Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Cpu usage

  • 14-08-2008 8:38pm
    #1
    Atomic Pineapple
    Registered Users, Registered Users 2 Posts: 18,272 ✭✭✭✭


    Have a compaq laptop and just all of a sudden today the mouse started jerking all over the screen when i tried to move it.

    looked up the task manager and the cpu usage was spiking at 100% so I shut it down and left it for awhile, When I started it again it took over 5 minutes for windows to load up.

    I'm on it now and its still pretty slow with the cpu usage constantly around 50% and spking to 90 and 100 every 30 seconds or so.

    I have up to date anti virus and anti spyware software and have run a scan but it has found nothing, anyone any ideas on what i could look into next?


Comments

  • #2
    maki
    Registered Users, Registered Users 2 Posts: 772 ✭✭✭maki


    Follow these steps:
    http://boards.ie/vbulletin/showthread.php?t=2055274237


  • #3
    Atomic Pineapple
    Registered Users, Registered Users 2 Posts: 18,272 ✭✭✭✭Atomic Pineapple


    maki wrote: »
    Follow these steps:
    http://boards.ie/vbulletin/showthread.php?t=2055274237

    have done, after the Malwarebytes' Anti-Malware and the SUPERAntiSpyware Free Edition scans everything seems fine, the cpu usage goes down to around 2% but after i restart the laptop the cpu spikes again and the laptop is extremely slow.

    here is the runscanner log:
    Runscanner logfile http://www.runscanner.net 

* = signed file
- = file not found

General info
------------
Computer name : YOUR-4105E587B6
Creation time : 18/08/2008 18:43:05
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 7.0.5730.13
OS : Microsoft Windows XP
OS Build : 2600
OS SP : Service Pack 2
RunScanner Version : 1.7.0.0
User Language : English (United Kingdom)
User rights : Administrator
Windows folder : C:\WINDOWS

Running processes
-----------------
  C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
* C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
* C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
* C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
  C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
* C:\WINDOWS\system32\csrss.exe (Microsoft Corporation)
* C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
  C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
  C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Development Company, L.P.)
  C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
  C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
  C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
  C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
* C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
* C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
* C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
* C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
* C:\WINDOWS\system32\lsass.exe (Microsoft Corporation)
  C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
* C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
  C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
* C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
* C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (Symantec Corporation)
* C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE (Symantec Corporation)
  c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE (Oracle Corporation)
* C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
* C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
  C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
* C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
* C:\RunScanner.exe (Runscanner.net)
* C:\WINDOWS\system32\services.exe (Microsoft Corporation)
* C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
* C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation)
  C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
* C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
* C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (Symantec Corporation)
* C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
* C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
* C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
* C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
  C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
* C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
* C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
* C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
* C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation)
* c:\windows\System32\smss.exe (Microsoft Corporation)
* C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
* C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe (Microsoft Corporation)
* C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)

Unrated items
-------------
002   C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
002   C:\Program Files\HPQ\Default Settings\cpqset.exe
002   C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
002 * C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
002   C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
002   C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
002   C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
002   C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
002   C:\Windows\SMINST\RecGuard.exe
003   C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
005   C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
005   C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
010   C:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe (Apache Tomcat)
010   C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Mobile Device)
010   C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (ASP.NET State Service)
010   C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service)
010   C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (hpqwmiex)
010   C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (InstallDriver Table Manager)
010   C:\Program Files\Common Files\LightScribe\LSSrvc.exe (LightScribeService Direct Disc Labeling Service)
010   C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe (MySQL)
010   C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe (OracleMTSRecoveryService)
010   c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE (OracleServiceXE)
010   C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe (OracleXETNSListener)
010   C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe (OraClrAgnt.exe)
010 * C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE (PIXMA Extended Survey Program)
011 * C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEARAspiWDM)
011 * C:\WINDOWS\system32\drivers\pavboot.sys (pavboot)
011 * C:\WINDOWS\System32\Drivers\PxHelp20.sys (PxHelp20)
011   C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SASDIFSV)
011   C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (SASENUM)
011   C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL)
011   C:\WINDOWS\System32\Drivers\btwusb.sys (WIDCOMM USB Bluetooth Driver)
030   C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
030   C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
030   C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
031   C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) {0A9007C0-4076-11D3-8789-0000F8105754}
035   C:\WINDOWS\system32\mscories.dll (Microsoft Corporation) {89B4C1CD-B018-4511-B0A1-5476DBF70820}
050   C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}
052   GUID / CLSID not found {7E853D72-626A-48EC-A868-BA8D5E23E045}
052 * C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll (Google Inc.) {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
061   C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1D2680C9-0E2A-469d-B787-065558BC7D43}
061   C:\WINDOWS\system32\ShellvRTF.dll (XSS) {7F67036B-66F1-411A-AD85-759FB9C5B0DB}
061   C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
061 * C:\Program Files\WinZip\wzshlstb.dll (WinZip Computing, S.L.) {E0D79304-84BE-11CE-9641-444553540000}
061 * C:\Program Files\WinZip\wzshlstb.dll (WinZip Computing, S.L.) {E0D79305-84BE-11CE-9641-444553540000}
061 * C:\Program Files\WinZip\wzshlstb.dll (WinZip Computing, S.L.) {E0D79306-84BE-11CE-9641-444553540000}
061 * C:\Program Files\WinZip\wzshlstb.dll (WinZip Computing, S.L.) {E0D79307-84BE-11CE-9641-444553540000}
062   C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.) {F9DB5320-233E-11D1-9F84-707F02C10627}
067   C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
073   McAfee AntiSpyware.job : c:\progra~1\mcafee\MCAFEE~1\mcspy.exe (McAfee, Inc.)
100   ShellNext HKCU : http://www.hp.com/
100   Start Page HKCU : http://www.hp.com
104 * C:\WINDOWS\Downloaded Program Files\BeboUploader.ocx (Bebo, Inc.) {138E6DC9-722B-4F4B-B09D-95D191869696}
104 * C:\WINDOWS\Downloaded Program Files\as2stubie.dll (Panda Security) {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}
104 * C:\WINDOWS\Downloaded Program Files\tgctlsr.dll (Symantec, Inc.) {44990301-3C9D-426D-81DF-AAB636FA4345}
104   GUID / CLSID not found {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
104   C:\WINDOWS\DOWNLO~1\msrdp.ocx (&#1050;&#1086;&#1088;&#1087;&#1086;&#1088;&#1072;&#1094;&#1080;&#1103; &#1052;&#1072;&#1081;&#1082;&#1088;&#1086;&#1089;&#1086;&#1092;&#1090;) {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A}
104   C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.) {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
104 * C:\WINDOWS\Downloaded Program Files\ImageUploader4.ocx (Aurigma, Inc.) {EDFCB7CB-942C-4822-AF14-F0B687409848}
105   E&xport to Microsoft Excel : res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
107   C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
120   NameServer {006E88F1-520B-4A53-91CA-83F1816E2F96} : 80.249.249.249,80.249.249.250
120   NameServer {0AD27ACB-18CE-414B-B897-CFB24BFABF0D} : 80.249.249.249,80.249.249.250
170   {6400f949-c9bb-11dc-b2e6-806d6172696f} : C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
173   GUID / CLSID not found {ABECE8A0-FF84-4efb-82AE-9B3181CE097D}
173   C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL (SUPERAntiSpyware.com) SUPERAntiSpyware Context Menu
173   C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
173 * C:\Program Files\WinZip\wzshlstb.dll (WinZip Computing, S.L.) {E0D79304-84BE-11CE-9641-444553540000}
220   GUID / CLSID not found {ABECE8A0-FF84-4efb-82AE-9B3181CE097D}
221   C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL (SUPERAntiSpyware.com) SUPERAntiSpyware Context Menu
221   C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
221 * C:\Program Files\WinZip\wzshlstb.dll (WinZip Computing, S.L.) {E0D79304-84BE-11CE-9641-444553540000}
225   C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
225   C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
225 * C:\Program Files\WinZip\wzshlstb.dll (WinZip Computing, S.L.) {E0D79304-84BE-11CE-9641-444553540000}
225 * C:\Program Files\WinZip\wzshlstb.dll (WinZip Computing, S.L.) {E0D79304-84BE-11CE-9641-444553540000}
227   C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL (SUPERAntiSpyware.com) SUPERAntiSpyware Context Menu
227   C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
227 * C:\Program Files\WinZip\wzshlstb.dll (WinZip Computing, S.L.) {E0D79304-84BE-11CE-9641-444553540000}
231   C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.) PDF Column Info

Missing files
-------------
011 C:\WINDOWS\system32\drivers\Abiosdsk.sys
011 C:\WINDOWS\system32\drivers\abp480n5.sys
011 C:\WINDOWS\system32\drivers\adpu160m.sys
011 C:\WINDOWS\system32\drivers\Aha154x.sys
011 C:\WINDOWS\system32\drivers\aic78u2.sys
011 C:\WINDOWS\system32\drivers\aic78xx.sys
011 C:\WINDOWS\system32\drivers\amsint.sys
011 C:\WINDOWS\system32\drivers\asc.sys
011 C:\WINDOWS\system32\drivers\asc3350p.sys
011 C:\WINDOWS\system32\drivers\asc3550.sys
011 C:\WINDOWS\system32\drivers\Atdisk.sys
011 C:\WINDOWS\system32\drivers\cd20xrnt.sys
011 C:\WINDOWS\system32\drivers\Changer.sys
011 C:\WINDOWS\system32\drivers\CmdIde.sys
011 C:\WINDOWS\system32\drivers\Cpqarray.sys
011 C:\WINDOWS\system32\drivers\dac2w2k.sys
011 C:\WINDOWS\system32\drivers\dac960nt.sys
011 C:\WINDOWS\system32\drivers\dpti2o.sys
011 C:\WINDOWS\system32\drivers\hpn.sys
011 C:\WINDOWS\system32\drivers\i2omgmt.sys
011 C:\WINDOWS\system32\drivers\i2omp.sys
011 C:\WINDOWS\system32\drivers\ini910u.sys
011 C:\WINDOWS\system32\drivers\lbrtfdc.sys
011 C:\WINDOWS\system32\drivers\mraid35x.sys
011 C:\WINDOWS\system32\drivers\PCIDump.sys
011 C:\WINDOWS\system32\drivers\PDCOMP.sys
011 C:\WINDOWS\system32\drivers\PDFRAME.sys
011 C:\WINDOWS\system32\drivers\PDRELI.sys
011 C:\WINDOWS\system32\drivers\PDRFRAME.sys
011 C:\WINDOWS\system32\drivers\perc2.sys
011 C:\WINDOWS\system32\drivers\perc2hib.sys
011 C:\WINDOWS\system32\drivers\ql1080.sys
011 C:\WINDOWS\system32\drivers\Ql10wnt.sys
011 C:\WINDOWS\system32\drivers\ql12160.sys
011 C:\WINDOWS\system32\drivers\ql1240.sys
011 C:\WINDOWS\system32\drivers\ql1280.sys
011 C:\WINDOWS\system32\drivers\Simbad.sys
011 C:\WINDOWS\system32\drivers\Sparrow.sys
011 C:\WINDOWS\system32\drivers\sym_hi.sys
011 C:\WINDOWS\system32\drivers\sym_u3.sys
011 C:\WINDOWS\system32\drivers\symc810.sys
011 C:\WINDOWS\system32\drivers\symc8xx.sys
011 C:\WINDOWS\system32\drivers\TosIde.sys
011 C:\WINDOWS\system32\drivers\ultra.sys
011 C:\WINDOWS\system32\drivers\WDICA.sys
061 deskpan.dll



    can anyone help?


  • #4
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Can you upload the .run file, you will need to zip it

    What you posted was the log file


  • #5
    Atomic Pineapple
    Registered Users, Registered Users 2 Posts: 18,272 ✭✭✭✭Atomic Pineapple


    ActorSeeksJob wrote: »
    Can you upload the .run file, you will need to zip it

    What you posted was the log file

    i've zipped it using WinRar so you may need that to open it but it is saved as .zip


  • #6
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Hello

    Download the attachment at the end of this post (this will be your runscanner file fixed by me)
    • Save it to your desktop then double click the runscanner icon this will run the program.
    • You will notice several entries in red and in blue.
    • Click the button at the top called Fix selected items
    • Accept the warning(s) and repeat until they are all gone.
    • Reboot your PC




    Please do an online scan with Kaspersky WebScanner

    Make sure you are using Internet Explorer for this. Click on Kaspersky Online Scanner and click Accept

    You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT
    • Now click on Scan Settings
    • In the scan settings make that the following are selected:
      • Scan using the following Anti-Virus database:
        Extended (if available otherwise Standard)
      • Scan Options:
        Scan Archives
        Scan Mail Bases

        [*]Click OK
        [*]Now under select a target to scan:
          Select
        My Computer

        [*]This will program will start and scan your system.
        [*]The scan will take a while so be patient and let it run.
        [*]Once the scan is complete it will display if your system has been infected.
        • Now click on the Save as Text button:
        [*]Save the file to your desktop.
        [*]Copy and paste that information in your next post.


      • Advertisement
      • #7
        Atomic Pineapple
        Registered Users, Registered Users 2 Posts: 18,272 ✭✭✭✭Atomic Pineapple


        I have tried running the karpersky online scanner but I either get an error saying java runtime enviroment cannot be run or several java virtual machines running have caused an error


      • #8
        ActorSeeksJob
        Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


        I doubt malware is responsible

        One final scan to be sure

        CLICK HERE to download the HijackThis Installer:
        1. Save HJTInstall.exe to your desktop.
        2. Double-click on HJTInstall.exe to run the program.
        3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
        4. Accept the license agreement by clicking the "I Accept" button.
        5. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
        6. Click "Save log" to save the log file and then the log will open in Notepad.
        7. Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
        8. Come back here to this thread and paste the log in your next reply.
        9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.


      • #9
        Atomic Pineapple
        Registered Users, Registered Users 2 Posts: 18,272 ✭✭✭✭Atomic Pineapple


        heres the hijack this logfile
        Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:56:53, on 21/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - https://78.153.208.148:4643/vz/rdp/msrdp.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.carzone.ie/my/aurigma/ImageUploader4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{006E88F1-520B-4A53-91CA-83F1816E2F96}: NameServer = 80.249.249.249,80.249.249.250
O17 - HKLM\System\CCS\Services\Tcpip\..\{0AD27ACB-18CE-414B-B897-CFB24BFABF0D}: NameServer = 80.249.249.249,80.249.249.250
O17 - HKLM\System\CS2\Services\Tcpip\..\{006E88F1-520B-4A53-91CA-83F1816E2F96}: NameServer = 80.249.249.249,80.249.249.250
O17 - HKLM\System\CS3\Services\Tcpip\..\{006E88F1-520B-4A53-91CA-83F1816E2F96}: NameServer = 80.249.249.249,80.249.249.250
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll


      • #10
        ActorSeeksJob
        Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


        Your logs are clean
        • Make sure you have an Internet Connection.
        • Download OTCleanIt to your desktop and run it
        • A list of tool components used in the Cleanup of malware will be downloaded.
        • If your Firewall or Real Time protection attempts to block OTCleanUp to reach the Internet, please allow the application to do so.
        • Click Yes to beging the Cleanup process and remove these components, including this application.
        • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.



        Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
        http://www.adobe.com/products/acrobat/readstep2.html




        Now we need to create a new System Restore point.

        Click Start Menu > Run > type (or copy and paste)

        %SystemRoot%\System32\restore\rstrui.exe

        Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

        Next goto Start Menu > Run > type

        cleanmgr

        Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

        To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.




        Below I have included a number of recommendations for how to protect your computer against malware infections.

        * Keep Windows updated by regularly checking their website at :
        http://windowsupdate.microsoft.com/
        This will ensure your computer has always the latest security updates available installed on your computer.

        * To reduce re-infection for malware in the future, I strongly recommend installing these free programs:

        SpywareBlaster protects against bad ActiveX
        IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
        Have a look at this tutorial for IE-Spyad here

        * SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict.

        Make Internet Explorer more secure
        • Click Start > Run
        • Type Inetcpl.cpl & click OK
        • Click on the Security tab
        • Click Reset all zones to default level
        • Make sure the Internet Zone is selected & Click Custom level
        • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
        • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

        * MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

        * Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
        secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
        blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
        Here

        * Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
        Here

        Thank you for your patience, and performing all of the procedures requested.


      Advertisement