under two months ago when I went on break from College. It use to generally respond instnatly, but now, opening programs can cause a serious delay in anything for up to ten minutes before reponsiveness returns. Aside from that, performance for just about anything (including games) has gone down. I tried a defrag and several other steps to check what was going on, but it still exhibits these symptoms.

Aside from that, I'm not sure to what impact it is, but the GPU is constant at around 70-72 Celsius when idling. From research, isn't that usually suppose to be around 30-32 Celsius? Either way.. If you can't find anything wrong, I'll continue to try and check my hardware. I've done several scans of it, installed several programs (prior to the hijackthis log and to all the steps in the preparation guide.) to check my nvidia card.

Edit: Also discovered internal temperature is at 105 Celsius if that has any bearing. However, this reading is from SpeedFan, and research says that this rather a negative reading method. However, being that the GPU is up at 70 Celsius average, combined with everything else..

Basically: Performance has sloooowed way down. I understand dorm nets are rather unsecured as well.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:14:35 PM, on 2/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8703 bytes

Edited by Scratch, 02 February 2008 - 12:28 AM.


BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,618 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:19 PM

Posted 12 February 2008 - 07:40 AM

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new hijackthis log. If we do not hear back from you within a couple of days we will need to close your topic.

When posting your logs please post them directly into the reply. Do not attach them.

Also make sure you have already followed the steps outlined below:

Preparation Guide For Use Before Posting A Hijackthis Log

Thank you for your patience.

#3 Scratch

Scratch
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:19 AM

Posted 12 February 2008 - 06:08 PM

No problem. I know you guys are stressed out there.

Please note there's no real way for me to stay off the net for long periods of time due to homework being based around working through the internet.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:07:10 PM, on 2/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9041 bytes

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,618 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:19 PM

Posted 13 February 2008 - 11:49 AM

The HJT log comes up clean. For the heat, its most likely not adequate fans or ventilation in the case. They can help you better in the internal hardware forum on that.

Let's dig deeper for malware:
  • Download Combofix to your desktop.

  • Doubleclick combofix.exe

  • Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished, and after reboot if it asks for one, combofix will open again to gather the necessary information for the log. This may take a while so please be patient. When done, Combofix will close and a log should open called combofix.txt.

Post the contents of this log in your next reply along with a new hijackthislog.

Please do not post the ComboFix-quarantined-files.txt unless I ask you to.

#5 Scratch

Scratch
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:19 AM

Posted 13 February 2008 - 05:19 PM

Strange that only after a month had passed the computer started to go down hill. I would not suspect that the fans or the coil could be the culprit. My brother once had a malware causing severe heat increases in his system, which is what brought me to the probably conclusion that it might be that. I'll head over to hardware and take a look there in the meantime.

ComboFix 08-02-13.2 - Owner 2008-02-13 15:01:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1430 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-13 to 2008-02-13 )))))))))))))))))))))))))))))))
.

2008-02-12 21:18 . 2008-02-13 08:33 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\OpenOffice.org2
2008-02-12 21:16 . 2008-02-12 21:17 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2008-02-11 21:34 . 2008-02-12 23:51 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Hamachi
2008-02-11 21:33 . 2008-02-11 21:34 <DIR> d-------- C:\Program Files\Hamachi
2008-02-11 21:33 . 2008-02-11 21:33 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-02-08 17:45 . 2008-02-08 17:45 <DIR> d--h-c--- C:\Documents and Settings\All Users\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}
2008-02-08 17:34 . 2008-02-08 17:34 <DIR> d-------- C:\Program Files\Stardock Games
2008-02-02 21:58 . 2008-02-02 21:58 <DIR> d-------- C:\Program Files\Common Files\HP
2008-02-02 21:58 . 2008-02-02 21:58 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\HP
2008-02-02 21:56 . 2008-02-02 21:56 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-02-02 21:55 . 2008-02-02 21:55 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-02-02 21:54 . 2004-09-29 12:12 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-02-02 21:54 . 2004-09-29 12:15 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-02-02 21:54 . 2004-09-29 12:09 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-02-02 21:54 . 2004-09-29 12:14 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-02-02 21:54 . 2004-09-29 12:08 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-02-02 21:54 . 2004-09-29 12:09 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-02-02 21:47 . 2008-02-01 19:54 112,874 --------- C:\WINDOWS\hpoins07.dat.temp
2008-02-02 21:47 . 2005-12-16 15:17 21,124 --------- C:\WINDOWS\hpomdl07.dat.temp
2008-02-02 13:54 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-02-02 13:54 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-02-01 19:53 . 2008-02-02 21:58 <DIR> d-------- C:\Program Files\HP
2008-02-01 19:49 . 2008-02-02 22:08 112,954 --a------ C:\WINDOWS\hpoins07.dat
2008-02-01 19:49 . 2005-12-16 15:17 21,124 --------- C:\WINDOWS\hpomdl07.dat
2008-02-01 19:41 . 2008-02-03 22:55 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\HP
2008-02-01 19:41 . 2005-12-16 15:17 51,120 --a------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-02-01 19:41 . 2005-12-16 15:17 16,496 --a------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-02-01 19:40 . 2005-12-16 15:17 606,208 --a------ C:\WINDOWS\system32\hpotscl.dll
2008-02-01 19:40 . 2005-12-16 15:17 278,528 --a------ C:\WINDOWS\system32\hpgwiamd.dll
2008-02-01 19:40 . 2005-12-16 15:17 258,122 --a------ C:\WINDOWS\system32\hpovst08.dll
2008-02-01 19:40 . 2005-12-16 15:18 98,304 --a------ C:\WINDOWS\system32\hpzjsn01.dll
2008-02-01 19:39 . 2005-12-16 15:17 393,216 --a------ C:\WINDOWS\system32\hpzcon12.dll
2008-02-01 19:39 . 2005-12-16 15:17 196,608 --a------ C:\WINDOWS\system32\hpzcoi12.dll
2008-02-01 19:39 . 2005-12-16 15:17 180,315 --a------ C:\WINDOWS\system32\hpzsnt12.dll
2008-02-01 19:34 . 2008-02-02 21:40 <DIR> d----c--- C:\temp\HP_WebRelease
2008-02-01 16:22 . 2008-02-06 15:15 <DIR> d-------- C:\Program Files\SpeedFan
2008-02-01 16:22 . 2008-02-01 16:22 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2008-01-31 22:56 . 2008-01-31 22:56 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-31 15:15 . 2008-01-31 15:22 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-01-30 22:17 . 2008-01-30 22:17 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-30 22:16 . 2008-01-31 13:32 <DIR> d-------- C:\Documents and Settings\Owner\.housecall6.6
2008-01-30 19:52 . 2008-01-30 19:52 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-30 19:52 . 2008-01-30 19:53 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-30 19:31 . 2008-01-30 19:31 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-01-30 19:31 . 2008-01-30 19:31 <DIR> d-------- C:\Program Files\MSECACHE
2008-01-30 19:18 . 2008-01-30 19:25 <DIR> d----c--- C:\fixwareout
2008-01-30 19:02 . 2008-01-30 19:02 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-01-30 16:57 . 2008-01-30 16:57 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-01-30 16:33 . 2008-01-30 16:34 45 --a------ C:\WINDOWS\system32\RPVersion.ini
2008-01-30 16:15 . 2008-01-30 16:15 <DIR> d-------- C:\Program Files\NVIDIA Corporation
2008-01-30 16:13 . 2008-01-30 16:13 <DIR> d-------- C:\Program Files\NVIDIA nTune Performance Application
2008-01-30 15:54 . 2008-01-30 15:54 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\PCPitstop
2008-01-30 15:05 . 2007-06-29 14:47 34,304 --a------ C:\WINDOWS\system32\drivers\AmdLLD.sys
2008-01-24 18:48 . 2008-01-24 18:48 <DIR> d-------- C:\Program Files\MSBuild
2008-01-24 18:08 . 2008-01-24 18:08 <DIR> d-------- C:\WINDOWS\system32\xlive
2008-01-24 18:05 . 2008-01-24 18:48 <DIR> d-------- C:\Program Files\Microsoft XNA
2008-01-24 00:07 . 2008-01-24 00:07 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-22 15:18 . 2008-01-22 15:18 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-01-22 15:18 . 2008-01-24 18:48 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-22 14:58 . 2008-01-22 14:58 <DIR> d-------- C:\Program Files\Perforce
2008-01-20 16:06 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-01-20 16:06 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-01-20 16:06 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-20 16:06 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-18 20:44 . 2008-01-18 20:44 <DIR> d----c--- C:\ProgramData
2008-01-18 20:44 . 2008-01-18 20:44 <DIR> d-------- C:\Program Files\Electronic Arts
2008-01-16 19:11 . 2008-02-10 22:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-16 19:11 . 2008-01-16 19:11 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-15 20:26 . 2008-01-15 20:26 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer
2008-01-15 20:25 . 2008-01-30 16:25 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-14 13:04 . 2008-01-14 13:04 215,144 --a------ C:\WINDOWS\patchw32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-13 15:32 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVG7
2008-02-13 04:49 --------- d-----w C:\Program Files\Steam
2008-02-12 05:47 --------- d-----w C:\Documents and Settings\Owner\Application Data\mIRC
2008-02-12 03:18 --------- d-----w C:\Program Files\mIRC
2008-02-11 05:41 --------- d-----w C:\Documents and Settings\Owner\Application Data\IGN_DLM
2008-02-07 04:18 --------- d-----w C:\Program Files\Xfire
2008-02-05 04:24 --------- d-----w C:\Documents and Settings\Owner\Application Data\Xfire
2008-02-05 03:39 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-30 23:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-30 22:05 --------- d-----w C:\Program Files\AMD
2008-01-27 02:49 --------- d-----w C:\Program Files\THQ
2008-01-20 01:05 --------- d-----w C:\Program Files\Glory of the Roman Empire
2008-01-18 12:16 --------- d-----w C:\Program Files\Combined Community Codec Pack
2008-01-16 03:26 --------- d-----w C:\Program Files\QuickTime
2008-01-10 20:05 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-09 22:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2008-01-06 11:42 --------- d-----w C:\Program Files\9Dragons
2007-12-31 09:04 --------- d-----w C:\Program Files\SystemRequirementsLab
2007-12-31 09:04 --------- d-----w C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab
2007-12-31 09:03 --------- d-----w C:\Program Files\Java
2007-12-31 09:02 --------- d-----w C:\Program Files\Common Files\Java
2007-12-30 02:40 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-12-30 02:40 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-30 02:40 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-12-29 09:57 --------- d-----w C:\Program Files\DivX
2007-12-26 22:38 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-25 09:03 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-25 03:47 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-12-25 03:47 --------- d--h--r C:\Documents and Settings\Owner\Application Data\SecuROM
2007-12-23 21:35 --------- dc----w C:\Documents and Settings\All Users\Application Data\Firefly Studios
2007-12-21 04:14 --------- d-----w C:\Program Files\BitLord
2007-12-21 01:06 --------- d-----w C:\Program Files\Sony
2007-12-21 01:06 --------- d-----w C:\Program Files\Flying Lab Software
2007-12-20 07:36 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Xfire
2007-12-20 06:59 --------- d-----w C:\Program Files\AGEIA Technologies
2007-12-19 22:49 --------- d-----w C:\Program Files\Real
2007-12-19 22:49 --------- d-----w C:\Program Files\Common Files\xing shared
2007-12-19 22:49 --------- d-----w C:\Program Files\Common Files\Real
2007-12-19 21:29 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Xfire
2007-12-19 17:32 --------- dc----w C:\Documents and Settings\All Users\Application Data\avg7
2007-12-19 10:00 --------- d-----w C:\Program Files\MSXML 4.0
2007-12-19 05:52 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-19 02:56 18,048 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2007-12-19 02:56 165,376 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2007-12-19 00:17 --------- d-----w C:\Program Files\Download Manager
2007-12-18 23:50 --------- d-----w C:\Program Files\SEGA
2007-12-18 23:49 --------- d-----w C:\Documents and Settings\Owner\Application Data\InstallShield
2007-12-18 22:01 22,328 ----a-w C:\Documents and Settings\Owner\Application Data\PnkBstrK.sys
2007-12-18 21:50 --------- d-----w C:\Program Files\Activision
2007-12-18 21:41 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-12-18 21:40 --------- dc----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-18 21:40 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL
2007-12-18 21:40 --------- d-----w C:\Program Files\Viewpoint
2007-12-18 21:40 --------- d-----w C:\Program Files\AIM6
2007-12-18 21:40 --------- d-----w C:\Documents and Settings\Owner\Application Data\acccore
2007-12-18 21:39 --------- d-----w C:\Program Files\Common Files\AOL
2007-12-18 21:31 --------- d-----w C:\Program Files\Windows Live
2007-12-18 21:31 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2007-12-18 21:26 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-18 21:17 --------- dc----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-18 19:15 --------- dc----w C:\Documents and Settings\All Users\Application Data\Ahead
2007-12-18 19:15 --------- d-----w C:\Program Files\Common Files\Ahead
2007-12-18 19:15 --------- d-----w C:\Documents and Settings\Owner\Application Data\Ahead
2007-12-18 19:12 --------- dc----w C:\Documents and Settings\All Users\Application Data\Nero
2007-12-18 19:12 --------- d-----w C:\Program Files\Nero
2007-12-18 19:01 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-12-18 19:01 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-12-18 19:01 --------- dc----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-18 19:01 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-18 19:00 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-18 18:56 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2007-12-18 18:19 --------- d-----w C:\Program Files\AquaMark3
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-17 23:00 --------- d-----w C:\Documents and Settings\Owner\Application Data\Creative
2007-12-17 21:27 --------- d-----w C:\Program Files\Creative
2007-12-17 19:11 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-14 18:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-05 09:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-12-05 08:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-12-05 08:41 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-12-05 08:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-12-05 08:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-12-05 08:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-12-05 08:41 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-12-05 08:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-12-05 08:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-12-05 08:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-12-05 08:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-12-05 08:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-12-05 08:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-12-05 08:41 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
2007-12-05 08:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-12-05 08:41 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-12-05 08:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-12-05 08:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-12-05 08:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-12-05 08:41 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-12-05 08:41 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-12-05 08:41 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPCheckoutOverlay]
@={80E008A4-EAE7-4867-AEB0-1A245F070F25}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPSyncdOverlay]
@={ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPUpdateOverlay]
@={C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}

[HKEY_CLASSES_ROOT\CLSID\{80E008A4-EAE7-4867-AEB0-1A245F070F25}]
2007-05-23 13:30 548864 --a------ C:\Program Files\Perforce\p4exp.dll

[HKEY_CLASSES_ROOT\CLSID\{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}]
2007-05-23 13:30 548864 --a------ C:\Program Files\Perforce\p4exp.dll

[HKEY_CLASSES_ROOT\CLSID\{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}]
2007-05-23 13:30 548864 --a------ C:\Program Files\Perforce\p4exp.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteCenter"="C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-10-08 16:35 139264]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 10:21 153136]
"Aim6"="" []
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 14:57 1103480]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 19:25 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 10:43 57344]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 01:00 45056]
"CTHelper"="CTHELPER.EXE" [2003-10-05 23:57 24576 C:\WINDOWS\system32\CTHELPER.EXE]
"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 18:06 45056]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-20 15:31 579072]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-19 15:48 185896]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 11:06 77824]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-18 12:01 219136]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]

R2 PfDetNT;PfDetNT;C:\WINDOWS\system32\drivers\PfModNT.sys [2003-03-05 12:19]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 14:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b97260e9-ac96-11dc-81a8-806d6172696f}]
\Shell\AutoRun\command - E:\Setup.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 15:05:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-13 15:05:53
.
2008-02-13 06:57:13 --- E O F ---


Hijack This

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:09:55 PM, on 2/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9115 bytes

Edited by Scratch, 13 February 2008 - 05:20 PM.


#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,618 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:19 PM

Posted 16 February 2008 - 04:13 PM

The only thing I found was the below and I do not even think its bad. Let's get rid of it to be safe. Otherwise there is no malware issues here.

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b97260e9-ac96-11dc-81a8-806d6172696f}]


Save this as the txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

#7 Scratch

Scratch
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:19 AM

Posted 18 February 2008 - 06:53 PM

Well, I guess that means it's on my end.




ComboFix 08-02-13.2 - Owner 2008-02-16 22:22:18.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1489 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-17 to 2008-02-17 )))))))))))))))))))))))))))))))
.

2008-02-13 15:49 . 2008-02-15 15:51 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\wsInspector
2008-02-13 15:46 . 2008-02-13 15:48 <DIR> d-------- C:\Program Files\Startup Inspector for Windows
2008-02-12 21:18 . 2008-02-16 16:54 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\OpenOffice.org2
2008-02-12 21:16 . 2008-02-12 21:17 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2008-02-11 21:34 . 2008-02-14 22:47 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Hamachi
2008-02-11 21:33 . 2008-02-11 21:34 <DIR> d-------- C:\Program Files\Hamachi
2008-02-11 21:33 . 2008-02-11 21:33 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-02-08 17:45 . 2008-02-08 17:45 <DIR> d--h-c--- C:\Documents and Settings\All Users\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}
2008-02-08 17:34 . 2008-02-08 17:34 <DIR> d-------- C:\Program Files\Stardock Games
2008-02-02 21:58 . 2008-02-02 21:58 <DIR> d-------- C:\Program Files\Common Files\HP
2008-02-02 21:58 . 2008-02-02 21:58 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\HP
2008-02-02 21:56 . 2008-02-02 21:56 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-02-02 21:55 . 2008-02-02 21:55 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-02-02 21:54 . 2004-09-29 12:12 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-02-02 21:54 . 2004-09-29 12:15 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-02-02 21:54 . 2004-09-29 12:09 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-02-02 21:54 . 2004-09-29 12:14 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-02-02 21:54 . 2004-09-29 12:08 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-02-02 21:54 . 2004-09-29 12:09 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-02-02 21:47 . 2008-02-01 19:54 112,874 --------- C:\WINDOWS\hpoins07.dat.temp
2008-02-02 21:47 . 2005-12-16 15:17 21,124 --------- C:\WINDOWS\hpomdl07.dat.temp
2008-02-02 13:54 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-02-02 13:54 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-02-01 19:53 . 2008-02-02 21:58 <DIR> d-------- C:\Program Files\HP
2008-02-01 19:49 . 2008-02-02 22:08 112,954 --a------ C:\WINDOWS\hpoins07.dat
2008-02-01 19:49 . 2005-12-16 15:17 21,124 --------- C:\WINDOWS\hpomdl07.dat
2008-02-01 19:41 . 2008-02-03 22:55 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\HP
2008-02-01 19:41 . 2005-12-16 15:17 51,120 --a------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-02-01 19:41 . 2005-12-16 15:17 16,496 --a------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-02-01 19:40 . 2005-12-16 15:17 606,208 --a------ C:\WINDOWS\system32\hpotscl.dll
2008-02-01 19:40 . 2005-12-16 15:17 278,528 --a------ C:\WINDOWS\system32\hpgwiamd.dll
2008-02-01 19:40 . 2005-12-16 15:17 258,122 --a------ C:\WINDOWS\system32\hpovst08.dll
2008-02-01 19:40 . 2005-12-16 15:18 98,304 --a------ C:\WINDOWS\system32\hpzjsn01.dll
2008-02-01 19:39 . 2005-12-16 15:17 393,216 --a------ C:\WINDOWS\system32\hpzcon12.dll
2008-02-01 19:39 . 2005-12-16 15:17 196,608 --a------ C:\WINDOWS\system32\hpzcoi12.dll
2008-02-01 19:39 . 2005-12-16 15:17 180,315 --a------ C:\WINDOWS\system32\hpzsnt12.dll
2008-02-01 19:34 . 2008-02-02 21:40 <DIR> d----c--- C:\temp\HP_WebRelease
2008-02-01 16:22 . 2008-02-06 15:15 <DIR> d-------- C:\Program Files\SpeedFan
2008-02-01 16:22 . 2008-02-01 16:22 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2008-01-31 22:56 . 2008-01-31 22:56 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-31 15:15 . 2008-01-31 15:22 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-01-30 22:17 . 2008-01-30 22:17 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-30 22:16 . 2008-01-31 13:32 <DIR> d-------- C:\Documents and Settings\Owner\.housecall6.6
2008-01-30 19:52 . 2008-01-30 19:52 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-30 19:52 . 2008-01-30 19:53 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-30 19:31 . 2008-01-30 19:31 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-01-30 19:31 . 2008-01-30 19:31 <DIR> d-------- C:\Program Files\MSECACHE
2008-01-30 19:18 . 2008-01-30 19:25 <DIR> d----c--- C:\fixwareout
2008-01-30 19:02 . 2008-01-30 19:02 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-01-30 16:57 . 2008-01-30 16:57 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-01-30 16:33 . 2008-01-30 16:34 45 --a------ C:\WINDOWS\system32\RPVersion.ini
2008-01-30 16:15 . 2008-01-30 16:15 <DIR> d-------- C:\Program Files\NVIDIA Corporation
2008-01-30 16:13 . 2008-01-30 16:13 <DIR> d-------- C:\Program Files\NVIDIA nTune Performance Application
2008-01-30 15:54 . 2008-01-30 15:54 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\PCPitstop
2008-01-30 15:05 . 2007-06-29 14:47 34,304 --a------ C:\WINDOWS\system32\drivers\AmdLLD.sys
2008-01-24 18:48 . 2008-01-24 18:48 <DIR> d-------- C:\Program Files\MSBuild
2008-01-24 18:08 . 2008-01-24 18:08 <DIR> d-------- C:\WINDOWS\system32\xlive
2008-01-24 18:05 . 2008-01-24 18:48 <DIR> d-------- C:\Program Files\Microsoft XNA
2008-01-24 00:07 . 2008-01-24 00:07 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-22 15:18 . 2008-01-22 15:18 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-01-22 15:18 . 2008-01-24 18:48 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-22 14:58 . 2008-01-22 14:58 <DIR> d-------- C:\Program Files\Perforce
2008-01-20 16:06 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-01-20 16:06 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-01-20 16:06 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-20 16:06 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-18 20:44 . 2008-01-18 20:44 <DIR> d----c--- C:\ProgramData
2008-01-18 20:44 . 2008-01-18 20:44 <DIR> d-------- C:\Program Files\Electronic Arts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-16 23:53 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVG7
2008-02-16 05:21 --------- d-----w C:\Program Files\Steam
2008-02-16 05:16 --------- d-----w C:\Documents and Settings\Owner\Application Data\mIRC
2008-02-16 01:23 --------- d-----w C:\Program Files\mIRC
2008-02-15 18:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-15 18:42 --------- d-----w C:\Program Files\THQ
2008-02-15 04:43 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer
2008-02-14 03:13 --------- d-----w C:\Program Files\Xfire
2008-02-11 05:41 --------- d-----w C:\Documents and Settings\Owner\Application Data\IGN_DLM
2008-02-05 04:24 --------- d-----w C:\Documents and Settings\Owner\Application Data\Xfire
2008-02-05 03:39 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-30 23:25 --------- dc----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-30 22:05 --------- d-----w C:\Program Files\AMD
2008-01-20 01:05 --------- d-----w C:\Program Files\Glory of the Roman Empire
2008-01-18 12:16 --------- d-----w C:\Program Files\Combined Community Codec Pack
2008-01-16 03:26 --------- d-----w C:\Program Files\QuickTime
2008-01-14 20:04 215,144 ----a-w C:\WINDOWS\patchw32.dll
2008-01-10 20:05 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-09 22:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2008-01-06 11:42 --------- d-----w C:\Program Files\9Dragons
2007-12-31 09:04 --------- d-----w C:\Program Files\SystemRequirementsLab
2007-12-31 09:04 --------- d-----w C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab
2007-12-31 09:03 --------- d-----w C:\Program Files\Java
2007-12-31 09:02 --------- d-----w C:\Program Files\Common Files\Java
2007-12-30 02:40 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-12-30 02:40 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-30 02:40 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-12-29 09:57 --------- d-----w C:\Program Files\DivX
2007-12-26 22:38 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-25 09:03 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-25 03:47 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-12-25 03:47 --------- d--h--r C:\Documents and Settings\Owner\Application Data\SecuROM
2007-12-23 21:35 --------- dc----w C:\Documents and Settings\All Users\Application Data\Firefly Studios
2007-12-21 04:14 --------- d-----w C:\Program Files\BitLord
2007-12-21 01:06 --------- d-----w C:\Program Files\Sony
2007-12-21 01:06 --------- d-----w C:\Program Files\Flying Lab Software
2007-12-20 07:36 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Xfire
2007-12-20 06:59 --------- d-----w C:\Program Files\AGEIA Technologies
2007-12-19 22:49 --------- d-----w C:\Program Files\Real
2007-12-19 22:49 --------- d-----w C:\Program Files\Common Files\xing shared
2007-12-19 22:49 --------- d-----w C:\Program Files\Common Files\Real
2007-12-19 21:29 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Xfire
2007-12-19 17:32 --------- dc----w C:\Documents and Settings\All Users\Application Data\avg7
2007-12-19 10:00 --------- d-----w C:\Program Files\MSXML 4.0
2007-12-19 05:52 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-19 02:56 18,048 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2007-12-19 02:56 165,376 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2007-12-19 00:17 --------- d-----w C:\Program Files\Download Manager
2007-12-18 23:50 --------- d-----w C:\Program Files\SEGA
2007-12-18 23:49 --------- d-----w C:\Documents and Settings\Owner\Application Data\InstallShield
2007-12-18 22:01 22,328 ----a-w C:\Documents and Settings\Owner\Application Data\PnkBstrK.sys
2007-12-18 21:50 --------- d-----w C:\Program Files\Activision
2007-12-18 21:41 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-12-18 21:40 --------- dc----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-18 21:40 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL
2007-12-18 21:40 --------- d-----w C:\Program Files\Viewpoint
2007-12-18 21:40 --------- d-----w C:\Program Files\AIM6
2007-12-18 21:40 --------- d-----w C:\Documents and Settings\Owner\Application Data\acccore
2007-12-18 21:39 --------- d-----w C:\Program Files\Common Files\AOL
2007-12-18 21:31 --------- d-----w C:\Program Files\Windows Live
2007-12-18 21:31 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2007-12-18 21:26 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-18 21:17 --------- dc----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-18 19:15 --------- dc----w C:\Documents and Settings\All Users\Application Data\Ahead
2007-12-18 19:15 --------- d-----w C:\Program Files\Common Files\Ahead
2007-12-18 19:15 --------- d-----w C:\Documents and Settings\Owner\Application Data\Ahead
2007-12-18 19:12 --------- dc----w C:\Documents and Settings\All Users\Application Data\Nero
2007-12-18 19:12 --------- d-----w C:\Program Files\Nero
2007-12-18 19:01 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-12-18 19:01 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-12-18 19:01 --------- dc----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-18 19:01 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-18 19:00 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-18 18:56 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2007-12-18 18:19 --------- d-----w C:\Program Files\AquaMark3
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-17 23:00 --------- d-----w C:\Documents and Settings\Owner\Application Data\Creative
2007-12-17 21:27 --------- d-----w C:\Program Files\Creative
2007-12-17 19:11 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-14 18:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-05 09:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-12-05 08:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-12-05 08:41 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-12-05 08:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-12-05 08:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-12-05 08:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-12-05 08:41 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-12-05 08:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-12-05 08:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-12-05 08:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-12-05 08:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-12-05 08:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-12-05 08:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-12-05 08:41 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
2007-12-05 08:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-12-05 08:41 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-12-05 08:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-12-05 08:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-12-05 08:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPCheckoutOverlay]
@={80E008A4-EAE7-4867-AEB0-1A245F070F25}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPSyncdOverlay]
@={ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPUpdateOverlay]
@={C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}

[HKEY_CLASSES_ROOT\CLSID\{80E008A4-EAE7-4867-AEB0-1A245F070F25}]
2007-05-23 13:30 548864 --a------ C:\Program Files\Perforce\p4exp.dll

[HKEY_CLASSES_ROOT\CLSID\{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}]
2007-05-23 13:30 548864 --a------ C:\Program Files\Perforce\p4exp.dll

[HKEY_CLASSES_ROOT\CLSID\{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}]
2007-05-23 13:30 548864 --a------ C:\Program Files\Perforce\p4exp.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteCenter"="C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-10-08 16:35 139264]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 10:43 57344]
"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 18:06 45056]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-20 15:31 579072]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 11:06 77824]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"CTHelper"="CTHELPER.EXE" [2003-10-05 23:57 24576 C:\WINDOWS\system32\CTHELPER.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-19 15:48 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-18 12:01 219136]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]

R2 PfDetNT;PfDetNT;C:\WINDOWS\system32\drivers\PfModNT.sys [2003-03-05 12:19]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 14:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b97260e9-ac96-11dc-81a8-806d6172696f}]
\Shell\AutoRun\command - E:\Setup.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-16 22:25:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-16 22:26:22
ComboFix2.txt 2008-02-13 22:05:54
.
2008-02-13 06:57:13 --- E O F ---


HijackThis:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:50:57 AM, on 2/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8107 bytes

#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,618 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:19 PM

Posted 19 February 2008 - 09:55 AM

Do you use any USB disks or flash drives?

#9 Scratch

Scratch
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:19 AM

Posted 19 February 2008 - 12:50 PM

No on that one.

#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,618 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:19 PM

Posted 19 February 2008 - 01:02 PM

What is your E:\ Drive? CD?

#11 Scratch

Scratch
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:19 AM

Posted 19 February 2008 - 09:33 PM

DvD drive.

#12 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,618 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:19 PM

Posted 20 February 2008 - 03:03 PM

Nothing wrong here then. Looks clean to me. My guess is the overheating is a hardware issue of some sort.

#13 Scratch

Scratch
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:19 AM

Posted 20 February 2008 - 04:10 PM

Roger that. I'm thinking it's that, actually.

It's weird that it's only happening recently.
I took a look at the fans too, it seems I need to turn one around.

I was just concerned because it's never overheated until a month after the operation of reformating was done. Hmm, It'll take me a bit, but I'll see what I can do.

Thanks.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users