Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not sure what I am infected with, but I do know that my applications jump from 38-39 than back down to 38 real fast and my CPU usage spikes a lot.


  • Please log in to reply
2 replies to this topic

#1 MMIkid

MMIkid

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 16 July 2009 - 02:47 PM

I hope this is the proper area for this if not would someone kindly send me a PM on where I should go with this problem. I have just re-formatted my computer last weekend as I was experiencing the same problem. When I ctr+alt+del to get the task manager my processes jumps from 38 to 39 real fast and it is hard to read what pops in there and than it disappears really quickly. There is also a resulting spike in the CPU usage and this problem is effecting my system performance in all areas, browsing, sluggish and lags online games that are video intensive. My computer is a 3 year old Alienware running Microsoft XP pro. I have 2gig of RAM, a 1gig 285 Nvidia GC and run Trend Micro internet security pro as recommended by one of my IT friends. When I did the reformat last Saturday I did the (quick format) option. Is there a possibility that what I had on before the re-format is still there because I did the quick option? I don't know enough myself, but this issue is really starting to annoy me as I don't want to re-format again just to get my computer running smoothly. Thanks for any and all help.

DDS (Ver_09-06-26.01) - NTFSx86
Run by John Mayer at 12:32:02.20 on Thu 07/16/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1272 [GMT -7:00]

AV: Trend Micro Internet Security Pro *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
FW: ActiveArmor Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\PlatformDependent\ProToolbarComm.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\Internet Security\UfNavi.exe
C:\Program Files\Trend Micro\Internet Security\UfNavi.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\John Mayer\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll
TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll
uRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
dRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\johnma~1\applic~1\mozilla\firefox\profiles\nyzsmlkm.default\
FF - component: c:\program files\trend micro\trendsecure\tisprotoolbar\firefoxextension\components\FFTMUFEHelper.dll
FF - component: c:\program files\trend micro\trendsecure\tisprotoolbar\firefoxextension\components\FFToolbarComm.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-7-16 353680]
R2 Security Activity Dashboard Service;Security Activity Dashboard Service;c:\program files\trend micro\trendsecure\securityactivitydashboard\tmarsvc.exe [2009-7-10 181584]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-7-10 50192]
R2 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2009-7-10 497008]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2008-8-19 36368]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-7-10 677128]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2008-8-19 335376]

=============== Created Last 30 ================

2009-07-16 12:01 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-07-16 12:00 1,221,008 a------- c:\windows\system32\zpeng25.dll
2009-07-16 12:00 <DIR> --d----- c:\windows\system32\ZoneLabs
2009-07-16 12:00 <DIR> --d----- c:\program files\Zone Labs
2009-07-16 12:00 348,371 a------- c:\windows\system32\vsconfig.xml
2009-07-16 11:59 <DIR> --d----- c:\windows\Internet Logs
2009-07-15 13:47 <DIR> --d----- c:\program files\MSXML 4.0
2009-07-14 14:42 <DIR> --d----- c:\program files\common files\HP
2009-07-14 14:39 <DIR> --d----- c:\program files\common files\Hewlett-Packard
2009-07-14 14:39 16,496 a----r-- c:\windows\system32\drivers\HPZipr12.sys
2009-07-14 14:39 49,664 a----r-- c:\windows\system32\drivers\HPZid412.sys
2009-07-14 14:38 77,824 a----r-- c:\windows\system32\HPZIDS01.dll
2009-07-14 14:38 38,400 a------- c:\windows\system32\hpz3l054.dll
2009-07-14 14:38 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-07-14 14:38 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-07-14 14:38 204,800 a------- c:\windows\system32\HPZipr12.dll
2009-07-14 14:38 94,208 a------- c:\windows\system32\HPZipt12.dll
2009-07-14 14:38 69,632 a------- c:\windows\system32\HPZipm12.exe
2009-07-14 14:38 57,344 a------- c:\windows\system32\HPZisn12.dll
2009-07-14 14:38 278,584 a------- c:\windows\system32\HPZidr12.dll
2009-07-14 14:38 65,536 a------- c:\windows\system32\HPZinw12.exe
2009-07-14 14:38 306,688 a------- c:\windows\IsUninst.exe
2009-07-14 14:36 <DIR> --d----- c:\program files\HP
2009-07-14 14:33 26,368 ac------ c:\windows\system32\dllcache\usbstor.sys
2009-07-14 14:33 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys
2009-07-14 14:33 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-07-14 14:29 118,642 a------- c:\windows\hpoins09.dat
2009-07-14 12:12 0 a------- c:\docume~1\johnma~1\applic~1\wklnhst.dat
2009-07-12 14:33 192,512 a------- c:\windows\system32\kdfvmgr.exe
2009-07-12 14:33 77,824 a------- c:\windows\system32\kdfapi.dll
2009-07-12 14:33 53,248 a------- c:\windows\system32\Kdfhok.dll
2009-07-12 14:33 475,872 a------- c:\windows\system32\kdfinj.dll
2009-07-12 14:33 387,288 a------- c:\windows\system32\kdfmgr.exe
2009-07-12 14:33 <DIR> --d----- c:\windows\kdefense
2009-07-12 01:41 <DIR> --d----- c:\windows\system32\scripting
2009-07-12 01:41 <DIR> --d----- c:\windows\system32\en
2009-07-12 01:41 <DIR> --d----- c:\windows\l2schemas
2009-07-12 01:41 <DIR> --d----- c:\windows\system32\bits
2009-07-12 01:37 <DIR> --d----- c:\windows\ServicePackFiles
2009-07-12 01:35 <DIR> --d----- c:\windows\network diagnostic
2009-07-11 12:43 60,032 a------- c:\windows\system32\drivers\usbaudio.sys
2009-07-11 03:14 572,557 -c------ c:\windows\system32\dllcache\rtuner.wmv
2009-07-11 03:13 73,216 -------- c:\windows\system32\drivers\atintuxx.sys
2009-07-11 03:01 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-07-11 03:01 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-07-11 03:01 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-07-11 03:01 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-07-11 03:01 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-07-11 03:00 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-07-11 03:00 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-07-11 03:00 <DIR> --d----- c:\windows\system32\PreInstall
2009-07-11 03:00 <DIR> --d-h--- c:\windows\$hf_mig$
2009-07-11 00:48 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-07-10 23:34 <DIR> --d----- c:\program files\Ventrilo
2009-07-10 23:34 262 a------- c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-07-10 23:20 77,551 a------- c:\windows\War3Unin.dat
2009-07-10 23:20 139,264 a------- c:\windows\War3Unin.exe
2009-07-10 23:20 2,829 a------- c:\windows\War3Unin.pif
2009-07-10 23:19 <DIR> --d----- c:\program files\VideoLAN
2009-07-10 22:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Blizzard
2009-07-10 20:52 <DIR> --d----- c:\program files\common files\Blizzard Entertainment
2009-07-10 20:52 <DIR> --d----- c:\program files\World of Warcraft
2009-07-10 20:44 <DIR> --d----- c:\windows\LocalSSL
2009-07-10 20:44 153,104 a------- c:\windows\system32\drivers\tmcomm.sys
2009-07-10 20:44 50,192 a------- c:\windows\system32\drivers\tmevtmgr.sys
2009-07-10 20:44 50,192 a------- c:\windows\system32\drivers\tmactmon.sys
2009-07-10 20:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trend Micro
2009-07-10 20:42 <DIR> --d----- c:\program files\Trend Micro
2009-07-10 20:40 <DIR> --d----- c:\program files\Trend Micro™ Internet Security Pro
2009-07-10 20:05 <DIR> --d----- c:\windows\system32\AGEIA
2009-07-10 20:05 940,794 a------- c:\windows\system32\LoopyMusic.wav
2009-07-10 20:05 146,650 a------- c:\windows\system32\BuzzingBee.wav
2009-07-10 20:05 <DIR> --d----- c:\windows\system32\Lang
2009-07-10 20:03 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-07-10 20:03 457,248 a------- c:\windows\system32\nvudisp.exe
2009-07-10 20:03 19,495 a------- c:\windows\system32\nvdisp.nvu
2009-07-10 20:03 <DIR> --d----- C:\NVIDIA
2009-07-10 19:54 40,960 -----r-- c:\windows\system32\ChCfg.exe
2009-07-10 19:54 <DIR> --d----- c:\windows\system32\RTCOM
2009-07-10 19:54 129,536 a------- c:\windows\system32\ksproxy.ax
2009-07-10 19:54 60,160 a------- c:\windows\system32\drivers\drmk.sys
2009-07-10 19:54 4,096 a------- c:\windows\system32\ksuser.dll
2009-07-10 19:53 <DIR> --d----- c:\program files\Realtek
2009-07-10 19:52 13,698 a------- c:\windows\system32\wpa.bak
2009-07-10 19:50 <DIR> --ds---- c:\documents and settings\john mayer\UserData
2009-07-10 19:49 1,024 a------- C:\.rnd
2009-07-10 19:49 22 a------- c:\windows\FileName
2009-07-10 19:49 <DIR> --d----- c:\program files\NVIDIA Corporation
2009-07-10 19:48 442,368 a------- c:\windows\system32\CapabilityTable.exe
2009-07-10 19:48 289,792 a----r-- c:\windows\system32\idecoiins.dll
2009-07-10 19:48 289,792 a----r-- c:\windows\system32\idecoi.dll
2009-07-10 19:48 100,736 a----r-- c:\windows\system32\drivers\nvata.sys
2009-07-10 19:48 35,840 a----r-- c:\windows\system32\NVCOI.DLL
2009-07-10 19:48 208,896 -------- c:\windows\system32\nvuide.exe
2009-07-10 19:48 1,570 -------- c:\windows\system32\nvide.nvu
2009-07-10 19:48 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-07-10 19:45 <DIR> --d----- c:\documents and settings\John Mayer
2009-07-10 19:45 <DIR> --ds---- c:\windows\system32\Microsoft
2009-07-10 19:43 8,192 a------- c:\windows\REGLOCS.OLD
2009-07-10 19:41 9,216 ac------ c:\windows\system32\dllcache\kbdnecat.dll
2009-07-10 19:40 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-07-10 19:40 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-07-10 19:39 <DIR> --d----- c:\program files\common files\MSSoap
2009-07-10 19:38 <DIR> --d----- c:\program files\Online Services
2009-07-10 19:38 <DIR> --d----- c:\program files\Messenger
2009-07-10 19:38 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-07-10 19:37 <DIR> --d----- c:\program files\Windows NT
2009-07-10 12:32 <DIR> --d----- c:\program files\common files\ODBC
2009-07-10 12:32 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-07-10 12:31 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-07-12 01:43 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-07-10 19:38 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-06-21 08:46 485,920 a------- c:\windows\system32\NVUNINST.EXE
2009-06-16 07:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 07:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-10 08:28 3,510,272 a------- c:\windows\system32\nvgames.dll
2009-06-10 08:28 4,022,272 a------- c:\windows\system32\nvdisps.dll
2009-06-10 08:28 13,758,464 a------- c:\windows\system32\nvcpl.dll
2009-06-10 08:28 168,004 a------- c:\windows\system32\nvsvc32.exe
2009-06-10 08:28 143,360 a------- c:\windows\system32\nvcolor.exe
2009-06-10 08:28 86,016 a------- c:\windows\system32\nvmctray.dll
2009-06-10 08:28 229,376 a------- c:\windows\system32\nvmccs.dll
2009-06-10 06:03 9,998,336 a------- c:\windows\system32\nvoglnt.dll
2009-06-10 06:03 8,087,712 a------- c:\windows\system32\drivers\nv4_mini.sys
2009-06-10 06:03 5,908,608 a------- c:\windows\system32\nv4_disp.dll
2009-06-10 06:03 1,720,320 a------- c:\windows\system32\nvcuda.dll
2009-06-10 06:03 1,580,550 a------- c:\windows\system32\nvdata.bin
2009-06-10 06:03 1,310,720 a------- c:\windows\system32\nvcuvenc.dll
2009-06-10 06:03 815,104 a------- c:\windows\system32\nvapi.dll
2009-06-10 06:03 671,744 a------- c:\windows\system32\nvcuvid.dll
2009-06-10 06:03 151,552 a------- c:\windows\system32\nvcodins.dll
2009-06-10 06:03 151,552 a------- c:\windows\system32\nvcod.dll
2009-06-03 12:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-05-22 01:02 225,296 a------- c:\windows\system32\drivers\tmxpflt.sys
2009-05-22 01:00 36,368 a------- c:\windows\system32\drivers\tmpreflt.sys
2009-05-22 00:45 1,220,120 a------- c:\windows\system32\drivers\vsapint.sys
2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-28 21:46 666,624 a------- c:\windows\system32\wininet.dll
2009-04-28 21:46 81,920 a------- c:\windows\system32\ieencode.dll
2009-04-28 09:55 70,936 a------- c:\windows\system32\PhysXLoader.dll

============= FINISH: 12:32:39.00 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 MMIkid

MMIkid
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 16 July 2009 - 03:32 PM

Well I've managed to write down the process that seems to be the problem and it is "HPZipm12.exe" Apparently it is part of the software that I installed yesterday for my printer, so I'm going to actually register it and see if that fixes the problem and if it does not I guess I'll uninstall the crap HP software.

Update #2: Well I have updated the HP software and have turned on the printer. While this has made it so the "HPZipm12.eye" file no longer pops in and out of the processes tab for the Windows Task Manager, the CPU usage is still spiking from 0-1% to 20-30% with nothing running but a browser (firefox). There also seems to be a new process that comes up and goes away, though not very quickly that is "Wmiprvse.exe" Not sure if that is an issue going to research it now.

Still having CPU spikes that are severe, and it says that my "System Idle Process" is the CPU hog... I am pretty sure I have something hiding somewhere in my system.

Update #3: I have run several of the suggested free scans located on anther forum here at bleepingcomputer.com and everyone of them says I am not infected with anything. This is quite frustrating as my system does suffer in performance while trying to run graphic intensive online games. Again I have 2MB of DDR2 ram, run an AMD dual core processor, have Windows XP pro, and a 1GB GC that is a GTX285 Nvidia. After my recent reformat I updated all drivers I could find most importantly my video card and cpu. The computer ran fine Sun-Wed after the reformat, however today I am experiencing the same issue that caused me to reformat in the first place, CPU usage spikes from an unknown source. I figured it was some trojan that my antivirus was not picking up. I am not 100% sure this is the case now as I am again experiencing this problem and am quite miffed by it with my limited computer knowledge. Is it possible that because I used the "quick format" option when I reformatted my HD that whatever was on there causing the problem in the first place is still there, or is this a problem totally unrelated to virus/trojan/spyware/malware? I am at the extent of what I know how to do without reformatting again which I would like to not do even if it would only take 3~4 hours to get back to where I am now using the "quick" formatting option.

Also here is a log of Malwarebytes Anti-Malware scan on my system.

Malwarebytes' Anti-Malware 1.39
Database version: 2443
Windows 5.1.2600 Service Pack 3

7/16/2009 3:54:23 PM
mbam-log-2009-07-16 (15-54-23).txt

Scan type: Full Scan (C:\|)
Objects scanned: 115515
Time elapsed: 19 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Update #4 I have also run both my Trend Micro and the Mbam in safe mode and both turn up clean there too.... I really am not sure now if this is a software problem or a hardware issues, please help. :thumbup2:

Hello MMIkid,

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.

Thank you for understanding.

Regards,

The weatherman
(Moderator)

Edited by The weatherman, 17 July 2009 - 05:37 PM.


#3 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:12:19 PM

Posted 26 July 2009 - 11:55 AM

Sorry for delay, no shortage of posters. Still need help, reply to my post.

heres a problem:

FW: ZoneAlarm Firewall *enabled*
FW: ActiveArmor Firewall *enabled*
FW: Trend Micro Personal Firewall *enabled*


Only need one firewall, uninstall two of them via add/remove programs panel and reboot machine.

Edited by shelf life, 26 July 2009 - 11:57 AM.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users