Explorer Problem

[Redavni]

My problem is that when I select and individual or multiple video files at once, the explorer process in task manager consumes 50%+ of the CPU. I have scanned with AVG, S&D, Ad-Aware and have found nothing. This problems seems to happen only to a network shared folder containing nothing but video files. I have included my hijackthis log if that helps. Also this is a fairly recent installation of XP Pro.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:20:47 PM, on 7/26/2008
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20696)
Boot mode: Normal

Running processes:
I:\windows\System32\smss.exe
I:\windows\system32\winlogon.exe
K:\Program Files\AVG\AVG8\avgrsx.exe
I:\windows\system32\services.exe
I:\windows\system32\lsass.exe
I:\windows\system32\svchost.exe
I:\windows\system32\svchost.exe
K:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
I:\windows\system32\spoolsv.exe
I:\windows\system32\nvsvc32.exe
I:\windows\system32\HPZipm12.exe
I:\windows\Explorer.EXE
K:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
K:\PROGRA~1\AVG\AVG8\avgtray.exe
I:\windows\system32\ctfmon.exe
I:\windows\System32\svchost.exe
I:\Program Files\uTorrent\uTorrent.exe
K:\Program Files\POP Peeper\POPPeeper.exe
K:\Program Files\Combined Community Codec Pack\MPC\mplayerc.exe
I:\PROGRA~1\MOZILL~1\FIREFOX.EXE
K:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - K:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "K:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] K:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] I:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - K:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - K:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - I:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - I:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\windows\Network Diagnostic\xpnetdiag.exe
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - K:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - K:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - K:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\windows\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - I:\windows\system32\HPZipm12.exe

--
End of file - 4413 bytes

 

[KSoD]

Hello,

There is nothing really bad in this log. Also it is posted in the wrong area. We have a analyze section for these things.

So its up to you. Do you want to continue with trying to find something hidden or try somethign else?

Cheers,
Mak

 

[Redavni]

I would like to try and determine what is causing this problem, any ideas? Sorry about posting in the wrong area.

 

[KSoD]

Hello,

No biggie. Moved it easily. Just so you know next time. So to dig deeper do as follows:

Step 1 | Deckard System Scanner

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Logs needed in next reply:

Deckard System Scanner

Cheers,
Mak

 

[Redavni]

main.txt

Deckard's System Scanner v20071014.68
Run by Jake on 2008-07-26 21:54:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Jake.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:56:26 PM, on 7/26/2008
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20696)
Boot mode: Normal

Running processes:
I:\windows\System32\smss.exe
I:\windows\system32\winlogon.exe
K:\Program Files\AVG\AVG8\avgrsx.exe
I:\windows\system32\services.exe
I:\windows\system32\lsass.exe
I:\windows\system32\svchost.exe
I:\windows\system32\svchost.exe
K:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
I:\windows\system32\spoolsv.exe
I:\windows\system32\nvsvc32.exe
I:\windows\system32\HPZipm12.exe
I:\windows\Explorer.EXE
K:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
K:\PROGRA~1\AVG\AVG8\avgtray.exe
I:\windows\system32\ctfmon.exe
I:\windows\System32\svchost.exe
I:\Program Files\uTorrent\uTorrent.exe
I:\Program Files\Windows Live\Messenger\usnsvc.exe
K:\Program Files\POP Peeper\POPPeeper.exe
I:\Documents and Settings\Jake\Desktop\dss.exe
K:\PROGRA~1\TRENDM~1\HIJACK~1\Jake.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - K:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "K:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] K:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] I:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - K:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - K:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - I:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - I:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\windows\Network Diagnostic\xpnetdiag.exe
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - K:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - K:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - K:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\windows\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - I:\windows\system32\HPZipm12.exe

--
End of file - 4398 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 snapman (Acronis Snapshots Manager) - i:\windows\system32\drivers\snapman.sys <Not Verified; Acronis; Acronis Snapshot API>
R3 mcdbus (Driver for MagicISO SCSI Host Controller) - i:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>

S3 LVUSBSta (Logitech USB Monitor Filter) - i:\windows\system32\drivers\lvusbsta.sys (file missing)
S3 PID_0928 (Labtec WebCam(PID_0928)) - i:\windows\system32\drivers\lv561av.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: CanoScan
Device ID: USB\VID_04A9&PID_2220\5&36C701F9&0&1
Manufacturer:
Name: CanoScan
PNP Device ID: USB\VID_04A9&PID_2220\5&36C701F9&0&1
Service:


-- Files created between 2008-06-26 and 2008-07-26 -----------------------------

2008-07-26 16:30:26 0 dr-h----- I:\Documents and Settings\Jake\Recent
2008-07-26 02:16:46 0 d-------- I:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-26 02:16:22 0 d-------- I:\Program Files\Common Files\Wise Installation Wizard
2008-07-26 02:15:22 0 d-------- I:\Documents and Settings\All Users\Application Data\TEMP
2008-07-26 00:48:10 0 d-------- I:\Program Files\Common Files\DirectX
2008-07-25 05:23:09 0 d-------- I:\Program Files\Neffy
2008-07-21 12:33:44 0 d-------- I:\windows\Logs
2008-07-21 01:15:39 96 --ah----- I:\windows\system32\HsInfo.dat
2008-07-20 20:17:54 0 d-------- I:\Documents and Settings\Jake\Application Data\ImgBurn
2008-07-16 06:21:49 0 d-------- I:\Documents and Settings\Jake\.thumbnails
2008-07-15 21:30:06 0 d-------- I:\Documents and Settings\Jake\Application Data\gtk-2.0
2008-07-15 21:24:31 0 d-------- I:\Documents and Settings\Jake\.gimp-2.4
2008-07-15 13:53:02 0 d-------- I:\Documents and Settings\Jake\Application Data\Diino
2008-07-15 13:49:30 0 d-------- I:\windows\system32\drivers\Avg
2008-07-15 13:49:27 0 d-------- I:\Program Files\AVG
2008-07-15 13:49:27 0 d-------- I:\Documents and Settings\All Users\Application Data\avg8
2008-07-15 13:08:51 0 d-------- I:\Documents and Settings\Jake\Application Data\FileZilla
2008-07-15 00:51:33 0 d-------- I:\windows\system32\LogFiles
2008-07-14 00:29:02 0 d-------- I:\Documents and Settings\Jake\Application Data\DivX
2008-07-13 20:54:58 0 d-------- I:\windows\Sun
2008-07-13 20:17:36 0 d-------- I:\Documents and Settings\Jake\Application Data\FrostWire
2008-07-13 13:30:21 0 d-------- I:\Program Files\Common Files\Logitech
2008-07-13 13:29:55 0 d--h----- I:\Program Files\InstallShield Installation Information
2008-07-13 12:46:57 0 d-------- I:\Program Files\Common Files\HP
2008-07-13 12:46:13 0 d-------- I:\Program Files\Hewlett-Packard
2008-07-13 12:45:55 0 d-------- I:\Documents and Settings\All Users\Application Data\HP
2008-07-13 12:45:35 57344 --a------ I:\windows\system32\HPZisn12.dll <Not Verified; HP; HP SNMP Windows>
2008-07-13 12:45:35 94208 --a------ I:\windows\system32\HPZipt12.dll <Not Verified; HP; HP SNMP Windows>
2008-07-13 12:45:35 69632 --a------ I:\windows\system32\HPZipm12.exe <Not Verified; HP; HP PML>
2008-07-13 12:45:35 61440 --a------ I:\windows\system32\HPZinw12.exe <Not Verified; HP; HP Dot4Net Windows>
2008-07-13 12:45:34 204800 --a------ I:\windows\system32\HPZipr12.dll <Not Verified; HP; HP PmlRtl>
2008-07-13 12:45:34 278584 --a------ I:\windows\system32\HPZidr12.dll <Not Verified; HP; HP Dot4Rtl>
2008-07-13 12:45:33 306688 --a------ I:\windows\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-07-13 12:44:17 0 d-------- I:\Program Files\HP
2008-07-13 12:37:40 1350 -----n--- I:\windows\hpfmdl05.dat
2008-07-13 12:37:40 79643 --a------ I:\windows\hpfins05.dat
2008-07-13 12:34:07 0 d-------- I:\Documents and Settings\Jake\Application Data\HP
2008-07-13 12:17:03 0 d-------- I:\Documents and Settings\Jake\Application Data\Independent
2008-07-13 11:57:44 0 d-------- I:\Documents and Settings\Jake\.jedit
2008-07-13 11:54:53 0 d-------- I:\Program Files\Sun
2008-07-13 11:53:26 0 d-------- I:\Program Files\Common Files\Java
2008-07-13 11:53:00 0 d-------- I:\Documents and Settings\Jake\Application Data\Sun
2008-07-13 11:44:37 0 d-------- I:\Documents and Settings\Jake\Application Data\GarageGames
2008-07-13 11:44:36 4096 --a------ I:\windows\d3dx.dat
2008-07-13 11:44:35 44 --a------ I:\Documents and Settings\All Users\Application Data\{3D55D1F4-1059-11DC-B281-197056D89593}
2008-07-13 00:40:53 41952 --ah----- I:\windows\system32\mlfcache.dat
2008-07-12 20:38:55 0 d-------- I:\Program Files\Microsoft SQL Server Compact Edition
2008-07-12 20:33:06 0 d--hs--c- I:\Program Files\Common Files\WindowsLiveInstaller
2008-07-12 20:32:51 0 d-------- I:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-12 18:47:35 0 d-------- I:\Documents and Settings\Jake\Application Data\POP Peeper


-- Find3M Report ---------------------------------------------------------------

2008-07-26 21:56:23 0 d-------- I:\Documents and Settings\Jake\Application Data\uTorrent
2008-07-26 02:16:22 0 d-------- I:\Program Files\Common Files
2008-07-18 22:10:03 0 d-------- I:\Program Files\uTorrent
2008-07-16 20:15:38 0 d-------- I:\Documents and Settings\Jake\Application Data\Identities
2008-07-15 05:13:19 0 d-------- I:\Documents and Settings\Jake\Application Data\mIRC
2008-07-14 01:02:43 0 d-------- I:\Program Files\mIRC
2008-07-13 13:28:50 0 d-------- I:\Program Files\Common Files\InstallShield
2008-07-13 06:35:47 0 d-------- I:\Program Files\Windows Live


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 Command - Keeping Software Free
127.0.0.1 032439.com

8935 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-26 21:56:53 ------------

extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) 64 X2 Dual Core Processor 4800+
Percentage of Memory in Use: 18%
Physical Memory (total/avail): 2815.48 MiB / 2288 MiB
Pagefile Memory (total/avail): 5407 MiB / 5030.66 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930.06 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 14.65 GiB total, 11.64 GiB free.
D: is CDROM (No Media)
E: is Fixed (NTFS) - 203.19 GiB total, 129.27 GiB free.
I: is Fixed (NTFS) - 74.52 GiB total, 68.13 GiB free.
J: is CDROM (No Media)
K: is Fixed (NTFS) - 15.04 GiB total, 8.17 GiB free.

\\.\PHYSICALDRIVE1 - ST3250824A - 232.88 GiB - 3 partitions
\PARTITION0 (bootable) - Extended Partition - 232.88 GiB - C: - E: - K:

\\.\PHYSICALDRIVE0 - WDC WD800BB-53DKA0 - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - I:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=I:\Documents and Settings\All Users
APPDATA=I:\Documents and Settings\Jake\Application Data
CLIENTNAME=Console
CommonProgramFiles=I:\Program Files\Common Files
COMPUTERNAME=STRIFE
ComSpec=I:\windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=I:
HOMEPATH=\Documents and Settings\Jake
LOGONSERVER=\\STRIFE
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=K:\Program Files\Java\jdk1.6.0_07\bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 35 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2302
ProgramFiles=I:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=I:
SystemRoot=I:\windows
TEMP=I:\DOCUME~1\Jake\LOCALS~1\Temp
TMP=I:\DOCUME~1\Jake\LOCALS~1\Temp
USERDOMAIN=STRIFE
USERNAME=Jake
USERPROFILE=I:\Documents and Settings\Jake
windir=I:\windows


-- User Profiles ---------------------------------------------------------------

Jake (admin)


-- Add/Remove Programs ---------------------------------------------------------



-- Application Event Log -------------------------------------------------------

Event Record #/Type969 / Success
Event Submitted/Written: 07/26/2008 07:39:24 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type964 / Success
Event Submitted/Written: 07/26/2008 04:03:09 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type947 / Success
Event Submitted/Written: 07/26/2008 08:41:20 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type879 / Error
Event Submitted/Written: 07/24/2008 09:25:37 PM
Event ID/Source: 5000 / Windows Live Messenger BETA
Event Description:
msnmsgrdiagnosticmsnmsgr.exe9.0.1407login080072745NILNILNILNILNIL

Event Record #/Type878 / Error
Event Submitted/Written: 07/24/2008 09:23:01 PM
Event ID/Source: 5000 / Windows Live Messenger BETA
Event Description:
msnmsgrdiagnosticmsnmsgr.exe9.0.1407login081000314NILNILNILNILNIL



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type1528 / Warning
Event Submitted/Written: 07/26/2008 08:56:02 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type1527 / Error
Event Submitted/Written: 07/26/2008 08:52:35 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Event Record #/Type1524 / Warning
Event Submitted/Written: 07/26/2008 07:06:48 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type1523 / Error
Event Submitted/Written: 07/26/2008 06:14:49 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Event Record #/Type1522 / Warning
Event Submitted/Written: 07/26/2008 06:11:54 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2008-07-26 21:56:53 ------------

 

[KSoD]

Hello,

I dont see anything harmful in those logs. Your system looks clean to me.

The only thing i can think of is that the explorer usage is jumping cause it is trying to obtain the details of the network files. Do you have them in thumbnail mode so that it tries to generate a thumbnail for each video in the network drive?

If so you might want to switch that to Icons or something else. That should drop the usage down of explorer.exe when accessing that folder.

Cheers,
Mak

 

[Redavni]

I have my folder options set to the 'details' view, like always, but it makes no difference.

 

[KSoD]

Hello,

Then i dont know. Cause there is nothing in the logs that show why this would happen. No viruses or malware that i see. But if you wish...

I suggest you take your log to the malware doctors found in this forum.
Please make sure that you read this before posting anything in the malware forum.

If you're still having problems after the malware doctors declare your log clean feel free to post back here and we'll help you to the best of our knowledge!

Cheers,
Mak

 

[Redavni]

Alright, I have posted on their forums, to bad it looks like I'm on my way to the 3 day wait before I can bring it to any ones attention (post is on the 5th page so far). Thanks for the help Mak213.

 

[Osiris]

Lets try to tackle this here

Remove these entries

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Is this a networked computer at your work?

O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')

O9 - Extra button: (no name) - AutorunsDisabled - (no file)

and then post an updated log