Thread: computer really jumpy, 'system' process at 50%
View Single Post
Old 08-08-2007, 08:38 PM   #1 (permalink)
TempestPDM
Registered User
 
Join Date: Aug 2007
Location: Australia
Posts: 22
OS: XP SP3

My System

Send a message via MSN to TempestPDM
Confused computer really jumpy, 'system' process at 50%
The system process is continually running at or close to 50%. My computer acts likes is freezing for half a second or so every second, extrememly jumpy. It happened just after i re-formatted my computer. I used the same Windows CD as i did before hand, and i've never had this problem before.

I am running Windows XP SP1, and my hardware drivers cannot support SP2 so i cant upgrade. I use NVIDIA ActiveArmour firewall that came with my motherboard. Ive run full scans with Symmantec AntiVirus Corporate Edition, and AdAware 2007. and removed anything there.

I keep getting the virus' W32.Korgo.W, W32.HLLW.Oror.D@mm and W32.Sasser.B.Worm come up on the auto scan of symmantec. AdAware dosent show anything up usually.

Ive tried everything i know including installing my motherboard and graphics cards drivers multiple times, and downloading the latest ones. Im normally the guy fixing computers, its just frustrating when i cant fix my own.

below is the log for DSS;

Deckard's System Scanner v20070807.62
Run by TempesT on 2007-08-09 at 12:34:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as TempesT.exe) ---------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 12:35:01 PM, on 9/08/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\MSN Messenger\usnsvc.exe
D:\dld\dss.exe
D:\dld\TempesT.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://localhost:3476/cgi-bin/ncgir....fwl_index.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.unsw.adfa.edu.au/proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = harvest.adfa.edu.au:3128
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe


-- Files created between 2007-07-09 and 2007-08-09 -----------------------------

2007-08-08 21:46:29 0 d-------- C:\WINDOWS\System32\ActiveScan
2007-08-08 21:29:40 0 d-------- C:\Program Files\SpywareBlaster
2007-08-08 21:19:05 0 dr------- C:\Documents and Settings\LocalService\My Documents
2007-08-08 21:18:58 0 dr-h----- C:\Documents and Settings\LocalService\Recent
2007-08-08 20:19:30 0 d-------- C:\Program Files\Atlantis
2007-08-08 20:09:21 0 d-------- C:\Program Files\Magic Vines
2007-08-08 20:09:21 0 d-------- C:\Program Files\BFG
2007-08-08 09:25:07 22 --a------ C:\WINDOWS\FileName
2007-08-07 20:13:52 98304 --a------ C:\WINDOWS\System32\qttask.exe <Not Verified; Apple Computer, Inc.; QuickTime>
2007-08-07 20:13:19 0 d-------- C:\WINDOWS\System32\QuickTime
2007-08-07 20:13:14 1122304 --a------ C:\WINDOWS\System32\mplvpx.dll <Not Verified; Ligos Corporation; MPL Video Library>
2007-08-07 20:13:14 1552384 --a------ C:\WINDOWS\System32\mplvm6.dll <Not Verified; Ligos Corporation; MPL Video Library>
2007-08-07 20:13:14 1650688 --a------ C:\WINDOWS\System32\mplva6.dll <Not Verified; Ligos Corporation; MPL Video Library>
2007-08-07 20:13:13 1581056 --a------ C:\WINDOWS\System32\mplvw7.dll <Not Verified; Ligos Corporation; MPL Video Library>
2007-08-07 20:13:13 77824 --a------ C:\WINDOWS\System32\mplaw7.dll <Not Verified; Ligos Corporation; MPL Audio Library>
2007-08-07 20:13:13 65536 --a------ C:\WINDOWS\System32\mplapx.dll <Not Verified; Ligos Corporation; MPL Audio Library>
2007-08-07 20:13:13 65536 --a------ C:\WINDOWS\System32\mplam6.dll <Not Verified; Ligos Corporation; MPL Audio Library>
2007-08-07 20:13:13 77824 --a------ C:\WINDOWS\System32\mplaa6.dll <Not Verified; Ligos Corporation; MPL Audio Library>
2007-08-07 20:13:13 19968 --a------ C:\WINDOWS\System32\cpuinf32.dll
2007-08-07 20:13:12 152064 --a------ C:\WINDOWS\System32\unrar.dll
2007-08-07 20:13:10 761856 --a------ C:\WINDOWS\System32\xvidcore.dll
2007-08-07 20:13:07 0 d-------- C:\Program Files\ACE Mega CoDecS Pack
2007-08-07 15:01:49 0 d-------- C:\Program Files\Lavasoft
2007-08-07 15:01:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-08-07 14:59:27 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-07 14:42:22 0 d-------- C:\ArmyBuilderEX
2007-08-07 14:23:56 262144 --a------ C:\Documents and Settings\All Users\ntuser.dat
2007-08-07 13:35:12 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-08-07 13:35:12 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-08-07 13:35:12 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-08-07 13:35:12 0 d--h----- C:\Documents and Settings\Administrator\Recent
2007-08-07 13:35:12 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-08-07 13:35:12 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-08-07 13:35:12 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-08-07 13:35:12 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-08-07 13:35:12 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-08-07 13:35:12 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-08-07 13:35:12 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-08-07 13:35:12 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-08-07 13:35:12 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-08-07 13:35:12 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-08-07 13:30:02 0 d-------- C:\HPLJ45.T
2007-08-07 13:29:54 52736 --a------ C:\WINDOWS\System32\HPBPML.DLL <Not Verified; Hewlett-Packard; Hewlett-Packard JetAdmin>
2007-08-07 13:29:54 28768 --a------ C:\WINDOWS\System32\drivers\HPBECP00.SYS
2007-08-07 13:29:53 16896 --a------ C:\WINDOWS\System32\SUPWIN32.DLL
2007-08-07 13:29:53 189440 --a------ C:\WINDOWS\System32\NETWIN32.DLL
2007-08-07 13:29:53 140288 --a------ C:\WINDOWS\System32\NCPWIN32.DLL
2007-08-07 13:29:53 94720 --a------ C:\WINDOWS\System32\LOCWIN32.DLL
2007-08-07 13:29:53 60416 --a------ C:\WINDOWS\System32\CLNWIN32.DLL
2007-08-07 13:29:53 126976 --a------ C:\WINDOWS\System32\CALWIN32.DLL <Not Verified; Novell, Inc.; NetWare| Client API>
2007-08-07 13:29:52 53248 --a------ C:\WINDOWS\System32\HPDCMON.DLL <Not Verified; Hewlett-Packard; Hewlett-Packard JetAdmin>
2007-08-07 12:36:02 26112 --a------ C:\WINDOWS\System32\xpsp1hfm.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-07 12:21:34 0 d-------- C:\Program Files\Common Files\NVIDIA Shared
2007-08-07 11:56:24 0 d-------- C:\Program Files\NVIDIA Corporation
2007-08-07 11:54:28 0 d-------- C:\NV37523756.TMP
2007-08-07 11:53:59 0 d-------- C:\NV33803384.TMP
2007-08-06 18:18:15 0 d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2007-08-06 18:18:11 0 d-------- C:\NV13641012.TMP
2007-08-06 18:04:26 8 --a------ C:\WINDOWS\System32\HPCOLANT.DAT
2007-08-06 18:04:26 3353 --a------ C:\WINDOWS\System32\HPANT.DAT
2007-08-06 17:58:55 0 d-------- C:\Program Files\Symantec
2007-08-06 17:58:38 0 d-------- C:\Program Files\Symantec AntiVirus
2007-08-06 17:58:38 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-06 17:58:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-08-06 17:57:33 0 d-------- C:\Program Files\Symantec Antivirus Corporate Edition
2007-08-06 15:35:00 0 d-------- C:\WINDOWS\HPUNINST
2007-08-06 15:34:12 0 d-------- C:\HPFonts
2007-08-06 15:33:29 694272 --a------ C:\WINDOWS\System32\JETADMIN.exe <Not Verified; Hewlett-Packard; Hewlett-Packard JetAdmin>
2007-08-06 15:33:29 82944 --a------ C:\WINDOWS\System32\hpshell.dll <Not Verified; Hewlett-Packard; Hewlett-Packard JetAdmin>
2007-08-06 15:33:29 29184 --a------ C:\WINDOWS\System32\HPPROPTY.exe <Not Verified; Hewlett-Packard; Hewlett-Packard JetAdmin>
2007-08-06 15:33:29 132096 --a------ C:\WINDOWS\System32\HPLOCMON.dll <Not Verified; Hewlett-Packard; Hewlett-Packard JetAdmin>
2007-08-06 15:33:29 25088 --a------ C:\WINDOWS\System32\hpjetdsc.exe <Not Verified; Hewlett-Packard; Hewlett-Packard JetAdmin Discovery Indicator>
2007-08-06 15:33:29 26624 --a------ C:\WINDOWS\System32\hpaddjdp.exe <Not Verified; Hewlett Packard; Hewlett Packard Add JetDirect Printer>
2007-08-06 15:33:28 59392 --a------ C:\WINDOWS\System32\hpgenapp.dll
2007-08-06 15:33:28 29184 --a------ C:\WINDOWS\System32\HPALERTS.dll <Not Verified; Hewlett-Packard; Hewlett-Packard JetAdmin>
2007-08-06 15:33:27 20992 --a------ C:\WINDOWS\System32\hpuninst.dll
2007-08-06 15:33:27 53760 --a------ C:\WINDOWS\System32\hptds.dll <Not Verified; Hewlett-Packard; Hewlett-Packard JetAdmin>
2007-08-06 15:33:27 97280 --a------ C:\WINDOWS\System32\HPSNMP.dll <Not Verified; Hewlett-Packard; Hewlett-Packard JetAdmin>
2007-08-06 15:33:27 145920 --a------ C:\WINDOWS\System32\HPNWSHIM.dll <Not Verified; Hewlett-Packard; Hewlett-Packard JetAdmin>
2007-08-06 15:33:27 49152 --a------ C:\WINDOWS\System32\HPNWPSRV.dll <Not Verified; Hewlett-Packard; Hewlett-Packard JetAdmin>
2007-08-06 15:33:27 32768 --a------ C:\WINDOWS\System32\hpnra.exe <Not Verified; Hewlett-Packard; Hewlett-Packard JetAdmin>
2007-08-06 15:33:27 146944 --a------ C:\WINDOWS\System32\HPJMON.dll <Not Verified; Hewlett-Packard; Hewlett-Packard JetAdmin>
2007-08-06 15:33:27 152576 --a------ C:\WINDOWS\System32\HPCOLA.dll <Not Verified; Hewlett-Packard; Hewlett-Packard JetAdmin>
2007-08-06 15:33:02 283648 --a------ C:\WINDOWS\uninst.exe <Not Verified; Stirling Technologies, Inc.; InstallShield Deinstaller>
2007-08-06 15:33:01 0 d-------- C:\Documents and Settings\TempesT\WINDOWS
2007-08-06 15:30:51 0 d-------- C:\Program Files\CD-LabelPrint
2007-08-06 15:16:46 90112 --a------ C:\WINDOWS\System32\CNMCP78.exe <Not Verified; CANON INC.; Canon BJ Raster Printer Driver Installer>
2007-08-06 15:16:45 0 d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2007-08-06 12:13:14 0 d-------- C:\Develop
2007-08-06 11:33:25 0 d-------- C:\Documents and Settings\TempesT\Application Data\Macromedia
2007-08-06 11:33:23 0 d-------- C:\Program Files\Google
2007-08-06 11:27:57 0 d-------- C:\Program Files\StuffPlug3
2007-08-06 11:17:23 0 d-------- C:\Program Files\Messenger Plus! Live
2007-08-06 11:10:55 0 d-------- C:\Documents and Settings\TempesT\Contacts
2007-08-06 11:08:40 0 d-------- C:\Program Files\MSN Messenger
2007-08-06 10:59:21 0 d-------- C:\Program Files\StrongDC++
2007-08-06 10:58:43 0 d-------- C:\WINDOWS\System32\appmgmt
2007-08-06 10:50:17 0 d------c- C:\WINDOWS\System32\DRVSTORE
2007-08-06 10:50:17 0 d-------- C:\Program Files\DC Skynet
2007-08-06 03:56:28 0 d-------- C:\Program Files\Common Files\ODBC
2007-08-06 03:56:25 0 dr------- C:\Program Files
2007-08-06 03:56:25 0 d-------- C:\Program Files\Common Files
2007-08-06 03:56:25 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-08-06 03:56:07 0 d--h----- C:\Documents and Settings\Default User\Templates
2007-08-06 03:56:07 0 dr------- C:\Documents and Settings\Default User\Start Menu
2007-08-06 03:56:07 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2007-08-06 03:56:07 0 d--h----- C:\Documents and Settings\Default User\Recent
2007-08-06 03:56:07 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2007-08-06 03:56:07 0 d--h----- C:\Documents and Settings\Default User\NetHood
2007-08-06 03:56:07 0 d-------- C:\Documents and Settings\Default User\My Documents
2007-08-06 03:56:07 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2007-08-06 03:56:07 0 d-------- C:\Documents and Settings\Default User\Favorites
2007-08-06 03:56:07 0 d-------- C:\Documents and Settings\Default User\Desktop
2007-08-06 03:56:07 0 d---s---- C:\Documents and Settings\Default User\Cookies
2007-08-06 03:56:07 0 d--h----- C:\Documents and Settings\All Users\Templates
2007-08-06 03:56:07 0 dr------- C:\Documents and Settings\All Users\Start Menu
2007-08-06 03:56:07 0 d-------- C:\Documents and Settings\All Users\Favorites
2007-08-06 03:56:07 0 dr------- C:\Documents and Settings\All Users\Documents
2007-08-06 03:56:07 0 d-------- C:\Documents and Settings\All Users\Desktop
2007-08-06 03:55:56 0 d-------- C:\WINDOWS\System32\CatRoot2
2007-08-06 03:55:56 0 d-------- C:\WINDOWS\System32\CatRoot
2007-08-06 03:55:50 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2007-08-06 03:55:50 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2007-08-06 03:55:50 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2007-08-06 03:55:50 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-08-06 03:55:22 0 d-------- C:\Documents and Settings
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\WinSxS
2007-08-06 03:50:33 0 dr------- C:\WINDOWS\Web
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\twain_32
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\wins
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\wbem
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\usmt
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\spool
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\ShellExt
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\Setup
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\ras
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\oobe
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\npp
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\mui
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\inetsrv
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\IME
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\icsxml
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\ias
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\export
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\drivers
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\drivers\etc
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\drivers\disdn
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\dhcp
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\config
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\3com_dmi
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\3076
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\2052
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\1054
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\1042
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\1041
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\1037
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\1033
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\1031
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\1028
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\1025
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\system
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\security
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\Resources
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\repair
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\mui
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\msapps
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\msagent
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\Media
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\java
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\ime
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\Help
2007-08-06 03:50:33 0 dr--s---- C:\WINDOWS\Fonts
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\Driver Cache
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\Debug
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\Cursors
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\Connection Wizard
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\Config
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\AppPatch
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\addins
2007-08-05 20:33:14 0 d-------- C:\Program Files\Winamp
2007-08-05 20:22:36 0 d-------- C:\WINDOWS\System32\NtmsData
2007-08-05 20:16:38 0 d-------- C:\Program Files\Common Files\L&H
2007-08-05 20:16:31 0 d-------- C:\Program Files\Microsoft.NET
2007-08-05 20:16:21 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-08-05 20:15:51 0 d-------- C:\Program Files\Microsoft Works
2007-08-05 20:15:33 0 d-------- C:\WINDOWS\SHELLNEW
2007-08-05 19:59:31 5248 --a------ C:\WINDOWS\System32\drivers\a347scsi.sys
2007-08-05 19:59:31 160640 --a------ C:\WINDOWS\System32\drivers\a347bus.sys
2007-08-05 19:59:30 0 d-------- C:\Program Files\Alcohol Soft
2007-08-05 19:51:44 0 d-------- C:\Program Files\AWC
2007-08-05 19:39:56 0 d-------- C:\Documents and Settings\TempesT\Application Data\Talkback
2007-08-05 19:34:30 0 --a------ C:\WINDOWS\nsreg.dat
2007-08-05 19:34:28 107132 --a------ C:\WINDOWS\UninstallFirefox.exe
2007-08-05 19:34:22 2293 --a------ C:\WINDOWS\mozver.dat
2007-08-05 19:34:21 0 d-------- C:\Documents and Settings\TempesT\Application Data\Mozilla
2007-08-05 19:16:08 0 d-------- C:\Documents and Settings\TempesT\Application Data\AdobeUM
2007-08-05 19:15:42 0 d-------- C:\Documents and Settings\TempesT\Application Data\Adobe
2007-08-05 19:15:19 0 d-------- C:\Program Files\Common Files\Adobe
2007-08-05 19:15:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-08-05 18:58:19 8 --a------ C:\WINDOWS\System32\nvModes.dat
2007-08-05 18:49:22 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-08-05 18:47:38 0 d-------- C:\WINDOWS\nview
2007-08-05 18:47:34 0 d-------- C:\WINDOWS\LastGood
2007-08-05 18:47:14 0 d-------- C:\NVIDIA
2007-08-05 18:18:50 0 d-------- C:\WINDOWS\RegisteredPackages
2007-08-05 18:18:24 1769472 --a------ C:\WINDOWS\System32\dxdiagn.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-05 18:18:24 1703936 --a------ C:\WINDOWS\System32\d3d9.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-05 18:17:34 0 d-------- C:\Program Files\Realtek Sound Manager
2007-08-05 18:17:31 0 d-------- C:\Program Files\AvRack
2007-08-05 18:17:26 40960 -----n--- C:\WINDOWS\System32\ChCfg.exe
2007-08-05 18:17:11 208896 -----n--- C:\WINDOWS\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Update Application for Realtek AC'97>
2007-08-05 18:17:11 139264 -----n--- C:\WINDOWS\alcrmv.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Removing Tool>
2007-08-05 18:16:50 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-05 18:15:57 0 d-------- C:\WINDOWS\Downloaded Installations
2007-08-05 18:14:06 0 d-------- C:\WINDOWS\System32\ReinstallBackups
2007-08-05 18:13:44 0 d-------- C:\Program Files\Common Files\InstallShield
2007-08-05 18:12:50 0 d-------- C:\WINDOWS\LastGood.Tmp
2007-08-05 18:12:44 5824 --a------ C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
2007-08-05 18:08:43 0 d---s---- C:\WINDOWS\System32\Microsoft
2007-08-05 18:08:28 0 d-------- C:\WINDOWS\pss
2007-08-05 18:07:27 0 d-------- C:\Documents and Settings\TempesT\Application Data\Identities
2007-08-05 18:07:18 0 d--h----- C:\Documents and Settings\TempesT\Templates
2007-08-05 18:07:18 0 dr------- C:\Documents and Settings\TempesT\Start Menu
2007-08-05 18:07:18 0 dr-h----- C:\Documents and Settings\TempesT\SendTo
2007-08-05 18:07:18 0 dr-h----- C:\Documents and Settings\TempesT\Recent
2007-08-05 18:07:18 0 d--h----- C:\Documents and Settings\TempesT\PrintHood
2007-08-05 18:07:18 2621440 --ah----- C:\Documents and Settings\TempesT\NTUSER.DAT
2007-08-05 18:07:18 0 d--h----- C:\Documents and Settings\TempesT\NetHood
2007-08-05 18:07:18 0 dr------- C:\Documents and Settings\TempesT\My Documents
2007-08-05 18:07:18 0 d--h----- C:\Documents and Settings\TempesT\Local Settings
2007-08-05 18:07:18 0 dr------- C:\Documents and Settings\TempesT\Favorites
2007-08-05 18:07:18 0 d-------- C:\Documents and Settings\TempesT\Desktop
2007-08-05 18:07:18 0 d---s---- C:\Documents and Settings\TempesT\Cookies
2007-08-05 18:07:18 0 dr-h----- C:\Documents and Settings\TempesT\Application Data
2007-08-05 1825 0 d-------- C:\WINDOWS\Prefetch
2007-08-05 1825 229376 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-08-05 1825 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2007-08-05 1825 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2007-08-05 1825 0 d-------- C:\Documents and Settings\LocalService\Application Data
2007-08-05 1825 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2007-08-05 1824 229376 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-08-05 1824 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2007-08-05 1824 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2007-08-05 1824 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2007-08-05 1824 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2007-08-05 18:02:44 0 d-------- C:\WINDOWS\System32\xircom
2007-08-05 18:02:44 0 d-------- C:\Program Files\microsoft frontpage
2007-08-05 18:02:37 229376 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-08-05 18:01:54 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-08-05 18:01:47 0 dr------- C:\WINDOWS\Offline Web Pages
2007-08-05 18:01:46 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-08-05 18:01:23 0 d-------- C:\WINDOWS\System32\DirectX
2007-08-05 18:00:49 0 d---s---- C:\WINDOWS\Tasks
2007-08-05 18:00:46 0 d-------- C:\Program Files\Common Files\MSSoap
2007-08-05 18:00:43 0 d-------- C:\WINDOWS\srchasst
2007-08-05 18:00:41 0 d-------- C:\Program Files\Movie Maker
2007-08-05 18:00:38 0 d-------- C:\WINDOWS\System32\Restore
2007-08-05 18:00:38 0 d-------- C:\WINDOWS\PCHealth
2007-08-05 18:00:15 21640 --a------ C:\WINDOWS\System32\emptyregdb.dat
2007-08-05 18:00:10 0 d-------- C:\WINDOWS\Registration
2007-08-05 18:00:06 0 d--h----- C:\Program Files\WindowsUpdate
2007-08-05 18:00:06 0 d-------- C:\Program Files\Online Services
2007-08-05 18:00:02 0 d-------- C:\Program Files\Messenger
2007-08-05 17:59:58 0 d-------- C:\Program Files\MSN Gaming Zone
2007-08-05 17:59:25 0 d-------- C:\Program Files\Windows NT
2007-08-05 17:59:23 0 d-------- C:\WINDOWS\System32\MsDtc
2007-08-05 17:59:22 0 d-------- C:\WINDOWS\System32\Com
2007-07-24 08:58:41 0 d--hs---- C:\WINDOWS\ftpcache


-- Find3M Report ---------------------------------------------------------------

2007-08-06 03:56:07 62 --ahs---- C:\Documents and Settings\TempesT\Application Data\desktop.ini
2007-06-29 00:43:00 1626112 --a------ C:\WINDOWS\System32\nwiz.exe
2007-06-29 00:43:00 1019904 --a------ C:\WINDOWS\System32\nvwimg.dll
2007-06-29 00:43:00 1703936 --a------ C:\WINDOWS\System32\nvwdmcpl.dll
2007-06-29 00:43:00 466944 --a------ C:\WINDOWS\System32\nvshell.dll
2007-06-29 00:43:00 1474560 --a------ C:\WINDOWS\System32\nview.dll
2007-06-29 00:43:00 1339392 --a------ C:\WINDOWS\System32\nvdspsch.exe
2007-06-29 00:43:00 442368 --a------ C:\WINDOWS\System32\nvappbar.exe
2007-06-29 00:43:00 425984 --a------ C:\WINDOWS\System32\keystone.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [15/11/2004 08:20 PM C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [29/06/2007 12:43 AM]
"nwiz"="nwiz.exe" [29/06/2007 12:43 AM C:\WINDOWS\system32\nwiz.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [22/12/2005 03:33 AM]
"vptray"="C:\PROGRA~1\SYMANT~2\VPTray.exe" [27/05/2006 01:51 PM]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [20/12/2004 05:12 PM]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [29/06/2007 12:43 AM]
"nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [21/12/2005 11:52 AM]
"Tweak UI"="TWEAKUI.CPL" [25/03/2003 05:49 AM C:\WINDOWS\system32\tweakui.cpl]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [07/07/2003 10:00 PM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 12:54 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\taskmgr.exe]
Debugger="C:\DOCUMENTS AND SETTINGS\TEMPEST\DESKTOP\PROCEXP.EXE"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af7a88dc-432c-11dc-bc5c-806d6172696f}]
AutoRun\command- F:\ASUSACPI.exe




-- End of Deckard's System Scanner: finished at 2007-08-09 at 12:36:22 ---------
TempestPDM is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here