[paulfr2]

Hello,

This is my first time posting here so please forgive me if this is long. I have a Pentium III 733mhz cpu, 640mb ram and a LeadTek WinFast GeForce2 video card.

Everything was running fine until just after New Year's Day. I received URU: Ages Beyond Myst for Christmas. I installed it on New Year’s Day but it kept crashing to the desktop after a few minutes. I checked their web site for help and it suggested updating video drivers. I downloaded the latest drivers for my card from the LeadTek site and installed them.

I then tried running Uru and it seemed to work well at first but after about an hour I noticed everything was slowing down. The mouse was starting to move in a choppy manner and the sound was beginning to break up into a sort of staccato. It got worse as time went on so I quit the game. I was going to restart my computer when I looked at the clock and noticed it was several hours behind the actual time.

I restarted the PC and the clock came back with the right time. However, after running for a while the entire system, including the clock, slowed down again and kept getting worse until I rebooted again. I even uninstalled Uru but that had no effect. After using my PC for a while the entire system slows down and it becomes increasingly difficult to use it until I reboot and then everything starts out normal, even the clock.

I can't find the disk with my original video drivers but I tried an older archived version from the NVidia web site from around the time I got my PC. That didn't help either. I am running Norton's Antivirus, Zone Alarm Pro, AdAware and Spy Bot Search and Destroy. I haven't found any viruses, trojans, major spyware (other than the occasional cookies), etc. I did have a major problem with Norton's Antivirus not long after this all started and I suspect it's related to this problem. The antivirus engine would not start and I had to reinstall the antivirus program. It's been working fine since then.

I've tried a few things I've read about in these forums, like running RegVac and CWshredder, but none of that has helped either. My sister suggested it might be overheating so I checked the heatsink and fan. The heatsink was full of dust so I cleaned it out but that hasn't helped either. I did notice that the little fan on the video card gpu isn't working. Could this be the problem? If the problem is the video card why would it affect the sound and system clock too?

Right now it's getting very difficult to move the mouse around. I thought something might be draining system resources but even when it gets this bad the resources are at 57% (not great but not too bad either).

I don't know what else to do so I'm including a HijackThis log. I appreciate any help any of you can give me. Thanks in advance.

Ps. My PC is also behind a Linksys BEFSR41 DSL router on my home network.

Logfile of HijackThis v1.97.7
Scan saved at 4:52:33 AM, on 04/13/2004

***** NOTE: It is actually 5:28 AM on 04/13/2004 *****

Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\INFOUSA\VPN CLIENT\CVPND.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\SPEEDKEY.EXE
C:\PROGRAM FILES\NIKON\NKVIEW\EVLSTNR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE\OPWARE32.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\ADSUBTRACT\ADSUB.EXE
C:\PROGRAM FILES\SEC\NATURAL COLOR\NATURALCOLORLOAD.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\WAOL.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\SHELLMON.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\PROGRAM FILES\MICROSOFT WORKS\MSWORKS.EXE
C:\WINDOWS\MSAGENT\AGENTSVR.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://weather.noaa.gov/pub/data/forecasts/zone/ny/nyz065.txt
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=AdSubtract:4444
O1 - Hosts: MSCF,


90F

¿
O1 - Hosts: K/* 61645.bkf*'ä2?¿
O1 - Hosts: CKµ–ÏjUWƗŽ¤ˆ*E¬A¨¶¹{ýÙkïU¨E“"µ‘XÛ@á¨IK ÒA¥ƒöô tґ8pޑСàè3ô
O1 - Hosts: üÖ½·áœrï݁s~÷[ëû¾ó”ˆ6>"ºrêílÞøùîö*õº¯omß
O1 - Hosts: 3¯ïþpmwow(Ñ
O1 - Hosts: Ú<š÷¦}¶¯¿¯íìÏ×®þv0´¶uøx¾H›_Ìï¿–˜±Í¤¦&½„\C˜*Fai,Õ¸Ké.Â"Å÷QÞØ¿ÿ€nQ~všèùǓFÕRË`*U"‚kãÊ5ÁpŸ†¿87åÒ¸v
þ
O1 - Hosts: À×
r™±¬=€¬Û‹¸R3ƒžÎ*vckUüȱ‚ÏøËY¢sg&Rge¡*°
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\PROGRAM FILES\CANON\EASY-WEBPRINT\TOOLBAND.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Microsoft IntelliType Pro] "C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe"
O4 - HKLM\..\Run: [EVENTLISTENER] C:\Program Files\Nikon\NkView\EvLstnr.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Devldr16] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [CVPND] "C:\infoUSA\VPN Client\cvpnd.exe" start
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
O4 - Startup: AdSubtract.LNK = C:\Program Files\AdSubtract\adsub.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: NaturalColorLoad.lnk = C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
O4 - Startup: Quicken Scheduled Updates.lnk = C:\QUICKENW\bagent.exe
O9 - Extra button: Real.com (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .mpg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O16 - DPF: {C3EF17D6-2201-11D4-9F0E-00B0D011B1AE} (Communities.com Passport) - http://cartoonorbit.cartoonnetwork.com/orbiter11020/winorbiter.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security2.norton.com/us/sa/common/common/bin/cabsa.cab
O16 - DPF: {340FBD92-B7BB-11D2-8299-00104B27F81B} (ScanCtl Class) - http://outpost.zdnet.com/updates/resources/updates.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {F55C25D3-D16A-11D3-81DF-00A0C91F5E7D} (Gtek Print Control) - http://www.kiddonet.com/kiddonet/GtekPrt.ocx
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...le.com/samantha/us/win/QuickTimeInstaller.exe
O16 - DPF: {0FF3E97F-433D-11D2-B31A-00A0C9B135DB} (CoDetectDigitalRiver Class) - http://ebot.digitalriver.com/v2.0-doc/dlwizard/wizard3.0.4.3.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37787.0279861111
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553528000} - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/sarbakan/firechild/install.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {A7798D6C-C6B5-4F26-9363-F7CDBBFFA607} (download Class) - http://www.gigex.com/ActiveX/vxpspeeddelivery.dll
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net

 

[flavallee]

You've got too many programs running in the background which is going to slow down your computer. Other than ScanRegistry, SystemTray, StateMgr, PCHealth, your antivirus, and your firewall programs, very little else needs to be running in the background. Click the link below and read my article on MSCONFIG.

I'll let someone else deal with your HijackThis log, but the O1 entries look suspicious.

I've always found Norton and McAfee to be problematic, which is why I don't use them.

 

[paulfr2]

Can anyone tell me what the O1 entries are?

Thanks flavallee. I'll try removing some stuff in msconfig.

 

[wizzkid]

The 01's are: O1 - Hijack of auto.search.msn.com with Hosts file

You need to get rid of them.


Wizzkid

 

[flavallee]

With all that gibberish, I figured they didn't belong there. :down:

 

[raybro]

HJT 01 objects are called Hostfile Redirections. Those are distinctly NOT normal 01 objects. To get rid of them, do this.

Run a new HJT scan. put a check beside each of the 01 objects. Also put a check beside this object, it's also spyware.

O16 - DPF: {A7798D6C-C6B5-4F26-9363-F7CDBBFFA607} (download Class) - http://www.gigex.com/ActiveX/vxpspeeddelivery.dll

Close all windows except HJT including this and other browser windows. Click the Fix button.

Restart your computer and post a new HJT scan.

 

[paulfr2]

Hi all,

Thanks for your responses. I haven't been able to get back to this until now. I went through the startups in MSCONFIG using some of the sites listed in flavallee's web site. I eliminated the unnecessary ones but that hasn't helped. The PC reboots a little faster (just a little) but the system wide slowdown, including the clock, continues after using the PC for a while. I eliminated the O1's in my last HijackThis log and I'm posting a new one now. Thanks for your help.

Logfile of HijackThis v1.97.7
Scan saved at 9:43:12 PM, on 04/17/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\INFOUSA\VPN CLIENT\CVPND.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\SPEEDKEY.EXE
C:\PROGRAM FILES\NIKON\NKVIEW\EVLSTNR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\ADSUBTRACT\ADSUB.EXE
C:\PROGRAM FILES\SEC\NATURAL COLOR\NATURALCOLORLOAD.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://weather.noaa.gov/pub/data/forecasts/zone/ny/nyz065.txt
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=AdSubtract:4444
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\PROGRAM FILES\CANON\EASY-WEBPRINT\TOOLBAND.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Microsoft IntelliType Pro] "C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe"
O4 - HKLM\..\Run: [EVENTLISTENER] C:\Program Files\Nikon\NkView\EvLstnr.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\nprotect.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Devldr16] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\nprotect.exe
O4 - HKLM\..\RunServices: [CVPND] "C:\infoUSA\VPN Client\cvpnd.exe" start
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - Startup: AdSubtract.LNK = C:\Program Files\AdSubtract\adsub.exe
O4 - Startup: NaturalColorLoad.lnk = C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
O4 - Startup: Quicken Scheduled Updates.lnk = C:\QUICKENW\bagent.exe
O9 - Extra button: Real.com (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .mpg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O16 - DPF: {C3EF17D6-2201-11D4-9F0E-00B0D011B1AE} (Communities.com Passport) - http://cartoonorbit.cartoonnetwork.com/orbiter11020/winorbiter.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security2.norton.com/us/sa/common/common/bin/cabsa.cab
O16 - DPF: {340FBD92-B7BB-11D2-8299-00104B27F81B} (ScanCtl Class) - http://outpost.zdnet.com/updates/resources/updates.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {F55C25D3-D16A-11D3-81DF-00A0C91F5E7D} (Gtek Print Control) - http://www.kiddonet.com/kiddonet/GtekPrt.ocx
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...le.com/samantha/us/win/QuickTimeInstaller.exe
O16 - DPF: {0FF3E97F-433D-11D2-B31A-00A0C9B135DB} (CoDetectDigitalRiver Class) - http://ebot.digitalriver.com/v2.0-doc/dlwizard/wizard3.0.4.3.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37787.0279861111
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553528000} - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/sarbakan/firechild/install.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab

 

[flavallee]

Because of the DEVLDR16.EXE command I see listed there, I'm guessing that you have a Creative Labs Soundblaster sound card installed. If you go into the Device Manager and expand the sub-menu for that card, you should see one that says SB16 Emulation. Go into its properties and place a checkmark in "Disable in this hardware profile". This will disable that function of the sound card, which isn't needed anyway and is known to cause problems.

Personally, I would also disable the advanced power management(APM) options(i.e. suspend, standby, sleep, hibernate,etc.). This will eliminate some potential problems. If you decide to do this, I've got the steps posted in my site.

 

[raybro]

Other than a little housekeeping, I can find nothing wrong with your HJT log. You could have HJT fix this object, but I'm sure it's NOT related to your problem:

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)

I went back to your original post and a couple of things caught my attention. I suggest you get the fan on your video card fixed. An overheated processor on the video card can do some strange things. It certainly fits the scenario of degrading over some period of time due to heat buildup. It will be an unknkown until you do get it fixed.

The second thing I noticed was, this all started when you installed that game. Have you tried uninstalling it and see what, if any, affect that has on the problem.

 

[~Candy~]

How much ram do you have?