Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Explorer.exe Problem [RESOLVED]


  • This topic is locked This topic is locked

#1
Redavni

Redavni

    New Member

  • Member
  • Pip
  • 8 posts
My problem is that I have a shared folder (over my local network) containing nothing but video files, when I select any or all of the files there is an immediate spike in explorer.exes' CPU usage, generally 40-50%. I have followed the steps required before posting my hijack this log, nothing was found so no issues were resolved. Here is my log and uninstall_list:

hijackthis.log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:44:23 PM, on 7/26/2008
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20696)
Boot mode: Normal

Running processes:
I:\windows\System32\smss.exe
I:\windows\system32\winlogon.exe
K:\Program Files\AVG\AVG8\avgrsx.exe
I:\windows\system32\services.exe
I:\windows\system32\lsass.exe
I:\windows\system32\svchost.exe
I:\windows\system32\svchost.exe
I:\windows\system32\spoolsv.exe
I:\windows\system32\nvsvc32.exe
I:\windows\system32\HPZipm12.exe
I:\windows\Explorer.EXE
K:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
K:\PROGRA~1\AVG\AVG8\avgtray.exe
I:\windows\system32\ctfmon.exe
I:\windows\System32\svchost.exe
I:\Program Files\uTorrent\uTorrent.exe
I:\Program Files\Windows Live\Messenger\usnsvc.exe
K:\Program Files\POP Peeper\POPPeeper.exe
I:\PROGRA~1\Mozilla Firefox\firefox.exe
K:\Program Files\Combined Community Codec Pack\MPC\mplayerc.exe
I:\WINDOWS\system32\msiexec.exe
K:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - K:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "K:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] K:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] I:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - K:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - K:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - I:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - I:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\windows\Network Diagnostic\xpnetdiag.exe
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - K:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - K:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\windows\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - I:\windows\system32\HPZipm12.exe

--
End of file - 4337 bytes


uninstall_list.txt

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Acronis PartitionExpert
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
AVG Free 8.0
CCleaner (remove only)
Combined Community Codec Pack 2008-01-24
Defraggler (remove only)
eMule
FileZilla Client 3.0.11.1
Foxit Reader
GIMP 2.4.6
HijackThis 2.0.2
Hotfix for Windows Media Player 11 (KB939683)
HP Deskjet 5400 series
HP Image Zone Express
HP Imaging Device Functions 5.0
HP Software Update
HP Solution Center & Imaging Support Tools 5.0
ImgBurn
Java DB 10.3.1.4
Java™ 6 Update 7
Java™ SE Development Kit 6 Update 7
jEdit 4.3pre14
MagicDisc 2.5.79
Malwarebytes' Anti-Malware
MathType 6
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
mIRC
Mozilla Firefox (2.0.0.16)
NVIDIA Drivers
PeerGuardian 2.0
POP Peeper
Security Update for Excel 2007 (KB946974)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Office 2007 (KB947801)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows XP (KB941569)
Spybot - Search & Destroy
SpywareBlaster 4.1
StreamPlug Player
TorqueGameBuilder
Tweak UI
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb953463)
Windows Imaging Component
Windows Live installer
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Writer
Windows XP Service Pack 3
WinRAR archiver
XAMPP 1.6.7
Xbox 360 Controller for Windows


If anything else is needed please let me know.
  • 0

Advertisements


#2
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi Redavni,

Welcome to Geeks to Go!
I am sage5, and I will be helping you with this problem.

Please download the following & save to your Desktop:
Deckard's System Scanner

Run Deckard's System Scanner:
  • Close all other windows before proceeding.
  • Double click on the dss.exe file on your Desktop and follow the prompts.
  • Scans will run, and 2 text files will open in Notepad.
  • Close both of the text files.
These files are C:\Deckard\System Scanner\main.txt & extra.txt.
I will need you to copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of
  • main.txt
  • extra.txt
in your next reply.

  • 0

#3
Redavni

Redavni

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Ran the scan but only main.txt was created, searched the system for extra.txt to be sure, nothing found.

main.txt

Deckard's System Scanner v20071014.68
Run by Jake on 2008-08-01 09:25:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Jake.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:25:59 AM, on 8/1/2008
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20696)
Boot mode: Normal

Running processes:
I:\windows\System32\smss.exe
I:\windows\system32\winlogon.exe
I:\windows\system32\services.exe
I:\windows\system32\lsass.exe
I:\windows\system32\svchost.exe
I:\windows\system32\svchost.exe
I:\windows\system32\spoolsv.exe
I:\windows\Explorer.EXE
K:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
I:\windows\system32\ctfmon.exe
I:\windows\system32\nvsvc32.exe
I:\windows\system32\HPZipm12.exe
I:\windows\System32\svchost.exe
I:\Program Files\uTorrent\uTorrent.exe
I:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
K:\Program Files\POP Peeper\POPPeeper.exe
I:\Program Files\Windows Live\Messenger\usnsvc.exe
I:\Documents and Settings\Jake\Desktop\dss.exe
K:\PROGRA~1\TRENDM~1\HIJACK~1\Jake.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - K:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "K:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "I:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "I:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKCU\..\Run: [ctfmon.exe] I:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - K:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - K:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - I:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - I:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\windows\Network Diagnostic\xpnetdiag.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\windows\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - I:\windows\system32\HPZipm12.exe

