Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

please check my log.-- explorer.exe and cpu usage problems [CLOSED]


  • This topic is locked This topic is locked

#1
kasida

kasida

    Member

  • Member
  • PipPip
  • 12 posts
first of all, when i shutdown computer, there appear ending process of explorer.exe after that it's not responding

another problem is my computer became slowly because of SYSTEM process that always use cpu uasage up t0 50% all the time without any program running



Deckard's System Scanner v20071014.68
Run by Adisak Yavilas on 2008-07-19 08:02:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Adisak Yavilas.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:03:00, on 19/7/2551
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\SUPPORt\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ADISAK~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe -H
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: ส่&งออกไปยัง Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ส่งไปยัง OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: ส่&งไปยัง OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1213607486100
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1213607462319
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Window Image Worker (windownetpker) - Unknown owner - C:\Program Files\Internet Explorer\svchost.exe (file missing)

--
End of file - 9038 bytes

-- Files created between 2008-06-19 and 2008-07-19 -----------------------------

2008-07-18 19:16:06 0 d-------- C:\Documents and Settings\All Users\Application Data\64-07-46-2p-3p-r9
2008-07-18 17:23:54 0 d-------- C:\Documents and Settings\All Users\Application Data\4p-r9-67-55-73-27
2008-07-18 17:22:46 0 d-------- C:\Program Files\GameHouse
2008-07-18 11:19:19 0 dr-h----- C:\Documents and Settings\Adisak Yavilas\Recent
2008-07-18 10:56:42 0 d-------- C:\Program Files\Google
2008-07-18 10:29:57 0 d-------- C:\Program Files\Vuze
2008-07-18 10:21:44 0 d-------- C:\Update3
2008-07-18 09:48:25 0 d-------- C:\SUPPORt
2008-07-18 09:43:03 0 d-------- C:\Program Files\Chaos Group
2008-07-17 23:05:08 0 d-------- C:\Program Files\CCleaner
2008-07-17 12:02:34 0 d-------- C:\Program Files\Trend Micro
2008-07-17 11:07:39 0 d-------- C:\Program Files\Advanced System Optimizer
2008-07-17 10:03:54 0 d-------- C:\WINDOWS\system32\xircom
2008-07-17 10:03:53 0 d-------- C:\Program Files\microsoft frontpage
2008-07-17 10:03:49 0 d-------- C:\WINDOWS\Prefetch
2008-07-17 09:56:11 0 d-------- C:\WINDOWS\system32\scripting
2008-07-17 09:56:10 0 d-------- C:\WINDOWS\system32\bits
2008-07-17 09:53:30 0 d-------- C:\WINDOWS\ServicePackFiles
2008-07-17 00:51:57 10485760 --a------ C:\Documents and Settings\Adisak Yavilas\ntuser.dat
2008-07-16 20:11:39 0 d-------- C:\backups
2008-07-16 13:59:28 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-07-16 13:59:28 0 dr------- C:\Documents and Settings\LocalService\My Documents
2008-07-15 18:38:57 278528 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2008-07-14 18:46:16 0 d-------- C:\Program Files\SafeNet Sentinel
2008-07-14 18:46:16 0 d-------- C:\Program Files\Common Files\SafeNet Sentinel
2008-07-14 18:32:00 0 d-------- C:\Program Files\NewTek
2008-07-14 18:31:49 0 d-------- C:\Documents
2008-07-02 07:56:00 0 d-------- C:\Documents and Settings\Adisak Yavilas\Application Data\Google
2008-07-02 07:54:26 0 d-------- C:\WINDOWS\Google Earth Pro 4.2
2008-06-25 23:49:50 0 d-------- C:\NVIDIA
2008-06-25 12:07:55 15412 --a------ C:\WINDOWS\system32\BReWErS.dll
2008-06-25 10:52:04 0 d-------- C:\WINDOWS\Logs
2008-06-23 11:09:55 0 d-------- C:\WINDOWS\nview
2008-06-23 10:21:34 0 d-------- C:\Program Files\Common Files\BioWare
2008-06-23 10:04:51 0 d-------- C:\Program Files\Mass Effect
2008-06-23 09:55:32 0 d-------- C:\Documents and Settings\Adisak Yavilas\Application Data\Nero
2008-06-23 09:47:45 0 d-------- C:\Program Files\Common Files\LightScribe
2008-06-23 09:43:26 0 d-------- C:\Program Files\Nero
2008-06-23 09:43:26 0 d-------- C:\Program Files\Common Files\Nero
2008-06-23 09:43:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero


-- Find3M Report ---------------------------------------------------------------

2008-07-18 17:04:14 0 d-------- C:\Documents and Settings\Adisak Yavilas\Application Data\Azureus
2008-07-18 09:40:17 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2008-07-18 09:38:45 0 d-------- C:\Program Files\Autodesk
2008-07-17 09:56:33 0 d-------- C:\Program Files\Messenger
2008-07-17 09:56:10 0 d-------- C:\Program Files\Movie Maker
2008-07-17 09:53:03 0 d-------- C:\Program Files\Windows NT
2008-07-14 18:46:16 0 d-------- C:\Program Files\Common Files
2008-07-14 18:15:29 0 d-------- C:\Program Files\T-Splines for Rhino
2008-07-11 14:52:39 0 d-------- C:\Program Files\Windows Live
2008-06-29 19:20:24 0 d-------- C:\Documents and Settings\Adisak Yavilas\Application Data\Adobe
2008-06-17 19:30:32 0 d-------- C:\Documents and Settings\Adisak Yavilas\Application Data\InstallShield
2008-06-17 11:01:51 0 d-------- C:\Documents and Settings\Adisak Yavilas\Application Data\Media Player Classic
2008-06-17 11:00:19 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-06-16 18:05:29 0 d-------- C:\Program Files\MSXML 6.0
2008-06-16 18:01:54 0 d-------- C:\Documents and Settings\Adisak Yavilas\Application Data\ESET
2008-06-16 16:26:44 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-12 20:28:21 0 d-------- C:\Program Files\Belkin
2008-06-09 17:32:13 81984 --a------ C:\WINDOWS\system32\bdod.bin
2008-05-23 22:27:42 0 d-------- C:\Program Files\BestGameEver
2008-05-19 09:27:35 0 d-------- C:\Documents and Settings\Adisak Yavilas\Application Data\Samsung
2008-05-19 09:25:00 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-19 09:23:08 0 d-------- C:\Program Files\Samsung
2008-05-16 14:01:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-16 14:01:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-16 14:01:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-16 14:01:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-16 14:01:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-16 14:01:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-16 14:01:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-16 14:01:00 425984 --a------ C:\WINDOWS\system32\keystone.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [02/20/2007 12:36 AM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [02/20/2007 12:36 AM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [02/20/2007 12:36 AM]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [09/07/2006 01:19 PM]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [06/02/2006 04:45 PM]
"@"="" []
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [05/01/2006 05:07 PM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\smax4.exe" [04/10/2006 09:19 AM]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [03/13/2008 04:48 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/16/2008 02:01 PM]
"nwiz"="nwiz.exe" [05/16/2008 02:01 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/16/2008 02:01 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/11/2007 04:18 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 07:12 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"TaskSwitchXP"=C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless USB Utility.lnk - C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [16/2/2549 16:52:58]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"=0 (0x0)
"SynchronousUserGroupPolicy"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\MonopolyHNEInstall.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"



-- End of Deckard's System Scanner: finished at 2008-07-19 08:03:34 ------------




explorer.exe popup already gone(solved)--- i don't know how
but system process still use 50% cpu usage

Edited by kasida, 18 July 2008 - 07:06 PM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi is it system or system idle that is using the process ?

Sorry for the delay, lets see what I can do

Download OTScanit to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanit folder and double-click on OTScanit.exe to start the program.
  • Check the box that says Scan All User Accounts
  • Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified Within 90 Days
  • Under Additional Scans check the following:
    • Reg - BotCheck
    • Reg - Disabled MS Config Items
    • File - Additional Folder Scans
    • File - Purity Scan
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#3
kasida

kasida

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
hello, Essexboy, thank you for your reply

first, i got a problem with OTscanit.exe
when i run this, it said OTscanit.exe is not valid Win32 application
and NOD32 told me that it is NewHeur_PE virus
how can i fix it?

***the process that run 50% of cpu is System, not system idle process

Edited by kasida, 21 July 2008 - 06:21 AM.

  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, firstly OTScanit it is safe that was a false positive, So lets try this

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet. It is imperative that you install this as it will enable a system recovery in the event of problems

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
  • 0

#5
kasida

kasida

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi, Essexboy, by following yourstep i got this
here, ComboFix's log




ComboFix 08-07-21.1 - Adisak Yavilas 07/22/2008 7:57:29.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.874.1.1033.18.1620 [GMT 7:00]
Running from: C:\Documents and Settings\Adisak Yavilas\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\internet explorer\setup.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINDOWNETPKER
-------\Service_windownetpker


((((((((((((((((((((((((( Files Created from 2008-06-22 to 2008-07-22 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-21 17:45 --------- d-----w C:\Program Files\TGTSoft
2008-07-19 02:27 --------- d-----w C:\Program Files\Windows Live
2008-07-19 02:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-18 12:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\64-07-46-2p-3p-r9
2008-07-18 10:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\4p-r9-67-55-73-27
2008-07-18 10:22 --------- d-----w C:\Program Files\GameHouse
2008-07-18 10:04 --------- d-----w C:\Documents and Settings\Adisak Yavilas\Application Data\Azureus
2008-07-18 03:56 --------- d-----w C:\Program Files\Google
2008-07-18 03:30 --------- d-----w C:\Program Files\Vuze
2008-07-18 02:43 --------- d-----w C:\Program Files\Chaos Group
2008-07-18 02:40 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-07-18 02:38 --------- d-----w C:\Program Files\Autodesk
2008-07-18 02:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-07-17 16:05 --------- d-----w C:\Program Files\CCleaner
2008-07-17 07:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-17 05:02 --------- d-----w C:\Program Files\Trend Micro
2008-07-17 04:08 --------- d-----w C:\Program Files\Advanced System Optimizer
2008-07-17 03:03 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-14 11:46 --------- d-----w C:\Program Files\SafeNet Sentinel
2008-07-14 11:46 --------- d-----w C:\Program Files\Common Files\SafeNet Sentinel
2008-07-14 11:32 --------- d-----w C:\Program Files\NewTek
2008-07-14 11:15 --------- d-----w C:\Program Files\T-Splines for Rhino
2008-06-25 15:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\LightScribe
2008-06-23 03:22 --------- d-----w C:\Program Files\Mass Effect
2008-06-23 03:21 --------- d-----w C:\Program Files\Common Files\BioWare
2008-06-23 02:55 --------- d-----w C:\Documents and Settings\Adisak Yavilas\Application Data\Nero
2008-06-23 02:53 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-06-23 02:45 --------- d-----w C:\Program Files\Common Files\Nero
2008-06-23 02:43 --------- d-----w C:\Program Files\Nero
2008-06-23 02:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-17 12:30 --------- d-----w C:\Documents and Settings\Adisak Yavilas\Application Data\InstallShield
2008-06-17 04:01 --------- d-----w C:\Documents and Settings\Adisak Yavilas\Application Data\Media Player Classic
2008-06-17 04:00 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-06-16 11:05 --------- d-----w C:\Program Files\MSXML 6.0
2008-06-16 11:04 --------- d-----w C:\Program Files\ESET
2008-06-16 11:01 --------- d-----w C:\Documents and Settings\Adisak Yavilas\Application Data\ESET
2008-06-16 11:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-06-16 09:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2008-06-16 09:26 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-13 11:05 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 13:28 --------- d-----w C:\Program Files\Belkin
2008-05-23 15:27 --------- d-----w C:\Program Files\BestGameEver
2007-05-24 11:09 0 ----a-w C:\Documents and Settings\All Users\Application Data\PKP_DLbz.DAT
2007-03-11 12:26 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 07:12 AM 15360]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [05/25/2006 01:31 AM 1372160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [02/20/2007 12:36 AM 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [02/20/2007 12:36 AM 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [02/20/2007 12:36 AM 455168]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [09/07/2006 01:19 PM 15872]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [06/02/2006 04:45 PM 385024]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [05/01/2006 05:07 PM 843776]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [03/13/2008 04:48 PM 1443072]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/16/2008 02:01 PM 13529088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/16/2008 02:01 PM 86016]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/11/2007 04:18 PM 180269]
"nwiz"="nwiz.exe" [05/16/2008 02:01 PM 1630208 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [04/14/2008 07:12 AM 15360]
"TaskSwitchXP"="C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe" [08/05/2006 05:29 AM 62976]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless USB Utility.lnk - C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2549-02-16 16:52:58 1572864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Chaos Group\\V-Ray\\3dsmax R9 for x86\\vrlserver.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"C:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"C:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"C:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"C:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [11/02/2006 04:51 PM]
R2 SentinelKeysServer;Sentinel Keys Server;C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [04/27/2007 01:00 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\MonopolyHNEInstall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-07-16 05:32:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = about:blank
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 -: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 -: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: ส่&งออกไปยัง Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-22 08:01:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
.
**************************************************************************
.
Completion time: 07/22/2008 8:04:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-22 01:04:19

Pre-Run: 25,955,332,096 bytes free
Post-Run: 25,994,326,016 bytes free

183 --- E O F --- 2008-07-17 09:26:20
  • 0

#6
kasida

kasida

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
here, jijackthis's log




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:05:00, on 22/7/2551
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe -H
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: ส่&งออกไปยัง Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ส่งไปยัง OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: ส่&งไปยัง OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1213607486100
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1213607462319
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 9624 bytes
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
There is not a great deal on there

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Documents and Settings\All Users\Application Data\64-07-46-2p-3p-r9
    C:\Documents and Settings\All Users\Application Data\4p-r9-67-55-73-27
    Purity
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

THEN

could you open task manager and right click services (the one using all your CPU) > Select properties and let me know what information you can get from the various tabs
  • 0

#8
kasida

kasida

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
this is what i got from results window




C:\Documents and Settings\All Users\Application Data\64-07-46-2p-3p-r9 moved successfully.
C:\Documents and Settings\All Users\Application Data\4p-r9-67-55-73-27 moved successfully.
< Purity >

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07232008_004722




but when i right click on "System" process in task manager, there is no "properties" in there(others is the same)

so i use process explorer to view "System" properties but there are many tabs, which one do you want to know.

Edited by kasida, 22 July 2008 - 12:04 PM.

  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ah you have process explorer that saves me asking you to download it :)


Select system then go to FILE
Select save as and save to the sysinternal folder
Then post the output
  • 0

#10
kasida

kasida

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
here it is,



Process PID CPU Description Company Name
System Idle Process 0 56.25
Interrupts n/a Hardware Interrupts
DPCs n/a 0.78 Deferred Procedure Calls
System 4 39.06
smss.exe 1040 Windows NT Session Manager Microsoft Corporation
csrss.exe 1444 Client Server Runtime Process Microsoft Corporation
winlogon.exe 1468 Windows NT Logon Application Microsoft Corporation
services.exe 1512 Services and Controller app Microsoft Corporation
svchost.exe 1692 Generic Host Process for Win32 Services Microsoft Corporation
WLLoginProxy.exe 2164 WLLoginProxy.exe Microsoft Corporation
svchost.exe 1740 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1780 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 324 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 348 Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 676 Spooler SubSystem App Microsoft Corporation
AdskScSrv.exe 2040 System Level Service Utility Autodesk
mDNSResponder.exe 212 Bonjour Service Apple Computer, Inc.
svchost.exe 252 Generic Host Process for Win32 Services Microsoft Corporation
ekrn.exe 288 Eset Service ESET
LSSrvc.exe 392 LightScribe Service Hewlett-Packard Company
raysat_3dsmax9_32server.exe 424
nvsvc32.exe 456 NVIDIA Driver Helper Service, Version 175.19 NVIDIA Corporation
RichVideo.exe 596 RichVideo Module
sntlkeyssrvr.exe 1120 SafeNet, Inc.
spnsrvnt.exe 1188 Sentinel Protection Server for SuperPro and UltraPro network keys SafeNet, Inc
EHttpSrv.exe 2104 Eset HTTP Server Service ESET
alg.exe 2472 Application Layer Gateway Service Microsoft Corporation
lsass.exe 1524 LSA Shell (Export Version) Microsoft Corporation
explorer.exe 728 Windows Explorer Microsoft Corporation
UnlockerAssistant.exe 1180
smax4pnp.exe 1196 SMax4PNP Analog Devices, Inc.
egui.exe 1204 Eset GUI ESET
rundll32.exe 1240 Run a DLL as an App Microsoft Corporation
realsched.exe 1248 RealNetworks Scheduler RealNetworks, Inc.
ctfmon.exe 1280 CTF Loader Microsoft Corporation
Belkinwcui.exe 1832 3.91 Belkin Wireless Client Utility Belkin
iexplore.exe 2516 Internet Explorer Microsoft Corporation
Azureus.exe 2400 Azureus Inc
procexp.exe 3292 Sysinternals Process Explorer Sysinternals - www.sysinternals.com

Edited by kasida, 22 July 2008 - 12:42 PM.

  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK all of those are legitimate

Could you do the same with the svchost.exe and post that
  • 0

#12
kasida

kasida

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
for svchost.exe




Process PID CPU Description Company Name
System Idle Process 0 56.62
Interrupts n/a Hardware Interrupts
DPCs n/a 2.21 Deferred Procedure Calls
System 4 36.76
smss.exe 1040 Windows NT Session Manager Microsoft Corporation
csrss.exe 1444 Client Server Runtime Process Microsoft Corporation
winlogon.exe 1468 Windows NT Logon Application Microsoft Corporation
services.exe 1512 Services and Controller app Microsoft Corporation
svchost.exe 1692 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1740 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1780 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1872 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 348 Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 672 Spooler SubSystem App Microsoft Corporation
AdskScSrv.exe 216 System Level Service Utility Autodesk
mDNSResponder.exe 248 Bonjour Service Apple Computer, Inc.
svchost.exe 276 Generic Host Process for Win32 Services Microsoft Corporation
ekrn.exe 344 Eset Service ESET
LSSrvc.exe 400 LightScribe Service Hewlett-Packard Company
raysat_3dsmax9_32server.exe 440
nvsvc32.exe 468 NVIDIA Driver Helper Service, Version 175.19 NVIDIA Corporation
RichVideo.exe 1100 RichVideo Module
sntlkeyssrvr.exe 1152 SafeNet, Inc.
spnsrvnt.exe 1360 Sentinel Protection Server for SuperPro and UltraPro network keys SafeNet, Inc
EHttpSrv.exe 1820 Eset HTTP Server Service ESET
alg.exe 2248 Application Layer Gateway Service Microsoft Corporation
usnsvc.exe 3268 Messenger Sharing USN Journal Reader Service Microsoft Corporation
lsass.exe 1524 LSA Shell (Export Version) Microsoft Corporation
explorer.exe 728 Windows Explorer Microsoft Corporation
UnlockerAssistant.exe 1172
smax4pnp.exe 1188 SMax4PNP Analog Devices, Inc.
egui.exe 1224 Eset GUI ESET
rundll32.exe 1196 Run a DLL as an App Microsoft Corporation
realsched.exe 1240 RealNetworks Scheduler RealNetworks, Inc.
ctfmon.exe 1272 CTF Loader Microsoft Corporation
Belkinwcui.exe 1328 4.41 Belkin Wireless Client Utility Belkin
Azureus.exe 3064 Azureus Inc
procexp.exe 3300 Sysinternals Process Explorer Sysinternals - www.sysinternals.com

Edited by kasida, 22 July 2008 - 08:12 PM.

  • 0

#13
kasida

kasida

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hello, Essexboy
i've just found that there are 5 or more svchost.exe are running.... is it normally?
i don't know that should i save all of that or not... i saved two of them and they looked the same.
and what should i do to fix this problem(cpu running 50% on "System")

Edited by kasida, 24 July 2008 - 12:50 AM.

  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets do a rootkit scan

Please Download Avast Rootkit Cleaner to your desktop

Close all running programmes

Run the ASWAR file and select Scan Now

[attachment=22274:start.png]

On completion of the scan you will then have this screen up

[attachment=22275:mid.png]

Now close the programme and on the desktop will be a text file called ASWAR please post that. Do not fix anything yet

The programme will take from 3 to 5 minutes to run.
  • 0

#15
kasida

kasida

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
sorry for answer lately, becase i'm in difference time zone.
following your step, i got this....





avast! Antirootkit, version 0.9.6
Scan started: Friday, July 25, 2008 8:08:02 AM

Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 ] **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 ] ChangeID=12210734 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 ] Status=128 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 ] Name="ส่งไปยัง OneNote 2007" **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 ] Share Name="" **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 ] Print Processor="OneNotePrint2007" **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 ] Datatype="RAW" **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 ] Parameters="" **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 ] Action=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 ] ObjectGUID="" **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 ] DsKeyUpdate=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 ] DsKeyUpdateForeground=3 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 ] Description="" **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 ] Printer Driver="Send To Microsoft OneNote Driver" **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 ] Default DevMode=(binary value) **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 ] Priority=1 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 ] Default Priority=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 ] StartTime=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 ] UntilTime=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 ] Separator File="" **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 ] Location="" **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 ] Attributes=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 ] txTimeout=45000 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 ] dnsTimeout=15000 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 ] Security=(binary value) **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 ] SpoolDirectory="" **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 ] Port="Send To Microsoft OneNote Port:" **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 \DsDriver] **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 \DsDriver] printBinNames="ถาดเริ่มต้น **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 \DsDriver] printColor=(binary value) **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 \DsDriver] printMaxXExtent=118 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 \DsDriver] printMaxYExtent=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 \DsDriver] printMinXExtent=118 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 \DsDriver] printMinYExtent=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 \DsDriver] printMediaSupported="Letter **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 \DsDriver] printMediaReady=" **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 \DsDriver] printOrientationsSupported="PORTRAIT **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 \DsDriver] printMaxResolutionSupported=300 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 \DsDriver] printLanguage=" **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 \DsDriver] printRateUnit="" **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 \DsDriver] driverVersion=1025 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 \DsSpooler] **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 \DsSpooler] description="" **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 \DsSpooler] driverName="Send To Microsoft OneNote Driver" **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 \DsSpooler] location="" **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 \DsSpooler] portName="Send To Microsoft OneNote Port: **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 \DsSpooler] printStartTime=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 \DsSpooler] printEndTime=0 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 \DsSpooler] printerName="ส่งไปยัง OneNote 2007" **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 \DsSpooler] printKeepPrintedJobs=(binary value) **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 \DsSpooler] printSeparatorFile="" **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 \DsSpooler] printShareName="" **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 \DsSpooler] printSpooling="PrintWhileSpooling" **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 \DsSpooler] priority=1 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 \DsSpooler] uNCName="\\home-4ad8be2e92\ส่งไปยัง OneNote 2007" **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 \DsSpooler] versionNumber=4 **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 \DsSpooler] serverName="home-4ad8be2e92" **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 \DsSpooler] shortServerName="HOME-4AD8BE2E92" **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\*HD"1 \DsSpooler] flags=0 **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Microsoft Office\@#7H-!7- ] **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Microsoft Office\@#7H-!7- ] Order=(binary value) **HIDDEN**

Scan finished: Friday, July 25, 2008 8:12:46 AM
Hidden files found: 0
Hidden registry items found: 61
Hidden processes found: 0
Hidden services found: 0
Hidden boot sectors found: 0


----------

Edited by kasida, 24 July 2008 - 11:42 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP