|
|
09-04-2009, 04:00 PM
|
#1 |
|
Junior Member (25+)
Join Date: Mar 2009
Posts: 31
Thanks: 1
Thanked 0 Times in 0 Posts
Rep Power: 0
 OS:
|
cpu usage goes 100%
hi, i believe this problem started about a couple of weeks ago. the problem is my task manager always show cpu usage way higher than i might expect. sometimes when i open a file from my documents the usage goes to 100% and wont come down even after i closed the file. my pc seems to be performing slower over all.
the funny thing is that i notice this happening after i fixed a problem of my antivirus not updating and not being able to browse AV sites. also, my graphics driver seems to be not working even though i still see it in my programs ( i have an hd 3650 graphics card, my driver is ATI). avg detects a trojan called backdoor generic in c:\windows\32\drivers\cdaudio.sys but says that object is white listed and so could not remove it. is it harmful to my system? thx for the help i dont know if this would help but this is the log of combo fix just so you guys could see if there's some sort of malware causing this: Code:
ComboFix 09-04-01.01 - rebecca rosario 2009-04-09 16:59:31.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.536 [GMT -7:00]
Running from: c:\documents and settings\rebecca rosario\Desktop\Fix.exe
Command switches used :: c:\documents and settings\rebecca rosario\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
((((((((((((((((((((((((( Files Created from 2009-03-09 to 2009-04-09 )))))))))))))))))))))))))))))))
.
2009-04-09 16:55 . 2009-04-09 16:55 118 --a------ c:\windows\system32\MRT.INI
2009-03-30 23:27 . 2009-03-31 20:07 <DIR> d-------- C:\!KillBox
2009-03-29 12:15 . 2009-03-29 19:09 <DIR> d-------- c:\program files\COD4
2009-03-29 10:33 . 2009-03-29 10:33 <DIR> d-------- c:\documents and settings\rebecca rosario\cs
2009-03-29 10:33 . 2009-03-29 10:33 <DIR> d-------- c:\documents and settings\rebecca rosario\Application Data\rebecca rosario
2009-03-29 10:33 . 2009-03-29 10:33 <DIR> d-------- C:\Application Data
2009-03-26 20:03 . 2009-03-26 20:03 61,440 --a------ c:\windows\system32\ttggdyrn.exe
2009-03-26 07:49 . 2009-03-26 07:49 61,440 --a------ c:\windows\system32\lgcxamnn.exe
2009-03-24 23:58 . 2009-04-08 12:11 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-24 23:35 . 2009-04-09 09:49 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-24 23:35 . 2009-03-24 23:35 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-24 23:35 . 2009-03-31 19:52 108,552 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-24 23:35 . 2009-03-24 23:35 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-18 22:43 . 2009-03-18 22:43 <DIR> d-------- c:\program files\Gravity
2009-03-17 23:17 . 2009-03-17 23:17 <DIR> d-------- c:\program files\AVG
2009-03-17 22:34 . 2009-03-17 22:34 96,645 --a------ c:\windows\system32\drivers\klin.dat
2009-03-17 22:34 . 2009-03-17 22:34 87,941 --a------ c:\windows\system32\drivers\klick.dat
2009-03-17 22:33 . 2009-03-17 22:33 <DIR> d-------- c:\program files\Kaspersky Lab
2009-03-17 22:33 . 2009-03-17 23:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-03-17 22:33 . 2009-03-17 23:18 1,035,808 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-03-17 22:33 . 2009-03-17 23:18 155,680 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2009-03-17 22:33 . 2009-03-17 23:18 9,144 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-03-17 22:33 . 2009-03-17 23:18 1,612 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2009-03-17 12:04 . 2009-03-17 12:04 112,640 -rahs---- c:\windows\system32\lkupbh.dll
2009-03-16 17:33 . 2009-03-16 17:33 4,096 --a------ c:\windows\system32\06.tmp
2009-03-16 17:29 . 2009-03-16 17:29 4,096 --a------ c:\windows\system32\05.tmp
2009-03-16 05:17 . 2009-03-16 05:17 4,096 --a------ c:\windows\system32\04.tmp
2009-03-11 13:48 . 2009-03-11 13:48 4,096 --a------ c:\windows\system32\02.tmp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-09 11:44 --------- d-----w c:\program files\Warcraft III
2009-04-09 09:36 --------- d-----w c:\program files\Garena
2009-04-08 01:13 --------- d-----w c:\documents and settings\rebecca rosario\Application Data\BitTorrent
2009-04-02 15:25 --------- d-----w c:\documents and settings\rebecca rosario\Application Data\OpenOffice.org2
2009-04-01 17:47 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-03-23 17:45 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-03-22 18:25 --------- d-----w c:\documents and settings\katkat\Application Data\Skype
2009-03-22 16:38 --------- d-----w c:\documents and settings\katkat\Application Data\skypePM
2009-03-22 16:38 --------- d-----w c:\documents and settings\katkat\Application Data\OpenOffice.org2
2009-03-21 17:03 --------- d-----w c:\documents and settings\rebecca rosario\Application Data\skypePM
2009-03-21 17:03 --------- d-----w c:\documents and settings\rebecca rosario\Application Data\Skype
2009-03-19 09:27 --------- d-----w c:\program files\BitTorrent
2009-03-19 05:43 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-16 17:43 --------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-03-09 20:45 --------- d-----w c:\documents and settings\rebecca rosario\Application Data\LimeWire
2009-03-06 02:38 4,096 ----a-w c:\windows\system32\01.tmp
2009-02-20 11:46 --------- d-----w c:\documents and settings\michelle\Application Data\OpenOffice.org2
2009-02-09 10:19 1,846,272 ----a-w c:\windows\system32\win32k.sys
2008-09-18 16:17 33,412,112 ----a-w c:\program files\yahoo_escapefromparadise_tm6-2.exe
2008-08-13 02:39 449,888 ----a-w c:\program files\msgr8us.exe
2008-07-28 03:18 20,749,600 ----a-w c:\program files\DivXInstaller.exe
2008-08-30 21:23 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((( snapshot@2009-03-30_22.49.43.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 03:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2007-04-25 14:21:15 144,896 -c--a-w c:\windows\system32\dllcache\schannel.dll
+ 2008-12-05 07:12:45 144,896 -c--a-w c:\windows\system32\dllcache\schannel.dll
- 2007-10-26 03:36:51 8,454,656 -c--a-w c:\windows\system32\dllcache\shell32.dll
+ 2008-07-03 13:16:57 8,454,656 -c--a-w c:\windows\system32\dllcache\shell32.dll
- 2008-09-15 11:57:41 1,846,016 -c--a-w c:\windows\system32\dllcache\win32k.sys
+ 2009-02-09 10:19:34 1,846,272 -c--a-w c:\windows\system32\dllcache\win32k.sys
- 2008-10-17 02:57:07 158,752 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-04-04 03:33:09 158,752 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-02-25 19:55:00 24,768,960 ----a-w c:\windows\system32\MRT.exe
- 2007-04-25 14:21:15 144,896 ----a-w c:\windows\system32\schannel.dll
+ 2008-12-05 07:12:45 144,896 ----a-w c:\windows\system32\schannel.dll
- 2007-10-26 03:36:51 8,454,656 ----a-w c:\windows\system32\shell32.dll
+ 2008-07-03 13:16:57 8,454,656 ----a-w c:\windows\system32\shell32.dll
- 2007-11-30 12:39:22 17,272 ----a-w c:\windows\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-06-11 32768]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 700416]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-24 4608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280]
"LogitechCameraAssistant"="c:\program files\Logitech\Video\CameraAssistant.exe" [2005-12-07 489472]
"LogitechVideo[inspector]"="c:\program files\Logitech\Video\InstallHelper.exe" [2005-12-07 10:33 73728]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-30 29744]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-12 185896]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-24 1932568]
"MRT"="c:\windows\system32\MRT.exe" [2009-02-25 24768960]
"Logitech Utility"="Logi_MwX.Exe" [2004-03-03 c:\windows\LOGI_MWX.EXE]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-12 c:\windows\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-03 c:\windows\system32\narrator.exe]
c:\documents and settings\katkat\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]
c:\documents and settings\michelle\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]
c:\documents and settings\rebecca rosario\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-06-11 450560]
Monitor.lnk - c:\program files\USB Video Camera\Monitor.exe [2007-10-16 249856]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-24 23:35 10520 c:\windows\system32\avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^rebecca rosario^Start Menu^Programs^Startup^GameSpot Download Manager.lnk]
path=c:\documents and settings\rebecca rosario\Start Menu\Programs\Startup\GameSpot Download Manager.lnk
backup=c:\windows\pss\GameSpot Download Manager.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^rebecca rosario^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=c:\documents and settings\rebecca rosario\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-06-02 11:13 267048 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"StarWindServiceAE"=2 (0x2)
"iPod Service"=3 (0x3)
"gusvc"=2 (0x2)
"GoogleDesktopManager-061008-081103"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Documents and Settings\\katkat\\Local Settings\\Application Data\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\rebecca rosario\\My Documents\\LimeWire\\Saved\\Half-Life 2 The Orange Box [Krayzie-N-Bone]\\New Half-Life 2\\Half-Life 2\\hl2 -steam -console.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"36601:TCP"= 36601:TCP:NewMS MailBoot
"29361:TCP"= 29361:TCP:NewMS InterPerformance
"60474:UDP"= 60474:UDP:NewMS SystemService
"34011:UDP"= 34011:UDP:NewMS CommonLive
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-24 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-24 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-24 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-24 298264]
R3 Ca2001v;CA2001 WebCam Driver;c:\windows\system32\drivers\Ca2001v.sys [2008-02-19 2333568]
S2 Iraccess;Trusted Installer;c:\windows\system32\svchost.exe -k netsvcs [2004-08-03 14336]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);c:\windows\system32\drivers\s125bus.sys [2008-06-13 83336]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;c:\windows\system32\drivers\s125mdfl.sys [2008-06-13 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;c:\windows\system32\drivers\s125mdm.sys [2008-06-13 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s125mgmt.sys [2008-06-13 100488]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;c:\windows\system32\drivers\s125obex.sys [2008-06-13 98696]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S4 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-06-26 29744]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b7962b0-641d-11dd-8765-0008a1ba4631}]
\Shell\AutoRun\command - h8i.com
\Shell\explore\Command - h8i.com
\Shell\open\Command - h8i.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{440767cb-3c21-11dd-8625-0008a1ba4631}]
\Shell\auto\command - Knight.exe open
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - Knight.exe open
\Shell\find\command - Knight.exe open
\Shell\install\command - Knight.exe open
\Shell\open\command - Knight.exe open
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55861e9a-38d1-11dd-85f0-e86e6e02f575}]
\Shell\AutoRun\command - F:\em8tqm.cmd
\Shell\open\Command - F:\em8tqm.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58bfcc3e-7ee2-11dd-8829-0008a1ba4631}]
\Shell\AutoRun\command - E:\ktnquo.exe
\Shell\explore\Command - E:\ktnquo.exe
\Shell\open\Command - E:\ktnquo.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d7d410a-11df-11de-8c26-0008a1ba4631}]
\Shell\AutoRun\command - F:\uvsqfgwd.cmd
\Shell\open\Command - F:\uvsqfgwd.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6025168a-3827-11dd-85e6-c37eda4963ee}]
\Shell\AutoRun\command - F:\em8tqm.cmd
\Shell\open\Command - F:\em8tqm.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f633f8a-12a2-11de-8c32-0008a1ba4631}]
\Shell\AutoRun\command - F:\em8tqm.cmd
\Shell\open\Command - F:\em8tqm.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae77cd70-6a39-11dd-87a0-0008a1ba4631}]
\Shell\AutoRun\command - F:\em8tqm.cmd
\Shell\open\Command - F:\em8tqm.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4f42d94-52b7-11dd-86f0-0008a1ba4631}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Desktop.exe
\Shell\Explore\Command - F:\Desktop.exe
\Shell\Open\Command - F:\Desktop.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d63d6cb2-b5a6-11dd-897e-0008a1ba4631}]
\Shell\AutoRun\command - F:\em8tqm.cmd
\Shell\open\Command - F:\em8tqm.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4122eef-6ce7-11dd-87b4-0008a1ba4631}]
\Shell\AutoRun\command - H:\q0dhfjf.exe
\Shell\open\Command - H:\q0dhfjf.exe
.
Contents of the 'Scheduled Tasks' folder
2009-04-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\program files\Google\googletoolbar.dll/cmsearch.html
IE: Backward &Links - c:\program files\Google\googletoolbar.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\Google\googletoolbar.dll/cmcache.html
IE: Si&milar Pages - c:\program files\Google\googletoolbar.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\googletoolbar.dll/cmtrans.html
IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} -
TCP: {D6FB3D91-8201-4306-B7C4-ACD965B90D48} = 208.67.222.222,208.67.220.220
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\rebecca rosario\Application Data\Mozilla\Firefox\Profiles\rfjbqpql.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npff_gdm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.10.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-09 17:02:42
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Iraccess]
"ServiceDll"="c:\windows\system32\lkupbh.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(612)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-04-09 17:05:32
ComboFix-quarantined-files.txt 2009-04-10 00:05:28
ComboFix2.txt 2009-04-03 21:50:34
ComboFix3.txt 2009-03-31 05:52:51
Pre-Run: 59,908,890,624 bytes free
Post-Run: 59,909,304,320 bytes free
274 --- E O F --- 2009-04-09 23:55:44
Last edited by bakuryu; 09-04-2009 at 07:23 PM.. |
|
|
|
09-04-2009, 08:13 PM
|
#2 | |
|
ƒ(ψ)=ΘΊΧφ
 
Join Date: May 2006
Location: India
Age: 23
Posts: 6,621
Thanks: 19
Thanked 645 Times in 603 Posts
Rep Power: 87
  OS:
 |
Re: cpu usage goes 100%
Disconnect from internet, disable System restore, open command prompt and type :
Code:
sc delete Iraccess ipconfig /flushdns Code:
File::
c:\windows\system32\lkupbh.dll
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b7962b0-641d-11dd-8765-0008a1ba4631}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{440767cb-3c21-11dd-8625-0008a1ba4631}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55861e9a-38d1-11dd-85f0-e86e6e02f575}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58bfcc3e-7ee2-11dd-8829-0008a1ba4631}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d7d410a-11df-11de-8c26-0008a1ba4631}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6025168a-3827-11dd-85e6-c37eda4963ee}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f633f8a-12a2-11de-8c32-0008a1ba4631}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae77cd70-6a39-11dd-87a0-0008a1ba4631}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4f42d94-52b7-11dd-86f0-0008a1ba4631}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d63d6cb2-b5a6-11dd-897e-0008a1ba4631}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4122eef-6ce7-11dd-87b4-0008a1ba4631}]
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Iraccess]
Quote:
If any conflict is reported, download latest ATi drivers and Driver Sweeper, uninstall the graphics device from Device Manager, reboot in Safe Mode, run Driver Sweeper, select ATi-Display and click 'clean' button, reboot in normal mode and install latest catalyst drivers and reboot finally to complete installing.
__________________
Please don't click here |
|
|
|
|
|
09-04-2009, 10:44 PM
|
#3 |
|
Junior Member (25+)
Join Date: Mar 2009
Posts: 31
Thanks: 1
Thanked 0 Times in 0 Posts
Rep Power: 0
OS:
|
Re: cpu usage goes 100%
uhm not 100% sure about my graphics driver not working but i see that things that happened before i installed my driver are happening again, like when i grab and drag a window across my screen it leaves its shadows across(i really dont know how to explain it further) and when i'm playing games i notice that the graphics look worse than it normally does even when i put it in high settings. will try what you suggested now.
|
|
|
|
|
09-04-2009, 11:16 PM
|
#4 |
|
Junior Member (25+)
Join Date: Mar 2009
Age: 22
Posts: 57
Thanks: 13
Thanked 2 Times in 2 Posts
Rep Power: 0
OS:
|
Re: cpu usage goes 100%
What process causes CPU stressing? explorer.exe?
|
|
|
|
|
09-04-2009, 11:51 PM
|
#5 |
|
Senior Member (500+)
Join Date: Jan 2007
Location: Tunisia
Posts: 929
Thanks: 49
Thanked 55 Times in 51 Posts
Rep Power: 22
OS:
 |
Re: cpu usage goes 100%
Your PC is infected with a trojan.
here is a freeware powerfull and light Anti-Malware: |MG| Malwarebytes Anti-Malware 1.36 Well it is not totally freeware!! it is not real time protection, u have to scan each time, it doesnt scan automaticly each file u select or open |
|
|
|
|
10-04-2009, 02:48 PM
|
#6 |
|
Junior Member (25+)
Join Date: Mar 2009
Posts: 31
Thanks: 1
Thanked 0 Times in 0 Posts
Rep Power: 0
OS:
|
Re: cpu usage goes 100%
update: i tried to do what bakuryu told me to but when i opened my pc a lot of things happened. first my desktop changed, now it looks like it's a windows 95! and ALL the files in my documents are missing! including more than half of the things in my desktop! combofix and hijack this are gone!. demmet! then i tried to do a system restore but it still stays the same. it now looks like it's somebody else's computer! i tried to look if the files are just hidden but when i change folder settings i still can't see them. a lot of important files are in my documents is there any way to recover them? i looked at C: properties and i think the filles are still there because they are occupying the same files size.
yes MIHAIS i think the two processes that stress the pc are explorer.exe and system idle process. malwarebytes isn't working properly. when i installed it it says it cant make a registry key. i ignored it then made it run but when i selected the c drive it says that there are no files in it or something. as much as possible i want to fix this without having to reformat my harddrive  Last edited by sandman; 10-04-2009 at 03:01 PM.. |
|
|
|
|
10-04-2009, 04:18 PM
|
#7 |
|
Junior Member (25+)
Join Date: Mar 2009
Age: 22
Posts: 57
Thanks: 13
Thanked 2 Times in 2 Posts
Rep Power: 0
OS:
|
Re: cpu usage goes 100%
System Idle Process isn't stressing your CPU. It shows how much of your CPU is free to use, so having a high value in that field is good.
Try ending explorer.exe every time it stresses the CPU and re-launch it from TaskManager (File>New Task>explorer.exe), at least as a solution for not rebooting every time it causes problems. If you don't find your My Douments files, I say you should try file scavenger or r-studio- the best file recovery tools in my opinion. |
|
|
|
|
10-04-2009, 05:01 PM
|
#8 | |
|
ƒ(ψ)=ΘΊΧφ
Join Date: May 2006
Location: India
Age: 23
Posts: 6,621
Thanks: 19
Thanked 645 Times in 603 Posts
Rep Power: 87
OS:
|
Re: cpu usage goes 100%
Quote:
Did that happen after you run Combofix with the CFScript.txt file i mentioned and uninstalled display drivers ? check the My documents folder under each subfolder in C:\Documents and Settings folder. Also open services.msc and see if Themes service is started and running. And also check which theme you are presently using in Windows (the classic theme will make it look like Windows 95/98) |
|
|
|
|
|
10-04-2009, 05:46 PM
|
#9 |
|
Junior Member (25+)
Join Date: Mar 2009
Posts: 31
Thanks: 1
Thanked 0 Times in 0 Posts
Rep Power: 0
OS:
|
Re: cpu usage goes 100%
@bakuryu
no, see it happened when i started my computer cause i was about to do the things you asked me to do. themes is started and running and it's not in windows 95 theme. the icons in my pc have changed even mozilla is wierd. all my bookmarks and tool options where removed. you know how when you're not using an admin account and all the icons when you're browsing in firefox are different(like the colors that are normally blue turn into green) that's what it looks like now. i'm using the only admin acct btw. "check the My documents folder under each subfolder in C:\Documents and Settings folder." dude, you know what? you are a genius! i found them there. it's the files and documents i'm most worried about. i need to make a back up of these as soon as possible Last edited by sandman; 10-04-2009 at 05:57 PM.. |
|
|
|
|
10-04-2009, 08:45 PM
|
#10 |
|
ƒ(ψ)=ΘΊΧφ
Join Date: May 2006
Location: India
Age: 23
Posts: 6,621
Thanks: 19
Thanked 645 Times in 603 Posts
Rep Power: 87
OS:
|
Re: cpu usage goes 100%
Under which subfolder did you find your original My Document files ? It looks like you are logging in as a different user automatically. Last time before shutting down, did you try any registry tweaks ? Check and find how many usernames/profiles are at present in your system. Go to Control Panel -> User Accounts
|
|
|
|
 |
| Thread Tools | |
| Display Modes | |
|
|
< Windows Help - MS Office Help - Hardware Support >
| New To Site? | Need Help? |
Linear Mode