--
End of file - 4104 bytes

-- Files created between 2008-07-01 and 2008-08-01 -----------------------------

2008-07-31 20:57:14 0 d-------- I:\Program Files\Microsoft Silverlight
2008-07-31 20:51:23 0 d-------- I:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-07-31 20:27:44 0 d-------- I:\Program Files\Canon
2008-07-31 20:26:46 0 d-------- I:\Documents and Settings\All Users\Application Data\InstallShield
2008-07-31 20:26:45 0 d-------- I:\Documents and Settings\Jake\Application Data\ScanSoft
2008-07-31 20:26:41 0 d-------- I:\Program Files\Common Files\ScanSoft Shared
2008-07-31 20:26:41 0 d-------- I:\Documents and Settings\All Users\Application Data\ScanSoft
2008-07-31 20:26:22 0 d-------- I:\Program Files\ScanSoft
2008-07-31 20:25:47 0 d-------- I:\windows\LastGood
2008-07-31 20:25:43 0 d--h----- I:\CanoScan
2008-07-31 20:04:43 0 dr-h----- I:\Documents and Settings\Jake\Recent
2008-07-26 22:38:26 0 d-------- I:\Documents and Settings\Jake\Application Data\Malwarebytes
2008-07-26 22:38:24 0 d-------- I:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-26 22:38:07 0 d-------- I:\Program Files\Common Files\Download Manager
2008-07-26 02:16:46 0 d-------- I:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-26 02:15:22 0 d-a------ I:\Documents and Settings\All Users\Application Data\TEMP
2008-07-26 00:48:10 0 d-------- I:\Program Files\Common Files\DirectX
2008-07-25 05:23:09 0 d-------- I:\Program Files\Neffy
2008-07-21 12:33:44 0 d-------- I:\windows\Logs
2008-07-21 01:15:39 96 --ah----- I:\windows\system32\HsInfo.dat
2008-07-20 20:17:54 0 d-------- I:\Documents and Settings\Jake\Application Data\ImgBurn
2008-07-16 06:21:49 0 d-------- I:\Documents and Settings\Jake\.thumbnails
2008-07-15 21:30:06 0 d-------- I:\Documents and Settings\Jake\Application Data\gtk-2.0
2008-07-15 21:24:31 0 d-------- I:\Documents and Settings\Jake\.gimp-2.4
2008-07-15 13:53:02 0 d-------- I:\Documents and Settings\Jake\Application Data\Diino
2008-07-15 13:49:27 0 d-------- I:\Documents and Settings\All Users\Application Data\avg8
2008-07-15 13:08:51 0 d-------- I:\Documents and Settings\Jake\Application Data\FileZilla
2008-07-15 00:51:33 0 d-------- I:\windows\system32\LogFiles
2008-07-14 00:29:02 0 d-------- I:\Documents and Settings\Jake\Application Data\DivX
2008-07-13 20:54:58 0 d-------- I:\windows\Sun
2008-07-13 20:17:36 0 d-------- I:\Documents and Settings\Jake\Application Data\FrostWire
2008-07-13 13:30:21 0 d-------- I:\Program Files\Common Files\Logitech
2008-07-13 13:29:55 0 d--h----- I:\Program Files\InstallShield Installation Information
2008-07-13 12:46:57 0 d-------- I:\Program Files\Common Files\HP
2008-07-13 12:46:13 0 d-------- I:\Program Files\Hewlett-Packard
2008-07-13 12:45:55 0 d-------- I:\Documents and Settings\All Users\Application Data\HP
2008-07-13 12:45:35 57344 --a------ I:\windows\system32\HPZisn12.dll <Not Verified; HP; HP SNMP Windows>
2008-07-13 12:45:35 94208 --a------ I:\windows\system32\HPZipt12.dll <Not Verified; HP; HP SNMP Windows>
2008-07-13 12:45:35 69632 --a------ I:\windows\system32\HPZipm12.exe <Not Verified; HP; HP PML>
2008-07-13 12:45:35 61440 --a------ I:\windows\system32\HPZinw12.exe <Not Verified; HP; HP Dot4Net Windows>
2008-07-13 12:45:34 204800 --a------ I:\windows\system32\HPZipr12.dll <Not Verified; HP; HP PmlRtl>
2008-07-13 12:45:34 278584 --a------ I:\windows\system32\HPZidr12.dll <Not Verified; HP; HP Dot4Rtl>
2008-07-13 12:45:33 306688 --a------ I:\windows\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-07-13 12:44:17 0 d-------- I:\Program Files\HP
2008-07-13 12:37:40 1350 -----n--- I:\windows\hpfmdl05.dat
2008-07-13 12:37:40 79643 --a------ I:\windows\hpfins05.dat
2008-07-13 12:34:07 0 d-------- I:\Documents and Settings\Jake\Application Data\HP
2008-07-13 12:17:03 0 d-------- I:\Documents and Settings\Jake\Application Data\Independent
2008-07-13 11:57:44 0 d-------- I:\Documents and Settings\Jake\.jedit
2008-07-13 11:54:53 0 d-------- I:\Program Files\Sun
2008-07-13 11:53:26 0 d-------- I:\Program Files\Common Files\Java
2008-07-13 11:53:00 0 d-------- I:\Documents and Settings\Jake\Application Data\Sun
2008-07-13 11:44:37 0 d-------- I:\Documents and Settings\Jake\Application Data\GarageGames
2008-07-13 11:44:36 4096 --a------ I:\windows\d3dx.dat
2008-07-13 11:44:35 44 --a------ I:\Documents and Settings\All Users\Application Data\{3D55D1F4-1059-11DC-B281-197056D89593}
2008-07-13 00:40:53 41952 --ah----- I:\windows\system32\mlfcache.dat
2008-07-12 20:38:55 0 d-------- I:\Program Files\Microsoft SQL Server Compact Edition
2008-07-12 20:33:06 0 d--hs--c- I:\Program Files\Common Files\WindowsLiveInstaller
2008-07-12 20:32:51 0 d-------- I:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-12 18:47:35 0 d-------- I:\Documents and Settings\Jake\Application Data\POP Peeper


-- Find3M Report ---------------------------------------------------------------

2008-08-01 09:25:58 0 d-------- I:\Documents and Settings\Jake\Application Data\uTorrent
2008-07-31 20:26:41 0 d-------- I:\Program Files\Common Files
2008-07-31 20:26:40 0 d-------- I:\Program Files\Common Files\InstallShield
2008-07-28 23:23:16 0 d-------- I:\Documents and Settings\Jake\Application Data\mIRC
2008-07-28 22:44:49 0 d-------- I:\Program Files\mIRC
2008-07-27 18:55:57 1272 --a------ I:\windows\mozver.dat
2008-07-18 22:10:03 0 d-------- I:\Program Files\uTorrent
2008-07-16 20:15:38 0 d-------- I:\Documents and Settings\Jake\Application Data\Identities
2008-07-13 06:35:47 0 d-------- I:\Program Files\Windows Live


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="I:\windows\system32\NvCpl.dll" [12/05/2007 02:41 AM]
"SunJavaUpdateSched"="K:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"SSBkgdUpdate"="I:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [09/28/2006 01:16 PM]
"OpwareSE4"="I:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [10/11/2006 12:45 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="I:\windows\system32\ctfmon.exe" [12/01/2007 01:26 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"ShowDeskFix"=regsvr32 /s /n /i:u shell32

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=01000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
I:\windows\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\I:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=I:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=I:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
I:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
K:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"I:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE I:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
K:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-08-01 09:26:13 ------------


  • 0

#4
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi Redavni,


Your log shows you are not running Anti-virus or Firewall software.
These are essential items and need to be loaded before we can continue fixing your PC.

I have listed a couple of free versions of both. Please download and install 1 Anti-virus and 1 Firewall.

Firewalls: Please install one only.
Comodo Firewall Pro or Sunbelt Personal Firewall

Anti-virus: Please install one only:
Avast! Free Edition or AntiVir PersonalEdition Classic

Anti-Virus Tutorials/Manuals:
Avast Tutorial
Avast Manual
Antivir Manual

Please allow the new Anti-virus to run a full System scan, and at the end of the process you should be able to save a scan log.
If the scan report window does not have a "Save as Report" button (or similar), please highlight the text in the window & copy & paste it to a new Notepad file.
Save it as C:\avscan.txt if you can.

I need you to post me a fresh HijackThis log to confirm correct installation of the Anti-virus and Firewall programs.

Run HijackThis:
  • Select the Run a system scan and save a logfile option. The logfile opens in Notepad.
  • Start your Web Browser and navigate back to this thread.
  • Click the Add Reply button
  • Copy and Paste the text into the Reply window.
  • Also paste me the text from C:\avscan.txt


There is no need to put all you replies in a Quote box, just paste the text.

Cheers,

sage5
  • 0

#5
Redavni

Redavni

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I couldn't get a log for the avast scan but it did find this:

8/2/2008 1:29:32 AM Jake 728 Sign of "Win32:Spyware-gen [Trj]" has been found in "I:\Documents and Settings\Jake\Local Settings\Temp\DRDld\mbam-setup.exe" file.

However the virus scan successfully deleted this file. After that I rebooted but my problem still remains. Here is the hijackthis.log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:31:10 AM, on 8/2/2008
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20696)
Boot mode: Normal

Running processes:
I:\windows\System32\smss.exe
I:\windows\system32\winlogon.exe
I:\windows\system32\services.exe
I:\windows\system32\lsass.exe
I:\windows\system32\svchost.exe
I:\windows\system32\svchost.exe
K:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
K:\Program Files\Alwil Software\Avast4\ashServ.exe
I:\windows\Explorer.EXE
K:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
I:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
K:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
I:\Program Files\COMODO\Firewall\cfp.exe
I:\windows\system32\ctfmon.exe
I:\windows\system32\spoolsv.exe
I:\Program Files\COMODO\Firewall\cmdagent.exe
I:\windows\system32\nvsvc32.exe
I:\windows\system32\HPZipm12.exe
I:\windows\system32\svchost.exe
K:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
K:\Program Files\Alwil Software\Avast4\ashWebSv.exe
I:\windows\System32\svchost.exe
I:\windows\system32\wuauclt.exe
I:\Program Files\uTorrent\uTorrent.exe
K:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - K:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "K:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "I:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "I:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [avast!] K:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "I:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] I:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - K:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - K:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - I:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - I:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\windows\Network Diagnostic\xpnetdiag.exe
O20 - AppInit_DLLs: I:\windows\system32\guard32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - K:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - K:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - K:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - K:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - I:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\windows\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - I:\windows\system32\HPZipm12.exe

--
End of file - 5162 bytes

Edited by Redavni, 02 August 2008 - 06:34 AM.

  • 0

#6
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
I would like to rule out malware as an issue before we try other things.
At this stage those logs are looking pretty good.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      • Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives
      Scan Mail Bases
    • Click OK
    • Now under Select a target to scan:
      My Computer
  • The program will start and scan your system & will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
  • Save the file as C:\scan.txt. & paste the text back to me as yopur next Reply.

I see that you have eMule & uTorrent on this machine.
Are these video files, in the shared folder, currently allocated as "shared" in eMule?
  • 0

#7
Redavni

Redavni

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here's the result of the scan, and no nothing is shared in emule.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, August 3, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3, v.3264 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, August 03, 2008 15:04:14
Records in database: 1048642
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
I:\
J:\
K:\

Scan statistics:
Files scanned: 47650
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 01:43:16


File name / Threat name / Threats count
I:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.63 1

The selected area was scanned.
  • 0

#8
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Sometimes a different scanner will pick up a different trace:

Download the following & save to your Desktop:
ComboFix

Run ComboFix:
  • Double click combofix.exe and follow the prompts.
  • When finished, it will produce a log for you. Post that log and a HiJackthis log in your next reply
Log file will be C:\Combofix.txt

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Edited by sage5, 03 August 2008 - 06:03 PM.

  • 0

#9
Redavni

Redavni

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Combofix.txt

ComboFix 08-08-03.02 - Jake 2008-08-03 20:08:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2081 [GMT -4:00]
Running from: I:\Documents and Settings\Jake\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-07-04 to 2008-08-04 )))))))))))))))))))))))))))))))
.

2008-08-03 13:23 . 2008-08-03 13:39 <DIR> d-------- I:\Documents and Settings\All Users\Application Data\Outspark
2008-08-02 21:55 . 2008-08-02 21:55 490 --a------ I:\WINDOWS\my.ini
2008-08-02 09:03 . 2008-08-02 21:34 <DIR> d-------- I:\Documents and Settings\Jake\Application Data\Free Download Manager
2008-08-02 09:03 . 2008-08-02 09:03 <DIR> d-------- I:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-08-01 21:21 . 2007-11-30 17:28 15,104 --a------ I:\WINDOWS\system32\drivers\usbscan.sys
2008-08-01 21:21 . 2007-11-30 17:28 15,104 --a--c--- I:\WINDOWS\system32\dllcache\usbscan.sys
2008-08-01 21:10 . 2008-08-01 21:10 <DIR> d-------- I:\Program Files\COMODO
2008-08-01 21:10 . 2008-08-01 21:10 <DIR> d-------- I:\Documents and Settings\Jake\Application Data\Comodo
2008-08-01 21:10 . 2008-08-01 21:21 <DIR> d-------- I:\Documents and Settings\All Users\Application Data\comodo
2008-08-01 21:10 . 2008-08-01 21:10 143,104 --a------ I:\WINDOWS\system32\guard32.dll
2008-08-01 21:10 . 2008-08-01 21:10 87,056 --a------ I:\WINDOWS\system32\drivers\cmdguard.sys
2008-08-01 21:10 . 2008-08-01 21:10 24,208 --a------ I:\WINDOWS\system32\drivers\cmdhlp.sys
2008-08-01 13:46 . 2008-08-01 13:46 <DIR> d-------- I:\Documents and Settings\Jake\Application Data\InstallShield
2008-08-01 13:46 . 2007-04-27 11:12 78,784 --a------ I:\WINDOWS\system32\ISUSPM.cpl
2008-08-01 13:04 . 2008-08-01 13:04 <DIR> d-------- I:\NetGame
2008-07-31 20:57 . 2008-07-31 20:57 <DIR> d-------- I:\Program Files\Microsoft Silverlight
2008-07-31 20:51 . 2008-07-31 20:51 <DIR> d-------- I:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-07-31 20:27 . 2008-07-31 20:27 <DIR> d-------- I:\Program Files\Canon
2008-07-31 20:26 . 2008-07-31 20:26 <DIR> d-------- I:\Program Files\ScanSoft
2008-07-31 20:26 . 2008-07-31 20:26 <DIR> d-------- I:\Program Files\Common Files\ScanSoft Shared
2008-07-31 20:26 . 2008-07-31 20:26 <DIR> d-------- I:\Documents and Settings\Jake\Application Data\ScanSoft
2008-07-31 20:26 . 2008-07-31 20:26 <DIR> d-------- I:\Documents and Settings\All Users\Application Data\ScanSoft
2008-07-31 20:26 . 2008-07-31 20:26 <DIR> d-------- I:\Documents and Settings\All Users\Application Data\InstallShield
2008-07-31 20:26 . 2008-07-31 20:26 416 --a------ I:\WINDOWS\MAXLINK.INI
2008-07-31 20:25 . 2008-07-31 20:25 <DIR> d--h----- I:\CanoScan
2008-07-31 20:25 . 2005-06-23 22:17 352,256 --a------ I:\WINDOWS\system32\CNQL1213.DLL
2008-07-31 20:25 . 2005-02-28 13:20 57,344 --a------ I:\WINDOWS\system32\CNQU110.DLL
2008-07-26 22:38 . 2008-07-26 22:38 <DIR> d-------- I:\Program Files\Common Files\Download Manager
2008-07-26 22:38 . 2008-07-26 22:38 <DIR> d-------- I:\Documents and Settings\Jake\Application Data\Malwarebytes
2008-07-26 22:38 . 2008-07-26 22:38 <DIR> d-------- I:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-26 22:38 . 2008-07-30 20:07 38,472 --a------ I:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-26 22:38 . 2008-07-30 20:07 17,144 --a------ I:\WINDOWS\system32\drivers\mbam.sys
2008-07-26 21:54 . 2008-07-26 21:54 <DIR> d-------- I:\Deckard
2008-07-26 02:16 . 2008-07-26 02:17 <DIR> d-------- I:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-26 02:15 . 2008-07-31 20:34 <DIR> d-a------ I:\Documents and Settings\All Users\Application Data\TEMP
2008-07-26 00:48 . 2008-07-26 00:48 <DIR> d-------- I:\Program Files\Common Files\DirectX
2008-07-25 05:23 . 2008-07-31 18:14 <DIR> d-------- I:\Program Files\Neffy
2008-07-21 12:34 . 2008-05-30 14:11 3,850,760 --a------ I:\WINDOWS\system32\D3DX9_38.dll
2008-07-21 12:34 . 2008-05-30 14:11 1,491,992 --a------ I:\WINDOWS\system32\D3DCompiler_38.dll
2008-07-21 12:34 . 2008-05-30 14:19 507,400 --a------ I:\WINDOWS\system32\XAudio2_1.dll
2008-07-21 12:34 . 2008-05-30 14:11 467,984 --a------ I:\WINDOWS\system32\d3dx10_38.dll
2008-07-21 12:34 . 2008-05-30 14:18 238,088 --a------ I:\WINDOWS\system32\xactengine3_1.dll
2008-07-21 12:34 . 2008-05-30 14:17 65,032 --a------ I:\WINDOWS\system32\XAPOFX1_0.dll
2008-07-21 12:34 . 2008-05-30 14:17 25,608 --a------ I:\WINDOWS\system32\X3DAudio1_4.dll
2008-07-21 12:33 . 2008-07-21 12:33 <DIR> d-------- I:\WINDOWS\Logs
2008-07-21 01:15 . 2008-07-21 01:18 96 --ah----- I:\WINDOWS\system32\HsInfo.dat
2008-07-20 20:17 . 2008-07-20 20:18 <DIR> d-------- I:\Documents and Settings\Jake\Application Data\ImgBurn
2008-07-16 06:21 . 2008-07-16 06:21 <DIR> d-------- I:\Documents and Settings\Jake\.thumbnails
2008-07-15 21:30 . 2008-07-17 10:05 <DIR> d-------- I:\Documents and Settings\Jake\Application Data\gtk-2.0
2008-07-15 21:24 . 2008-07-20 09:14 <DIR> d-------- I:\Documents and Settings\Jake\.gimp-2.4
2008-07-15 13:53 . 2008-07-15 13:53 <DIR> d-------- I:\Documents and Settings\Jake\Application Data\Diino
2008-07-15 13:49 . 2008-07-31 20:15 <DIR> d-------- I:\Documents and Settings\All Users\Application Data\avg8
2008-07-15 13:08 . 2008-08-02 09:31 <DIR> d-------- I:\Documents and Settings\Jake\Application Data\FileZilla
2008-07-15 12:25 . 2007-11-30 17:31 26,368 --a--c--- I:\WINDOWS\system32\dllcache\usbstor.sys
2008-07-15 00:51 . 2008-07-15 00:51 <DIR> d-------- I:\WINDOWS\system32\LogFiles
2008-07-14 00:29 . 2008-07-14 00:29 <DIR> d-------- I:\Documents and Settings\Jake\Application Data\DivX
2008-07-13 20:54 . 2008-07-13 20:54 <DIR> d-------- I:\WINDOWS\Sun
2008-07-13 20:17 . 2008-07-13 20:22 <DIR> d-------- I:\Documents and Settings\Jake\Application Data\FrostWire
2008-07-13 13:43 . 2008-07-13 13:43 256 --a------ I:\WINDOWS\_delis32.ini
2008-07-13 13:34 . 2007-12-01 00:27 91,136 --a------ I:\WINDOWS\system32\kswdmcap.ax
2008-07-13 13:34 . 2007-12-01 00:27 91,136 --a--c--- I:\WINDOWS\system32\dllcache\kswdmcap.ax
2008-07-13 13:34 . 2007-12-01 00:27 61,952 --a------ I:\WINDOWS\system32\kstvtune.ax
2008-07-13 13:34 . 2007-12-01 00:27 61,952 --a--c--- I:\WINDOWS\system32\dllcache\kstvtune.ax
2008-07-13 13:34 . 2007-12-01 00:26 53,760 --a------ I:\WINDOWS\system32\vfwwdm32.dll
2008-07-13 13:34 . 2007-12-01 00:26 53,760 --a--c--- I:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-07-13 13:34 . 2007-12-01 00:27 43,008 --a------ I:\WINDOWS\system32\ksxbar.ax
2008-07-13 13:34 . 2007-12-01 00:27 43,008 --a--c--- I:\WINDOWS\system32\dllcache\ksxbar.ax
2008-07-13 13:30 . 2008-07-13 13:43 <DIR> d-------- I:\Program Files\Common Files\Logitech
2008-07-13 13:29 . 2008-08-03 01:33 <DIR> d--h----- I:\Program Files\InstallShield Installation Information
2008-07-13 12:46 . 2008-07-13 12:46 <DIR> d-------- I:\Program Files\Hewlett-Packard
2008-07-13 12:46 . 2008-07-13 12:46 <DIR> d-------- I:\Program Files\Common Files\HP
2008-07-13 12:45 . 2008-07-13 12:45 <DIR> d-------- I:\Documents and Settings\All Users\Application Data\HP
2008-07-13 12:45 . 1998-10-29 16:45 306,688 --a------ I:\WINDOWS\IsUninst.exe
2008-07-13 12:45 . 2004-09-29 12:12 278,584 --a------ I:\WINDOWS\system32\HPZidr12.dll
2008-07-13 12:45 . 2004-09-29 12:15 204,800 --a------ I:\WINDOWS\system32\HPZipr12.dll
2008-07-13 12:45 . 2004-09-29 12:09 94,208 --a------ I:\WINDOWS\system32\HPZipt12.dll
2008-07-13 12:45 . 2004-09-29 12:14 69,632 --a------ I:\WINDOWS\system32\HPZipm12.exe
2008-07-13 12:45 . 2004-09-29 12:08 61,440 --a------ I:\WINDOWS\system32\HPZinw12.exe
2008-07-13 12:45 . 2004-09-29 12:09 57,344 --a------ I:\WINDOWS\system32\HPZisn12.dll
2008-07-13 12:44 . 2008-07-13 12:44 <DIR> d-------- I:\Program Files\HP
2008-07-13 12:38 . 2005-03-08 07:52 51,120 --a------ I:\WINDOWS\system32\drivers\HPZid412.sys
2008-07-13 12:38 . 2005-10-21 19:58 16,496 --a------ I:\WINDOWS\system32\drivers\HPZipr12.sys
2008-07-13 12:37 . 2008-07-13 12:47 79,643 --a------ I:\WINDOWS\hpfins05.dat
2008-07-13 12:37 . 2005-04-27 14:37 77,824 -ra------ I:\WINDOWS\system32\hpzids01.dll
2008-07-13 12:37 . 2005-05-10 20:49 37,376 --a------ I:\WINDOWS\system32\hpz3l3xu.dll
2008-07-13 12:37 . 2005-06-06 08:39 1,350 --------- I:\WINDOWS\hpfmdl05.dat
2008-07-13 12:34 . 2008-07-13 12:34 <DIR> d-------- I:\Documents and Settings\Jake\Application Data\HP
2008-07-13 12:32 . 2007-11-30 17:31 25,856 --a------ I:\WINDOWS\system32\drivers\usbprint.sys
2008-07-13 12:32 . 2007-11-30 17:31 25,856 --a--c--- I:\WINDOWS\system32\dllcache\usbprint.sys
2008-07-13 12:17 . 2008-07-13 12:17 <DIR> d-------- I:\Documents and Settings\Jake\Application Data\Independent
2008-07-13 11:57 . 2008-08-02 22:01 <DIR> d-------- I:\Documents and Settings\Jake\.jedit
2008-07-13 11:54 . 2008-07-13 11:54 <DIR> d-------- I:\Program Files\Sun
2008-07-13 11:54 . 2008-06-10 02:32 73,728 --a------ I:\WINDOWS\system32\javacpl.cpl
2008-07-13 11:53 . 2008-07-13 11:53 <DIR> d-------- I:\Program Files\Common Files\Java
2008-07-13 11:44 . 2008-07-13 11:44 <DIR> d-------- I:\Documents and Settings\Jake\Application Data\GarageGames
2008-07-13 11:44 . 2008-07-13 11:44 4,096 --a------ I:\WINDOWS\d3dx.dat
2008-07-13 00:40 . 2008-07-16 21:16 41,952 --ah----- I:\WINDOWS\system32\mlfcache.dat
2008-07-12 22:22 . 2008-07-12 22:22 268 --ah----- I:\sqmdata00.sqm
2008-07-12 22:22 . 2008-07-12 22:22 244 --ah----- I:\sqmnoopt00.sqm
2008-07-12 20:58 . 2003-06-25 16:05 266,360 --a------ I:\WINDOWS\system32\TweakUI.exe
2008-07-12 20:58 . 2002-06-21 15:09 160,217 --a------ I:\WINDOWS\system32\PowerToysLicense.rtf
2008-07-12 20:38 . 2008-07-12 20:38 <DIR> d-------- I:\Program Files\Microsoft SQL Server Compact Edition
2008-07-12 20:33 . 2008-07-12 20:36 <DIR> d--hsc--- I:\Program Files\Common Files\WindowsLiveInstaller
2008-07-12 20:32 . 2008-07-12 20:32 <DIR> d-------- I:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-12 18:47 . 2008-08-01 15:54 <DIR> d-------- I:\Documents and Settings\Jake\Application Data\POP Peeper

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-04 00:08 --------- d-----w I:\Documents and Settings\Jake\Application Data\uTorrent
2008-08-02 13:59 --------- d-----w I:\Documents and Settings\Jake\Application Data\mIRC
2008-08-02 13:58 --------- d-----w I:\Program Files\mIRC
2008-08-01 00:35 --------- d-----w I:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-01 00:26 --------- d-----w I:\Program Files\Common Files\InstallShield
2008-07-19 02:10 --------- d-----w I:\Program Files\uTorrent
2008-07-17 00:46 --------- d-----w I:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-13 10:35 --------- d-----w I:\Program Files\Windows Live
2008-06-18 17:52 161,096 ----a-w I:\windows\system32\DivXCodecVersionChecker.exe
2008-06-11 00:04 200,704 ----a-w I:\windows\system32\ssldivx.dll
2008-06-11 00:04 1,044,480 ----a-w I:\windows\system32\libdivx.dll
2008-01-17 13:47 16,384 --sha-w I:\windows\system32\config\systemprofile\Cookies\index.dat
2008-01-17 13:47 32,768 --sha-w I:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2008-01-17 13:47 32,768 --sha-w I:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008011720080118\index.dat
2008-01-17 13:47 32,768 --sha-w I:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

------- Sigcheck -------

2007-09-20 00:59 823808 431defbb4a3d7b0dc062c1b064623a2f I:\windows\ie7updates\KB942615-IE7\wininet.dll
2007-12-01 01:26 666112 e7f441cde6e418bb68fc700872c004a0 I:\windows\ServicePackFiles\i386\wininet.dll
2007-10-10 19:47 825344 0e5d918f87efa7d2424d66b499c7eb04 I:\windows\system32\wininet.dll
2007-10-10 19:47 825344 0e5d918f87efa7d2424d66b499c7eb04 I:\windows\system32\dllcache\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="I:\windows\system32\ctfmon.exe" [2007-12-01 01:26 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="I:\windows\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"SunJavaUpdateSched"="K:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"SSBkgdUpdate"="I:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 13:16 185896]
"OpwareSE4"="I:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 12:45 75304]
"avast!"="K:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 10:38 78008]
"COMODO Firewall Pro"="I:\Program Files\COMODO\Firewall\cfp.exe" [2008-08-01 21:10 1655552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]

I:\Documents and Settings\Jake\Start Menu\Programs\Startup\
WinMySQLadmin.lnk - C:\xampp\mysql\bin\winmysqladmin.exe [2007-12-20 22:00:28 936448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= I:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= K:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKLM\~\startupfolder\I:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=I:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=I:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2007-12-01 01:26 15360 I:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 23:12 49152 K:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2007-12-01 01:26 1695232 I:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 02:41 8523776 I:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 02:41 81920 I:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-07-07 09:42 2156368 K:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 02:41 1626112 I:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2005-06-20 09:42 77824 I:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"I:\\Program Files\\uTorrent\\uTorrent.exe"=
"I:\\Program Files\\mIRC\\mirc.exe"=
"I:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"I:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"I:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

R0 SI3114;SiI-3114 SATALink Controller;I:\windows\system32\DRIVERS\SI3114.sys [2008-04-14 19:52]
R1 aswSP;avast! Self Protection;I:\windows\system32\drivers\aswSP.sys [2008-07-19 10:35]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;I:\windows\system32\DRIVERS\cmdguard.sys [2008-08-01 21:10]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;I:\windows\system32\DRIVERS\cmdhlp.sys [2008-08-01 21:10]
R2 aswFsBlk;aswFsBlk;I:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 10:37]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - I:\Documents and Settings\Jake\Application Data\Mozilla\Firefox\Profiles\o9sqyxqi.default\


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-03 20:09:45
Windows 5.1.2600 Service Pack 3, v.3264 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: I:\windows\system32\winlogon.exe
-> I:\windows\system32\guard32.dll

PROCESS: I:\windows\system32\lsass.exe
-> I:\windows\system32\guard32.dll
.
Completion time: 2008-08-03 20:10:31
ComboFix-quarantined-files.txt 2008-08-04 00:10:15

Pre-Run: 72,160,137,216 bytes free
Post-Run: 72,192,098,304 bytes free

225 --- E O F --- 2008-07-11 23:37:50

hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:12:37 PM, on 8/3/2008
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20696)
Boot mode: Normal

Running processes:
I:\windows\System32\smss.exe
I:\windows\system32\winlogon.exe
I:\windows\system32\services.exe
I:\windows\system32\lsass.exe
I:\windows\system32\svchost.exe
I:\windows\system32\svchost.exe
K:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
K:\Program Files\Alwil Software\Avast4\ashServ.exe
K:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
I:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
K:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
I:\Program Files\COMODO\Firewall\cfp.exe
I:\windows\system32\ctfmon.exe
I:\windows\system32\spoolsv.exe
I:\Program Files\COMODO\Firewall\cmdagent.exe
I:\windows\system32\nvsvc32.exe
I:\windows\system32\HPZipm12.exe
I:\windows\system32\svchost.exe
K:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
K:\Program Files\Alwil Software\Avast4\ashWebSv.exe
I:\windows\System32\svchost.exe
I:\Program Files\uTorrent\uTorrent.exe
K:\Program Files\POP Peeper\POPPeeper.exe
K:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE
I:\Program Files\Windows Live\Messenger\usnsvc.exe
I:\PROGRA~1\Mozilla Firefox\firefox.exe
I:\windows\explorer.exe
K:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - K:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "K:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "I:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "I:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [avast!] K:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "I:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] I:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Startup: WinMySQLadmin.lnk = C:\xampp\mysql\bin\winmysqladmin.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://K:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://K:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://K:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://K:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - K:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - K:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - I:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - I:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\windows\Network Diagnostic\xpnetdiag.exe
O20 - AppInit_DLLs: I:\windows\system32\guard32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - K:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - K:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - K:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - K:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - I:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\windows\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - I:\windows\system32\HPZipm12.exe

--
End of file - 5797 bytes
  • 0

#10
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi Redavni,

The only thing from all that is the following, and I doubt that they will be a real issue:

Run HijackThis.
  • Click the Do a system scan only button.
  • Check the boxes for the all the entries listed below:
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O9 - Extra button: (no name) - AutorunsDisabled - (no file)

  • Now close all windows other than HijackThis and click Fix Checked.
  • Close HijackThis.


Shut down & Reboot normally:

Test the performance of the access to shared folder. If still the same I would suggest that it is either a software conflict or Operating System issue.
You might be best to start a new thread Here
  • 0

#11
Redavni

Redavni

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I did what you suggested but there was no difference. Playing around a bit I noticed this is happening in any folder with even a few files, images, videos etc, although the effect on the processor is less than when I select video files. This problem is also showing up on the other computer in my house that is on the network. Thanks for your suggestions sage5, I will start a new topic in the forum you linked to.
  • 0

#12
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP