Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

System running at 65-80% all the time with Teatime or Firefox maxing o

Started by colbyclay , Aug 29 2008 05:28 PM

  • This topic is locked This topic is locked

#1
colbyclay
Posted 29 August 2008 - 05:28 PM

colbyclay

    Member

  • Member
  • PipPip
  • 22 posts
Hi all,
I guess I had this in the wrong forum...

My XP system is running REALLY SLOW all of a sudden. I have run Ad-Aware, and Spybot and nothing has come up. I followed all the advice in the FAQ so now I come to you. Is there something amiss with my registry? Also, I tried to delete AVG but am getting hung up trying to run in safemode, XP freezes on me. That is secondary though to my performance issue. Thanks for any help you can provide.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:39:32 PM, on 8/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
H:\Program Files\ThreatFire\TFTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
h:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ThreatFire] h:\Program Files\ThreatFire\TFTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Creative Detector] E:\creative\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: ERUNT AutoBackup.lnk = H:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....031/CTSUEng.cab
O16 - DPF: {EA5276F1-F0E5-11D2-8CB7-00105AA1B80E} (PASSPORT Document) - http://passportvm.ac...ent/Passweb.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15033/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ThreatFire - PC Tools - h:\Program Files\ThreatFire\TFService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6777 bytes


Here is my mbam-log

Malwarebytes' Anti-Malware 1.25
Database version: 1093
Windows 5.1.2600 Service Pack 2

4:38:47 PM 8/29/2008
mbam-log-08-29-2008 (16-38-47).txt

Scan type: Quick Scan
Objects scanned: 42299
Time elapsed: 4 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

Advertisements

#2
sage5
Posted 05 September 2008 - 04:19 PM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi colbyclay,

Welcome to Geeks To Go,

I'm sorry that we haven't got to you until now, but the forum can get hectic at times.

I am sage5 and I will be helping you with this problem.

First I need you to download the following tools & save them to your Desktop.
OTViewIt


Run OTViewIt:
  • Close all open windows and double click the OTViewIt_beta icon on your Desktop
  • Tick the Scan all Users box, but leave the Use Whitelist un-ticked.
  • Click the Run Scan button and let the program run uninterrupted.
  • It will produce two logs for you. OTViewIt.txt will open automatically. The other one will be saved on your desktop as Extras.txt
  • I will need you to post both those logs here.
NOTE: These can be large files, and there is a limit to the number of characters that can be posted at once on this forum.
It may require you to make 2 posts, to get all the information to me


Cheers,

sage5
  • 0

#3
colbyclay
Posted 05 September 2008 - 06:54 PM

colbyclay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hi Sage5! Thanks in advance for any help you can give me. Here is the OTViewIt.Txt information:

OTViewIt logfile created on: 9/5/2008 7:48:05 PM - Run 2
OTViewIt by OldTimer - Version 1.0.2.1 beta Folder = C:\Documents and Settings\Skrunt\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.41 Mb Total Physical Memory | 659.25 Mb Available Physical Memory | 64.48% Memory free
3.88 Gb Paging File | 3.63 Gb Available in Paging File | 93.61% Paging File free
Paging file location(s): G:\pagefile.sys 3048 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20.00 Gb Total Space | 8.83 Gb Free Space | 44.17% Space Free | Partition Type: NTFS
Drive D: | 654.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 10.00 Gb Total Space | 9.38 Gb Free Space | 93.83% Space Free | Partition Type: NTFS
Drive F: | 263.67 Gb Total Space | 223.71 Gb Free Space | 84.85% Space Free | Partition Type: NTFS
Drive G: | 4.41 Gb Total Space | 1.40 Gb Free Space | 31.83% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HAL
Current User Name: Skrunt
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: Off

===== Processes - Non-Microsoft Only =====

[06/23/2008 09:40 AM | 00,611,664 | ---- | M] (Lavasoft) - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[11/14/2006 05:21 PM | 16,270,848 | ---- | M] (Realtek Semiconductor Corp.) - C:\WINDOWS\RTHDCPL.exe
[06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[04/19/2007 01:26 PM | 00,484,904 | ---- | M] (Hewlett-Packard Company) - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
[12/02/2004 07:23 PM | 00,102,400 | ---- | M] (Creative Technology Ltd) - E:\creative\Detector\CTDetect.exe
[08/18/2008 06:41 PM | 01,832,272 | RHS- | M] (Safer Networking Limited) - E:\Spybot - Search & Destroy\TeaTimer.exe
[12/09/2005 06:17 PM | 00,118,784 | ---- | M] (Nikon Corporation) - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
[07/04/2008 06:52 AM | 00,231,192 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\Program Files\AVG\AVG8\avgwdsvc.exe
[12/13/1999 02:01 AM | 00,044,032 | ---- | M] (Creative Technology Ltd) - C:\WINDOWS\system32\CTSVCCDA.EXE
[11/23/2005 07:58 AM | 00,765,952 | ---- | M] (Diskeeper Corporation) - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
[04/19/2007 01:35 PM | 00,075,304 | ---- | M] (Hewlett-Packard Company) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
[12/05/2007 02:41 AM | 00,155,716 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe
[01/04/2007 04:38 PM | 00,024,652 | ---- | M] (Viewpoint Corporation) - C:\Program Files\Viewpoint\Common\ViewpointService.exe
[10/06/2006 12:09 PM | 00,192,512 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\igfxsrvc.exe
[09/05/2008 07:41 PM | 01,305,600 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\Skrunt\Desktop\OTViewIt_beta.exe

===== Win32 Services - Non-Microsoft Only =====

[06/23/2008 09:40 AM | 00,611,664 | ---- | M] (Lavasoft) - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (aawservice [Auto | Running])
[07/04/2008 06:52 AM | 00,231,192 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\Program Files\AVG\AVG8\avgwdsvc.exe (avg8wd [Auto | Running])
[12/13/1999 02:01 AM | 00,044,032 | ---- | M] (Creative Technology Ltd) - C:\WINDOWS\system32\CTSVCCDA.EXE (Creative Service for CDROM Access [Auto | Running])
[11/23/2005 07:58 AM | 00,765,952 | ---- | M] (Diskeeper Corporation) - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper [Auto | Running])
[08/03/2004 08:07 PM | 00,224,768 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\dmadmin.exe (dmadmin [On_Demand | Stopped])
[04/14/2008 10:31 PM | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (FLEXnet Licensing Service [On_Demand | Stopped])
[04/04/2005 12:41 AM | 00,069,632 | ---- | M] (Macrovision Corporation) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (IDriverT [On_Demand | Stopped])
[04/19/2007 01:35 PM | 00,075,304 | ---- | M] (Hewlett-Packard Company) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (LightScribeService [Auto | Running])
[12/05/2007 02:41 AM | 00,155,716 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe (NVSvc [Auto | Running])
File not found - h:\Program Files\ThreatFire\TFService.exe (ThreatFire [Auto | Stopped])
[01/04/2007 04:38 PM | 00,024,652 | ---- | M] (Viewpoint Corporation) - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Manager Service [Auto | Running])

===== Driver Services - Non-Microsoft Only =====

File not found - C:\DOCUME~1\Skrunt\LOCALS~1\Temp\Amsmpu4p.sys (Amsmpu4p [On_Demand | Stopped])
[07/04/2008 06:52 AM | 00,096,520 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\system32\drivers\avgldx86.sys (AvgLdx86 [System | Stopped])
[07/04/2008 06:52 AM | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\system32\drivers\avgmfx86.sys (AvgMfx86 [System | Running])
[08/03/2004 08:07 PM | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmboot.sys (dmboot [Disabled | Stopped])
[08/03/2004 08:07 PM | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmio.sys (dmio [Boot | Running])
[08/03/2004 08:07 PM | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\drivers\dmload.sys (dmload [Boot | Running])
[12/20/2005 07:23 PM | 00,023,872 | ---- | M] (Your Corporation) - C:\Program Files\LiveUpdate\FXDrv32.sys (FXDrv32 [On_Demand | Stopped])
[01/07/2005 05:07 PM | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) - C:\WINDOWS\system32\drivers\Hdaudbus.sys (HDAudBus [On_Demand | Running])
[10/06/2006 02:24 PM | 01,181,824 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\igxpmp32.sys (ialm [On_Demand | Stopped])
[11/15/2006 02:34 PM | 04,225,920 | ---- | M] (Realtek Semiconductor Corp.) - C:\WINDOWS\system32\drivers\RtkHDAud.Sys (IntcAzAudAddService [On_Demand | Running])
[01/19/2006 03:01 AM | 00,017,280 | ---- | M] (Creative Technology Ltd.) - C:\WINDOWS\system32\drivers\ctpdusb.sys (Jukebox3 [On_Demand | Stopped])
[08/02/2006 11:45 AM | 00,114,560 | ---- | M] (Mars Semiconductor Corp.) - C:\WINDOWS\system32\drivers\mr7910.sys (mr7910 [On_Demand | Stopped])
[12/05/2007 02:41 AM | 07,435,392 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\drivers\nv4_mini.sys (nv [On_Demand | Running])
[06/19/2008 05:24 PM | 00,028,544 | ---- | M] (Panda Security, S.L.) - C:\WINDOWS\system32\drivers\pavboot.sys (pavboot [Boot | Running])
[05/23/2006 04:00 PM | 00,010,368 | ---- | M] (Padus, Inc.) - C:\WINDOWS\system32\drivers\pfc.sys (pfc [On_Demand | Running])
[08/03/2004 08:07 PM | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) - C:\WINDOWS\system32\drivers\ptilink.sys (Ptilink [On_Demand | Running])
[11/13/2007 05:25 AM | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) - C:\WINDOWS\system32\drivers\secdrv.sys (Secdrv [Auto | Running])
[04/24/2008 04:52 PM | 00,051,520 | ---- | M] (PC Tools) - C:\WINDOWS\system32\drivers\TfFsMon.sys (TfFsMon [Boot | Running])
[04/24/2008 04:52 PM | 00,033,088 | ---- | M] (PC Tools) - C:\WINDOWS\system32\drivers\TfNetMon.sys (TfNetMon [On_Demand | Stopped])
[04/24/2008 04:52 PM | 00,038,208 | ---- | M] (PC Tools) - C:\WINDOWS\system32\drivers\TfSysMon.sys (TfSysMon [Boot | Running])
[03/15/2006 08:51 AM | 00,244,608 | ---- | M] (Marvell) - C:\WINDOWS\system32\drivers\yk51x86.sys (yukonwxp [On_Demand | Running])

========== Run Keys ==========

[05/03/2005 06:43 PM | 00,069,632 | ---- | M] (Realtek Semiconductor Corp.) - ALCMTR.EXE ("Alcmtr" HKLM:Run)
File not found - C:\PROGRA~1\AVG\AVG8\avgtray.exe ("AVG8_TRAY" HKLM:Run)
[11/22/2005 05:38 PM | 00,221,184 | ---- | M] (Diskeeper Corporation) - "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" ("DiskeeperSystray" HKLM:Run)
[10/06/2006 12:13 PM | 00,114,688 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\hkcmd.exe ("HotKeysCmds" HKLM:Run)
[10/06/2006 12:11 PM | 00,098,304 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\igfxtray.exe ("IgfxTray" HKLM:Run)
[12/05/2007 02:41 AM | 08,523,776 | ---- | M] (NVIDIA Corporation) - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup ("NvCplDaemon" HKLM:Run)
[12/05/2007 02:41 AM | 00,081,920 | ---- | M] (NVIDIA Corporation) - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit ("NvMediaCenter" HKLM:Run)
[12/05/2007 02:41 AM | 01,626,112 | ---- | M] () - nwiz.exe /install ("nwiz" HKLM:Run)
[10/06/2006 12:10 PM | 00,094,208 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\igfxpers.exe ("Persistence" HKLM:Run)
[11/14/2006 05:21 PM | 16,270,848 | ---- | M] (Realtek Semiconductor Corp.) - RTHDCPL.EXE ("RTHDCPL" HKLM:Run)
[05/16/2006 06:04 PM | 02,879,488 | ---- | M] (Realtek Semiconductor Corp.) - SkyTel.EXE ("SkyTel" HKLM:Run)
[06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) - "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" ("SunJavaUpdateSched" HKLM:Run)
File not found - h:\Program Files\ThreatFire\TFTray.exe ("ThreatFire" HKLM:Run)
[12/02/2004 07:23 PM | 00,102,400 | ---- | M] (Creative Technology Ltd) - E:\creative\Detector\CTDetect.exe /R ("Creative Detector" HKCU:Run)
[04/19/2007 01:26 PM | 00,484,904 | ---- | M] (Hewlett-Packard Company) - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden ("LightScribe Control Panel" HKCU:Run)
[08/18/2008 06:41 PM | 01,832,272 | RHS- | M] (Safer Networking Limited) - E:\Spybot - Search & Destroy\TeaTimer.exe ("SpybotSD TeaTimer" HKCU:Run)
[12/02/2004 07:23 PM | 00,102,400 | ---- | M] (Creative Technology Ltd) - E:\creative\Detector\CTDetect.exe /R ("Creative Detector" HKU\S-1-5-21-57989841-1220945662-839522115-1003:Run)
[04/19/2007 01:26 PM | 00,484,904 | ---- | M] (Hewlett-Packard Company) - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden ("LightScribe Control Panel" HKU\S-1-5-21-57989841-1220945662-839522115-1003:Run)
[08/18/2008 06:41 PM | 01,832,272 | RHS- | M] (Safer Networking Limited) - E:\Spybot - Search & Destroy\TeaTimer.exe ("SpybotSD TeaTimer" HKU\S-1-5-21-57989841-1220945662-839522115-1003:Run)

========== Startup Folders ==========

[04/23/2008 03:38 AM | 00,029,696 | ---- | M] (Adobe Systems Incorporated) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[12/09/2005 06:17 PM | 00,118,784 | ---- | M] (Nikon Corporation) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
File not found - C:\Documents and Settings\Skrunt\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = H:\Program Files\ERUNT\AUTOBACK.EXE

========== Internet Explorer ==========

HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL = http://www.microsoft...p...&ar=msnhome
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL = http://www.microsoft...amp;ar=iesearch
HKEY_LOCAL_MACHINE\: Main\\Local Page = %SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\: Main\\Search Page = http://www.microsoft...amp;ar=iesearch
HKEY_LOCAL_MACHINE\: Main\\Start Page = http://www.microsoft...p...ER}&ar=home
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch = http://ie.search.msn...st/srchcust.htm
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant = http://ie.search.msn...st/srchasst.htm
HKEY_CURRENT_USER\: Main\\Local Page = C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\: Main\\Search Page = http://www.microsoft...amp;ar=iesearch
HKEY_CURRENT_USER\: Main\\Start Page = http://www.microsoft...p...&ar=msnhome
HKEY_CURRENT_USER\: ProxyEnable = 0
HKEY_USERS\.DEFAULT\: ProxyEnable = 0
HKEY_USERS\S-1-5-18\: ProxyEnable = 0
HKEY_USERS\S-1-5-21-57989841-1220945662-839522115-1003\: Main\\Local Page = C:\WINDOWS\system32\blank.htm
HKEY_USERS\S-1-5-21-57989841-1220945662-839522115-1003\: Main\\Search Page = http://www.microsoft...amp;ar=iesearch
HKEY_USERS\S-1-5-21-57989841-1220945662-839522115-1003\: Main\\Start Page = http://www.microsoft...p...&ar=msnhome
HKEY_USERS\S-1-5-21-57989841-1220945662-839522115-1003\: ProxyEnable = 0

========== BHO's ==========

[12/18/2006 04:16 AM | 00,059,032 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (HKLM: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3})
File not found C:\Program Files\AVG\AVG8\avgssie.dll (HKLM: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0})
[06/10/2008 04:27 AM | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (HKLM: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43})
File not found Reg Error: Key does not exist or could not be opened. (HKLM: {7E853D72-626A-48EC-A868-BA8D5E23E045})

========== *AppInit_DLLs* ==========

= avgrsstx.dll
>[07/04/2008 06:52 AM | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\system32\avgrsstx.dll

========== Winlogon Notify Settings ==========

[10/06/2006 12:09 PM | 00,155,648 | ---- | M] (Intel Corporation) C:\WINDOWS\system32\igfxdev.dll ("DllName")

========== Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

[HKEY_USERS\S-1-5-21-57989841-1220945662-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-21-57989841-1220945662-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

========== HKLM Security Providers ==========

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[05/19/2007 06:55 PM | 00,000,000 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]

Autorun []
[10/15/2005 01:42 AM | 00,253,952 | R--- | M] (Firaxis Games) D:\Autorun.exe [ CDFS ]

autorun.exe [MZ | ]
[10/15/2005 01:42 AM | 00,253,952 | R--- | M] (Firaxis Games) D:\autorun.exe [ CDFS ]

autorun.inf [[autorun] | OPEN=autorun.exe | ICON=Autorun\Civ4Installer.ico | LABEL=Sid Meier's Civilization 4 | | [appdata] | Mutex=Civ4 21031 | InstallFile=setup.exe | PlayFile=Civilization4.exe | RegKey=INSTALLDIR | | [0x09] | ;English | Background=Autorun\Civ4AutoRunBG.bmp | LegalPos=85,272,480 | LegalColor=255,255,255 | LegalShadow=0,0,0 | LegalFont=MS Sans Serif,8 | LegalStyle=bold | LegalText=©2005 Firaxis Games, Inc. All Rights Reserved. Manufactured and marketed by Take Two Interactive, New York, NY. All trademarks are the property of their respective owners. | ExecPos=117,201 | InstallImage=Autorun\BTN01-Install.bmp | InstallHilite=Autorun\BTN01-Install_OVER.bmp | PlayImage=Autorun\BTN01-Play.bmp | PlayHilite=Autorun\BTN01-Play_OVER.bmp | ReadmePos=265,202 | ReadmeImage=Autorun\BTN02-ReadMe.bmp | ReadmeHilite=Autorun\BTN02-ReadMe_OVER.bmp | ReadmeFile=Readme\English\Readme.htm | ExitPos=412,200 | ExitImage=Autorun\BTN03-Exit.bmp | ExitHilite=Autorun\BTN03-Exit_OVER.bmp | | [0x0c] | ;French | Background=Autorun\Civ4AutoRunBG.bmp | LegalPos=85,272,480 | LegalColor=255,255,255 | LegalShadow=0,0,0 | LegalFont=MS Sans Serif,8 | LegalStyle=bold | LegalText=©2005 Firaxis Games, Inc. Tous droits réservés. Fabriqué et commercialisé par Take Two Interactive, New York, NY. Toutes les marques commerciales sont la propriété de leurs détenteurs respectifs. | ExecPos=117,201 | InstallImage=Autorun\FR_BTN01-Install.bmp | InstallHilite=Autorun\FR_BTN01-Install_OVER.bmp | PlayImage=Autorun\FR_BTN01-Play.bmp | PlayHilite=Autorun\FR_BTN01-Play_OVER.bmp | ReadmePos=265,202 | ReadmeImage=Autorun\FR_BTN02-ReadMe.bmp | ReadmeHilite=Autorun\FR_BTN02-ReadMe_OVER.bmp | ReadmeFile=Readme\French\Readme.htm | ExitPos=412,200 | ExitImage=Autorun\FR_BTN03-Exit.bmp | ExitHilite=Autorun\FR_BTN03-Exit_OVER.bmp | | [0x10] | ;Italian | Background=Autorun\Civ4AutoRunBG.bmp | LegalPos=85,272,480 | LegalColor=255,255,255 | LegalShadow=0,0,0 | LegalFont=MS Sans Serif,8 | LegalStyle=bold | LegalText=©2005 Firaxis Games, Inc. Tutti i diritti riservati. Prodotto e distribuito da Take Two Interactive, New York, NY. Tutti i marchi sono di proprietà dei rispettivi detentori. | ExecPos=117,201 | InstallImage=Autorun\IT_BTN01-Install.bmp | InstallHilite=Autorun\IT_BTN01-Install_OVER.bmp | PlayImage=Autorun\IT_BTN01-Play.bmp | PlayHilite=Autorun\IT_BTN01-Play_OVER.bmp | ReadmePos=265,202 | ReadmeImage=Autorun\IT_BTN02-ReadMe.bmp | ReadmeHilite=Autorun\IT_BTN02-ReadMe_OVER.bmp | ReadmeFile=Readme\Italian\Readme.htm | ExitPos=412,200 | ExitImage=Autorun\IT_BTN03-Exit.bmp | ExitHilite=Autorun\IT_BTN03-Exit_OVER.bmp | | [0x07] | ;German | Background=Autorun\Civ4AutoRunBG.bmp | LegalPos=85,272,480 | LegalColor=255,255,255 | LegalShadow=0,0,0 | LegalFont=MS Sans Serif,8 | LegalStyle=bold | LegalText=© 2005 Firaxis Games, Inc. Alle Rechte vorbehalten. Herstellung und Vermarktung durch Take Two Interactive, New York, NY. Alle Warenzeichen sind Eigentum der jeweiligen Inhaber. | ExecPos=117,201 | InstallImage=Autorun\GE_BTN01-Install.bmp | InstallHilite=Autorun\GE_BTN01-Install_OVER.bmp | PlayImage=Autorun\GE_BTN01-Play.bmp | PlayHilite=Autorun\GE_BTN01-Play_OVER.bmp | ReadmePos=265,202 | ReadmeImage=Autorun\GE_BTN02-ReadMe.bmp | ReadmeHilite=Autorun\GE_BTN02-ReadMe_OVER.bmp | ReadmeFile=Readme\German\Readme.htm | ExitPos=412,200 | ExitImage=Autorun\GE_BTN03-Exit.bmp | ExitHilite=Autorun\GE_BTN03-Exit_OVER.bmp | | [0x0a] | ;Spanish | Background=Autorun\Civ4AutoRunBG.bmp | LegalPos=85,272,480 | LegalColor=255,255,255 | LegalShadow=0,0,0 | LegalFont=MS Sans Serif,8 | LegalStyle=bold | LegalText=©2005 Firaxis Games, Inc. Todos los derechos reservados. Creado y distribuido por Take Two Interactive, New York, NY. Todas las marcas comerciales pertenecen a sus respectivos propietarios. | ExecPos=117,201 | InstallImage=Autorun\SP_BTN01-Install.bmp | InstallHilite=Autorun\SP_BTN01-Install_OVER.bmp | PlayImage=Autorun\SP_BTN01-Play.bmp | PlayHilite=Autorun\SP_BTN01-Play_OVER.bmp | ReadmePos=265,202 | ReadmeImage=Autorun\SP_BTN02-ReadMe.bmp | ReadmeHilite=Autorun\SP_BTN02-ReadMe_OVER.bmp | ReadmeFile=Readme\Spanish\Readme.htm | ExitPos=412,200 | ExitImage=Autorun\SP_BTN03-Exit.bmp | ExitHilite=Autorun\SP_BTN03-Exit_OVER.bmp | ]
[10/15/2005 01:42 AM | 00,004,118 | R--- | M] () D:\autorun.inf [ CDFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48057f01-af4b-11dc-b787-0015588abe45}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{735eca17-116f-11dc-b606-0015588abe45}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{96d32d38-4fdc-11dc-b6cc-0015588abe45}\Shell]
"" = Shell01

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ad877f2-7b8b-11dd-a456-806d6172696f}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eae23686-1109-11dc-b605-0015588abe45}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f930a27e-06d9-11dc-b5d9-0015588abe45}\Shell]
"" = None

========== DNS Name Servers ==========

{186D2133-7EB7-4953-A4F7-1E2A7E98C062} (Servers: | Description: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller)

========== Hosts File ==========

HOSTS File = (253869 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net



========== Files/Folders - Created Within 30 days ==========

[08/26/2008 06:01 PM | 00,000,211 | -HS- | C] () - C:\BOOT.BAK
[08/27/2008 09:02 PM | ---D | C] - C:\Config.Msi
[08/27/2008 09:19 PM | ---D | C] - C:\LiveUpdate_Temp
[08/27/2008 09:19 PM | -H-D | C] - C:\$AVG8.VAULT$
[08/27/2008 09:19 PM | ---D | C] - C:\WINDOWS\System32\drivers\Avg
[08/28/2008 04:56 PM | 00,017,144 | ---- | C] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys
[08/28/2008 04:56 PM | 00,038,472 | ---- | C] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[08/28/2008 05:23 PM | 00,012,608 | ---- | C] (PC Tools) - C:\WINDOWS\System32\drivers\TfKbMon.sys
[08/28/2008 05:23 PM | 00,033,088 | ---- | C] (PC Tools) - C:\WINDOWS\System32\drivers\TfNetMon.sys
[08/28/2008 05:23 PM | 00,038,208 | ---- | C] (PC Tools) - C:\WINDOWS\System32\drivers\TfSysMon.sys
[08/28/2008 05:23 PM | 00,051,520 | ---- | C] (PC Tools) - C:\WINDOWS\System32\drivers\TfFsMon.sys
[08/28/2008 08:33 PM | 00,028,544 | ---- | C] (Panda Security, S.L.) - C:\WINDOWS\System32\drivers\pavboot.sys
[08/24/2008 07:42 AM | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\java.exe
[08/24/2008 07:42 AM | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaw.exe
[08/24/2008 07:42 AM | 00,139,264 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaws.exe
[6 C:\WINDOWS\*.tmp files]
[08/28/2008 04:53 PM | ---D | C] - C:\WINDOWS\ERDNT
[08/28/2008 04:56 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[08/28/2008 05:23 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\PC Tools
[08/28/2008 05:24 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\TEMP
@Alternate Data Stream - 124 bytes -> %AllUsersProfile%\Application Data\TEMP:1CA73D29
[08/08/2008 07:26 PM | ---D | C] - C:\Documents and Settings\Skrunt\Application Data\MSNInstaller
[08/24/2008 07:45 AM | ---D | C] - C:\Documents and Settings\Skrunt\Application Data\OpenOffice.org2
[08/28/2008 04:56 PM | ---D | C] - C:\Documents and Settings\Skrunt\Application Data\Malwarebytes
[08/07/2008 01:32 PM | ---D | C] - C:\Documents and Settings\Skrunt\Local Settings\Application Data\Nova Development
[08/31/2008 10:44 AM | ---D | C] - C:\Documents and Settings\Skrunt\Local Settings\Application Data\NOS
[08/20/2008 02:08 PM | 00,025,088 | ---- | C] () - C:\Documents and Settings\Skrunt\My Documents\Social Committe.doc
[08/20/2008 03:11 PM | ---D | C] - C:\Documents and Settings\Skrunt\My Documents\NNO
[08/28/2008 04:56 PM | 00,000,565 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[08/28/2008 05:24 PM | 00,000,520 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\ThreatFire.lnk
[08/31/2008 10:47 AM | 00,001,745 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Adobe Reader 7.0.lnk
[08/08/2008 02:01 PM | 00,018,432 | ---- | C] () - C:\Documents and Settings\Skrunt\Desktop\Member Contact List(2).xls
[08/10/2008 07:08 PM | 00,039,929 | ---- | C] () - C:\Documents and Settings\Skrunt\Desktop\13275lg.jpg
[08/11/2008 05:24 PM | 00,023,040 | ---- | C] () - C:\Documents and Settings\Skrunt\Desktop\Lantana2009BoardBudget.xls
[08/20/2008 01:05 PM | 00,184,010 | ---- | C] () - C:\Documents and Settings\Skrunt\Desktop\NNO_AWARD_tips_08.pdf
[08/24/2008 06:41 AM | 00,023,040 | ---- | C] () - C:\Documents and Settings\Skrunt\Desktop\Lantana2009BoardBudget(2).xls
[08/24/2008 06:48 AM | 00,224,050 | ---- | C] () - C:\Documents and Settings\Skrunt\Desktop\AM packet 2008.pdf
[08/25/2008 01:10 PM | 00,040,807 | ---- | C] () - C:\Documents and Settings\Skrunt\Desktop\Fall08NLC_syllabus.pdf
[08/26/2008 12:03 PM | 00,127,488 | ---- | C] () - C:\Documents and Settings\Skrunt\Desktop\bondingjeopardy.ppt
[08/27/2008 09:19 PM | ---D | C] - C:\Documents and Settings\Skrunt\Desktop\Fall 2006
[08/27/2008 09:22 PM | ---D | C] - C:\Documents and Settings\Skrunt\Desktop\Scrap
[08/28/2008 04:42 PM | 00,000,811 | ---- | C] () - C:\Documents and Settings\Skrunt\Desktop\HijackThis.lnk
[08/28/2008 04:47 PM | 00,050,688 | ---- | C] (Atribune.org) - C:\Documents and Settings\Skrunt\Desktop\ATF_Cleaner.exe
[08/28/2008 04:53 PM | 00,000,501 | ---- | C] () - C:\Documents and Settings\Skrunt\Desktop\ERUNT.lnk
[08/28/2008 04:53 PM | 00,000,514 | ---- | C] () - C:\Documents and Settings\Skrunt\Desktop\NTREGOPT.lnk
[08/29/2008 09:02 AM | 00,093,389 | ---- | C] () - C:\Documents and Settings\Skrunt\Desktop\eBayISAPI.dll
[08/29/2008 09:02 AM | ---D | C] - C:\Documents and Settings\Skrunt\Desktop\eBayISAPI_files
[09/01/2008 11:54 PM | 00,042,136 | ---- | C] () - C:\Documents and Settings\Skrunt\Desktop\Chem 1406 Syllabus.pdf
[09/02/2008 11:18 PM | 00,022,016 | ---- | C] () - C:\Documents and Settings\Skrunt\Desktop\1405ScheduleMWF(2).xls
[09/05/2008 07:41 PM | 01,305,600 | ---- | C] (OldTimer Tools) - C:\Documents and Settings\Skrunt\Desktop\OTViewIt_beta.exe
[08/31/2008 10:47 AM | 00,001,762 | ---- | C] () - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[08/28/2008 04:53 PM | 00,000,658 | ---- | C] () - C:\Documents and Settings\Skrunt\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[08/28/2008 04:56 PM | ---D | C] - C:\Program Files\Common Files\Download Manager
[08/24/2008 07:42 AM | ---D | C] - C:\Program Files\OpenOffice.org 2.4
[08/27/2008 09:18 PM | ---D | C] - C:\Program Files\AVG
[08/27/2008 09:18 PM | ---D | C] - C:\Program Files\LightScribe
[08/27/2008 09:18 PM | ---D | C] - C:\Program Files\Marvell
[08/27/2008 09:19 PM | ---D | C] - C:\Program Files\Yahoo! Games
[08/27/2008 09:20 PM | ---D | C] - C:\Program Files\Messenger
[08/27/2008 09:20 PM | ---D | C] - C:\Program Files\Shutterfly
[08/28/2008 08:32 PM | ---D | C] - C:\Program Files\Panda Security

========== Files - Modified Within 30 days ==========

[08/17/2008 03:01 PM | 00,017,144 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys
[08/17/2008 03:01 PM | 00,038,472 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2 C:\WINDOWS\System32\*.tmp files]
[08/29/2008 07:56 AM | 00,296,456 | ---- | M] () - C:\WINDOWS\System32\FNTCACHE.DAT
[08/30/2008 06:51 AM | 00,060,828 | ---- | M] () - C:\WINDOWS\System32\perfc009.dat
[08/30/2008 06:51 AM | 00,400,794 | ---- | M] () - C:\WINDOWS\System32\perfh009.dat
[08/30/2008 06:51 AM | 00,466,028 | ---- | M] () - C:\WINDOWS\System32\PerfStringBackup.INI
[09/05/2008 10:09 AM | 00,002,206 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[6 C:\WINDOWS\*.tmp files]
[08/27/2008 08:54 PM | 00,000,227 | ---- | M] () - C:\WINDOWS\system.ini
[08/28/2008 05:36 PM | 00,001,374 | ---- | M] () - C:\WINDOWS\imsins.BAK
[08/29/2008 11:07 PM | 00,000,594 | ---- | M] () - C:\WINDOWS\win.ini
[09/05/2008 03:46 PM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[09/05/2008 03:46 PM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[09/05/2008 07:17 PM | 00,000,256 | ---- | M] () - C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[09/01/2008 10:53 AM | 00,000,020 | -H-- | M] () - C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[08/30/2008 08:35 AM | 00,090,136 | ---- | M] () - C:\Documents and Settings\Skrunt\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[08/20/2008 02:08 PM | 00,025,088 | ---- | M] () - C:\Documents and Settings\Skrunt\My Documents\Social Committe.doc
[08/28/2008 04:56 PM | 00,000,565 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[08/28/2008 05:24 PM | 00,000,520 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\ThreatFire.lnk
[08/31/2008 10:47 AM | 00,001,745 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Adobe Reader 7.0.lnk
[08/08/2008 02:01 PM | 00,018,432 | ---- | M] () - C:\Documents and Settings\Skrunt\Desktop\Member Contact List(2).xls
[08/10/2008 07:08 PM | 00,039,929 | ---- | M] () - C:\Documents and Settings\Skrunt\Desktop\13275lg.jpg
[08/10/2008 09:50 PM | 00,026,112 | ---- | M] () - C:\Documents and Settings\Skrunt\Desktop\bike milage 2008.xls
[08/11/2008 05:24 PM | 00,023,040 | ---- | M] () - C:\Documents and Settings\Skrunt\Desktop\Lantana2009BoardBudget.xls
[08/20/2008 01:05 PM | 00,184,010 | ---- | M] () - C:\Documents and Settings\Skrunt\Desktop\NNO_AWARD_tips_08.pdf
[08/24/2008 06:41 AM | 00,023,040 | ---- | M] () - C:\Documents and Settings\Skrunt\Desktop\Lantana2009BoardBudget(2).xls
[08/24/2008 06:48 AM | 00,224,050 | ---- | M] () - C:\Documents and Settings\Skrunt\Desktop\AM packet 2008.pdf
[08/25/2008 01:10 PM | 00,040,807 | ---- | M] () - C:\Documents and Settings\Skrunt\Desktop\Fall08NLC_syllabus.pdf
[08/26/2008 12:04 PM | 00,127,488 | ---- | M] () - C:\Documents and Settings\Skrunt\Desktop\bondingjeopardy.ppt
[08/28/2008 04:42 PM | 00,000,811 | ---- | M] () - C:\Documents and Settings\Skrunt\Desktop\HijackThis.lnk
[08/28/2008 04:47 PM | 00,050,688 | ---- | M] (Atribune.org) - C:\Documents and Settings\Skrunt\Desktop\ATF_Cleaner.exe
[08/28/2008 04:53 PM | 00,000,501 | ---- | M] () - C:\Documents and Settings\Skrunt\Desktop\ERUNT.lnk
[08/28/2008 04:53 PM | 00,000,514 | ---- | M] () - C:\Documents and Settings\Skrunt\Desktop\NTREGOPT.lnk
[08/29/2008 09:02 AM | 00,093,389 | ---- | M] () - C:\Documents and Settings\Skrunt\Desktop\eBayISAPI.dll
[09/01/2008 11:54 PM | 00,042,136 | ---- | M] () - C:\Documents and Settings\Skrunt\Desktop\Chem 1406 Syllabus.pdf
[09/02/2008 11:18 PM | 00,022,016 | ---- | M] () - C:\Documents and Settings\Skrunt\Desktop\1405ScheduleMWF(2).xls
[09/03/2008 10:34 AM | 00,002,497 | ---- | M] () - C:\Documents and Settings\Skrunt\Desktop\Microsoft Office Word 2003.lnk
[09/03/2008 10:35 AM | 00,174,080 | -HS- | M] () - C:\Documents and Settings\Skrunt\Desktop\Thumbs.db
@Alternate Data Stream - 0 bytes -> %UserProfile%\Desktop\Thumbs.db:encryptable
[09/05/2008 07:41 PM | 01,305,600 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\Skrunt\Desktop\OTViewIt_beta.exe
[08/31/2008 10:47 AM | 00,001,762 | ---- | M] () - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[08/28/2008 04:53 PM | 00,000,658 | ---- | M] () - C:\Documents and Settings\Skrunt\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

< End of report >
  • 0

#4
colbyclay
Posted 05 September 2008 - 06:56 PM

colbyclay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
And here is the Extras.Txt:

OTViewIt Extras logfile created on: 9/5/2008 7:48:05 PM - Run 2
OTViewIt by OldTimer - Version 1.0.2.1 beta Folder = C:\Documents and Settings\Skrunt\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.41 Mb Total Physical Memory | 659.25 Mb Available Physical Memory | 64.48% Memory free
3.88 Gb Paging File | 3.63 Gb Available in Paging File | 93.61% Paging File free
Paging file location(s): G:\pagefile.sys 3048 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20.00 Gb Total Space | 8.83 Gb Free Space | 44.17% Space Free | Partition Type: NTFS
Drive D: | 654.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 10.00 Gb Total Space | 9.38 Gb Free Space | 93.83% Space Free | Partition Type: NTFS
Drive F: | 263.67 Gb Total Space | 223.71 Gb Free Space | 84.85% Space Free | Partition Type: NTFS
Drive G: | 4.41 Gb Total Space | 1.40 Gb Free Space | 31.83% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[08/03/2004 08:07 PM | 00,140,800 | ---- | M] (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[10/18/2007 12:34 PM | 05,724,184 | ---- | M] (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[10/02/2007 06:18 PM | 00,304,488 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[08/03/2004 08:07 PM | 00,140,800 | ---- | M] (Microsoft Corporation)

"C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe
File not found

"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe
File not found

"C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe
File not found

"C:\Program Files\UltraVNC\winvnc.exe" = C:\Program Files\UltraVNC\winvnc.exe:*:Enabled:VNC server for Win32
[06/18/2006 02:56 PM | 00,712,704 | ---- | M] (UltraVNC)

"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home
File not found

"F:\Space Empires IV Gold\Se4.exe" = F:\Space Empires IV Gold\Se4.exe:*:Enabled:Space Empires IV
File not found

"F:\Sid Meier's Civilization 4\Civilization4.exe" = F:\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4
[05/16/2007 11:52 PM | 11,739,782 | ---- | M] (Firaxis Games)

"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
File not found

"F:\NeverwinterNights\nwmain.exe" = F:\NeverwinterNights\nwmain.exe:*:Enabled:Neverwinter Nights
[08/04/2006 05:45 PM | 05,636,096 | ---- | M] (Bioware Corp.)

"F:\NeverwinterNights\nwserver.exe" = F:\NeverwinterNights\nwserver.exe:*:Enabled:Neverwinter Nights Server
[08/04/2006 05:45 PM | 02,539,520 | ---- | M] (Bioware Corp.)

"F:\Neverwinter Nights 2\nwn2main.exe" = F:\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main
[12/17/2007 03:15 PM | 12,173,312 | ---- | M] (Obsidian Entertainment, Inc.)

"F:\Neverwinter Nights 2\nwn2main_amdxp.exe" = F:\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD
[12/17/2007 03:26 PM | 12,025,856 | ---- | M] (Obsidian Entertainment, Inc.)

"F:\Neverwinter Nights 2\nwupdate.exe" = F:\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater
[02/16/2008 04:13 PM | 02,465,792 | ---- | M] (Obsidian Entertainment, Inc.)

"F:\Neverwinter Nights 2\nwn2server.exe" = F:\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server
[12/13/2007 07:19 PM | 04,943,872 | ---- | M] (Obsidian Entertainment, Inc.)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[10/18/2007 12:34 PM | 05,724,184 | ---- | M] (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[10/02/2007 06:18 PM | 00,304,488 | ---- | M] (Microsoft Corporation)

"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM
File not found

"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
File not found

"F:\EVE\bin\ExeFile.exe" = F:\EVE\bin\ExeFile.exe:*:Enabled:CCP ExeFile
File not found

"F:\Hellgate London\Launcher.exe" = F:\Hellgate London\Launcher.exe:*:Enabled:Hellgate: London
[07/29/2008 06:20 PM | 06,448,448 | ---- | M] (Flagship Studios)

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] - "%1" %*
.cmd [@ = cmdfile] - "%1" %*
.com [@ = comfile] - "%1" %*
.exe [@ = exefile] - "%1" %*
.html [@ = FirefoxHTML] - [08/03/2008 10:51 AM | 00,307,712 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Firefox\firefox.exe
.pif [@ = piffile] - "%1" %*
.scr [@ = scrfile] - "%1" /S

========== Winsock2 Catalogs ==========

========== HKEY_LOCAL_MACHINE Protocol Defaults ==========


========== HKEY_CURRENT_USER Protocol Defaults ==========


========== HKEY_USERS Protocol Defaults ==========


========== HKEY_USERS Protocol Defaults ==========


========== HKEY_USERS Protocol Defaults ==========


========== HKEY_USERS Protocol Defaults ==========


========== HKEY_USERS Protocol Defaults ==========


========== Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} [HKLM - XPLPPFilter Class]
File not found C:\Program Files\AVG\AVG8\avgpp.dll
msdaipp: [HKLM - No CLSID value]

========== Protocol Filters ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08F8FD7C-44A5-4423-B87C-EBD3D94C9F87}" = Vampire - The Masquerade Bloodlines
"{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{20E5F823-61A4-4BCE-9DF4-5DB43F302B69}" = Diskeeper Professional Premier Edition
"{24F2E03B-ACF2-42FB-8A2A-5F015ACBDD16}" = FOX ONE
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37477865-A3F1-4772-AD43-AAFC6BCFF99F}" = MSXML 4.0 SP2 (KB927978)
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{59C80C5E-8C92-40FF-B910-2BB5C7281F61}" = Europa Universalis III
"{67183F00-3DDC-497B-A090-4E2B79EAF1CD}" = Photo Viewer
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7373184D-8E8F-4308-912A-3901071FA1AD}" = LightScribe Applications
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{7EC9E7A1-A576-43C8-9CBB-31BD5625EBCA}" = Fox LiveUpdate
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{A2B4455D-1046-4732-BFBC-0821BEFC07BC}" = Hellgate: London
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A6199025-CBF8-4ACB-BEE9-D14EC1CCD731}" = X2 - The Threat
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A8589680-35C1-4732-ACCA-09B78921ECE3}" = Sid Meier's Civilization 4
"{A8AD990E-355A-4413-8647-A9B168978423}_is1" = UltraVNC v1.0.2
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}" = Windows Live Sign-in Assistant
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{BA63612E-0458-416A-ADCD-B2349194F20F}" = Creative Zen Nano Plus
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C04E32E0-0416-434D-AFB9-6969D703A9EF}" = MSXML 4.0 SP2 (KB936181)
"{C1583439-B034-4881-819C-D52A0587662B}" = Neverwinter Nights Platinum Edition
"{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F13D54AA-EE45-4394-8510-C612A56FD9BC}" = Creative Zen Touch
"{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2
"{FC272B66-8372-49EF-A642-28CAD2B9EAC9}" = Tron 2.0
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire 3.5
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AVG8Uninstall" = AVG Free 8.0
"Creative Jukebox Driver" = Creative Jukebox Driver
"Creative Mass Storage Drivers" = Creative Mass Storage Drivers
"ERUNT_is1" = ERUNT 1.1j
"Fallout" = Fallout
"Fallout2" = Fallout2
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"KB873339" = Windows XP Hotfix - KB873339
"KB885835" = Windows XP Hotfix - KB885835
"KB885836" = Windows XP Hotfix - KB885836
"KB886185" = Windows XP Hotfix - KB886185
"KB887472" = Windows XP Hotfix - KB887472
"KB888111WXPSP2" = High Definition Audio Driver Package - KB888111
"KB888302" = Windows XP Hotfix - KB888302
"KB890046" = Security Update for Windows XP (KB890046)
"KB890859" = Windows XP Hotfix - KB890859
"KB891781" = Windows XP Hotfix - KB891781
"KB893756" = Security Update for Windows XP (KB893756)
"KB893803v2" = Windows Installer 3.1 (KB893803)
"KB894391" = Update for Windows XP (KB894391)
"KB896358" = Security Update for Windows XP (KB896358)
"KB896423" = Security Update for Windows XP (KB896423)
"KB896428" = Security Update for Windows XP (KB896428)
"KB898461" = Update for Windows XP (KB898461)
"KB899587" = Security Update for Windows XP (KB899587)
"KB899591" = Security Update for Windows XP (KB899591)
"KB900485" = Update for Windows XP (KB900485)
"KB900725" = Security Update for Windows XP (KB900725)
"KB901017" = Security Update for Windows XP (KB901017)
"KB901214" = Security Update for Windows XP (KB901214)
"KB902400" = Security Update for Windows XP (KB902400)
"KB904706" = Security Update for Windows XP (KB904706)
"KB905414" = Security Update for Windows XP (KB905414)
"KB905749" = Security Update for Windows XP (KB905749)
"KB908519" = Security Update for Windows XP (KB908519)
"KB908531" = Update for Windows XP (KB908531)
"KB910437" = Update for Windows XP (KB910437)
"KB911280" = Update for Windows XP (KB911280)
"KB911562" = Security Update for Windows XP (KB911562)
"KB911564" = Security Update for Windows Media Player (KB911564)
"KB911927" = Security Update for Windows XP (KB911927)
"KB913580" = Security Update for Windows XP (KB913580)
"KB914388" = Security Update for Windows XP (KB914388)
"KB914389" = Security Update for Windows XP (KB914389)
"KB916595" = Update for Windows XP (KB916595)
"KB917344" = Security Update for Windows XP (KB917344)
"KB917422" = Security Update for Windows XP (KB917422)
"KB917734_WMP9" = Security Update for Windows Media Player 9 (KB917734)
"KB917953" = Security Update for Windows XP (KB917953)
"KB918118" = Security Update for Windows XP (KB918118)
"KB918439" = Security Update for Windows XP (KB918439)
"KB919007" = Security Update for Windows XP (KB919007)
"KB920213" = Security Update for Windows XP (KB920213)
"KB920670" = Security Update for Windows XP (KB920670)
"KB920683" = Security Update for Windows XP (KB920683)
"KB920685" = Security Update for Windows XP (KB920685)
"KB920872" = Update for Windows XP (KB920872)
"KB921503" = Security Update for Windows XP (KB921503)
"KB922582" = Update for Windows XP (KB922582)
"KB922819" = Security Update for Windows XP (KB922819)
"KB923191" = Security Update for Windows XP (KB923191)
"KB923414" = Security Update for Windows XP (KB923414)
"KB923689" = Security Update for Windows XP (KB923689)
"KB923694" = Security Update for Windows XP (KB923694)
"KB923789" = Security Update for Windows XP (KB923789)
"KB923980" = Security Update for Windows XP (KB923980)
"KB924191" = Security Update for Windows XP (KB924191)
"KB924270" = Security Update for Windows XP (KB924270)
"KB924496" = Security Update for Windows XP (KB924496)
"KB924667" = Security Update for Windows XP (KB924667)
"KB925398_WMP64" = Security Update for Windows Media Player 6.4 (KB925398)
"KB925902" = Security Update for Windows XP (KB925902)
"KB926255" = Security Update for Windows XP (KB926255)
"KB926436" = Security Update for Windows XP (KB926436)
"KB927779" = Security Update for Windows XP (KB927779)
"KB927802" = Security Update for Windows XP (KB927802)
"KB927891" = Update for Windows XP (KB927891)
"KB928255" = Security Update for Windows XP (KB928255)
"KB928843" = Security Update for Windows XP (KB928843)
"KB929123" = Security Update for Windows XP (KB929123)
"KB929969" = Security Update for Windows XP (KB929969)
"KB930178" = Security Update for Windows XP (KB930178)
"KB930916" = Update for Windows XP (KB930916)
"KB931261" = Security Update for Windows XP (KB931261)
"KB931768" = Security Update for Windows XP (KB931768)
"KB931784" = Security Update for Windows XP (KB931784)
"KB931836" = Update for Windows XP (KB931836)
"KB932168" = Security Update for Windows XP (KB932168)
"KB933360" = Update for Windows XP (KB933360)
"KB933566" = Security Update for Windows XP (KB933566)
"KB933729" = Security Update for Windows XP (KB933729)
"KB935448" = Hotfix for Windows XP (KB935448)
"KB935839" = Security Update for Windows XP (KB935839)
"KB935840" = Security Update for Windows XP (KB935840)
"KB936021" = Security Update for Windows XP (KB936021)
"KB936357" = Update for Windows XP (KB936357)
"KB936782_WMP10" = Security Update for Windows Media Player 10 (KB936782)
"KB936782_WMP9" = Security Update for Windows Media Player 9 (KB936782)
"KB937143" = Security Update for Windows XP (KB937143)
"KB937894" = Security Update for Windows XP (KB937894)
"KB938127" = Security Update for Windows XP (KB938127)
"KB938828" = Update for Windows XP (KB938828)
"KB938829" = Security Update for Windows XP (KB938829)
"KB939653" = Security Update for Windows XP (KB939653)
"KB941202" = Security Update for Windows XP (KB941202)
"KB941568" = Security Update for Windows XP (KB941568)
"KB941569" = Security Update for Windows XP (KB941569)
"KB941693" = Security Update for Windows XP (KB941693)
"KB942763" = Update for Windows XP (KB942763)
"KB942840" = Update for Windows XP (KB942840)
"KB943055" = Security Update for Windows XP (KB943055)
"KB943460" = Security Update for Windows XP (KB943460)
"KB944338" = Security Update for Windows XP (KB944338)
"KB944533" = Security Update for Windows XP (KB944533)
"KB944653" = Security Update for Windows XP (KB944653)
"KB945553" = Security Update for Windows XP (KB945553)
"KB946026" = Security Update for Windows XP (KB946026)
"KB946648" = Security Update for Windows XP (KB946648)
"KB948590" = Security Update for Windows XP (KB948590)
"KB948881" = Security Update for Windows XP (KB948881)
"KB950749" = Security Update for Windows XP (KB950749)
"KB950759" = Security Update for Windows XP (KB950759)
"KB950760" = Security Update for Windows XP (KB950760)
"KB950762" = Security Update for Windows XP (KB950762)
"KB950974" = Security Update for Windows XP (KB950974)
"KB951066" = Security Update for Windows XP (KB951066)
"KB951072-v2" = Update for Windows XP (KB951072-v2)
"KB951376" = Security Update for Windows XP (KB951376)
"KB951376-v2" = Security Update for Windows XP (KB951376-v2)
"KB951698" = Security Update for Windows XP (KB951698)
"KB951748" = Security Update for Windows XP (KB951748)
"KB952287" = Hotfix for Windows XP (KB952287)
"KB952954" = Security Update for Windows XP (KB952954)
"KB953838" = Security Update for Windows XP (KB953838)
"KB953839" = Security Update for Windows XP (KB953839)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.0.1)" = Mozilla Firefox (3.0.1)
"mr7910_1ffef370f39864f3aaa62219d434ae06b02b70ab" = Windows Driver Package - (mr7910) Image 08/08/2006 1.4.0.0
"MuVo Driver" = Creative Mass Storage Drivers
"Network Play System (Patching)" = Network Play System (Patching)
"NVIDIA Drivers" = NVIDIA Drivers
"QuicktimeAlt_is1" = QuickTime Alternative 1.81
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Shutterfly Plugin" = Shutterfly Plugin
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"SShockDeinstallKey" = System Shock2
"SysInfo" = Creative System Information
"SystemRequirementsLab" = System Requirements Lab
"The Sims" = The Sims
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"WinAce Archiver" = WinAce Archiver
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"x2_allinone_bonus_package_is1" = X² All In One Bonus Package 1.04

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========


========== HKEY_USERS Uninstall List ==========


========== HKEY_USERS Uninstall List ==========


========== HKEY_USERS Uninstall List ==========


========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-57989841-1220945662-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========


[ Application Events ]
Error - 8/16/2008 8:45:00 PM - Computer Name = HAL - User Name = NT AUTHORITY\SYSTEM - Source = MsiInstaller
Description = Product: Microsoft Office Professional Edition 2003 - Update 'Office
2003 Service Pack 3 (SP3): MAINSP3' could not be installed. Error code 1603. Windows
Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft....k/?LinkId=23127

Error - 8/20/2008 2:14:31 AM - Computer Name = HAL - User Name = NT AUTHORITY\SYSTEM - Source = MsiInstaller
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1311.
Source file not found(cabinet): F:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\PA561401.CAB.
Verify that the file exists and that you can access it.

Error - 8/20/2008 2:14:40 AM - Computer Name = HAL - User Name = NT AUTHORITY\SYSTEM - Source = MsiInstaller
Description = Product: Microsoft Office Professional Edition 2003 - Update 'Office
2003 Service Pack 3 (SP3): MAINSP3' could not be installed. Error code 1603. Windows
Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft....k/?LinkId=23127

Error - 8/20/2008 8:22:08 PM - Computer Name = HAL - User Name = HAL\Skrunt - Source = MsiInstaller
Description = Product: Scrapbook Factory Deluxe 4.0 -- Error 1311.Source file not
found(cabinet): C:\Documents and Settings\Skrunt\Local Settings\Temp\Data1.cab.
Verify that the file exists and that you can access it.

Error - 8/22/2008 4:13:20 PM - Computer Name = HAL - User Name = HAL\Skrunt - Source = MsiInstaller
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1311.
Source file not found(cabinet): D:\Office11 - Disc 1 - Professional\SKU011.CAB.
Verify that the file exists and that you can access it.

Error - 8/22/2008 4:13:20 PM - Computer Name = HAL - User Name = HAL\Skrunt - Source = MsiInstaller
Description = Product: Microsoft Office Professional Edition 2003 -- Error 25090.
Office Setup encountered a problem with the Office Source Engine, system error:
-2147023179. Please open C:\Program Files\Microsoft Office\OFFICE11\1033\SETUP.CHM
and look for "Office Source Engine" for information on how to resolve this problem.

Error - 8/26/2008 9:43:07 PM - Computer Name = HAL - User Name = User SID not found - Source = Application Error
Description = Faulting application passport.exe, version 14.1.7.22, faulting module
passtcp.dll, version 14.0.7.22, fault address 0x000072d8.

Error - 8/27/2008 9:14:07 PM - Computer Name = HAL - User Name = User SID not found - Source = EventSystem
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 8/27/2008 9:14:07 PM - Computer Name = HAL - User Name = User SID not found - Source = VSS
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 9/5/2008 9:02:13 PM - Computer Name = HAL - User Name = User SID not found - Source = Application Error
Description = Faulting application acrord32.exe, version 7.0.8.218, faulting module
acrord32.dll, version 7.1.0.649, fault address 0x000ca199.


[ Security Events ]

[ System Events ]
Error - 8/30/2008 11:42:26 AM - Computer Name = HAL - User Name = User SID not found - Source = Service Control Manager
Description = The following boot-start or system-start driver(s) failed to load:
AvgLdx86

Error - 9/1/2008 12:01:11 PM - Computer Name = HAL - User Name = User SID not found - Source = Service Control Manager
Description = The following boot-start or system-start driver(s) failed to load:
AvgLdx86

Error - 9/2/2008 1:20:13 PM - Computer Name = HAL - User Name = User SID not found - Source = Service Control Manager
Description = The following boot-start or system-start driver(s) failed to load:
AvgLdx86

Error - 9/2/2008 2:15:19 PM - Computer Name = HAL - User Name = User SID not found - Source = Service Control Manager
Description = The following boot-start or system-start driver(s) failed to load:
AvgLdx86

Error - 9/3/2008 2:37:34 AM - Computer Name = HAL - User Name = User SID not found - Source = Service Control Manager
Description = The following boot-start or system-start driver(s) failed to load:
AvgLdx86

Error - 9/3/2008 12:46:19 PM - Computer Name = HAL - User Name = User SID not found - Source = Service Control Manager
Description = The following boot-start or system-start driver(s) failed to load:
AvgLdx86

Error - 9/4/2008 1:54:20 PM - Computer Name = HAL - User Name = User SID not found - Source = Service Control Manager
Description = The following boot-start or system-start driver(s) failed to load:
AvgLdx86

Error - 9/5/2008 3:09:52 PM - Computer Name = HAL - User Name = User SID not found - Source = Service Control Manager
Description = The following boot-start or system-start driver(s) failed to load:
AvgLdx86

Error - 9/5/2008 8:47:04 PM - Computer Name = HAL - User Name = User SID not found - Source = Service Control Manager
Description = The ThreatFire service failed to start due to the following error:
%%3

Error - 9/5/2008 8:47:04 PM - Computer Name = HAL - User Name = User SID not found - Source = Service Control Manager
Description = The following boot-start or system-start driver(s) failed to load:
AvgLdx86


< End of report >
  • 0

#5
sage5
Posted 05 September 2008 - 11:17 PM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi colbyclay,

That is looking pretty good at this stage.


Clean up Registry with a Reg file:
  • Please open a new Notepad file by clicking Start\All Programs\Accessories\Notepad
  • Copy the text from the following Code box, by highlighting all the text and right click, Select Copy. (or use the Ctrl+C keyboard shortcut)
Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48057f01-af4b-11dc-b787-0015588abe45}]

[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{735eca17-116f-11dc-b606-0015588abe45}]

[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{96d32d38-4fdc-11dc-b6cc-0015588abe45}]

[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ad877f2-7b8b-11dd-a456-806d6172696f}]

[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eae23686-1109-11dc-b605-0015588abe45}]

[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f930a27e-06d9-11dc-b5d9-0015588abe45}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Grisoft\AVG7\avginet.exe" =-
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" =-
"C:\Program Files\Grisoft\AVG7\avgcc.exe" =-
  • Paste it into Notepad. Right click in the window and select Paste. (or use Ctrl+V)
  • Save the file to the Desktop, make sure Type is All Files, and name it Fixreg.reg
  • Double click on the file created and click Yes when asked to merge the information into the Registry


Remove folders & files:
  • Please go to Start > Control Panel > Add/Remove Programs and remove the following, (if present):
    Java™ SE Runtime Environment 6 Update 1
    Java™ 6 Update 2
    Java™ 6 Update 3
    Java™ 6 Update 5
    Viewpoint Media Player
    Please take note of any other programs that you don't recognise in that list, and include them in your next response


You don't appear to be running a 3rd party firewall. These are essential to protect from trojans, viruses, spyware etc.

You should check out:- Comodo Firewall Pro or Sunbelt Personal Firewall

User manuals are available for both:
Comodo's manual is built in and accessable from the Help Menu.

Sunbelt Manual Here

Both are simple to install & free to use.
Please install only 1

I need you to post me a fresh HijackThis log to confirm correct installation of the Firewall.

Cheers,

sage5

Edited by sage5, 05 September 2008 - 11:19 PM.

  • 0

#6
colbyclay
Posted 06 September 2008 - 10:58 AM

colbyclay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hey Sage5,
The system seems to be running a little faster. System or svchost.exe is running around above 60% all the time but total usage (when idle) is around 85-90%. Here is the Logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:53:46 AM, on 9/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
H:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
E:\creative\Detector\CTDetect.exe
E:\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
h:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ThreatFire] h:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Creative Detector] E:\creative\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: ERUNT AutoBackup.lnk = H:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....031/CTSUEng.cab
O16 - DPF: {EA5276F1-F0E5-11D2-8CB7-00105AA1B80E} (PASSPORT Document) - http://passportvm.ac...ent/Passweb.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15033/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - AppInit_DLLs: avgrsstx.dll C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ThreatFire - PC Tools - h:\Program Files\ThreatFire\TFService.exe

--
End of file - 7477 bytes


Thanks for your help. Cheers!

Colbyclay

Edited by colbyclay, 06 September 2008 - 11:26 AM.

  • 0

#7
sage5
Posted 06 September 2008 - 05:59 PM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi colbyclay,

The answer to this might have been staring me in the face.

You have 2 anti-virus applications running at once, ThreatFire & AVG8.
Choose the one you want to keep, (my choice would be AVG), and get rid of the other.
Using the Add/Remove programs page of the Control Panel, uninstall either:
ThreatFire 3.5
or
AVG8

Restart the PC and see if that reduces the CPU & Paging File (PF) usage in the Task Manager.

To take & Upload a Screenshot of Task Manager:
  • Hit the Ctrl+Alt+Del keys to bring up the Task Manager.
  • Click the Processes tab & click at the top of the Mem Usage column, to sort from highest down to lowest.
  • To ensure that you only capture the active window, hold down the Alt key & press the PrtScn (PrintScreen) key on your keyboard.
  • Open MS Paint, or similar image editing application.
  • Select Edit > Paste from the top toolbar.
  • Save the file by setting the Save as type: to .GIF and File name: to Screen1
  • Use the instructions from Here to Upload the image to your Thread

Edited by sage5, 06 September 2008 - 06:00 PM.

  • 0

#8
colbyclay
Posted 07 September 2008 - 05:31 AM

colbyclay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Good Morning Sage5,
The slowdowns started before I downloaded Threatfire (found on this great site). I don't *think* AVG is running, at least it doesn't show up in my toolbar. This is why I downloaded ThreatFire. When I try to remove it, it gives me the following error:

Installer initialization failed due to following error:
Error: @AvgErrorCode_0x0253 %FILE% = "C:\Program Files\AVG\AVG8"
@AvgErrorCode_0x0020

I have tried to download it again from cnet, but since I have the program on my computer anyway, it will not fix the problem.
  • 0

#9
sage5
Posted 07 September 2008 - 08:01 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi colbyclay,

It would be better if we could get AVG running properly, I think, because it at least has been tested by the people at AV comparatives.
Threatfire, also seems to have some major issues & conflicts & uses a doubtful marketing premise, in my opinion.

Download the latest AVG free version from Here & save to your Desktop, but do not install yet.

Parts of AVG are still running & I think that is at least part of the problem.
So let's uninstall both, reinstall AVG & get it updated & a full scan done.
I have also included some redundant/doubtfull applications for removal as well.


Spy-Bot's TeaTimer can sometimes prevent some parts of the fix completing successfully.
Please disable TeaTimer for now. It can be re-activated once your HijackThis log is clean.
First:
  • Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
  • Choose Exit Spybot S&D Resident
Second:
  • Open Spybot S&D
  • Click Mode, check Advanced Mode
  • Go To Left Panel, Click Tools, then also in left panel, click Resident
  • If your firewall raises a question, say OK
  • Uncheck the box labeled Resident Tea-Timer and OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.
Don't forget to re-enable it, when your computer is clean.


Run HijackThis.
  • Click the Do a system scan only button.
  • Check the boxes for the all the entries listed below:
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ThreatFire] h:\Program Files\ThreatFire\TFTray.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ThreatFire - PC Tools - h:\Program Files\ThreatFire\TFService.exe
  • Now close all windows other than HijackThis and click Fix Checked.
  • Close HijackThis.


Delete bad services
Please hgihlight all of the text in the Code box below.
Now, copy (Ctrl+C) and paste (Ctrl+V) the following to a new Notepad file.
Save the file, making sure that the Save as type box is set to "All Files", and name it FixServices.bat Please save it on your desktop.

@echo off
sc stop avg8wd
sc stop ThreatFire
sc stop AvgLdx86
sc stop AvgMfx86
sc stop TfFsMon
sc stop TfNetMon
sc stop TfSysMon
sc delete avg8wd
sc delete ThreatFire
sc delete AvgLdx86
sc delete AvgMfx86
sc delete TfFsMon
sc delete TfNetMon
sc delete TfSysMon
exit

Double click FixServices.bat. A window will open and close. This is normal.


Remove applications, folders & files:
  • Please go to Start > Control Panel > Add/Remove Programs and remove the following, (if present):
    AVG Free 8.0
    ThreatFire 3.5
    Java™ SE Runtime Environment 6 Update 1
    Java™ 6 Update 2
    Java™ 6 Update 3
    Java™ 6 Update 5
    Viewpoint Media Player

    Please take note of any other programs that you don't recognise in that list, and include them in your next response
  • Using Windows Explorer, (to get there right-click your Start button and go to "Explore"), delete these folders, (if present):
    C:\Program Files\AVG
    h:\Program Files\ThreatFire
    C:\Program Files\Viewpoint


Reboot the PC & run the AVG installer on your desktop.
Follow the prompts & when installation is complete, run an update & a full system scan.
If you run into any difficulty, get any error messages etc, copy any information from the message & tell me.
Otherwise post the text from the scan log in AVG & a fresh HijackThis log.

Edited by sage5, 07 September 2008 - 08:04 AM.

  • 0

#10
colbyclay
Posted 07 September 2008 - 11:03 AM

colbyclay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hey Sage5,
Issues the arose from your message:

FixServices.bat had some errors at the very beginning. It was able to perform the delete though.

During the removal of Programs:

AVG Free 8.0 - could not delete. Write protected.
ThreatFire 3.5 - deleted
Java™ SE Runtime Environment 6 Update 1 - deleted
Java™ 6 Update 2 - Not listed
Java™ 6 Update 3 - Not listed
Java™ 6 Update 5 - Not listed
Viewpoint Media Player - Not listed

During the delete of Folders:

C:\Program Files\AVG - could not delete. Write protected.
h:\Program Files\ThreatFire Not listed
C:\Program Files\Viewpoint Not listed

I was able to delete C:\Program Files\AVG finally by playing around with the install program.

After Reboot and install:

Currently running AVG scan of whole computer. I will post results as soon as finished.



Once again I want to thank you Sage5 for all of the time and effort you are putting into helping me. I greatly appreciate it! Cheers!

Edited by colbyclay, 07 September 2008 - 07:20 PM.

  • 0

Advertisements

#11
colbyclay
Posted 08 September 2008 - 04:34 AM

colbyclay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
AVG Scan:

Scan "Scan whole computer" was finished.
Infections found:;"0"
Infected objects removed or healed:;"0"
Not removed or healed:;"0"
Spyware found:;"0"
Spyware removed:;"0"
Not removed:;"0"
Warnings count:;"0"
Information count:;"0"
Scan started:;"Sunday, September 07, 2008, 6:10:07 PM"
Scan finished:;"Monday, September 08, 2008, 2:05:32 AM (7 hour(s) 55 minute(s) 25 second(s))"
Total object scanned:;"793680"
User who launched the scan:;"Skrunt"


Hijack this scan:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:34:17 AM, on 9/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
E:\creative\Detector\CTDetect.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Creative Detector] E:\creative\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: ERUNT AutoBackup.lnk = H:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....031/CTSUEng.cab
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -
O16 - DPF: {EA5276F1-F0E5-11D2-8CB7-00105AA1B80E} (PASSPORT Document) - http://passportvm.ac...ent/Passweb.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15033/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll,C:\WINDOWS\system32\cssdll32.dll,avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7250 bytes
  • 0

#12
sage5
Posted 08 September 2008 - 06:47 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
How has that lot affected the performance issue?
Is it better, worse or the same?
  • 0

#13
colbyclay
Posted 08 September 2008 - 05:27 PM

colbyclay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
It is definitely running faster now, but it is still maxing out whenever I open a browser/ game. I have attached a copy of the process tab and performance tab from Windows Task manager after opening Geeks to go forum topic on how to load pictures in a separate tab of firefox.

EDIT: Sage5, games are loading and running REALLY slow still. Civilization 4 takes about 2-3 minutes to go full screen, and then lags when it has to run something. I dont hear the CD turning, so it is not trying to access something of the disc. I just dont get it.


Thanks
Colby

perfomance.jpg

process.jpg

Edited by colbyclay, 08 September 2008 - 07:41 PM.

  • 0

#14
sage5
Posted 08 September 2008 - 11:39 PM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Try this:
Re-open the task manager & close down all the running processes, one at a time.
There are several that are essential to XP: ; leave these running for now
taskmgr.exe
explorer.exe
svchost.exe - (there may be a few of these)
spoolsv.exe
lsass.exe
services.exe
winlogon.exe
csrss.exe
smss.exe
System Idle Process

After closing each process, check to see what the CPU usage is.
We should be able to narrow down the search, that way.
Take notes of what you do & tell me which, if any, makes the greatest difference.
At idle, you should have PF usage of 300 - 500Mb & CPU at 0%

Note: What version of Firefox are you running, it seems to be using more than its share?
  • 0

#15
colbyclay
Posted 09 September 2008 - 04:54 PM

colbyclay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Good Evening Sage5,
I closed down all of the no essential processes except for the following that would not allow me to close them.

cmdagent.exe
cpf.exe

There was no change in CPU usage. Image name System still using 56-75% pf the CPU

My Firefox is 3.0.1.

Cheers,
Colby
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP