Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

CPU usage problem

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

CPU usage problem

Unread postby RS8 » January 7th, 2010, 9:49 am

Hi!

Not that I know anything about these things, but it seems to me that there might be a malware somewhere in my computer eating up most of the CPU capacity. According to Process Explorer, CPU usage remains at 50-100% at all times, there’s always 40+ processes going on and virtually all of that is described as “hardware interrupts”. No error messages have shown up, apart from an occasional failure to shut down a particular program as I try to shut down the computer. One of the most common of these errors concerns the anti-virus program I think. The computer feels slow, too, and I was only able to score a 3Dmark2000 score of ~5600 with an Athlon 64 3200+ processor, 2GB of DDR400 memory and a Radeon HD4650 graphics card. That does not sound right.

I’ve tried the following (in chronological order):

1) Updated my severely outdated Anti-Virus program (now F-Secure Anti-Virus for Workstations)
2) Defragmented the hard drive
3) Ran a full system check (found 1 virus and had trouble cleaning up the file. Tried to remove it but I’m not sure what I ended up doing to be honest)
4) Removed the Temporary Internet Files (curiously, I couldn’t remove one text file) via Control Panel -> Internet Options
5) Disabled unnecessary programmes from Auto Starting with StartupLite

I have a Finnish version of Windows XP, which might make interpreting your suggestions a little more complicated, but thankfully there’s Google to assist me. Any help would be appreciated!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:27:28, on 7.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\runservice.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\FSGUI\scanwizard.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\trend micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tvnyt.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2829859484
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: WinCtrl32 - WinCtrl32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: iPod-palvelu (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe

--
End of file - 6300 bytes


123 Free Solitaire
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Reader 7.0.8 - Suomi
Adobe Reader Japanese Fonts
Adobe Shockwave Player 11
Apple Software Update
ArtMoney SE v7.07
ATI Display Driver
AudibleManager
BitTorrent 3.4.2
Compatibility Pack for the 2007 Office system
CoolStreaming
Creative Software AutoUpdate
Creative System Information
Creative ZEN
DivX
Eastside UK pre-game Editor v2007.1.6
Eastside UK saved game Editor v2007.0.4
Enable S3 for USB Device
FM Scout
Football Manager 2005
F-Secure Anti-Virus for Workstations - Virus- ja vakoilusuojaus
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix-korjauspäivitys Windows Media Player 11:lle (KB939683)
Hotfix-päivitys Windows Internet Explorer 7:lle (KB947864)
Hotfix-päivitys Windows XP:lle (KB952287)
Hotfix-päivitys Windows XP:lle (KB970653-v3)
Hotfix-päivitys Windows XP:lle (KB976098-v2)
IL-2 Sturmovik Demo
iTunes
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 17
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Logitech Desktop Messenger
Logitech iTouch -ohjelmisto
Logitech MouseWare 9.41 .1
Logitech SetPoint
Logitech-käyttöopas
MadOnion.com/3DMark2000
Marvell Miniport Driver
MCFM 05
MCFM 05
MCFM 05
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework SDK (English) 1.1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Midtown Madness 2
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (2.0.0.20)
Nero - Burning Rom
NHL Eastside Hockey Manager 2007
NVIDIA Drivers
OpenOffice.org 3.1
PowerDVD
PuTTY version 0.60
Päivitys Windows Internet Explorer 8:lle (KB971930)
Päivitys Windows Internet Explorer 8:lle (KB976749)
Päivitys Windows XP:lle (KB951072-v2)
Päivitys Windows XP:lle (KB951978)
Päivitys Windows XP:lle (KB955839)
Päivitys Windows XP:lle (KB967715)
Päivitys Windows XP:lle (KB968389)
Päivitys Windows XP:lle (KB971737)
Päivitys Windows XP:lle (KB973687)
Päivitys Windows XP:lle (KB973815)
QuickTime
Ray-Ban Virtual Mirror
RealPlayer
Realtek AC'97 Audio
SimCity 4
Skype 2.5
SolSuite
SopCast 3.0.3
Splinter Cell Pandora Tomorrow
Suojauspäivitys ohjelmistolle Windows XP (KB941569)
Suojauspäivitys Windows Internet Explorer 7:lle (KB928090)
Suojauspäivitys Windows Internet Explorer 7:lle (KB929969)
Suojauspäivitys Windows Internet Explorer 7:lle (KB931768)
Suojauspäivitys Windows Internet Explorer 7:lle (KB933566)
Suojauspäivitys Windows Internet Explorer 7:lle (KB937143)
Suojauspäivitys Windows Internet Explorer 7:lle (KB938127)
Suojauspäivitys Windows Internet Explorer 7:lle (KB939653)
Suojauspäivitys Windows Internet Explorer 7:lle (KB942615)
Suojauspäivitys Windows Internet Explorer 7:lle (KB944533)
Suojauspäivitys Windows Internet Explorer 7:lle (KB950759)
Suojauspäivitys Windows Internet Explorer 7:lle (KB953838)
Suojauspäivitys Windows Internet Explorer 7:lle (KB956390)
Suojauspäivitys Windows Internet Explorer 7:lle (KB958215)
Suojauspäivitys Windows Internet Explorer 7:lle (KB960714)
Suojauspäivitys Windows Internet Explorer 7:lle (KB961260)
Suojauspäivitys Windows Internet Explorer 7:lle (KB963027)
Suojauspäivitys Windows Internet Explorer 7:lle (KB969897)
Suojauspäivitys Windows Internet Explorer 8:lle (KB969897)
Suojauspäivitys Windows Internet Explorer 8:lle (KB971961)
Suojauspäivitys Windows Internet Explorer 8:lle (KB972260)
Suojauspäivitys Windows Internet Explorer 8:lle (KB974455)
Suojauspäivitys Windows Internet Explorer 8:lle (KB976325)
Suojauspäivitys Windows Media Player 11:lle (KB936782)
Suojauspäivitys Windows Media Player 11:lle (KB954154)
Suojauspäivitys Windows Media Player 9:lle (KB911565)
Suojauspäivitys Windows Media Player 9:lle (KB917734)
Suojauspäivitys Windows Media Playerille (KB952069)
Suojauspäivitys Windows Media Playerille (KB954155)
Suojauspäivitys Windows Media Playerille (KB968816)
Suojauspäivitys Windows Media Playerille (KB973540)
Suojauspäivitys Windows XP:lle (KB923561)
Suojauspäivitys Windows XP:lle (KB938464)
Suojauspäivitys Windows XP:lle (KB946648)
Suojauspäivitys Windows XP:lle (KB950760)
Suojauspäivitys Windows XP:lle (KB950762)
Suojauspäivitys Windows XP:lle (KB950974)
Suojauspäivitys Windows XP:lle (KB951066)
Suojauspäivitys Windows XP:lle (KB951376)
Suojauspäivitys Windows XP:lle (KB951376-v2)
Suojauspäivitys Windows XP:lle (KB951698)
Suojauspäivitys Windows XP:lle (KB951748)
Suojauspäivitys Windows XP:lle (KB952004)
Suojauspäivitys Windows XP:lle (KB952954)
Suojauspäivitys Windows XP:lle (KB953839)
Suojauspäivitys Windows XP:lle (KB954211)
Suojauspäivitys Windows XP:lle (KB954459)
Suojauspäivitys Windows XP:lle (KB954600)
Suojauspäivitys Windows XP:lle (KB955069)
Suojauspäivitys Windows XP:lle (KB956391)
Suojauspäivitys Windows XP:lle (KB956572)
Suojauspäivitys Windows XP:lle (KB956744)
Suojauspäivitys Windows XP:lle (KB956802)
Suojauspäivitys Windows XP:lle (KB956803)
Suojauspäivitys Windows XP:lle (KB956841)
Suojauspäivitys Windows XP:lle (KB956844)
Suojauspäivitys Windows XP:lle (KB957095)
Suojauspäivitys Windows XP:lle (KB957097)
Suojauspäivitys Windows XP:lle (KB958644)
Suojauspäivitys Windows XP:lle (KB958687)
Suojauspäivitys Windows XP:lle (KB958690)
Suojauspäivitys Windows XP:lle (KB958869)
Suojauspäivitys Windows XP:lle (KB959426)
Suojauspäivitys Windows XP:lle (KB960225)
Suojauspäivitys Windows XP:lle (KB960715)
Suojauspäivitys Windows XP:lle (KB960803)
Suojauspäivitys Windows XP:lle (KB960859)
Suojauspäivitys Windows XP:lle (KB961371)
Suojauspäivitys Windows XP:lle (KB961373)
Suojauspäivitys Windows XP:lle (KB961501)
Suojauspäivitys Windows XP:lle (KB968537)
Suojauspäivitys Windows XP:lle (KB969059)
Suojauspäivitys Windows XP:lle (KB969898)
Suojauspäivitys Windows XP:lle (KB969947)
Suojauspäivitys Windows XP:lle (KB970238)
Suojauspäivitys Windows XP:lle (KB970430)
Suojauspäivitys Windows XP:lle (KB971486)
Suojauspäivitys Windows XP:lle (KB971557)
Suojauspäivitys Windows XP:lle (KB971633)
Suojauspäivitys Windows XP:lle (KB971657)
Suojauspäivitys Windows XP:lle (KB973346)
Suojauspäivitys Windows XP:lle (KB973354)
Suojauspäivitys Windows XP:lle (KB973507)
Suojauspäivitys Windows XP:lle (KB973525)
Suojauspäivitys Windows XP:lle (KB973869)
Suojauspäivitys Windows XP:lle (KB973904)
Suojauspäivitys Windows XP:lle (KB974112)
Suojauspäivitys Windows XP:lle (KB974318)
Suojauspäivitys Windows XP:lle (KB974392)
Suojauspäivitys Windows XP:lle (KB974571)
Suojauspäivitys Windows XP:lle (KB975025)
Suojauspäivitys Windows XP:lle (KB975467)
Tärkeä päivitys Windows Media Player 11:lle (KB959772)
VideoLAN VLC media player 0.8.4a
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
ZENcast Organizer
RS8
Active Member
 
Posts: 11
Joined: January 6th, 2010, 5:34 pm
Advertisement
Register to Remove

Re: CPU usage problem

Unread postby deltalima » January 12th, 2010, 8:49 am

Hi RS8,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

HijackThis logs can take some time to research, so please be patient with me.

Please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • All of my posts need to be checked by a teacher, so please be patient while I attempt to remove your malware.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: CPU usage problem

Unread postby RS8 » January 12th, 2010, 9:33 am

Hi Deltalima, and thank you for the welcome!

I haven't done anything else to try and solve this thing since I started the thread, so the problem persists. I'm looking forward to your comments and suggestions. :)
RS8
Active Member
 
Posts: 11
Joined: January 6th, 2010, 5:34 pm

Re: CPU usage problem

Unread postby deltalima » January 12th, 2010, 1:31 pm

Hi RS8,

Remove P2P Programs

  • I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

    BitTorrent 3.4.2

  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  • Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the programs listed above (in red) and any other P2P you have installed NOW.
  • Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

Run Combofix:

Temporarily disable any antispyware, antivirus and or antimalware real-time protection as they may interfere with running of ComboFix.

Download ComboFix from here to your Desktop.

For more information about Combofix please see here.

Close all programs.

Double click combofix.exe and follow the prompts.

If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures, if not, then follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Once installed, you should see the following message:

The recovery console was successfuly installed.
Click ‘YES’ to continue scanning for malware
Click ‘NO’ for exit

Click the YES button.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your “drive access” light. If it is flashing, Combofix is still at work.

When finished ComboFix will produce a log file. Please post the contents of the log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: CPU usage problem

Unread postby RS8 » January 12th, 2010, 6:10 pm

I uninstalled BitTorrent and downloaded Combofix, but before I run it I have a couple of questions:

1) Along with the antivirus program, I should also disable the Windows XP firewall (which is currently running), right?

2) If so, I noticed that the "group policy" or something is in control of some of my firewall settings. I can't choose to disable the firewall under general firewall settings. We have a WLAN in our house, though this particular computer is connected to the wireless router. The network itself is managed from downstairs - the network on this floor is basically an extension to it. What do you think I should do?
RS8
Active Member
 
Posts: 11
Joined: January 6th, 2010, 5:34 pm

Re: CPU usage problem

Unread postby deltalima » January 13th, 2010, 6:54 am

Hi RS8,

Along with the antivirus program, I should also disable the Windows XP firewall (which is currently running)


No need to disable the Windows XP firewall.

As long as the antivirus is disabled then you are ready to run Combofix.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: CPU usage problem

Unread postby RS8 » January 13th, 2010, 9:54 am

Hi,

Here's the ComboFix log. Just so you know, I was asked if I wanted to update ComboFix to a newer version. I chose not to update and ran the version I had already downloaded instead.

I can provide translation help in case it's needed ;)

ComboFix 10-01-12.02 - Sampo 13.01.2010 15:29:58.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.358.1035.18.2047.1567 [GMT 2:00]
Sijainti: c:\documents and settings\Sampo\Työpöytä\ComboFix.exe
AV: F-Secure Anti-Virus for Workstations 8.00 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\SalesMonitor
c:\documents and settings\Sampo\Application Data\DriveCleaner Freeware
c:\documents and settings\Sampo\Application Data\DriveCleaner Freeware\Logs\update.log
c:\windows\EventSystem.log

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-12-13 to 2010-01-13 )))))))))))))))))
.

2010-01-13 09:05 . 2009-11-21 15:58 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-05 15:44 . 2010-01-07 13:04 -------- d-----w- c:\program files\trend micro
2010-01-05 15:44 . 2010-01-05 15:44 -------- d-----w- C:\rsit
2010-01-05 15:03 . 2010-01-05 15:08 -------- d-----w- c:\documents and settings\Sampo\.SunDownloadManager
2010-01-05 10:05 . 2010-01-05 10:05 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys
2010-01-05 08:46 . 2010-01-05 08:46 0 ----a-w- c:\windows\ativpsrm.bin
2010-01-05 08:46 . 2009-05-15 14:51 311296 ----a-r- c:\windows\system32\atiiiexx.dll
2010-01-05 08:46 . 2009-05-15 15:39 442368 ----a-r- c:\windows\system32\ATIDEMGX.dll
2010-01-05 08:45 . 2009-05-15 14:54 887724 ----a-r- c:\windows\system32\ativva6x.dat
2010-01-05 08:45 . 2009-05-15 14:54 3 ----a-r- c:\windows\system32\ativva5x.dat
2010-01-05 08:45 . 2009-04-23 07:04 189051 ----a-r- c:\windows\system32\atiicdxx.dat
2009-12-29 12:04 . 2009-12-29 16:01 -------- d-----w- c:\documents and settings\Sampo\Application Data\F-Secure
2009-12-29 08:34 . 2010-01-05 10:05 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2009-12-29 08:33 . 2009-12-29 08:33 -------- d-----w- c:\documents and settings\All Users\Application Data\fssg
2009-12-29 08:32 . 2010-01-13 13:17 -------- d-----w- c:\program files\F-Secure
2009-12-29 08:31 . 2004-05-17 06:00 33280 ----a-r- c:\windows\system32\drivers\NVENETFD.sys
2009-12-29 08:31 . 2004-05-17 05:49 198656 ----a-r- c:\windows\system32\fdco1.dll
2009-12-29 08:31 . 2004-05-17 06:00 56960 ----a-r- c:\windows\system32\drivers\nvnrm.sys
2009-12-29 08:31 . 2004-05-17 06:00 191232 ----a-r- c:\windows\system32\drivers\nvsnpu.sys
2009-12-29 08:31 . 2004-05-17 05:48 8192 ----a-r- c:\windows\system32\bdco1.dll
2009-12-29 08:31 . 2004-05-10 00:53 32256 ----a-r- c:\windows\system32\nvconrm.dll
2009-12-29 08:31 . 2004-05-10 00:52 172032 ----a-w- c:\windows\system32\nvunrm.exe
2009-12-29 08:31 . 2004-05-17 06:00 12928 ----a-r- c:\windows\system32\drivers\nvnetbus.sys
2009-12-26 23:27 . 2009-12-26 23:30 -------- d-----w- c:\documents and settings\Järjestelmänvalvoja.SAMPO-C6169EC83

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-13 13:40 . 2006-03-28 15:00 -------- d-----w- c:\documents and settings\Sampo\Application Data\Skype
2010-01-13 13:15 . 2009-08-31 20:28 1257 --sha-w- c:\windows\system32\mmf.sys
2010-01-05 15:28 . 2009-06-11 14:53 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-05 15:27 . 2005-03-01 15:38 -------- d-----w- c:\program files\Java
2010-01-05 10:05 . 2004-09-15 12:00 66842 ----a-w- c:\windows\system32\perfc00B.dat
2010-01-05 10:05 . 2004-09-15 12:00 358998 ----a-w- c:\windows\system32\perfh00B.dat
2010-01-03 10:59 . 2007-09-03 14:25 -------- d-----w- c:\documents and settings\Sampo\Application Data\U3
2009-12-29 17:51 . 2005-02-02 17:58 26448 ----a-w- c:\documents and settings\Sampo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-29 15:57 . 2007-08-31 20:49 -------- d-----w- c:\program files\Common Files\DriveCleaner Freeware
2009-12-29 08:14 . 2005-02-02 18:33 -------- d-----w- c:\documents and settings\Sampo\Application Data\Lavasoft
2009-12-21 13:41 . 2009-11-09 16:55 79488 ----a-w- c:\documents and settings\Sampo\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-21 15:58 . 2004-09-15 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-29 07:43 . 2004-09-15 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:40 . 2004-09-15 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2004-09-15 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-09-15 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-15 16:32 . 2004-09-15 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-10-15 16:32 . 2004-09-15 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2006-09-07 20:56 . 2006-09-07 20:56 81 ----a-w- c:\program files\deliverVideo.ram
2006-09-07 19:52 . 2006-09-07 19:52 28381 ----a-w- c:\program files\Lost - s01e24-25 - Exodus 2 & 3[1].avi [mininova.org].torrent
2006-07-20 22:18 . 2006-07-20 22:18 29915864 ----a-w- c:\program files\Hatem_Ben_Arfa.wmv
2006-07-05 16:36 . 2006-07-05 16:36 97992704 ----a-w- c:\program files\Litmanen1.avi
2006-06-10 08:46 . 2006-06-10 08:46 28325 ----a-w- c:\program files\Lost - s01e18 - Numbers[1].avi ^mininova.org^.torrent
2006-05-30 19:37 . 2006-05-30 19:37 28345 ----a-w- c:\program files\Lost - s01e16 - Outlaws[1].avi -_mininova.org_-.torrent
2006-05-21 12:42 . 2005-09-02 15:08 29798593 ----a-w- c:\program files\Ronaldo.wmv
2006-05-21 12:26 . 2005-08-30 19:59 69737484 ----a-w- c:\program files\Mara VS Rona 2.wmv
2006-05-09 07:33 . 2006-05-09 07:32 30372330 ----a-w- c:\program files\hmach20.exe
2006-05-07 21:37 . 2006-05-07 21:37 11796480 ----a-w- c:\program files\060507_RuutuBrothers.avi
2006-04-14 23:11 . 2005-09-02 16:48 44039544 ----a-w- c:\program files\Zlatan.wmv
2006-04-14 22:57 . 2005-09-01 08:04 28833896 ----a-w- c:\program files\P[1]._Christiano_Ronaldo_Compilation_3.wmv
2006-04-14 22:48 . 2005-08-30 15:16 68857166 ----a-w- c:\program files\Mara VS Rona.wmv
2006-04-11 23:29 . 2005-12-14 19:00 18311270 ----a-w- c:\program files\George_Best.wmv
2006-04-08 16:31 . 2006-04-08 16:31 34918423 ----a-w- c:\program files\nikefootball_ronaldinho_viral_high.mov
2006-04-05 18:45 . 2006-04-05 18:45 144228582 ----a-w- c:\program files\maradona_in_national_part2.avi
2006-04-05 17:12 . 2006-04-05 17:11 122685550 ----a-w- c:\program files\maradona_in_national_part1.avi
2006-03-28 14:37 . 2006-03-28 14:37 10046792 ----a-w- c:\program files\SkypeSetup.exe
2006-03-21 16:36 . 2006-03-21 16:36 9692886 ----a-w- c:\program files\vlc-0.8.4a-win32.exe
2006-01-11 14:15 . 2005-09-07 09:38 45655348 ----a-w- c:\program files\Cantona.wmv
2006-01-06 13:08 . 2006-01-06 13:08 7325696 ----a-w- c:\program files\060103_YLE_TV2_Hisey[1].XviD.avi
2005-12-20 11:29 . 2005-12-20 11:29 925696 ----a-w- c:\program files\43_20Kovalev-magic-hands.avi
2005-12-20 11:07 . 2005-12-20 11:07 12246528 ----a-w- c:\program files\kovy.avi
2005-11-14 12:54 . 2005-08-30 09:49 47082636 ----a-w- c:\program files\Kynaeilyae.wmv
2005-11-02 18:49 . 2005-09-02 21:08 47550758 ----a-w- c:\program files\Kaka.wmv
2005-11-02 18:43 . 2005-04-07 21:01 82244942 ----a-w- c:\program files\Miklu 03-04.wmv
2005-10-19 17:08 . 2005-08-29 13:46 17881232 ----a-w- c:\program files\Robinho.wmv
2005-10-19 15:42 . 2005-09-06 19:32 35503102 ----a-w- c:\program files\F[1]._Javier_Saviola.wmv
2005-09-12 07:59 . 2005-09-12 07:59 50007040 ----a-w- c:\program files\J[1]._Jay_Jay_Okocha.avi
2005-09-02 19:27 . 2005-09-02 19:27 41055784 ----a-w- c:\program files\L[1]._Alessandro_Del_Piero.mpg
2005-09-01 13:15 . 2005-09-01 13:15 26723676 ----a-w- c:\program files\EURO_2004_-_Top_10_Goals.mpg
2005-09-01 11:26 . 2005-09-01 11:26 40245252 ----a-w- c:\program files\10_Mejores_goles_EUROCOPA_2000.mpg
2005-08-25 21:05 . 2005-08-25 21:05 12491994 ----a-w- c:\program files\CompEremenko.zip
2005-06-14 15:40 . 2005-06-14 15:40 21423104 ----a-w- c:\program files\Ayrton Senna drives Honda NSX at Suzuka.avi
2005-06-14 14:20 . 2005-06-14 14:20 2283524 ----a-w- c:\program files\Spa_2000_Hakkinen_Passes_MSchumacher_Onboard.mpg
2005-06-14 12:51 . 2005-06-14 12:51 57 ----a-w- c:\program files\Gilles_Villenueve.m3u
2005-06-05 00:02 . 2005-06-05 00:00 22169520 ----a-w- c:\program files\AdbeRdr70_suo_full.exe
2005-05-11 14:40 . 2005-05-11 14:40 65500433 ----a-w- c:\program files\PikesPeak.zip
2005-02-08 22:16 . 2005-02-08 22:16 2229966 ----a-w- c:\program files\kompany1-2.wmv
2005-02-08 22:13 . 2005-02-08 22:13 1011102 ----a-w- c:\program files\kompany.wmv
2005-02-06 05:06 . 2005-02-06 05:06 5318056 ----a-w- c:\program files\solsuite.exe
2005-02-05 12:51 . 2005-02-05 12:51 22399520 ----a-w- c:\program files\iTunesSetup.exe
2005-02-05 11:24 . 2005-02-05 11:21 2109895 ----a-w- c:\program files\123free.exe
2009-05-23 12:38 . 2008-04-12 06:55 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-05-23 12:38 . 2008-04-12 06:55 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-05-23 12:38 . 2008-04-12 06:55 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-05-23 12:38 . 2008-04-12 06:55 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-05-23 12:38 . 2008-04-12 06:55 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-10-13 20058152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2001-09-19 35328]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-03-10 28160]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2001-09-17 200704]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2008-10-09 182936]
"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2008-10-09 1182304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2005-4-29 438272]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winta16.sys]
@="Driver"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Ubisoft\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [5.1.2010 12:05 33920]
R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [2.2.2005 21:25 10112]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [5.1.2010 12:04 107104]
S0 Winta16;Winta16;c:\windows\system32\drivers\Winta16.sys [2.2.2005 19:51 30080]
S2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [31.8.2009 22:28 2560]
S3 TNET1130;D-Link AirPlus XtremeG+ Wireless Adapter;c:\windows\system32\drivers\GPlus.sys [24.1.2006 15:24 202496]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\win2k\fsfilter.sys [5.1.2010 12:04 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\win2k\fsrec.sys [5.1.2010 12:04 25184]
.
'Ajoitetut tehtävät'-kansion sisältö

2007-06-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 12:21]
.
.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://www.tvnyt.fi/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Sampo\Application Data\Mozilla\Firefox\Profiles\pqxpbglg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\progra~1\MOZILL~1\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.
- - - - POISTETUT JÄMÄRIVIT - - - -

MSConfigStartUp-CTFMON - (no file)
AddRemove-NVIDIA Drivers - c:\windows\system32\nvudisp.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-13 15:40
Windows 5.1.2600 Service Pack 3 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]
"1"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,04,7d,73,7b,41,5e,94,
fd
"2"=hex:d7,7a,ea,31,a0,f7,22,dd,b6,43,6f,32,07,8b,4a,0a,e2,6f,a8,1b,53,71,0d,
78,d5,ad,68,1b,c8,4a,9b,03
"3"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,aa,6b,6f,c8,5d,d1,dd,
70,c8,0c,a2,71,14,a4,b5,05,7d,2c,84,8d,ff,2b,de,6d,f8,f2,70,94,19,43,ce,bd,\

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC]
"1"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,d5,a9,6f,e0,2c,05,4e,14
"2"=hex:58,92,5a,34,3f,c6,a5,c5
"3"=hex:38,8c,06,ce,44,c8,db,63,26,c6,6d,ec,1a,3c,5e,96,62,4b,27,ff,e9,f0,73,
19,0f,7f,02,ae,8e,17,86,9e,a2,b4,af,98,ab,13,8f,a2,cb,b1,75,8f,b2,93,e9,60,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,3f,80,7f,ac,40,bb,20,05,87,89,be,8f,36,9e,41,37,\
"7"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,61,5a,c0,6c,22,7e,83,13,6e,44,91,28,69,cc,01,dd
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,73,7e,45,c6,9f,9e,10,
63,a0,2f,06,c2,a3,e9,62,70,d1,3e,e6,57,b7,98,40,c9,e4,cc,88,e6,39,d6,95,f5,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:4b,72,8f,bc,6c,3f,e4,15
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:9c,89,57,68,0d,93,bf,14,71,d6,f6,07,39,ae,fb,ce,2c,d3,f3,8b,2d,85,dd,
f8,79,4c,aa,60,57,be,24,7d,4c,c3,ef,fb,d2,3c,19,a9,d3,c0,88,77,8a,a9,15,93,\
"13"=hex:29,5a,2e,80,84,60,e6,02,1e,f9,e8,b8,0e,0b,83,39,3f,81,69,93,1b,67,8f,
8b
"14"=hex:44,0a,8b,5f,ad,d2,be,fd,bd,b9,f5,d5,d6,56,dd,33
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:8e,b7,97,07,5d,01,d9,fe,7f,af,96,df,9b,81,88,42
"22"=hex:81,20,8f,ab,28,6a,52,9c
"15"=hex:87,ce,6f,bd,d6,07,af,1f,86,a1,fb,a3,17,07,be,df,56,8e,46,f9,17,5f,80,
68,aa,93,72,e6,b8,c4,91,c0,02,8b,d2,c0,04,a0,06,63,97,26,65,96,ab,a9,ea,33,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ów*]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\PUBPLACE.HTT"
.
--------------------- Prosesseihin ladatut DLLt ---------------------

- - - - - - - > 'winlogon.exe'(856)
c:\windows\system32\Ati2evxx.dll
.
Valmistumisajankohta: 2010-01-13 15:43:11
ComboFix-quarantined-files.txt 2010-01-13 13:42

Ennen ajoa: 111 792 250 880 tavua vapaana
Ajon jälkeen: 114 201 522 176 tavua vapaana

WindowsXP-KB310994-SP2-Home-BootDisk-FIN.EXE
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 4829B671E7AED91A4187A655B18C0E19
RS8
Active Member
 
Posts: 11
Joined: January 6th, 2010, 5:34 pm

Re: CPU usage problem

Unread postby deltalima » January 13th, 2010, 3:42 pm

Hi RS8,

Could you please give me more details of the WLAN in your house and explain who manages the network from downstairs, and what access they have to your computer to set the group policy?

Next

Please re-open HijackThis and select Scan. Check the box next to the entry listed below (if present):

O20 - Winlogon Notify: WinCtrl32 - WinCtrl32.dll (file missing)

Now close all other open windows and then click on Fix Checked. Close HijackThis.

Now please Reboot the computer.

Next

RSIT (Random's System Information Tool)
Please download RSIT by random/random... save it to your desktop.
  1. Double click on RSIT.exe to run it... read the disclaimer... click on Continue.
  2. RSIT will start running. When done... 2 logs files...will be produced.
    The first one, "log.txt", <<will be maximized... the second one, "info.txt", <<will be minimized.
  3. Please post both... "log.txt" and "info.txt", file contents in your next reply.

Also please include the information requested above concerning the network.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: CPU usage problem

Unread postby RS8 » January 14th, 2010, 5:09 am

Hi,

"Manage" was probably the wrong term to use. I just talked to the guy who set up the network and he said that there's no way to affect the settings on this computer from downstairs - other than simply turning off the network, in which case the network on this floor wouldn't work either. When I mentioned to him about the group policy, he immediately suspected a virus and said that I should normally be able to turn off the XP firewall via general firewall settings. So this is starting to look nastier than I had imagined.

I couldn't find the entry on the HijackThis scan list, so I couldn't fix anything. But here are the RSIT log.txt and and info.txt:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Sampo at 2010-01-14 10:41:58
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 109 GB (71%) free of 153 GB
Total RAM: 2047 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:41:59, on 14.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\runservice.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Documents and Settings\Sampo\Työpöytä\RSIT.exe
C:\Program Files\trend micro\HijackThis\Sampo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tvnyt.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2829859484
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: iPod-palvelu (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe

--
End of file - 6202 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-06-09 312928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-05 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-05 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"EM_EXEC"=C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE [2001-09-19 35328]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2005-03-10 28160]
"zBrowser Launcher"=C:\Program Files\Logitech\iTouch\iTouch.exe [2001-09-18 200704]
"F-Secure Manager"=C:\Program Files\F-Secure\Common\FSM32.EXE [2008-10-09 182936]
"F-Secure TNB"=C:\Program Files\F-Secure\FSGUI\TNBUtil.exe [2008-10-09 1182304]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-06-09 198160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2006-10-13 20058152]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-05-15 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winta16.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winta16.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Ohjattu tiedostojen ja asetusten siirtäminen"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Ubisoft\Splinter Cell Pandora Tomorrow\pandora.exe"="C:\Program Files\Ubisoft\Splinter Cell Pandora Tomorrow\pandora.exe:*:Enabled:pandora"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

======List of files/folders created in the last 1 months======

2010-01-14 10:41:28 ----SHD---- C:\RECYCLER
2010-01-13 15:43:12 ----A---- C:\ComboFix.txt
2010-01-13 15:27:55 ----A---- C:\Boot.bak
2010-01-13 15:27:50 ----RASHD---- C:\cmdcons
2010-01-13 15:22:42 ----A---- C:\WINDOWS\zip.exe
2010-01-13 15:22:42 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-01-13 15:22:42 ----A---- C:\WINDOWS\SWSC.exe
2010-01-13 15:22:42 ----A---- C:\WINDOWS\SWREG.exe
2010-01-13 15:22:42 ----A---- C:\WINDOWS\sed.exe
2010-01-13 15:22:42 ----A---- C:\WINDOWS\PEV.exe
2010-01-13 15:22:42 ----A---- C:\WINDOWS\NIRCMD.exe
2010-01-13 15:22:42 ----A---- C:\WINDOWS\MBR.exe
2010-01-13 15:22:42 ----A---- C:\WINDOWS\grep.exe
2010-01-13 15:22:00 ----D---- C:\WINDOWS\ERDNT
2010-01-13 15:20:49 ----D---- C:\Qoobox
2010-01-13 11:35:51 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-13 11:35:34 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-05 17:44:01 ----D---- C:\Program Files\trend micro
2010-01-05 17:44:00 ----D---- C:\rsit
2010-01-05 17:28:35 ----A---- C:\WINDOWS\system32\javaws.exe
2010-01-05 17:28:35 ----A---- C:\WINDOWS\system32\javaw.exe
2010-01-05 17:28:34 ----A---- C:\WINDOWS\system32\java.exe
2010-01-05 10:46:19 ----RA---- C:\WINDOWS\system32\atiiiexx.dll
2010-01-05 10:46:05 ----RA---- C:\WINDOWS\system32\ATIDEMGX.dll
2009-12-29 14:04:46 ----D---- C:\Documents and Settings\Sampo\Application Data\F-Secure
2009-12-29 10:34:42 ----D---- C:\Documents and Settings\All Users\Application Data\F-Secure
2009-12-29 10:33:54 ----D---- C:\Documents and Settings\All Users\Application Data\fssg
2009-12-29 10:32:53 ----D---- C:\Program Files\F-Secure
2009-12-29 10:31:15 ----RA---- C:\WINDOWS\system32\fdco1.dll
2009-12-29 10:31:11 ----RA---- C:\WINDOWS\system32\nvconrm.dll
2009-12-29 10:31:11 ----RA---- C:\WINDOWS\system32\bdco1.dll
2009-12-29 10:31:11 ----A---- C:\WINDOWS\system32\nvunrm.exe

======List of files/folders modified in the last 1 months======

2010-01-14 10:32:18 ----D---- C:\WINDOWS\Temp
2010-01-14 10:30:09 ----D---- C:\WINDOWS\Prefetch
2010-01-14 10:25:37 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-14 10:17:29 ----D---- C:\Documents and Settings\Sampo\Application Data\Skype
2010-01-13 20:20:25 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-13 15:40:26 ----D---- C:\WINDOWS
2010-01-13 15:40:26 ----A---- C:\WINDOWS\system.ini
2010-01-13 15:33:21 ----D---- C:\WINDOWS\system32\drivers
2010-01-13 15:33:21 ----D---- C:\WINDOWS\system32
2010-01-13 15:33:21 ----D---- C:\WINDOWS\AppPatch
2010-01-13 15:33:17 ----D---- C:\Program Files\Common Files
2010-01-13 15:27:55 ----RASH---- C:\boot.ini
2010-01-13 11:35:57 ----HD---- C:\WINDOWS\inf
2010-01-13 11:35:54 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-13 11:35:47 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-13 11:35:42 ----A---- C:\WINDOWS\imsins.BAK
2010-01-13 11:34:49 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-12 22:00:29 ----D---- C:\WINDOWS\Help
2010-01-12 21:13:05 ----RD---- C:\Program Files
2010-01-05 17:28:50 ----SHD---- C:\WINDOWS\Installer
2010-01-05 17:28:05 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-01-05 17:27:59 ----D---- C:\Program Files\Java
2010-01-05 12:05:25 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-05 11:02:59 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-05 10:54:19 ----A---- C:\WINDOWS\msicpl.ini
2010-01-05 02:17:46 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-03 12:59:48 ----D---- C:\Documents and Settings\Sampo\Application Data\U3
2009-12-29 17:57:01 ----D---- C:\Program Files\Common Files\DriveCleaner Freeware
2009-12-29 10:14:32 ----D---- C:\Documents and Settings\Sampo\Application Data\Lavasoft
2009-12-29 10:10:36 ----A---- C:\WINDOWS\win.ini
2009-12-29 10:10:28 ----D---- C:\WINDOWS\pss
2009-12-27 01:27:50 ----D---- C:\Documents and Settings
2009-12-26 02:00:42 ----A---- C:\WINDOWS\cdplayer.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-08-02 635281]
R3 Arp1394;1394 ARP -asiakasprotokolla; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-05-15 4069888]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys []
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2004-09-14 13872]
R3 HDAudBus;Microsoft UAA -väyläohjain (High Definition Audio); C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2005-03-10 13056]
R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2005-03-10 24704]
R3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2005-03-10 36480]
R3 LKbdFlt2;Logitech Keyboard Class Filter Driver; C:\WINDOWS\system32\DRIVERS\LKbdFlt2.sys [2001-09-19 5840]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFlt2.sys [2001-09-19 67440]
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\System32\Drivers\LMouKE.sys [2005-03-10 69504]
R3 mouhid;Hiiren HID-ohjain; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-05 12160]
R3 NIC1394;1394-verkko-ohjain; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2004-05-17 33280]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2004-05-17 12928]
R3 usbaudio;USB-ääniohjain (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\yukonwxp.sys [2003-12-23 174464]
S3 catchme;catchme; \??\C:\DOCUME~1\Sampo\LOCALS~1\Temp\catchme.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 HidUsb;Microsoft HID -luokkaohjain; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 itchfltr;iTouch Keyboard Filter; C:\WINDOWS\system32\DRIVERS\itchfltr.sys [2001-08-10 10256]
S3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\System32\Drivers\L8042mou.sys [2005-03-10 53632]
S3 l8042pr2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042Pr2.sys [2001-09-19 50432]
S3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFlt2.sys [2001-09-19 22064]
S3 TNET1130;D-Link AirPlus XtremeG+ Wireless Adapter; C:\WINDOWS\system32\DRIVERS\GPlus.sys [2003-08-13 202496]
S3 USBSTOR;USB-massamuistiohjain; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZD1211U(ZyDAS);ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2005-08-16 278016]
S4 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys []
S4 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-05-15 602112]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS; C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe [2008-10-09 215648]
R2 FSMA;F-Secure Management Agent; C:\Program Files\F-Secure\Common\FSMA32.EXE [2008-10-09 117400]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-01-05 153376]
R2 LicCtrlService;LicCtrl Service; C:\WINDOWS\runservice.exe [2009-08-31 2560]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 FSAUA;F-Secure Automatic Update Agent; C:\Program Files\F-Secure\FSAUA\program\fsaua.exe [2008-10-09 490080]
R3 F-Secure Network Request Broker;F-Secure Network Request Broker; C:\Program Files\F-Secure\Common\FNRB32.EXE [2008-10-09 162456]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 iPodService;iPod-palvelu; C:\Program Files\iPod\bin\iPodService.exe [2004-12-18 327680]
S3 WMPNetworkSvc;Windows Media Playerin verkkojakamispalvelu; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-15 913920]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2010-01-14 10:42:02

======Uninstall list======

-->"C:\Program Files\Creative Installation Information\CD_RIPPER_UNICODE_2\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\CREATIVE_SYNC_MANAGER_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\CREATIVE_VIDEO_CONVERTER\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\ZEN_MTP_MEDIA_EXPLORER\Setup.exe" /remove /l0x0009
-->"C:\Program Files\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner"
-->"C:\Program Files\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"
-->"C:\Program Files\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
-->"C:\Program Files\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent"
-->"C:\Program Files\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
-->"C:\Program Files\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
-->"C:\Program Files\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface"
-->"C:\Program Files\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
-->"C:\Program Files\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help"
-->"C:\Program Files\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API"
-->"C:\Program Files\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
-->"C:\Program Files\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Policy Manager Support"
-->"C:\Program Files\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
-->"C:\Program Files\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall"
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Gigabyte\Silicon Image Base Driver\Uninst.isu"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
123 Free Solitaire-->C:\PROGRA~1\123FRE~1\UNWISE.EXE C:\PROGRA~1\123FRE~1\INSTALL.LOG
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.8 - Suomi-->MsiExec.exe /I{AC76BA86-7AD7-1035-7B44-A70500000002}
Adobe Reader Japanese Fonts-->MsiExec.exe /I{AC76BA86-7AD7-5760-0000-705000000001}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Apple Software Update-->MsiExec.exe /I{55FA89BD-21D3-42F7-9249-C94C0094A83C}
ArtMoney SE v7.07-->C:\Program Files\ArtMoney\uninstall.bat
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AudibleManager-->C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
CoolStreaming-->"C:\Program Files\CoolStreaming\uninstall.exe"
Creative Software AutoUpdate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9 /remove
Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative ZEN-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B2DBF55-05D4-4072-87D8-689141E262BD}\SETUP.EXE" -l0x9 /remove
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Eastside UK pre-game Editor v2007.1.6-->"C:\Program Files\Sports Interactive\Eastside UK\Eastside UK\unins000.exe"
Eastside UK saved game Editor v2007.0.4-->"C:\Program Files\Sports Interactive\Eastside UK\unins000.exe"
Enable S3 for USB Device-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Gigabyte\Enable S3 for USB Device\Uninst.isu"
FM Scout-->C:\Program Files\nygreen.net\FMScout\Uninstall.exe
Football Manager 2005-->MsiExec.exe /I{EC0AB585-B279-4A77-8BB5-64C403E43EE7}
F-Secure Anti-Virus for Workstations - Virus- ja vakoilusuojaus-->"C:\Program Files\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix-korjauspäivitys Windows Media Player 11:lle (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix-päivitys Windows Internet Explorer 7:lle (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix-päivitys Windows XP:lle (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix-päivitys Windows XP:lle (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix-päivitys Windows XP:lle (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
IL-2 Sturmovik Demo-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ubi Soft\IL-2 Sturmovik Demo\Uninst.isu"
iTunes-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3CB41017-F5CA-4C56-934C-ED02156251E6}
J2SE Runtime Environment 5.0 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
J2SE Runtime Environment 5.0 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" UNINSTALL /Lb
Logitech iTouch -ohjelmisto-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\setup.exe" UNINSTALL
Logitech MouseWare 9.41 .1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\Setup.exe" -l000b UNINSTALL
Logitech SetPoint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0xb -removeonly
Logitech-käyttöopas-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CBE0FCA1-4E95-11D4-9875-00105ACE7734}\Setup.exe" UNINSTALL
MadOnion.com/3DMark2000-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MadOnion.com\3DMark2000\Uninst.isu"
Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
MCFM 05-->MsiExec.exe /I{81A1422D-BBC9-4B7A-B7D3-559242491B48}
MCFM 05-->MsiExec.exe /I{925D9154-A649-4121-97BF-BC86A0D926C5}
MCFM 05-->MsiExec.exe /I{A69AB8FD-41B5-4CD7-8290-141708E97289}
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework SDK (English) 1.1-->MsiExec.exe /X{EB9BD1D5-8DFB-48C4-927B-10BB47CA59B3}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Midtown Madness 2-->"C:\Program Files\Microsoft Games\Midtown Madness 2\UNINSTAL.EXE" /runtemp /addremove
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Professional-->MsiExec.exe /I{0001040B-78E1-11D2-B60F-006097C998E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.20)-->C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
Nero - Burning Rom-->MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
NHL Eastside Hockey Manager 2007-->MsiExec.exe /X{9DE4E17F-0C99-4A57-8F7D-5B69CC95D7A9}
OpenOffice.org 3.1-->MsiExec.exe /I{BE7CD87D-BC9E-4350-9A8E-2EF4A65A2437}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PuTTY version 0.60-->"C:\Program Files\PuTTY\unins000.exe"
Päivitys Windows Internet Explorer 8:lle (KB971930)-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe"
Päivitys Windows Internet Explorer 8:lle (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
QuickTime-->MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
Ray-Ban Virtual Mirror-->C:\Program Files\RaybanMirror\app\Launcher.exe -u
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
SimCity 4-->C:\Program Files\Maxis\SimCity 4\EAUninstall.exe
Skype 2.5-->"C:\Program Files\Skype\Phone\unins000.exe"
SolSuite-->C:\PROGRA~1\SolSuite\UNWISE.EXE C:\PROGRA~1\SolSuite\INSTALL.LOG
SopCast 3.0.3-->C:\Program Files\SopCast\uninst.exe
Splinter Cell Pandora Tomorrow-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{084A9731-D05B-4ADA-B4A0-0ADD25FD7152}\Setup.exe" -l0x9
Suojauspäivitys ohjelmistolle Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 7:lle (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 7:lle (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 7:lle (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 7:lle (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 7:lle (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 7:lle (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 7:lle (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 7:lle (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 7:lle (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 7:lle (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 7:lle (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 7:lle (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 7:lle (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 7:lle (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 7:lle (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 7:lle (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 7:lle (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 8:lle (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 8:lle (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 8:lle (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 8:lle (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 8:lle (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Suojauspäivitys Windows Media Player 11:lle (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Suojauspäivitys Windows Media Player 11:lle (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Suojauspäivitys Windows Media Player 9:lle (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Suojauspäivitys Windows Media Player 9:lle (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Suojauspäivitys Windows Media Playerille (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Suojauspäivitys Windows Media Playerille (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Suojauspäivitys Windows Media Playerille (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Suojauspäivitys Windows Media Playerille (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Tärkeä päivitys Windows Media Player 11:lle (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.4a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
ZENcast Organizer-->"C:\Program Files\Creative Installation Information\ZENCAST_ORGANIZER\Setup.exe" /remove /l0x0009

======Security center information======

AV: F-Secure Anti-Virus for Workstations 8.00

======System event log======

Computer Name: SAMPO-C6169EC83
Event Code: 4226
Message: TCP/IP saavutti yhtäaikaisille TCP-yhteysyrityksille asetetun suojausrajoituksen.

Record Number: 130962
Source Name: Tcpip
Time Written: 20091223000230.000000+120
Event Type: warning
User:

Computer Name: SAMPO-C6169EC83
Event Code: 4226
Message: TCP/IP saavutti yhtäaikaisille TCP-yhteysyrityksille asetetun suojausrajoituksen.

Record Number: 130961
Source Name: Tcpip
Time Written: 20091222234119.000000+120
Event Type: warning
User:

Computer Name: SAMPO-C6169EC83
Event Code: 4226
Message: TCP/IP saavutti yhtäaikaisille TCP-yhteysyrityksille asetetun suojausrajoituksen.

Record Number: 130907
Source Name: Tcpip
Time Written: 20091222003756.000000+120
Event Type: warning
User:

Computer Name: SAMPO-C6169EC83
Event Code: 4226
Message: TCP/IP saavutti yhtäaikaisille TCP-yhteysyrityksille asetetun suojausrajoituksen.

Record Number: 130906
Source Name: Tcpip
Time Written: 20091221235541.000000+120
Event Type: warning
User:

Computer Name: SAMPO-C6169EC83
Event Code: 4226
Message: TCP/IP saavutti yhtäaikaisille TCP-yhteysyrityksille asetetun suojausrajoituksen.

Record Number: 130905
Source Name: Tcpip
Time Written: 20091221233342.000000+120
Event Type: warning
User:

=====Application event log=====

Computer Name: SAMPO-C6169EC83
Event Code: 1517
Message: Windows tallensi käyttäjän SAMPO-C6169EC83\Sampo rekisterin, kun jokin sovellus tai palvelu käytti yhä rekisteriä uloskirjautumisen aikana. Käyttäjän rekisterin varaamaa muistia ei ole vapautettu. Rekisterin lataus poistetaan, kun rekisteri ei ole enää käytössä.


Tähän on usein syynä käyttäjän tilin avulla suoritettavat palvelut. Määritä palvelut LocalService- tai NetworkService-tilin avulla suoritettaviksi.

Record Number: 6957
Source Name: Userenv
Time Written: 20080602185559.000000+180
Event Type: warning
User: NT-HALLINTA\SYSTEM

Computer Name: SAMPO-C6169EC83
Event Code: 1517
Message: Windows tallensi käyttäjän SAMPO-C6169EC83\Sampo rekisterin, kun jokin sovellus tai palvelu käytti yhä rekisteriä uloskirjautumisen aikana. Käyttäjän rekisterin varaamaa muistia ei ole vapautettu. Rekisterin lataus poistetaan, kun rekisteri ei ole enää käytössä.


Tähän on usein syynä käyttäjän tilin avulla suoritettavat palvelut. Määritä palvelut LocalService- tai NetworkService-tilin avulla suoritettaviksi.

Record Number: 6952
Source Name: Userenv
Time Written: 20080602022827.000000+180
Event Type: warning
User: NT-HALLINTA\SYSTEM

Computer Name: SAMPO-C6169EC83
Event Code: 1517
Message: Windows tallensi käyttäjän SAMPO-C6169EC83\Sampo rekisterin, kun jokin sovellus tai palvelu käytti yhä rekisteriä uloskirjautumisen aikana. Käyttäjän rekisterin varaamaa muistia ei ole vapautettu. Rekisterin lataus poistetaan, kun rekisteri ei ole enää käytössä.


Tähän on usein syynä käyttäjän tilin avulla suoritettavat palvelut. Määritä palvelut LocalService- tai NetworkService-tilin avulla suoritettaviksi.

Record Number: 6949
Source Name: Userenv
Time Written: 20080601215920.000000+180
Event Type: warning
User: NT-HALLINTA\SYSTEM

Computer Name: SAMPO-C6169EC83
Event Code: 1517
Message: Windows tallensi käyttäjän SAMPO-C6169EC83\Sampo rekisterin, kun jokin sovellus tai palvelu käytti yhä rekisteriä uloskirjautumisen aikana. Käyttäjän rekisterin varaamaa muistia ei ole vapautettu. Rekisterin lataus poistetaan, kun rekisteri ei ole enää käytössä.


Tähän on usein syynä käyttäjän tilin avulla suoritettavat palvelut. Määritä palvelut LocalService- tai NetworkService-tilin avulla suoritettaviksi.

Record Number: 6942
Source Name: Userenv
Time Written: 20080601013557.000000+180
Event Type: warning
User: NT-HALLINTA\SYSTEM

Computer Name: SAMPO-C6169EC83
Event Code: 1517
Message: Windows tallensi käyttäjän SAMPO-C6169EC83\Sampo rekisterin, kun jokin sovellus tai palvelu käytti yhä rekisteriä uloskirjautumisen aikana. Käyttäjän rekisterin varaamaa muistia ei ole vapautettu. Rekisterin lataus poistetaan, kun rekisteri ei ole enää käytössä.


Tähän on usein syynä käyttäjän tilin avulla suoritettavat palvelut. Määritä palvelut LocalService- tai NetworkService-tilin avulla suoritettaviksi.

Record Number: 6935
Source Name: Userenv
Time Written: 20080531024051.000000+180
Event Type: warning
User: NT-HALLINTA\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 31 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=1f00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------
RS8
Active Member
 
Posts: 11
Joined: January 6th, 2010, 5:34 pm

Re: CPU usage problem

Unread postby deltalima » January 14th, 2010, 8:05 am

Hi RS8,

Please download PsTools and save it to you desktop.

Right click PsTools and select Extract All and follow the prompts.

Create a batch file
  1. Open Notepad.
  2. Copy/paste the following text into the empty Notepad window.
    Code: Select all
    "%userprofile%\desktop\pstools\pslist"  >> results.txt
    start notepad results.txt
    
  3. Save the file as xxx.bat on your desktop. Save it with the file type... all types *.*.
  4. Double click the file xxx.bat to execute.
  5. Click on the Agree button.


results.txt should open in Notepad automatically when the script has complete, post the contents of this file in your next response along with an update on how your computer is now running.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: CPU usage problem

Unread postby RS8 » January 14th, 2010, 11:05 am

I must be doing something wrong, because the xxx.bat opens an empty results.txt file. I copy/pasted the code and when that didn't work, I replaced the word userprofile with Sampo and the word desktop with its Finnish counterpart (= Työpöytä). That didn't work either.

Edit: xxx.bat doesn't seem to be asking me to "agree" on anything, either.
RS8
Active Member
 
Posts: 11
Joined: January 6th, 2010, 5:34 pm

Re: CPU usage problem

Unread postby deltalima » January 14th, 2010, 2:56 pm

Hi RS8,

I must be doing something wrong


Not at all, my fault for not considering the language differences for the batch file.

We will do some of the stages manually to make sure.

Please open a command prompt window by clicking start click run then type cmd into the white box then click OK

A black screen will appear

At the prompt type cd \ the press enter (that is cd then space then backslash)

Now type cd then a space and the name of the folder that corresponds to documents and settings within double quote marks

In English this would be

cd "documents and settings" then press enter

Now type cd then space then the username Sampo then enter

Now type cd then space then the word for desktop then enter

The prompt should now read the equivalent of

C:\documents and settings\user\desktop

Create a batch file
  1. Open Notepad.
  2. Copy/paste the following text into the empty Notepad window.
    Code: Select all
    pstools\pslist  >> results.txt
    start notepad results.txt
    
  3. Save the file as xxx.bat on your desktop. Save it with the file type... all types *.*.
  4. At the command prompt type xxx.bat and press enter
  5. Click on the Agree button.


results.txt should open in Notepad automatically when the script has complete, post the contents of this file in your next response along with an update on how your computer is now running.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: CPU usage problem

Unread postby RS8 » January 14th, 2010, 5:05 pm

That did the trick - no empty files this time around!

Update on computer:

1) CPU usage still at 50% or more with 40+ processes going on
2) 3Dmark2000 score 5585 with anti-virus program on. Previous results -from before starting this thread - were 5645 (anti-virus on) and 5591 (anti-virus off). No noticeable improvement in performance, it seems.

Here are the contents of results.txt:

Process information for SAMPO-C6169EC83:

Name Pid Pri Thd Hnd Priv CPU Time Elapsed Time
Idle 0 0 1 0 0 0:04:15.546 0:00:00.000
System 4 8 54 787 0 0:00:08.078 0:00:00.000
smss 364 11 3 19 172 0:00:00.031 0:15:11.859
csrss 792 13 12 563 1700 0:00:03.140 0:15:09.656
winlogon 856 13 22 446 6424 0:00:00.875 0:15:05.953
services 900 9 15 292 1712 0:00:01.046 0:15:05.625
lsass 912 9 21 360 3840 0:00:00.859 0:15:05.578
ati2evxx 1068 8 4 86 1908 0:00:00.140 0:15:04.234
svchost 1080 8 17 215 3156 0:00:00.125 0:15:04.218
svchost 1160 8 11 258 1816 0:00:00.156 0:15:03.703
svchost 1304 8 67 1420 12896 0:00:01.781 0:15:03.484
svchost 1336 8 5 105 2400 0:00:00.046 0:15:03.421
ati2evxx 1404 8 5 101 2100 0:00:00.140 0:15:00.718
svchost 1492 8 4 72 1256 0:00:00.093 0:14:58.609
svchost 1600 8 10 155 1468 0:00:00.046 0:14:58.484
spoolsv 1760 8 14 154 3308 0:00:00.156 0:14:56.906
svchost 2008 8 4 106 1304 0:00:00.031 0:14:49.656
CTSVCCDA 116 8 2 30 448 0:00:00.015 0:14:49.515
fsgk32st 172 8 2 41 344 0:00:00.015 0:14:49.484
FSMA32 140 8 15 109 980 0:00:00.109 0:14:49.453
fsgk32 184 8 23 156 2788 0:00:00.187 0:14:49.437
jqs 208 4 8 235 7364 0:00:02.750 0:14:49.406
FSMB32 236 8 21 135 792 0:00:00.500 0:14:49.281
Runservice 252 8 3 36 488 0:00:00.015 0:14:49.281
FCH32 644 8 4 44 1564 0:00:00.296 0:14:46.140
FAMEH32 796 8 9 107 1180 0:00:00.062 0:14:45.625
fsqh 916 8 2 36 564 0:00:00.015 0:14:45.625
FNRB32 1284 8 6 92 1404 0:00:00.062 0:14:44.015
fssm32 1296 8 8 111 194172 0:00:14.000 0:14:44.000
fsaua 1364 6 3 87 2764 0:00:01.468 0:14:43.968
FIH32 1648 8 2 29 604 0:00:00.031 0:14:43.781
alg 1852 8 6 105 1184 0:00:00.125 0:14:43.578
fsav32 2460 8 9 119 2952 0:00:00.078 0:14:12.015
explorer 2872 8 17 491 16936 0:00:04.078 0:14:02.921
FSM32 3128 8 6 87 3668 0:00:00.171 0:13:51.984
qttask 3164 8 2 48 788 0:00:00.093 0:13:50.328
realsched 3172 8 4 126 1116 0:00:00.125 0:13:50.265
Skype 3180 8 12 382 14768 0:00:01.765 0:13:50.156
ctfmon 3196 8 1 71 1024 0:00:00.093 0:13:49.750
SetPoint 3228 8 2 164 4348 0:00:00.515 0:13:47.640
fsguidll 3784 8 8 106 5124 0:00:00.359 0:13:39.718
KHALMNPR 3952 8 16 141 2568 0:00:00.078 0:13:35.093
scanwizard 1144 8 3 51 1536 0:00:00.046 0:13:10.781
cmd 3160 8 1 34 2012 0:00:00.046 0:04:43.828
pslist 2356 13 2 105 1312 0:00:00.125 0:00:25.515
RS8
Active Member
 
Posts: 11
Joined: January 6th, 2010, 5:34 pm

Re: CPU usage problem

Unread postby deltalima » January 15th, 2010, 4:49 am

Hi RS8,

The PSlist log shows that F-Secure Anti-Virus is using a significant amount of CPU time, but not enough to explain the 50 to 100 percent that you are experiencing.

Could you give details of when you first noticed the problem?
Did you install the antivirus after the problem appeared?
Could you post details from the antivirus log of the virus that was found?

Please download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log and answers to my earlier questions in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: CPU usage problem

Unread postby RS8 » January 15th, 2010, 9:36 pm

deltalima wrote:Could you give details of when you first noticed the problem?
Did you install the antivirus after the problem appeared?
Could you post details from the antivirus log of the virus that was found?


Sorry, can't help much here I'm afraid. I had never used a program that monitors CPU usage before late December when the problem was discovered by the very same guy who once set up the network (he takes care of almost everything computer related in this house). He was here to replace my graphics card and was kind enough to install the F-Secure Anti-Virus in the process. He then noticed the high CPU usage, but had no time to look into it. Finally he started the defragmentation process and left. I turned the anti-virus program on after the hard drive had been defragmented and then performed a full system scan.

I've had this computer since 2005 though and it has seemed slow for quite some time now. Could be years, even! I just didn't do much with the computer besides surfing on the net and playing a game that is supposed to be CPU heavy (not graphics card heavy) regardless of how high end your PC is, so I unwisely chose to ignore the whole thing.

I don't know how to find the antivirus log of the virus, but I performed another full system scan last evening and nothing was found (I have the report saved on my desktop in case you're interested). I also discovered that the program by default renames any file it can't clean up so that's probably what's happened, but I have no idea about the file names.

Here's the GMER log, but I'm not sure it contains the information it's supposed to? The scan took 3½ hours and when I returned to my computer, this was all that was shown under Rootkit/Malware:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-16 02:29:30
Windows 5.1.2600 Service Pack 3
Running: w7cw6t9z.exe; Driver: C:\DOCUME~1\Sampo\LOCALS~1\Temp\kwaoifoc.sys


---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xB96BE900]
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB9233000, 0x22AD47, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

EDIT: forgot to mention that before running GMER, I noticed that I now have the option to turn off the firewall under general firewall settings.There's still the claim that the group policy is in control of some of my settings though, but it doesn't seem to affect my ability to change the settings.
RS8
Active Member
 
Posts: 11
Joined: January 6th, 2010, 5:34 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 21 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware