[tiremanwiz]

Hi i run the gmer and dds and my cpu usage is down now for some reason but anyhow been like this for past two days.It was running in between 70-100% and i closed everything and unhooked my internet still 70-100.I deleted bit comet and everything downloaded before i tried this so just thought i would let you know about that and i post the info you asked. I just bought this comp and it hasnt been running right since i bought it i dont think(used).thank you for your time.


DDS (Version 1.0) - NTFSx86
Run by Marvelous at 9:24:01.93 on Fri 11/21/2008
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.200 [GMT -8:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\NORTON~3\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~3\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\lxcrcoms.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\MARVEL~1\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\DOCUME~1\MARVEL~1\Desktop\dds.scr
C:\WINDOWS\system32\notepad.exe

============== Psuedo HJT Report ===============

uStart Page = hxxp://google.atcomet.com/b/
BHO: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Performance Center] c:\program files\ascentive\performance center\APCMain.exe -m
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe -CheckReg
mRun: [PCLEPCI] c:\progra~1\pinnacle\ppe\PPE.EXE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NSWosCheck] "c:\program files\norton systemworks premier edition\osCheck.exe"
mRun: [NswUiTray] c:\program files\norton systemworks premier edition\NswUiTray.exe
mRun: [lxcrmon.exe] "c:\program files\lexmark 2400 series\lxcrmon.exe"
mRun: [EzPrint] "c:\program files\lexmark 2400 series\ezprint.exe"
mRun: [LXCRCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCRtime.dll,[email protected]
StartupFolder: c:\docume~1\marvel~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {5E638779-1818-4754-A595-EF1C63B87A56} - c:\program files\norton systemworks premier edition\norton cleanup\WCQuick.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5E638779-1818-4754-A595-EF1C63B87A56} - c:\program files\norton systemworks premier edition\norton cleanup\WCQuick.lnk
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mic273~1\office12\REFIEBAR.DLL
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: {F5B97B09-C939-4BC5-BEFA-E2037E80542E} = 74.220.128.2,74.220.128.3
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 xmasbus;xmasbus;c:\windows\system32\drivers\xmasbus.sys
R0 xmasscsi;xmasscsi;c:\windows\system32\drivers\xmasscsi.sys
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe
S3 SiSV;SiSV;c:\windows\system32\drivers\SiSV.sys

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
regfile=NOTEPAD.EXE %1
scrfile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2008-11-21 09:02 250 a------- c:\windows\gmer.ini
2008-11-21 06:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2008-11-21 06:57 <DIR> --d----- c:\program files\SUPERAntiSpyware
2008-11-21 06:57 <DIR> --d----- c:\docume~1\marvel~1\applic~1\SUPERAntiSpyware.com
2008-11-21 06:57 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-11-20 18:25 <DIR> --d----- c:\program files\Lavalys
2008-11-18 09:04 <DIR> --d----- c:\program files\lx_cats
2008-11-18 09:04 40,960 a------- c:\windows\system32\lxcrvs.dll
2008-11-18 09:04 409,600 a------- c:\windows\system32\lxcrinpa.dll
2008-11-18 09:04 393,216 a------- c:\windows\system32\lxcriesc.dll
2008-11-18 09:04 303,104 a------- c:\windows\system32\lxcrcoin.dll
2008-11-18 09:03 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2008-11-18 09:03 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2008-11-18 09:03 87,040 ac------ c:\windows\system32\dllcache\wiafbdrv.dll
2008-11-18 09:03 87,040 a------- c:\windows\system32\wiafbdrv.dll
2008-11-18 09:03 692,224 a------- c:\windows\system32\lxcrdrs.dll
2008-11-18 09:03 65,536 a------- c:\windows\system32\lxcrcaps.dll
2008-11-18 09:03 61,440 a------- c:\windows\system32\lxcrcnv4.dll
2008-11-18 09:02 <DIR> --d----- c:\program files\Lexmark Toolbar
2008-11-18 09:02 <DIR> --d----- c:\program files\Lexmark 2400 Series
2008-11-17 16:44 <DIR> --d-h--- c:\windows\PIF
2008-11-17 16:09 54,156 a---h--- c:\windows\QTFont.qfn
2008-11-17 16:09 1,409 a------- c:\windows\QTFont.for
2008-11-17 05:43 <DIR> --d----- c:\program files\Smith Micro
2008-11-17 05:43 2,414,360 a------- c:\windows\system32\d3dx9_31.dll
2008-11-17 05:41 <DIR> --d----- c:\program files\PerformanceTest
2008-11-17 05:40 <DIR> --d----- c:\windows\pss
2008-11-16 21:31 <DIR> --d----- c:\docume~1\marvel~1\applic~1\Symantec
2008-11-16 21:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonSystemWorks
2008-11-16 21:25 <DIR> --d----- c:\program files\Norton SystemWorks Premier Edition
2008-11-16 21:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2008-11-16 21:16 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2008-11-16 21:16 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2008-11-16 21:16 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2008-11-16 21:16 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2008-11-16 21:16 <DIR> --d----- c:\program files\Symantec
2008-11-16 21:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
2008-11-16 21:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avg8
2008-11-16 20:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2008-11-16 20:33 <DIR> --d----- c:\program files\Ascentive
2008-11-16 20:01 36,864 a------- c:\windows\system32\ascbalon.dll
2008-11-16 20:01 208,896 a------- c:\windows\system32\ConTest.dll
2008-11-16 20:01 45,056 a------- c:\windows\system32\CreateLog.dll
2008-11-16 20:01 20,480 a------- c:\windows\system32\SysRestore.dll
2008-11-15 13:11 406 a------- c:\windows\system32\ioloBootDefrag.cfg
2008-11-15 13:06 922,464 a------- c:\windows\system32\Incinerator.dll
2008-11-15 13:06 9,341 a------- c:\windows\system32\drivers\filedisk.sys
2008-11-15 13:06 8,192 a------- c:\windows\system32\smrgdf.exe
2008-11-15 13:06 28,672 a------- c:\windows\system32\iolobtdfg.exe
2008-11-15 13:05 <DIR> --d----- c:\program files\iolo
2008-11-15 13:03 74,703 a------- c:\windows\system32\mfc45.dll
2008-11-15 13:03 <DIR> --d----- c:\docume~1\marvel~1\applic~1\iolo
2008-11-15 13:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\iolo
2008-11-14 12:05 221,184 a------- c:\windows\system32\wmpns.dll
2008-11-14 11:27 <DIR> --d----- c:\windows\system32\scripting
2008-11-14 11:27 <DIR> --d----- c:\windows\l2schemas
2008-11-14 11:27 <DIR> --d----- c:\windows\system32\en
2008-11-14 11:27 <DIR> --d----- c:\windows\system32\bits
2008-11-14 11:21 <DIR> --d----- c:\windows\ServicePackFiles
2008-11-13 21:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\vsosdk
2008-11-13 18:49 <DIR> --d----- c:\program files\VSO
2008-11-13 15:56 <DIR> --d----- c:\program files\AVG
2008-11-12 18:18 87,608 a------- c:\docume~1\marvel~1\applic~1\inst.exe
2008-11-12 18:18 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2008-11-12 18:18 47,360 a------- c:\docume~1\marvel~1\applic~1\pcouffin.sys
2008-11-12 18:18 <DIR> --d----- c:\docume~1\marvel~1\applic~1\Vso
2008-11-12 15:06 <DIR> --d----- c:\docume~1\marvel~1\applic~1\LimeWire
2008-11-12 11:38 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 06:37 6,066,176 -c------ c:\windows\system32\dllcache\ieframe.dll
2008-11-12 06:37 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2008-11-12 06:37 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2008-11-12 06:37 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2008-11-12 06:37 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll
2008-11-12 06:37 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2008-11-12 06:37 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2008-11-12 06:37 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2008-11-12 06:37 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2008-11-12 06:30 <DIR> --d----- c:\windows\network diagnostic
2008-11-11 20:53 <DIR> --d----- c:\program files\MSXML 6.0
2008-11-10 16:25 <DIR> --d----- c:\program files\WebEx
2008-11-10 16:15 <DIR> --d----- c:\windows\system32\XPSViewer
2008-11-10 16:14 14,048 -------- c:\windows\system32\spmsg2.dll
2008-11-10 16:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Linksys
2008-11-10 16:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Pure Networks
2008-11-10 14:52 <DIR> --d----- c:\windows\system32\LogFiles
2008-11-08 16:07 <DIR> --d----- c:\docume~1\marvel~1\applic~1\uTorrent
2008-11-08 16:00 <DIR> --d----- c:\program files\DVD Shrink
2008-11-08 13:41 21,840 a------- c:\windows\system32\SIntfNT.dll
2008-11-08 13:41 17,212 a------- c:\windows\system32\SIntf32.dll
2008-11-08 13:41 12,067 a------- c:\windows\system32\SIntf16.dll
2008-11-08 13:35 410,976 a------- c:\windows\system32\deploytk.dll
2008-11-08 13:35 73,728 a------- c:\windows\system32\javacpl.cpl
2008-11-08 13:05 <DIR> --d----- c:\program files\Diablo II
2008-11-08 11:57 294,912 -c------ c:\windows\system32\dllcache\msaud32.acm
2008-11-08 11:56 43,008 -------- c:\windows\system32\drivers\amdagp.sys
2008-11-08 11:56 42,752 -------- c:\windows\system32\drivers\alim1541.sys
2008-11-08 11:56 44,928 -------- c:\windows\system32\drivers\agpcpq.sys
2008-11-08 11:56 42,368 -------- c:\windows\system32\drivers\agp440.sys
2008-11-08 11:56 4,255 -------- c:\windows\system32\drivers\adv01nt5.dll
2008-11-08 11:56 3,967 -------- c:\windows\system32\drivers\adv02nt5.dll
2008-11-08 11:56 3,775 -------- c:\windows\system32\drivers\adv11nt5.dll
2008-11-08 11:56 3,711 -------- c:\windows\system32\drivers\adv09nt5.dll
2008-11-08 11:56 3,647 -------- c:\windows\system32\drivers\adv07nt5.dll
2008-11-08 11:56 3,615 -------- c:\windows\system32\drivers\adv05nt5.dll
2008-11-08 11:56 3,135 -------- c:\windows\system32\drivers\adv08nt5.dll
2008-11-08 11:56 136,192 -------- c:\windows\system32\aaclient.dll
2008-11-08 11:35 333,824 -c------ c:\windows\system32\dllcache\srv.sys
2008-11-08 11:35 1,846,400 -c------ c:\windows\system32\dllcache\win32k.sys
2008-11-08 11:35 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-08 11:35 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-08 11:35 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-08 11:35 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-08 11:32 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2008-11-08 11:32 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll

==================== Find3M ====================

2008-11-14 11:33 <DIR> --d----- c:\program files\Messenger
2008-11-14 11:31 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-11-14 11:20 <DIR> --d----- c:\program files\Windows NT
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-15 04:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-09 17:14 1,307,648 a------- c:\windows\system32\msxml6.dll
2008-09-04 09:15 1,106,944 a------- c:\windows\system32\msxml3.dll
2008-08-25 23:24 826,368 a------- c:\windows\system32\wininet.dll
2008-07-04 18:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Pinnacle Studio
2008-07-04 18:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SmartSound Software Inc

============= FINISH: 9:24:57.32 ===============

 

[tiremanwiz]

i think i solved this but not sure found a trojan. removed it seems to be alright now thx.it was some kind of system restore trojan so if you see something besides that i would like to know sorry to waste your time if not