Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

80-100% process, more than 600mb PF usage

Started by cosmiqeddie , Aug 21 2009 04:59 AM

  • Please log in to reply

#1
cosmiqeddie
Posted 21 August 2009 - 04:59 AM

cosmiqeddie

    Member

  • Member
  • PipPip
  • 57 posts
Hi, geekstogo, its been awhile since my last request for help.
my system were showing weird (gets higher as the system runs longer) PF usage while no suspicious programs are running. my system is win XP sp3 with only some minor background programs running. normally it wouldnt exceed 400mb when there are nothing running.

heres my combofix log and hjthislog:

ComboFix 09-08-20.06 - Sens 1/2009 Fri 18:34.14.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.936.86.1033.18.2047.1370 [GMT 8:00]
执行位置: c:\documents and settings\Sens\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( 2009-07-21 至 2009-08-21 的新的档案 )))))))))))))))))))))))))))))))
.

2009-08-21 10:13 . 2009-08-21 10:13 -------- d-----w- c:\program files\AxBx
2009-08-19 10:12 . 2009-08-19 11:11 -------- d-----w- c:\program files\SpeedFan
2009-08-18 16:15 . 2009-08-18 16:15 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-08-18 16:15 . 2009-08-18 16:15 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-08-18 16:15 . 2009-08-18 16:15 -------- d-----w- c:\program files\OpenAL
2009-08-18 16:14 . 2009-08-18 16:14 -------- d-----w- c:\windows\system32\Futuremark
2009-08-18 16:14 . 2008-09-17 06:14 27672 ----a-r- c:\windows\system32\drivers\Entech.sys
2009-08-18 16:14 . 2009-08-18 16:14 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2009-08-18 16:11 . 2009-08-18 16:11 -------- d-----w- c:\program files\Futuremark
2009-08-18 10:43 . 2009-08-18 10:43 -------- d-----w- c:\program files\SystemRequirementsLab
2009-08-18 10:42 . 2009-08-18 10:43 -------- d-----w- c:\documents and settings\Sens\Application Data\SystemRequirementsLab
2009-08-18 10:42 . 2009-08-18 10:42 207872 ----a-w- c:\documents and settings\Sens\Application Data\SystemRequirementsLab\SRLProxy_srl_4.dll
2009-08-18 10:42 . 2009-08-18 10:42 207872 ----a-w- c:\documents and settings\Sens\Application Data\SystemRequirementsLab\SRLProxy_srl_3.dll
2009-08-18 10:42 . 2009-08-18 10:42 207872 ----a-w- c:\documents and settings\Sens\Application Data\SystemRequirementsLab\SRLProxy_srl_2.dll
2009-08-18 10:42 . 2009-08-18 10:42 207872 ----a-w- c:\documents and settings\Sens\Application Data\SystemRequirementsLab\SRLProxy_srl_1.dll
2009-08-17 17:49 . 2009-08-17 17:49 -------- d-----w- c:\documents and settings\Sens\Local Settings\Application Data\temp
2009-08-17 17:49 . 2009-08-17 17:49 -------- d-----w- c:\documents and settings\Sens\AppData
2009-08-17 17:49 . 2009-08-17 17:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\temp
2009-08-17 17:49 . 2009-08-17 17:49 -------- d-----w- c:\documents and settings\NetworkService\AppData
2009-08-17 17:49 . 2009-08-17 17:49 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\temp
2009-08-17 17:49 . 2009-08-17 17:49 -------- d-----w- c:\documents and settings\LocalService\AppData
2009-08-17 09:50 . 2009-08-17 09:50 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2009-08-15 16:42 . 2009-08-15 16:42 152576 ----a-w- c:\documents and settings\Sens\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-12 15:23 . 2009-08-12 15:23 -------- d-----w- c:\documents and settings\Sens\Application Data\NeoDownloader
2009-08-12 15:23 . 2009-08-12 15:23 -------- d-----w- c:\program files\NeoDownloader
2009-08-10 16:14 . 2009-08-10 16:14 -------- d-----w- c:\program files\EAGLE-5.6.0
2009-08-10 16:14 . 2009-08-10 16:14 -------- d-----w- c:\documents and settings\Sens\Application Data\CadSoft
2009-08-10 14:58 . 2009-08-10 14:58 -------- d-----w- c:\documents and settings\Sens\Application Data\Malwarebytes
2009-08-10 14:58 . 2009-08-03 05:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-10 14:58 . 2009-08-10 14:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-10 14:58 . 2009-08-10 14:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-10 14:58 . 2009-08-03 05:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-10 13:53 . 2009-08-10 14:58 -------- d-----w- c:\windows\BDOSCAN8
2009-08-06 01:46 . 2009-08-07 00:33 -------- d--h--w- c:\windows\system32\F73A61
2009-08-06 01:46 . 2009-08-06 01:46 -------- d--h--w- c:\windows\system32\DCD11C
2009-08-06 01:46 . 2009-08-06 01:46 -------- d--h--w- c:\windows\system32\A770B5
2009-08-02 17:18 . 2009-08-02 17:18 -------- d-----w- c:\documents and settings\Sens\Application Data\Downloaded Installations
2009-08-02 17:05 . 2009-08-03 15:09 -------- d-----w- c:\program files\Foxit Software
2009-08-01 12:52 . 2009-08-01 12:52 -------- d-----w- c:\program files\Alcohol Soft
2009-07-24 09:44 . 2009-07-24 09:44 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-07-24 09:30 . 2009-07-24 09:30 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-07-24 09:30 . 2009-07-24 09:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater

.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-21 10:25 . 2008-09-03 16:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon
2009-08-21 09:27 . 2008-09-04 12:42 -------- d-----w- c:\program files\Garena
2009-08-21 08:09 . 2008-09-03 16:34 48778 ----a-w- c:\windows\system32\cid_store.dat
2009-08-20 06:44 . 2008-09-22 10:18 -------- d-----w- c:\program files\PPStream
2009-08-18 19:05 . 2008-09-07 18:58 -------- d-----w- c:\documents and settings\Sens\Application Data\Orbit
2009-08-18 16:14 . 2008-09-04 02:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-17 11:17 . 2008-09-22 10:18 -------- d-----w- c:\documents and settings\Sens\Application Data\PPStream
2009-08-17 01:11 . 2009-03-25 01:01 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-17 01:11 . 2009-03-25 01:01 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-17 01:11 . 2008-09-04 10:57 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-15 16:43 . 2009-06-09 10:22 -------- d-----w- c:\program files\Java
2009-08-11 08:14 . 2009-03-06 08:59 -------- d-----w- c:\program files\Orbitdownloader
2009-08-02 06:06 . 2009-01-14 18:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-01 17:20 . 2009-06-02 13:11 25 ----a-w- c:\windows\popcinfot.dat
2009-08-01 13:37 . 2009-07-08 07:29 -------- d-----w- c:\program files\NamiRobot
2009-07-24 21:23 . 2009-06-09 10:23 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-24 09:31 . 2009-06-05 17:47 -------- d-----w- c:\program files\Google
2009-07-18 09:01 . 2008-11-13 10:15 -------- d-----w- c:\documents and settings\All Users\Application Data\2DBoy
2009-07-18 09:01 . 2009-06-29 16:36 -------- d-----w- c:\program files\Magic Video Converter
2009-07-01 06:25 . 2009-07-01 06:25 -------- d-----w- c:\documents and settings\Sens\Application Data\Solveig Multimedia
2009-07-01 06:22 . 2009-07-01 06:21 -------- d-----w- c:\program files\Common Files\Solveig Multimedia
2009-07-01 06:21 . 2009-07-01 06:21 -------- d-----w- c:\program files\Solveig Multimedia
2009-06-30 13:04 . 2009-06-30 13:04 -------- d-----w- c:\program files\DVD Shrink
2009-06-30 13:04 . 2009-06-30 13:04 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-06-23 17:36 . 2009-06-23 13:07 -------- d-----w- c:\documents and settings\Sens\Application Data\U3
2009-06-23 15:33 . 2009-06-23 15:33 -------- d-----w- c:\program files\pic2ascii
2009-06-23 13:20 . 2009-06-23 13:19 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-06-23 13:19 . 2009-06-23 13:19 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-06-23 13:19 . 2009-06-23 13:19 -------- d-----w- c:\program files\NOS
2009-06-22 16:57 . 2009-05-29 10:14 -------- d-----w- c:\documents and settings\Sens\Application Data\NJStar
2009-06-22 16:57 . 2009-05-29 10:14 -------- d-----w- c:\program files\NJStar Communicator
2009-06-22 16:55 . 2008-09-06 19:26 -------- d-----w- c:\program files\Real Alternative
2009-06-22 16:55 . 2008-09-04 02:18 -------- d-----w- c:\program files\Windows Media Connect 2
2009-06-12 14:02 . 2009-06-12 14:02 152576 ----a-w- c:\documents and settings\Sens\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-09 10:22 . 2009-06-09 10:22 152576 ----a-w- c:\documents and settings\Sens\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-04 02:53 . 2009-06-23 13:19 31944 ----a-w- c:\documents and settings\Sens\Application Data\Mozilla\Firefox\Profiles\ixgwub5z.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2009-06-04 02:53 . 2009-06-23 13:19 22848 ----a-w- c:\documents and settings\Sens\Application Data\Mozilla\Firefox\Profiles\ixgwub5z.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg_bootstrap.exe
2009-06-04 02:53 . 2009-06-23 13:19 18776 ----a-w- c:\documents and settings\Sens\Application Data\Mozilla\Firefox\Profiles\ixgwub5z.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2009-06-01 09:29 . 2008-09-04 02:27 32272 ----a-w- c:\documents and settings\Sens\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-28 12:00 . 2009-05-28 07:29 249856 ------w- c:\windows\Setup1.exe
2009-05-28 12:00 . 2009-05-28 07:29 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-05-28 07:19 . 2009-05-28 07:19 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-05-27 19:59 . 2009-05-27 19:59 716272 ----a-w- c:\windows\system32\drivers\sptd.sys
2007-12-03 13:09 . 2009-08-14 21:39 20674082 ----a-w- c:\program files\超性感,超级棒的身材,控制力不好别看-看了必射.rmvb
.

------- Sigcheck -------

[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 11:51 361600 4AFB3B0919649F95C1964AA1FAD27D73 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-08-01_21.32.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-09-22 17:35 . 2005-09-22 17:35 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0ee63867\vcomp.dll
+ 2005-09-22 16:58 . 2005-09-22 16:58 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80KOR.dll
+ 2005-09-22 16:58 . 2005-09-22 16:58 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80JPN.dll
+ 2005-09-22 16:58 . 2005-09-22 16:58 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ITA.dll
+ 2005-09-22 16:58 . 2005-09-22 16:58 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80FRA.dll
+ 2005-09-22 16:58 . 2005-09-22 16:58 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ESP.dll
+ 2005-09-22 16:58 . 2005-09-22 16:58 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ENU.dll
+ 2005-09-22 16:58 . 2005-09-22 16:58 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80DEU.dll
+ 2005-09-22 16:58 . 2005-09-22 16:58 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHT.dll
+ 2005-09-22 16:58 . 2005-09-22 16:58 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHS.dll
+ 2005-09-22 17:16 . 2005-09-22 17:16 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80u.dll
+ 2005-09-22 17:16 . 2005-09-22 17:16 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80.dll
+ 2005-09-22 15:49 . 2005-09-22 15:49 95744 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll
+ 2009-08-21 10:25 . 2009-08-21 10:25 16384 c:\windows\temp\Perflib_Perfdata_424.dat
+ 2008-09-05 08:23 . 2009-08-13 09:02 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2008-09-05 08:23 . 2009-05-05 11:49 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2008-10-28 07:53 . 2009-08-13 09:31 88589 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2009-08-18 16:14 . 2008-09-17 06:14 70392 c:\windows\system32\Futuremark\MSC\Direcpll.dll
+ 2009-01-05 07:44 . 2009-01-05 07:44 53248 c:\windows\bdoscandel.exe
+ 2009-08-10 13:53 . 2009-08-10 13:53 86016 c:\windows\BDOSCAN8\librtvr.dll
+ 2009-08-10 13:53 . 2009-08-10 13:53 27136 c:\windows\BDOSCAN8\avxt.dll
+ 2009-08-10 13:53 . 2009-08-10 13:53 10240 c:\windows\BDOSCAN8\avxs.dll
+ 2009-08-10 13:53 . 2009-08-10 13:53 45056 c:\windows\BDOSCAN8\avxdisk.dll
+ 2006-09-24 13:28 . 2006-09-24 13:28 5248 c:\windows\system32\speedfan.sys
+ 1996-04-03 19:33 . 1996-04-03 19:33 5248 c:\windows\system32\giveio.sys
+ 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-07-18 03:12 . 2009-07-18 03:12 257440 c:\windows\system32\Macromed\Flash\FlashUtil10c.exe
+ 2009-08-15 16:43 . 2009-07-24 21:23 149280 c:\windows\system32\javaws.exe
+ 2009-08-15 16:43 . 2009-07-24 21:23 145184 c:\windows\system32\javaw.exe
+ 2009-08-15 16:43 . 2009-07-24 21:23 145184 c:\windows\system32\java.exe
+ 2009-08-18 16:14 . 2009-08-18 16:14 213504 c:\windows\Installer\4c8d844.msi
+ 2009-01-05 07:44 . 2009-01-05 07:44 741376 c:\windows\Downloaded Program Files\ipsupd.dll
+ 2009-01-05 07:44 . 2009-01-05 07:44 741376 c:\windows\BDOSCAN8\ipsupd.dll
+ 2005-09-22 17:16 . 2005-09-22 17:16 1079808 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80u.dll
+ 2005-09-22 17:16 . 2005-09-22 17:16 1093632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80.dll
+ 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 1614848 c:\windows\system32\dllcache\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Sens\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-05 133104]
"PPS Accelerator"="c:\program files\PPStream\ppsap.exe" [2008-12-11 210296]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-24 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"IMSCMIG40W"="c:\progra~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE" [2003-12-05 24576]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2008-09-03 3551456]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"WinSys2"="c:\windows\system32\winsys2.exe" [2008-07-09 208896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-17 2007832]
"Google Pinyin 2 Autoupdater"="c:\program files\Google\Google Pinyin 2\GooglePinyinDaemon.exe" [2009-06-05 971760]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-24 149280]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-09-27 16844800]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-28 76304]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-03 1630208]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-9-4 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-01 22:12 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-17 01:11 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Sens^Start Menu^Programs^Startup^27A438.lnk]
path=c:\documents and settings\Sens\Start Menu\Programs\Startup\27A438.lnk
backup=c:\windows\pss\27A438.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"Qvod Terminal"=3 (0x3)
"AresChatServer"=3 (0x3)
"ccosm"=2 (0x2)
"ose"=3 (0x3)
"LBTServ"=3 (0x3)
"wuauserv"=2 (0x2)
"WinTabService"=2 (0x2)
"StarWindServiceAE"=2 (0x2)
"getPlus® Helper"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Program Files\\Thunder\\Program\\Thunder5.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\PPStream\\PPSAP.exe"=
"d:\\Program Files\\lolifox\\lolifox.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"g:\\Games Installer\\XiaoTianTang\\RockNESX.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\PPStream\\PPStream.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"g:\\Games Installer\\Left 4 Dead\\left4dead.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"f:\\Game\\Diablo II\\Diablo II.exe"=
"f:\\Game\\CS1.6\\hl.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/25/2009 9:01 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/25/2009 9:01 AM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/5/2009 9:03 AM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/25/2009 9:01 AM 297752]
S2 gupdate1ca0c4171c85a66;Google Update Service (gupdate1ca0c4171c85a66);c:\program files\Google\Update\GoogleUpdate.exe [7/24/2009 5:30 PM 133104]
S3 cpuz130;cpuz130;\??\c:\docume~1\Sens\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Sens\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Sens\LOCALS~1\Temp\HBZ571.tmp --> c:\docume~1\Sens\LOCALS~1\Temp\HBZ571.tmp [?]
S3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\DRIVERS\PTSimBus.sys --> c:\windows\system32\DRIVERS\PTSimBus.sys [?]
S3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\DRIVERS\PTSimHid.sys --> c:\windows\system32\DRIVERS\PTSimHid.sys [?]
S4 ccosm;Contrl Center of Storm Media;c:\program files\StormII\stormliv.exe /asservice --> c:\program files\StormII\stormliv.exe [?]
S4 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [6/23/2009 9:19 PM 66048]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
‘计划任务’ 文件夹 里的内容

2009-08-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-24 09:30]

2009-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 09:30]

2009-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 09:30]

2009-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-616249376-839522115-1003Core.job
- c:\documents and settings\Sens\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-05 00:44]

2009-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-616249376-839522115-1003UA.job
- c:\documents and settings\Sens\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-05 00:44]

2009-08-21 c:\windows\Tasks\User_Feed_Synchronization-{8DA2AD50-AF8B-4BF5-B4BD-E3536EFB8495}.job
- c:\windows\system32\msfeedssync.exe [2007-12-31 18:01]
.
.
------- 而外的扫描 -------
.
uStart Page = hxxp://www.google.com/
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
IE: 使用迅雷下载 - d:\program files\Thunder\Program\geturl.htm
IE: 使用迅雷下载全部链接 - d:\program files\Thunder\Program\getallurl.htm
TCP: {38C39C33-35DB-4F84-9FD3-C1CAF002D284} = 202.188.1.4,202.188.0.132
FF - ProfilePath - c:\documents and settings\Sens\Application Data\Mozilla\Firefox\Profiles\ixgwub5z.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\Sens\Application Data\Mozilla\Firefox\Profiles\ixgwub5z.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\Sens\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-21 18:39
Windows 5.1.2600 Service Pack 3 NTFS

扫描被隐藏的进程 。。。

扫描被隐藏的启动组 。。。

扫描被隐藏的文件 。。。


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Sens\LOCALS~1\Temp\HBZ571.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-682003330-616249376-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:33,eb,ff,13,37,95,88,ad,25,26,c8,da,c2,62,1a,f5,56,dc,c8,5f,6b,
f4,c4,1e,14,45,3a,73,74,cb,c2,b4,0d,08,a7,15,b6,90,8a,b0,bb,4c,20,d3,0e,0d,\
"rkeysecu"=hex:c0,ae,a5,ee,38,df,85,2c,1f,84,c9,0a,cc,e8,9d,cf

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- 运行进程下的动态链接库 ---------------------

- - - - - - - > 'winlogon.exe'(616)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(3656)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
完成时间: 2009-08-21 18:43
ComboFix-quarantined-files.txt 2009-08-21 10:41
ComboFix2.txt 2009-08-17 17:49
ComboFix3.txt 2009-08-10 08:13
ComboFix4.txt 2009-08-01 21:41

Pre-Run: 4,912,201,728 bytes free
Post-Run: 4,951,207,936 bytes free

324



HJTHIS

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:48:45 PM, on 8/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - D:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IMSCMIG40W] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Google Pinyin 2 Autoupdater] "C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sens\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [PPS Accelerator] C:\Program Files\PPStream\ppsap.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O8 - Extra context menu item: 使用迅雷下载 - D:\Program Files\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - D:\Program Files\Thunder\Program\getallurl.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1230582217312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1230582196281
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{38C39C33-35DB-4F84-9FD3-C1CAF002D284}: NameServer = 202.188.1.4,202.188.0.132
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1ca0c4171c85a66) (gupdate1ca0c4171c85a66) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8962 bytes

some virus seems to change all my folders in thumbdrive into hidden file and create another same file name as file.exe, and i think this happened after i accidentally clicked on the exe file without realizing it.
helps are appreciated.
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP