computer really jumpy, 'system' process at 50%

TempestPDM · 08-08-2007, 07:38 PM

The system process is continually running at or close to 50%. My computer acts likes is freezing for half a second or so every second, extrememly jumpy. It happened just after i re-formatted my computer. I used the same Windows CD as i did before hand, and i've never had this problem before.

I am running Windows XP SP1, and my hardware drivers cannot support SP2 so i cant upgrade. I use NVIDIA ActiveArmour firewall that came with my motherboard. Ive run full scans with Symmantec AntiVirus Corporate Edition, and AdAware 2007. and removed anything there.

I keep getting the virus' W32.Korgo.W, W32.HLLW.Oror.D@mm and W32.Sasser.B.Worm come up on the auto scan of symmantec. AdAware dosent show anything up usually.

Ive tried everything i know including installing my motherboard and graphics cards drivers multiple times, and downloading the latest ones. Im normally the guy fixing computers, its just frustrating when i cant fix my own.

below is the log for DSS;

Deckard's System Scanner v20070807.62
Run by TempesT on 2007-08-09 at 12:34:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as TempesT.exe) ---------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 12:35:01 PM, on 9/08/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\MSN Messenger\usnsvc.exe
D:\dld\dss.exe
D:\dld\TempesT.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://localhost:3476/cgi-bin/ncgir....fwl_index.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.unsw.adfa.edu.au/proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = harvest.adfa.edu.au:3128
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

-- Files created between 2007-07-09 and 2007-08-09 -----------------------------

2007-08-08 21:46:29 0 d-------- C:\WINDOWS\System32\ActiveScan
2007-08-08 21:29:40 0 d-------- C:\Program Files\SpywareBlaster
2007-08-08 21:19:05 0 dr------- C:\Documents and Settings\LocalService\My Documents
2007-08-08 21:18:58 0 dr-h----- C:\Documents and Settings\LocalService\Recent
2007-08-08 20:19:30 0 d-------- C:\Program Files\Atlantis
2007-08-08 20:09:21 0 d-------- C:\Program Files\Magic Vines
2007-08-08 20:09:21 0 d-------- C:\Program Files\BFG
2007-08-08 09:25:07 22 --a------ C:\WINDOWS\FileName
2007-08-07 20:13:52 98304 --a------ C:\WINDOWS\System32\qttask.exe <Not Verified; Apple Computer, Inc.; QuickTime>
2007-08-07 20:13:19 0 d-------- C:\WINDOWS\System32\QuickTime
2007-08-07 20:13:14 1122304 --a------ C:\WINDOWS\System32\mplvpx.dll <Not Verified; Ligos Corporation; MPL Video Library>
2007-08-07 20:13:14 1552384 --a------ C:\WINDOWS\System32\mplvm6.dll <Not Verified; Ligos Corporation; MPL Video Library>
2007-08-07 20:13:14 1650688 --a------ C:\WINDOWS\System32\mplva6.dll <Not Verified; Ligos Corporation; MPL Video Library>
2007-08-07 20:13:13 1581056 --a------ C:\WINDOWS\System32\mplvw7.dll <Not Verified; Ligos Corporation; MPL Video Library>
2007-08-07 20:13:13 77824 --a------ C:\WINDOWS\System32\mplaw7.dll <Not Verified; Ligos Corporation; MPL Audio Library>
2007-08-07 20:13:13 65536 --a------ C:\WINDOWS\System32\mplapx.dll <Not Verified; Ligos Corporation; MPL Audio Library>
2007-08-07 20:13:13 65536 --a------ C:\WINDOWS\System32\mplam6.dll <Not Verified; Ligos Corporation; MPL Audio Library>
2007-08-07 20:13:13 77824 --a------ C:\WINDOWS\System32\mplaa6.dll <Not Verified; Ligos Corporation; MPL Audio Library>
2007-08-07 20:13:13 19968 --a------ C:\WINDOWS\System32\cpuinf32.dll
2007-08-07 20:13:12 152064 --a------ C:\WINDOWS\System32\unrar.dll
2007-08-07 20:13:10 761856 --a------ C:\WINDOWS\System32\xvidcore.dll
2007-08-07 20:13:07 0 d-------- C:\Program Files\ACE Mega CoDecS Pack
2007-08-07 15:01:49 0 d-------- C:\Program Files\Lavasoft
2007-08-07 15:01:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-08-07 14:59:27 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-07 14:42:22 0 d-------- C:\ArmyBuilderEX
2007-08-07 14:23:56 262144 --a------ C:\Documents and Settings\All Users\ntuser.dat
2007-08-07 13:35:12 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-08-07 13:35:12 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-08-07 13:35:12 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-08-07 13:35:12 0 d--h----- C:\Documents and Settings\Administrator\Recent
2007-08-07 13:35:12 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-08-07 13:35:12 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-08-07 13:35:12 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-08-07 13:35:12 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-08-07 13:35:12 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-08-07 13:35:12 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-08-07 13:35:12 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-08-07 13:35:12 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-08-07 13:35:12 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-08-07 13:35:12 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-08-07 13:30:02 0 d-------- C:\HPLJ45.T
2007-08-07 13:29:54 52736 --a------ C:\WINDOWS\System32\HPBPML.DLL <Not Verified; Hewlett-Packard; Hewlett-Packard JetAdmin>
2007-08-07 13:29:54 28768 --a------ C:\WINDOWS\System32\drivers\HPBECP00.SYS
2007-08-07 13:29:53 16896 --a------ C:\WINDOWS\System32\SUPWIN32.DLL
2007-08-07 13:29:53 189440 --a------ C:\WINDOWS\System32\NETWIN32.DLL
2007-08-07 13:29:53 140288 --a------ C:\WINDOWS\System32\NCPWIN32.DLL
2007-08-07 13:29:53 94720 --a------ C:\WINDOWS\System32\LOCWIN32.DLL
2007-08-07 13:29:53 60416 --a------ C:\WINDOWS\System32\CLNWIN32.DLL
2007-08-07 13:29:53 126976 --a------ C:\WINDOWS\System32\CALWIN32.DLL <Not Verified; Novell, Inc.; NetWare| Client API>
2007-08-07 13:29:52 53248 --a------ C:\WINDOWS\System32\HPDCMON.DLL <Not Verified; Hewlett-Packard; Hewlett-Packard JetAdmin>
2007-08-07 12:36:02 26112 --a------ C:\WINDOWS\System32\xpsp1hfm.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-07 12:21:34 0 d-------- C:\Program Files\Common Files\NVIDIA Shared
2007-08-07 11:56:24 0 d-------- C:\Program Files\NVIDIA Corporation
2007-08-07 11:54:28 0 d-------- C:\NV37523756.TMP
2007-08-07 11:53:59 0 d-------- C:\NV33803384.TMP
2007-08-06 18:18:15 0 d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2007-08-06 18:18:11 0 d-------- C:\NV13641012.TMP
2007-08-06 18:04:26 8 --a------ C:\WINDOWS\System32\HPCOLANT.DAT
2007-08-06 18:04:26 3353 --a------ C:\WINDOWS\System32\HPANT.DAT
2007-08-06 17:58:55 0 d-------- C:\Program Files\Symantec
2007-08-06 17:58:38 0 d-------- C:\Program Files\Symantec AntiVirus
2007-08-06 17:58:38 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-06 17:58:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-08-06 17:57:33 0 d-------- C:\Program Files\Symantec Antivirus Corporate Edition
2007-08-06 15:35:00 0 d-------- C:\WINDOWS\HPUNINST
2007-08-06 15:34:12 0 d-------- C:\HPFonts
2007-08-06 15:33:29 694272 --a------ C:\WINDOWS\System32\JETADMIN.exe <Not Verified; Hewlett-Packard; Hewlett-Packard JetAdmin>
2007-08-06 15:33:29 82944 --a------ C:\WINDOWS\System32\hpshell.dll <Not Verified; Hewlett-Packard; Hewlett-Packard JetAdmin>
2007-08-06 15:33:29 29184 --a------ C:\WINDOWS\System32\HPPROPTY.exe <Not Verified; Hewlett-Packard; Hewlett-Packard JetAdmin>
2007-08-06 15:33:29 132096 --a------ C:\WINDOWS\System32\HPLOCMON.dll <Not Verified; Hewlett-Packard; Hewlett-Packard JetAdmin>
2007-08-06 15:33:29 25088 --a------ C:\WINDOWS\System32\hpjetdsc.exe <Not Verified; Hewlett-Packard; Hewlett-Packard JetAdmin Discovery Indicator>
2007-08-06 15:33:29 26624 --a------ C:\WINDOWS\System32\hpaddjdp.exe <Not Verified; Hewlett Packard; Hewlett Packard Add JetDirect Printer>
2007-08-06 15:33:28 59392 --a------ C:\WINDOWS\System32\hpgenapp.dll
2007-08-06 15:33:28 29184 --a------ C:\WINDOWS\System32\HPALERTS.dll <Not Verified; Hewlett-Packard; Hewlett-Packard JetAdmin>
2007-08-06 15:33:27 20992 --a------ C:\WINDOWS\System32\hpuninst.dll
2007-08-06 15:33:27 53760 --a------ C:\WINDOWS\System32\hptds.dll <Not Verified; Hewlett-Packard; Hewlett-Packard JetAdmin>
2007-08-06 15:33:27 97280 --a------ C:\WINDOWS\System32\HPSNMP.dll <Not Verified; Hewlett-Packard; Hewlett-Packard JetAdmin>
2007-08-06 15:33:27 145920 --a------ C:\WINDOWS\System32\HPNWSHIM.dll <Not Verified; Hewlett-Packard; Hewlett-Packard JetAdmin>
2007-08-06 15:33:27 49152 --a------ C:\WINDOWS\System32\HPNWPSRV.dll <Not Verified; Hewlett-Packard; Hewlett-Packard JetAdmin>
2007-08-06 15:33:27 32768 --a------ C:\WINDOWS\System32\hpnra.exe <Not Verified; Hewlett-Packard; Hewlett-Packard JetAdmin>
2007-08-06 15:33:27 146944 --a------ C:\WINDOWS\System32\HPJMON.dll <Not Verified; Hewlett-Packard; Hewlett-Packard JetAdmin>
2007-08-06 15:33:27 152576 --a------ C:\WINDOWS\System32\HPCOLA.dll <Not Verified; Hewlett-Packard; Hewlett-Packard JetAdmin>
2007-08-06 15:33:02 283648 --a------ C:\WINDOWS\uninst.exe <Not Verified; Stirling Technologies, Inc.; InstallShield Deinstaller>
2007-08-06 15:33:01 0 d-------- C:\Documents and Settings\TempesT\WINDOWS
2007-08-06 15:30:51 0 d-------- C:\Program Files\CD-LabelPrint
2007-08-06 15:16:46 90112 --a------ C:\WINDOWS\System32\CNMCP78.exe <Not Verified; CANON INC.; Canon BJ Raster Printer Driver Installer>
2007-08-06 15:16:45 0 d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2007-08-06 12:13:14 0 d-------- C:\Develop
2007-08-06 11:33:25 0 d-------- C:\Documents and Settings\TempesT\Application Data\Macromedia
2007-08-06 11:33:23 0 d-------- C:\Program Files\Google
2007-08-06 11:27:57 0 d-------- C:\Program Files\StuffPlug3
2007-08-06 11:17:23 0 d-------- C:\Program Files\Messenger Plus! Live
2007-08-06 11:10:55 0 d-------- C:\Documents and Settings\TempesT\Contacts
2007-08-06 11:08:40 0 d-------- C:\Program Files\MSN Messenger
2007-08-06 10:59:21 0 d-------- C:\Program Files\StrongDC++
2007-08-06 10:58:43 0 d-------- C:\WINDOWS\System32\appmgmt
2007-08-06 10:50:17 0 d------c- C:\WINDOWS\System32\DRVSTORE
2007-08-06 10:50:17 0 d-------- C:\Program Files\DC Skynet
2007-08-06 03:56:28 0 d-------- C:\Program Files\Common Files\ODBC
2007-08-06 03:56:25 0 dr------- C:\Program Files
2007-08-06 03:56:25 0 d-------- C:\Program Files\Common Files
2007-08-06 03:56:25 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-08-06 03:56:07 0 d--h----- C:\Documents and Settings\Default User\Templates
2007-08-06 03:56:07 0 dr------- C:\Documents and Settings\Default User\Start Menu
2007-08-06 03:56:07 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2007-08-06 03:56:07 0 d--h----- C:\Documents and Settings\Default User\Recent
2007-08-06 03:56:07 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2007-08-06 03:56:07 0 d--h----- C:\Documents and Settings\Default User\NetHood
2007-08-06 03:56:07 0 d-------- C:\Documents and Settings\Default User\My Documents
2007-08-06 03:56:07 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2007-08-06 03:56:07 0 d-------- C:\Documents and Settings\Default User\Favorites
2007-08-06 03:56:07 0 d-------- C:\Documents and Settings\Default User\Desktop
2007-08-06 03:56:07 0 d---s---- C:\Documents and Settings\Default User\Cookies
2007-08-06 03:56:07 0 d--h----- C:\Documents and Settings\All Users\Templates
2007-08-06 03:56:07 0 dr------- C:\Documents and Settings\All Users\Start Menu
2007-08-06 03:56:07 0 d-------- C:\Documents and Settings\All Users\Favorites
2007-08-06 03:56:07 0 dr------- C:\Documents and Settings\All Users\Documents
2007-08-06 03:56:07 0 d-------- C:\Documents and Settings\All Users\Desktop
2007-08-06 03:55:56 0 d-------- C:\WINDOWS\System32\CatRoot2
2007-08-06 03:55:56 0 d-------- C:\WINDOWS\System32\CatRoot
2007-08-06 03:55:50 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2007-08-06 03:55:50 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2007-08-06 03:55:50 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2007-08-06 03:55:50 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-08-06 03:55:22 0 d-------- C:\Documents and Settings
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\WinSxS
2007-08-06 03:50:33 0 dr------- C:\WINDOWS\Web
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\twain_32
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\wins
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\wbem
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\usmt
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\spool
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\ShellExt
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\Setup
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\ras
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\oobe
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\npp
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\mui
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\inetsrv
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\IME
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\icsxml
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\ias
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\export
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\drivers
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\drivers\etc
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\drivers\disdn
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\dhcp
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\config
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\3com_dmi
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\3076
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\2052
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\1054
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\1042
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\1041
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\1037
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\1033
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\1031
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\1028
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\System32\1025
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\system
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\security
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\Resources
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\repair
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\mui
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\msapps
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\msagent
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\Media
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\java
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\ime
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\Help
2007-08-06 03:50:33 0 dr--s---- C:\WINDOWS\Fonts
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\Driver Cache
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\Debug
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\Cursors
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\Connection Wizard
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\Config
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\AppPatch
2007-08-06 03:50:33 0 d-------- C:\WINDOWS\addins
2007-08-05 20:33:14 0 d-------- C:\Program Files\Winamp
2007-08-05 20:22:36 0 d-------- C:\WINDOWS\System32\NtmsData
2007-08-05 20:16:38 0 d-------- C:\Program Files\Common Files\L&H
2007-08-05 20:16:31 0 d-------- C:\Program Files\Microsoft.NET
2007-08-05 20:16:21 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-08-05 20:15:51 0 d-------- C:\Program Files\Microsoft Works
2007-08-05 20:15:33 0 d-------- C:\WINDOWS\SHELLNEW
2007-08-05 19:59:31 5248 --a------ C:\WINDOWS\System32\drivers\a347scsi.sys
2007-08-05 19:59:31 160640 --a------ C:\WINDOWS\System32\drivers\a347bus.sys
2007-08-05 19:59:30 0 d-------- C:\Program Files\Alcohol Soft
2007-08-05 19:51:44 0 d-------- C:\Program Files\AWC
2007-08-05 19:39:56 0 d-------- C:\Documents and Settings\TempesT\Application Data\Talkback
2007-08-05 19:34:30 0 --a------ C:\WINDOWS\nsreg.dat
2007-08-05 19:34:28 107132 --a------ C:\WINDOWS\UninstallFirefox.exe
2007-08-05 19:34:22 2293 --a------ C:\WINDOWS\mozver.dat
2007-08-05 19:34:21 0 d-------- C:\Documents and Settings\TempesT\Application Data\Mozilla
2007-08-05 19:16:08 0 d-------- C:\Documents and Settings\TempesT\Application Data\AdobeUM
2007-08-05 19:15:42 0 d-------- C:\Documents and Settings\TempesT\Application Data\Adobe
2007-08-05 19:15:19 0 d-------- C:\Program Files\Common Files\Adobe
2007-08-05 19:15:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-08-05 18:58:19 8 --a------ C:\WINDOWS\System32\nvModes.dat
2007-08-05 18:49:22 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-08-05 18:47:38 0 d-------- C:\WINDOWS\nview
2007-08-05 18:47:34 0 d-------- C:\WINDOWS\LastGood
2007-08-05 18:47:14 0 d-------- C:\NVIDIA
2007-08-05 18:18:50 0 d-------- C:\WINDOWS\RegisteredPackages
2007-08-05 18:18:24 1769472 --a------ C:\WINDOWS\System32\dxdiagn.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-05 18:18:24 1703936 --a------ C:\WINDOWS\System32\d3d9.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-05 18:17:34 0 d-------- C:\Program Files\Realtek Sound Manager
2007-08-05 18:17:31 0 d-------- C:\Program Files\AvRack
2007-08-05 18:17:26 40960 -----n--- C:\WINDOWS\System32\ChCfg.exe
2007-08-05 18:17:11 208896 -----n--- C:\WINDOWS\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Update Application for Realtek AC'97>
2007-08-05 18:17:11 139264 -----n--- C:\WINDOWS\alcrmv.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Removing Tool>
2007-08-05 18:16:50 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-05 18:15:57 0 d-------- C:\WINDOWS\Downloaded Installations
2007-08-05 18:14:06 0 d-------- C:\WINDOWS\System32\ReinstallBackups
2007-08-05 18:13:44 0 d-------- C:\Program Files\Common Files\InstallShield
2007-08-05 18:12:50 0 d-------- C:\WINDOWS\LastGood.Tmp
2007-08-05 18:12:44 5824 --a------ C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
2007-08-05 18:08:43 0 d---s---- C:\WINDOWS\System32\Microsoft
2007-08-05 18:08:28 0 d-------- C:\WINDOWS\pss
2007-08-05 18:07:27 0 d-------- C:\Documents and Settings\TempesT\Application Data\Identities
2007-08-05 18:07:18 0 d--h----- C:\Documents and Settings\TempesT\Templates
2007-08-05 18:07:18 0 dr------- C:\Documents and Settings\TempesT\Start Menu
2007-08-05 18:07:18 0 dr-h----- C:\Documents and Settings\TempesT\SendTo
2007-08-05 18:07:18 0 dr-h----- C:\Documents and Settings\TempesT\Recent
2007-08-05 18:07:18 0 d--h----- C:\Documents and Settings\TempesT\PrintHood
2007-08-05 18:07:18 2621440 --ah----- C:\Documents and Settings\TempesT\NTUSER.DAT
2007-08-05 18:07:18 0 d--h----- C:\Documents and Settings\TempesT\NetHood
2007-08-05 18:07:18 0 dr------- C:\Documents and Settings\TempesT\My Documents
2007-08-05 18:07:18 0 d--h----- C:\Documents and Settings\TempesT\Local Settings
2007-08-05 18:07:18 0 dr------- C:\Documents and Settings\TempesT\Favorites
2007-08-05 18:07:18 0 d-------- C:\Documents and Settings\TempesT\Desktop
2007-08-05 18:07:18 0 d---s---- C:\Documents and Settings\TempesT\Cookies
2007-08-05 18:07:18 0 dr-h----- C:\Documents and Settings\TempesT\Application Data
2007-08-05 18

25 0 d-------- C:\WINDOWS\Prefetch
2007-08-05 18

25 229376 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-08-05 18

25 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2007-08-05 18

25 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2007-08-05 18

25 0 d-------- C:\Documents and Settings\LocalService\Application Data
2007-08-05 18

25 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2007-08-05 18

24 229376 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-08-05 18

24 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2007-08-05 18

24 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2007-08-05 18

24 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2007-08-05 18

24 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2007-08-05 18:02:44 0 d-------- C:\WINDOWS\System32\xircom
2007-08-05 18:02:44 0 d-------- C:\Program Files\microsoft frontpage
2007-08-05 18:02:37 229376 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-08-05 18:01:54 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-08-05 18:01:47 0 dr------- C:\WINDOWS\Offline Web Pages
2007-08-05 18:01:46 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-08-05 18:01:23 0 d-------- C:\WINDOWS\System32\DirectX
2007-08-05 18:00:49 0 d---s---- C:\WINDOWS\Tasks
2007-08-05 18:00:46 0 d-------- C:\Program Files\Common Files\MSSoap
2007-08-05 18:00:43 0 d-------- C:\WINDOWS\srchasst
2007-08-05 18:00:41 0 d-------- C:\Program Files\Movie Maker
2007-08-05 18:00:38 0 d-------- C:\WINDOWS\System32\Restore
2007-08-05 18:00:38 0 d-------- C:\WINDOWS\PCHealth
2007-08-05 18:00:15 21640 --a------ C:\WINDOWS\System32\emptyregdb.dat
2007-08-05 18:00:10 0 d-------- C:\WINDOWS\Registration
2007-08-05 18:00:06 0 d--h----- C:\Program Files\WindowsUpdate
2007-08-05 18:00:06 0 d-------- C:\Program Files\Online Services
2007-08-05 18:00:02 0 d-------- C:\Program Files\Messenger
2007-08-05 17:59:58 0 d-------- C:\Program Files\MSN Gaming Zone
2007-08-05 17:59:25 0 d-------- C:\Program Files\Windows NT
2007-08-05 17:59:23 0 d-------- C:\WINDOWS\System32\MsDtc
2007-08-05 17:59:22 0 d-------- C:\WINDOWS\System32\Com
2007-07-24 08:58:41 0 d--hs---- C:\WINDOWS\ftpcache

-- Find3M Report ---------------------------------------------------------------

2007-08-06 03:56:07 62 --ahs---- C:\Documents and Settings\TempesT\Application Data\desktop.ini
2007-06-29 00:43:00 1626112 --a------ C:\WINDOWS\System32\nwiz.exe
2007-06-29 00:43:00 1019904 --a------ C:\WINDOWS\System32\nvwimg.dll
2007-06-29 00:43:00 1703936 --a------ C:\WINDOWS\System32\nvwdmcpl.dll
2007-06-29 00:43:00 466944 --a------ C:\WINDOWS\System32\nvshell.dll
2007-06-29 00:43:00 1474560 --a------ C:\WINDOWS\System32\nview.dll
2007-06-29 00:43:00 1339392 --a------ C:\WINDOWS\System32\nvdspsch.exe
2007-06-29 00:43:00 442368 --a------ C:\WINDOWS\System32\nvappbar.exe
2007-06-29 00:43:00 425984 --a------ C:\WINDOWS\System32\keystone.exe

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [15/11/2004 08:20 PM C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [29/06/2007 12:43 AM]
"nwiz"="nwiz.exe" [29/06/2007 12:43 AM C:\WINDOWS\system32\nwiz.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [22/12/2005 03:33 AM]
"vptray"="C:\PROGRA~1\SYMANT~2\VPTray.exe" [27/05/2006 01:51 PM]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [20/12/2004 05:12 PM]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [29/06/2007 12:43 AM]
"nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [21/12/2005 11:52 AM]
"Tweak UI"="TWEAKUI.CPL" [25/03/2003 05:49 AM C:\WINDOWS\system32\tweakui.cpl]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [07/07/2003 10:00 PM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 12:54 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\taskmgr.exe]
Debugger="C:\DOCUMENTS AND SETTINGS\TEMPEST\DESKTOP\PROCEXP.EXE"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af7a88dc-432c-11dc-bc5c-806d6172696f}]
AutoRun\command- F:\ASUSACPI.exe

-- End of Deckard's System Scanner: finished at 2007-08-09 at 12:36:22 ---------

TempestPDM · 08-08-2007, 11:00 PM

the extra.txt didnt come up on the scan.

TempestPDM · 08-09-2007, 02:11 AM

its definatly something chewing up my system, as i was running a scan with Spybot S&D and processexp showed that the system process (shown in red on the graph) had been reduced to zero when the scan was active as spybot was stealing all CPU power from it (shown as 100% green on the graph).

When this occured, my system operated as normal, ie no jerking of the mouse and the music actually played normally, not frezing every second.

Ried · 08-10-2007, 08:03 PM

Hello TempestPDM,

I'm not seeing any malware here--your issues may be better addressed in the Windows XP section.

Before I send you there, let's perform a perfunctory online scan and see if anything turns up.

Perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
  - Extended
- Scan Options:
  - Scan Archives
  - Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

TempestPDM · 08-14-2007, 01:26 AM

i got sick of it and reformmated my computer again, the problem has not reimmersed. If it does ill be sure to let you know

thanks for your time.

Tempest

Ried · 08-14-2007, 09:17 PM

Thanks for letting me know.

Since you've reformatted, now would be a good time to set up protection.

To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.

SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.

IE-SPYAD.EXE to block access to malicious websites so you cannot be redirected to them from an infected site or email. IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. This is a self-extracting .ZIP file, save it to your desktop. Once downloaded, double-click on it to extract the files inside (default dir is C:\IE-SPYAD)

Now navigate to C:\ie-spyad. Double click to open it.
From within the folder, double-click install.bat
Select Option #2 - Install the new IE-SPYAD list, by typing 2
Then return to the main menu.
Select option #4 - Add the old porn sites domain, by typing 4

Spybot - Search & Destroy 1.4
Run Spybot and click on the 'Search for Updates' button. Install any updates that are available.

Now click Mode menu and choose 'Advanced Mode'.
Click on Immunize to your left.
Next, click the Immunize button on top to Immunize your computer - you need to do this each time there is an update.
Click 'Check for Problems' and fix all the entries, which are indicated in RED.

Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released.

In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

PC Safety and Security--What Do I Need?

HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein
THE ANTI-SPYWARE TUTORIAL
MAKING INTERNET EXPLORER SAFER
Understanding and Using Firewalls

08-08-2007, 11:00 PM	#2 (permalink)
TempestPDM Registered User Join Date: Aug 2007 Location: Australia Posts: 22 OS: XP SP3 My System	Re: computer really jumpy, 'system' process at 50% the extra.txt didnt come up on the scan.

08-09-2007, 02:11 AM	#3 (permalink)
TempestPDM Registered User Join Date: Aug 2007 Location: Australia Posts: 22 OS: XP SP3 My System	Re: computer really jumpy, 'system' process at 50% its definatly something chewing up my system, as i was running a scan with Spybot S&D and processexp showed that the system process (shown in red on the graph) had been reduced to zero when the scan was active as spybot was stealing all CPU power from it (shown as 100% green on the graph). When this occured, my system operated as normal, ie no jerking of the mouse and the music actually played normally, not frezing every second.

08-10-2007, 08:03 PM	#4 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 23,971 OS: WinXP and Vista	Re: computer really jumpy, 'system' process at 50% Hello TempestPDM, I'm not seeing any malware here--your issues may be better addressed in the Windows XP section. Before I send you there, let's perform a perfunctory online scan and see if anything turns up. Perform an online scan with Internet Explorer at Kaspersky Online Scanner Answer Yes, when prompted to install an ActiveX component. The program will then begin downloading the latest definition files. Once the files have been downloaded click on NEXT Locate the Scan Settings button & configure to: Scan using the following Anti-Virus database: Extended Scan Options: Scan Archives Scan Mail Bases Click OK & have it scan My Computer Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

08-14-2007, 01:26 AM	#5 (permalink)
TempestPDM Registered User Join Date: Aug 2007 Location: Australia Posts: 22 OS: XP SP3 My System	Re: computer really jumpy, 'system' process at 50% i got sick of it and reformmated my computer again, the problem has not reimmersed. If it does ill be sure to let you know thanks for your time. Tempest

08-14-2007, 09:17 PM	#6 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 23,971 OS: WinXP and Vista	Re: computer really jumpy, 'system' process at 50% Thanks for letting me know. Since you've reformatted, now would be a good time to set up protection. To help protect your computer in the future I recommend that you get the following free programs if you do not already have them: McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad. SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items. IE-SPYAD.EXE to block access to malicious websites so you cannot be redirected to them from an infected site or email. IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. This is a self-extracting .ZIP file, save it to your desktop. Once downloaded, double-click on it to extract the files inside (default dir is C:\IE-SPYAD) Now navigate to C:\ie-spyad. Double click to open it. From within the folder, double-click install.bat Select Option #2 - Install the new IE-SPYAD list, by typing 2 Then return to the main menu. Select option #4 - Add the old porn sites domain, by typing 4 Spybot - Search & Destroy 1.4 Run Spybot and click on the 'Search for Updates' button. Install any updates that are available. Now click Mode menu and choose 'Advanced Mode'. Click on Immunize to your left. Next, click the Immunize button on top to Immunize your computer - you need to do this each time there is an update. Click 'Check for Problems' and fix all the entries, which are indicated in RED. Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released. In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles: PC Safety and Security--What Do I Need? HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein THE ANTI-SPYWARE TUTORIAL MAKING INTERNET EXPLORER SAFER Understanding and Using Firewalls __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."