Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

CPU very high - java infection? [RESOLVED]


  • This topic is locked This topic is locked

#1
therobj

therobj

    Member

  • Member
  • PipPip
  • 30 posts
hi,

I have a pentium 4 3.2ghz running on 2gb of RAM. usually it all works fine and dandy but yesterday all of a sudden when i launched firefox the CPU went up to 100% and stayed there even after i had closed it (and some other programs) down.

On the box on my task manager it says that there are 2095596k of physical memory in total and 1052960k available so woud that mean that the RAM is not damaged or is this not a good enough indicator?

i have scanned my computer with malwarebites and the deckarrd (i think it was called this) scanner. below are my results. i really hope someone can help with this because it is very annoying. Also apologies if i have posted this in the wrong place, it wouldnt let me start a new topic in the malware bit

the following is my Mbam log

Malwarebytes' Anti-Malware 1.24
Database version: 1043
Windows 5.1.2600 Service Pack 2

12:25:49 12/08/2008
mbam-log-8-12-2008 (12-25-49).txt

Scan type: Quick Scan
Objects scanned: 42095
Time elapsed: 5 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

the following is my deckard log

Deckard's System Scanner v20071014.68
Run by Rob J on 2008-08-12 11:22:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
57: 2008-08-12 10:22:30 UTC - RP218 - Deckard's System Scanner Restore Point
56: 2008-08-10 12:01:47 UTC - RP217 - Installed Java™ 6 Update 7
55: 2008-08-03 20:46:42 UTC - RP216 - System Checkpoint
54: 2008-08-01 20:14:18 UTC - RP215 - System Checkpoint
53: 2008-07-27 21:50:06 UTC - RP214 - System Checkpoint


-- First Restore Point --
1: 2008-05-13 13:52:26 UTC - RP162 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-12 11:23:45
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
E:\WINDOWS\system32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\explorer.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\Comodo\Firewall\cfp.exe
E:\Program Files\Alwil Software\Avast4\ashDisp.exe
E:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATI9CE.EXE
E:\Program Files\Belkin Office Keyboard\MOffice.exe
E:\Program Files\Belkin Office Keyboard\KBDAP32A.EXE
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
E:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Belkin Office Keyboard\mouse32a.dat
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Comodo\Firewall\cmdagent.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Internet Download Manager\IDMan.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe
E:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
E:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
E:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
E:\Program Files\Canon\CAL\CALMAIN.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Internet Download Manager\IEMonitor.exe
E:\WINDOWS\system32\svchost.exe
E:\Documents and Settings\Rob J\My Documents\Programs\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - E:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - E:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [COMODO Firewall Pro] "E:\Program Files\Comodo\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] E:\Program Files\Belkin Office Keyboard\moffice.exe
O4 - HKLM\..\Run: [OFFICEKB] E:\Program Files\Belkin Office Keyboard\kbdap32a.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SpeedBitVideoAccelerator] "E:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IDMan] E:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://E:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Download all links with IDM - E:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - E:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - E:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://E:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?c48d33f861c745aa8fe90aec410ebcc0
O8 - Extra context menu item: Open in new foreground tab - res://E:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?c48d33f861c745aa8fe90aec410ebcc0
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - E:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - E:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: E:\WINDOWS\system32\guard32.dll
O23 - Service: Apple Mobile Device - Apple Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - E:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - E:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - E:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - E:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe


--
End of file - 11447 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sisidex - e:\windows\system32\drivers\sisidex.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R0 sisperf (Add Performance Filter Driver) - e:\windows\system32\drivers\sisperf.sys <Not Verified; Silicon Integrated Systems Corp.; SiS Filer Driver>
R2 sbbotdi - e:\program files\speedbit video accelerator\sbbotdi.sys <Not Verified; SpeedBit Ltd.; Speedbit TDI Driver>
R3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - e:\windows\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
R3 pcouffin (VSO Software pcouffin) - e:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S3 FXDRV - d:\fxdrv.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service - "e:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 CCALib8 (Canon Camera Access Library 8) - e:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Video Controller
Device ID: PCI\VEN_14F1&DEV_8800&SUBSYS_90020070&REV_05\3&B1BFB68&0&48
Manufacturer:
Name: Multimedia Video Controller
PNP Device ID: PCI\VEN_14F1&DEV_8800&SUBSYS_90020070&REV_05\3&B1BFB68&0&48
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Controller
Device ID: PCI\VEN_14F1&DEV_8802&SUBSYS_90020070&REV_05\3&B1BFB68&0&4A
Manufacturer:
Name: Multimedia Controller
PNP Device ID: PCI\VEN_14F1&DEV_8802&SUBSYS_90020070&REV_05\3&B1BFB68&0&4A
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Controller
Device ID: PCI\VEN_14F1&DEV_8804&SUBSYS_90020070&REV_05\3&B1BFB68&0&4C
Manufacturer:
Name: Multimedia Controller
PNP Device ID: PCI\VEN_14F1&DEV_8804&SUBSYS_90020070&REV_05\3&B1BFB68&0&4C
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-08-12 10:56:00 256 --a------ E:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-07-25 17:15:00 390 --a------ E:\WINDOWS\Tasks\1-Click Maintenance.job
2008-07-13 13:31:29 284 --a------ E:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-07-12 and 2008-08-12 -----------------------------

2008-08-12 11:15:47 0 d-------- E:\Documents and Settings\Rob J\Application Data\Malwarebytes
2008-08-12 11:15:42 0 d-------- E:\Program Files\Malwarebytes' Anti-Malware
2008-08-12 11:15:42 0 d-------- E:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-11 23:43:48 18044 --ah----- E:\WINDOWS\system32\mlfcache.dat
2008-08-03 00:07:36 0 d-------- E:\Program Files\iPod
2008-07-20 16:06:14 0 d-------- E:\Program Files\Bonjour
2008-07-17 15:14:18 0 d-------- E:\WINDOWS\system32\NtmsData


-- Find3M Report ---------------------------------------------------------------

2008-08-12 10:39:37 0 d-------- E:\Documents and Settings\Rob J\Application Data\DMCache
2008-08-11 17:32:44 0 d-------- E:\Program Files\SpywareBlaster
2008-08-10 13:02:36 0 d-------- E:\Program Files\Java
2008-08-04 18:04:35 0 d-------- E:\Documents and Settings\Rob J\Application Data\IDM
2008-08-03 00:08:02 0 d-------- E:\Program Files\iTunes
2008-07-25 01:12:48 0 d-------- E:\Documents and Settings\Rob J\Application Data\uTorrent
2008-07-25 00:47:17 0 d-------- E:\Documents and Settings\Rob J\Application Data\Mozilla
2008-07-21 02:39:38 0 d-------- E:\Program Files\Internet Download Manager
2008-07-20 16:06:00 0 d-------- E:\Program Files\QuickTime
2008-07-17 16:03:28 0 d-------- E:\Program Files\SpeedBit Video Accelerator
2008-07-15 12:16:10 0 d-------- E:\Program Files\Avanquest update
2008-07-13 13:38:43 0 d-------- E:\Program Files\Apple Software Update
2008-07-13 13:32:23 0 d-------- E:\Program Files\Safari
2008-07-02 16:35:22 0 d-------- E:\Program Files\Coupon Printer
2008-07-02 16:35:21 31 --ah----- E:\WINDOWS\UKCpInfo.sys
2008-06-28 19:59:23 0 d-------- E:\Program Files\TuneUp Utilities 2007
2008-06-28 19:14:27 2075 --a------ E:\WINDOWS\mozver.dat
2008-06-15 18:19:58 0 d-------- E:\Program Files\DivX
2008-05-31 00:22:48 802816 --a------ E:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-31 00:22:48 823296 --a------ E:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 00:22:48 823296 --a------ E:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 00:22:46 815104 --a------ E:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 00:22:46 683520 --a------ E:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-22 23:22:18 3596288 --a------ E:\WINDOWS\system32\qt-dx331.dll
2008-05-22 23:19:46 196608 --a------ E:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 23:19:46 81920 --a------ E:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 23:18:54 12288 --a------ E:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [27/10/2004 07:49 E:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [26/07/2005 08:33]
"nwiz"="nwiz.exe" [26/07/2005 08:34 E:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="E:\WINDOWS\system32\NvMcTray.dll" [26/07/2005 08:34]
"COMODO Firewall Pro"="E:\Program Files\Comodo\Firewall\cfp.exe" [23/11/2007 21:38]
"avast!"="E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [19/07/2008 15:38]
"EPSON Stylus Photo RX420 Series"="E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.exe" [09/04/2004 04:00]
"FLMOFFICE4DMOUSE"="E:\Program Files\Belkin Office Keyboard\moffice.exe" [10/01/2008 00:12]
"OFFICEKB"="E:\Program Files\Belkin Office Keyboard\kbdap32a.exe" [10/01/2008 00:12]
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [10/06/2008 04:27]
"SpeedBitVideoAccelerator"="E:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe" [05/05/2008 15:59]
"Adobe Reader Speed Launcher"="E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
"AppleSyncNotifier"="E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [10/07/2008 09:47]
"QuickTime Task"="E:\Program Files\QuickTime\QTTask.exe" [27/05/2008 10:50]
"iTunesHelper"="E:\Program Files\iTunes\iTunesHelper.exe" [30/07/2008 10:47]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="E:\WINDOWS\system32\ctfmon.exe" [04/08/2004 00:56]
"MsnMsgr"="E:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34]
"SpybotSD TeaTimer"="E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [07/10/2007 13:04]
"MSMSGS"="E:\Program Files\Messenger\msmsgs.exe" [13/10/2004 17:24]
"IDMan"="E:\Program Files\Internet Download Manager\IDMan.exe" [29/07/2008 15:18]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= E:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^Rob J^Start Menu^Programs^Startup^BUFFALO Disk Backup Utility.lnk]
path=E:\Documents and Settings\Rob J\Start Menu\Programs\Startup\BUFFALO Disk Backup Utility.lnk
backup=E:\WINDOWS\pss\BUFFALO Disk Backup Utility.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"E:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp




-- End of Deckard's System Scanner: finished at 2008-08-12 11:25:00 ------------

if you need me to do a hi-jack this log aswell please let me know.

edit: i should also add, i have recently updated my Java as instructed by my computer. could this have something to do with it? i'm not sure how to roll it back

2nd edit: i just did a kaspespy online scan and i think it is something to do with java as this file came up as being infected:
E:\Documents and Settings\Rob J\Application Data\Sun\Java\Deployment\cache\6.0\52\6d7493b4-46650317
I think this should help you guys. I'm just not sure what i should delete and dont want to rush into anything!
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there and sorry for the delay. I would like a fresh look at your system

Download OTScanit to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanit folder and double-click on OTScanit.exe to start the program.
  • Check the box that says Scan All User Accounts
  • Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified Within 90 Days
  • Under Additional Scans check the following:
    • Reg - BotCheck
    • File - Additional Folder Scans
    • File - Purity Scan
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#3
therobj

therobj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
it's no problem. thanks alot for helping, you guys are very busy at the moment. attached are the scan results. hope u can find out what is wrong!

Attached Files


  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi again I have one file I would like checked out first '

Virscan File Submission:
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:

    • %SystemRoot%\UKCpInfo.sys
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

HAVING DONE THAT

Start OTScanit. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03]
YN -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> Coupon Printer -> %ProgramFiles%\Coupon Printer
[Empty Temp Folders]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new Hijackthis log and the Viruscan report.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
  • 0

#5
therobj

therobj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
hello again, attached are the two logs. I was unable to do the online scan however as every time i tried to paste the requested text it just tried to get me to search my computer for the file.

hmm i just tried to upload the files but it wouldnt let me as it said i was not permitted to so i will copy and paste. hope that is ok.

first is the ot scan it

[Registry - Non-Microsoft Only]
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\Contains\Files\ not found.
not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\Contains\Files\ not found.
not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
[Files Created - Additional Folder Scans - Non-Microsoft Only]
E:\Program Files\Coupon Printer\Uninstall folder moved successfully.
E:\Program Files\Coupon Printer folder moved successfully.
[Empty Temp Folders]
File delete failed. E:\Documents and Settings\Rob J\Local Settings\Temp\etilqs_30S490T295mjGbVaNukS scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. E:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. E:\WINDOWS\temp\Perflib_Perfdata_5b4.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. E:\Documents and Settings\Rob J\Local Settings\Application Data\Mozilla\Firefox\Profiles\ab3kwzgu.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. E:\Documents and Settings\Rob J\Local Settings\Application Data\Mozilla\Firefox\Profiles\ab3kwzgu.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. E:\Documents and Settings\Rob J\Local Settings\Application Data\Mozilla\Firefox\Profiles\ab3kwzgu.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. E:\Documents and Settings\Rob J\Local Settings\Application Data\Mozilla\Firefox\Profiles\ab3kwzgu.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. E:\Documents and Settings\Rob J\Local Settings\Application Data\Mozilla\Firefox\Profiles\ab3kwzgu.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. E:\Documents and Settings\Rob J\Local Settings\Application Data\Mozilla\Firefox\Profiles\ab3kwzgu.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
RecycleBin -> emptied.
< End of fix log >
OTScanIt by OldTimer - Version 1.0.16.2 fix logfile created on 08222008_221346

Files moved on Reboot...
File E:\Documents and Settings\Rob J\Local Settings\Temp\etilqs_30S490T295mjGbVaNukS not found!
File move failed. E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File E:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
File E:\WINDOWS\temp\Perflib_Perfdata_5b4.dat not found!
E:\Documents and Settings\Rob J\Local Settings\Application Data\Mozilla\Firefox\Profiles\ab3kwzgu.default\Cache\_CACHE_001_ moved successfully.
E:\Documents and Settings\Rob J\Local Settings\Application Data\Mozilla\Firefox\Profiles\ab3kwzgu.default\Cache\_CACHE_002_ moved successfully.
E:\Documents and Settings\Rob J\Local Settings\Application Data\Mozilla\Firefox\Profiles\ab3kwzgu.default\Cache\_CACHE_003_ moved successfully.
E:\Documents and Settings\Rob J\Local Settings\Application Data\Mozilla\Firefox\Profiles\ab3kwzgu.default\Cache\_CACHE_MAP_ moved successfully.
E:\Documents and Settings\Rob J\Local Settings\Application Data\Mozilla\Firefox\Profiles\ab3kwzgu.default\urlclassifier3.sqlite moved successfully.
E:\Documents and Settings\Rob J\Local Settings\Application Data\Mozilla\Firefox\Profiles\ab3kwzgu.default\XUL.mfl moved successfully.

and the hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:20:10, on 22/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Comodo\Firewall\cmdagent.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\svchost.exe
E:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\Comodo\Firewall\cfp.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
E:\Program Files\Belkin Office Keyboard\moffice.exe
E:\Program Files\Belkin Office Keyboard\kbdap32a.exe
E:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
E:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
E:\Program Files\Belkin Office Keyboard\MOUSE32A.DAT
E:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
E:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Internet Download Manager\IDMan.exe
E:\Program Files\Canon\CAL\CALMAIN.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Internet Download Manager\IEMonitor.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - E:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - E:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [COMODO Firewall Pro] "E:\Program Files\Comodo\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] E:\Program Files\Belkin Office Keyboard\moffice.exe
O4 - HKLM\..\Run: [OFFICEKB] E:\Program Files\Belkin Office Keyboard\kbdap32a.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SpeedBitVideoAccelerator] "E:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IDMan] E:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://E:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Download all links with IDM - E:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - E:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - E:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://E:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?c48d33f861c745aa8fe90aec410ebcc0
O8 - Extra context menu item: Open in new foreground tab - res://E:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?c48d33f861c745aa8fe90aec410ebcc0
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} -
O20 - AppInit_DLLs: E:\WINDOWS\system32\guard32.dll
O23 - Service: Apple Mobile Device - Apple Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - E:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - E:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - E:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - E:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 10903 bytes

thanks again, at the moment my cpu is jumping all over the place from 2%to 100% and i only have firefox open.
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets get one of the big boys on the case

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet. It is imperative that you install this as it will enable a system recovery in the event of problems

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
  • 0

#7
therobj

therobj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
right ok. am just gona give it a day or so before i install this just to check if the problem has gone away. will post back if it has or follow ur previous instructions if it hasnt.
  • 0

#8
therobj

therobj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
hello again. ive been monitoring my cpu and the computer generally since my last post and the situation seems a lot better however i have noticed that when i do something like burn a cd or dvd the cpu rises to 100% pretty much consistently. I have 2 gigs of RAM and at these times i only really have msn, itunes and firefox open so i'm pretty sure it shouldnt be this high should it?

is it worth doing the stuff mentioned in your last post just to make sure everything is ok or shall i leave it as it is?

Thanks alot for your help so far :)
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi I would leave as is I can see no requirement to run the big boy now :) Burning DVD/CD does take a lot of processing power especially if you do not have a dual core cpu. If it becomes worse or starts doing this with other tasks then come back

Now the best part of the day ----- Your log now appears clean :)

A good workman allways cleans up after himself so...Download and run this small programme and hit the cleanup button. It will remove all the programmes we have used plus itself

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE
You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done


Now that you are clean, to help protect your computer in the future I recommend that you get the following free program: It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :)
  • 0

#10
therobj

therobj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
ok done all that. thanks again for your help. You guys are providing a great service.

just one last thing, am i right in thinking that if this kind of thing happens again i can just do a system restore as long as i have backed up my files beforehand?
  • 0

#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Very much dependant on the type of infection, I am afraid I can not give a better answer than that. It would alleviate the problem but probably not remove it
  • 0

#12
therobj

therobj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
ah ok, well hopefully i'll stay clean from now on. Thanks again and have a nice bank holiday. :)
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP