prince_yuki Posted January 13, 2008 Posted January 13, 2008 Hy guys, got a bit of a tiffy with my computer. whenever i connect to the internet my cpu comes under a massive load even when its doing nothing. mabey I have some sort of spyware or virus, mining data or downloading? I have loads of space on my computer and dual core its not my hardware. I don't know if it will help but i've included a hijackthis log: Logfile of HijackThis v1.99.1 Scan saved at 22:04:49, on 13/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\System32\wltrysvc.exe F:\WINDOWS\System32\bcmwltry.exe F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe F:\WINDOWS\system32\spoolsv.exe F:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe F:\WINDOWS\ATKKBService.exe F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe F:\PROGRA~1\Grisoft\AVG7\avgemc.exe F:\WINDOWS\system32\nvsvc32.exe F:\WINDOWS\system32\PnkBstrA.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\Explorer.EXE F:\WINDOWS\RTHDCPL.EXE F:\Program Files\Java\jre1.6.0_03\bin\jusched.exe F:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe F:\WINDOWS\system32\wltray.exe F:\PROGRA~1\Grisoft\AVG7\avgcc.exe F:\WINDOWS\system32\RUNDLL32.EXE F:\Program Files\AGEIA Technologies\TrayIcon.exe F:\Program Files\Common Files\Real\Update_OB\realsched.exe F:\Program Files\iTunes\iTunesHelper.exe F:\WINDOWS\vsnpstd.exe F:\WINDOWS\system32\ctfmon.exe F:\Program Files\U-ABIT\ABITEQ\abiteq.exe F:\Program Files\RealPlay.exe F:\Program Files\DAEMON Tools\daemon.exe F:\Program Files\RALINK\Common\RaUI.exe F:\Program Files\iPod\bin\iPodService.exe F:\WINDOWS\system32\wuauclt.exe F:\Program Files\Windows Live\Messenger\msnmsgr.exe F:\PROGRA~1\MOZILL~1\FIREFOX.EXE F:\Program Files\LimeWire\LimeWire.exe F:\Documents and Settings\Prince Yuki\My Documents\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer Provided by Wanadoo O2 - BHO: SystemApp - {163D9676-810E-11DC-8314-0800200C9A66} - F:\Program Files\SystemApp\ie-improver.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - F:\Program Files\FlashGet\jccatch.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - F:\Program Files\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar2.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - F:\Program Files\FlashGet\getflash.dll O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - F:\WINDOWS\system32\WSBar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [sunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" O4 - HKLM\..\Run: [wltray.exe] F:\WINDOWS\system32\wltray.exe O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AGEIA PhysX SysTray] F:\Program Files\AGEIA Technologies\TrayIcon.exe O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [snpstd] F:\WINDOWS\vsnpstd.exe O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ABIT uGuruIII] F:\Program Files\U-ABIT\ABITEQ\abiteq.exe O4 - HKCU\..\Run: [msnmsgr] "F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools] "F:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - Global Startup: Ralink Wireless Utility.lnk = F:\Program Files\RALINK\Common\RaUI.exe O8 - Extra context menu item: &Download All with FlashGet - F:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - F:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Search with Wanadoo - res://F:\WINDOWS\system32\WSBar.dll/VSearch.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - F:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - F:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - F:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple, Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - F:\WINDOWS\ATKKBService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - F:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - F:\WINDOWS\System32\wltrysvc.exe Is there anything screaming to be removed? thanks guys/gals =] John Quote
Seth Posted January 13, 2008 Posted January 13, 2008 Hi John. Your running processes are out of control. Do a ctr-alt-del to enter Task Manager. Go into the process tab and end the process TREE for anything that's taking up more than 20% of the cpu. Now download, run, update, and run a complete system scan with SuperAntiSpyware from http://www.superantispyware.com. Post the the Super log by going into it's Preferences>Logs. Also post a new HT log. Quote Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here
AdvancedSetup Posted January 13, 2008 Posted January 13, 2008 Hello and welcome to the board. Is there anything screaming to be removed? Yes- LIMEWIRE That is probably the main reason you have a couple of the other items. Uninstall Limewire then update your Ad-Aware 2007 definitions (I know some people here are not crazy about Ad-Aware but overall I think it's okay) Then do a scan and have it fix the items in question. Then uninstall the current HiJackThis you have and install a new version from here: Hijackthis 2.0.2 http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis Then post a new log. I know you may want (or think you want Limewire, but aside from the potential legal issues, there are thousands of Trojan infected programs on the Limewire and other peer2peer networks like it) but it really is dangerous to use programs like that. Quote Need help with your computer problems? Then why not join Free PC Help. Register hereIf Free PC Help has helped you then please consider a donation. Click here Malwarebytes' Anti-Malware | Malwarebytes' Products | SUPERAntispyware | HijackThis | Spybot Search & Destroy | hpHosts | SpywareBlaster | WinPatrol | SiteHound | FireFox | NoScript | Adblock Plus | Sandboxie | Acronis True Image | ThreatFire | ESET Online Scanner | Kaspersky Online Scanner | Panda Online Scanner | Trend Online Scanner | Avira AntiVir Personal | Avast Free AV | CCleaner | ATF-Cleaner | Online Armor Firewall | Outpost Firewall Free | DirectX | Office Compatibility Pack | Office 2003 (SP3) | SubInACL | Windows Defender | Windows Installer 3.1 | IE7 XP | XP SP3 for IT | Sysinternals | Virtual PC 2007 | Returnil We are all members helping other members.Please return here where you may be able to help someone else.After all, no one knows everything and you may have the answer that someone needs.
prince_yuki Posted January 13, 2008 Author Posted January 13, 2008 I looked at the processes menu and theres an svchost.exe thats taking up 85-92% of my cpu usage, wtf? lol what do i do? all the other svchost.exe take about.... well next to nothing. what do i do? :S and im not gonna uninstall limewire lol theres nothing wrong with it ive had it for ages. And yes ad aware is uber mint! Quote
prince_yuki Posted January 14, 2008 Author Posted January 14, 2008 hi again (sorry). ok, I got the latest hijackthis and updated and scanned my computer with ad-aware and it found a couple of tracking cookies, thats it. but this svchost.exe is really bugging me, it shouldnt be taking up 90% of my cpu usage =/ uber pap =[ thanks again guys/gals Quote
Guest Wolfeymole Posted January 14, 2008 Posted January 14, 2008 and im not gonna uninstall limewire lol theres nothing wrong with it ive had it for ages. Prince Yuki Advanced Setup has told you about the dangers of Limewire and Seth will too I have no doubt. Have you perhaps thought why you may be having trouble in the first place? Please follow their advice. Quote
prince_yuki Posted January 14, 2008 Author Posted January 14, 2008 hokie poke ive unistalled limewire =/ and scanned again with hijackthis. still having the same problem with the svchost.exe tho :l thats the problem, not a virus or spyware =[ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:02:22, on 14/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\System32\wltrysvc.exe F:\WINDOWS\System32\bcmwltry.exe F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe F:\WINDOWS\system32\spoolsv.exe F:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe F:\WINDOWS\Explorer.EXE F:\WINDOWS\ATKKBService.exe F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe F:\PROGRA~1\Grisoft\AVG7\avgemc.exe F:\WINDOWS\system32\nvsvc32.exe F:\WINDOWS\system32\PnkBstrA.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\RTHDCPL.EXE F:\Program Files\Java\jre1.6.0_03\bin\jusched.exe F:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe F:\WINDOWS\system32\wltray.exe F:\PROGRA~1\Grisoft\AVG7\avgcc.exe F:\WINDOWS\system32\RUNDLL32.EXE F:\Program Files\AGEIA Technologies\TrayIcon.exe F:\Program Files\Common Files\Real\Update_OB\realsched.exe F:\WINDOWS\vsnpstd.exe F:\WINDOWS\system32\ctfmon.exe F:\Program Files\U-ABIT\ABITEQ\abiteq.exe F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe F:\Program Files\DAEMON Tools\daemon.exe F:\Program Files\RALINK\Common\RaUI.exe F:\Program Files\iPod\bin\iPodService.exe F:\WINDOWS\system32\wuauclt.exe F:\PROGRA~1\MOZILL~1\FIREFOX.EXE F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe F:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer Provided by Wanadoo O2 - BHO: SystemApp - {163D9676-810E-11DC-8314-0800200C9A66} - F:\Program Files\SystemApp\ie-improver.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - F:\Program Files\FlashGet\jccatch.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - F:\Program Files\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar2.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - F:\Program Files\FlashGet\getflash.dll O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - F:\WINDOWS\system32\WSBar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [sunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" O4 - HKLM\..\Run: [wltray.exe] F:\WINDOWS\system32\wltray.exe O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AGEIA PhysX SysTray] F:\Program Files\AGEIA Technologies\TrayIcon.exe O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [snpstd] F:\WINDOWS\vsnpstd.exe O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ABIT uGuruIII] F:\Program Files\U-ABIT\ABITEQ\abiteq.exe O4 - HKCU\..\Run: [msnmsgr] "F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools] "F:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] F:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Ralink Wireless Utility.lnk = F:\Program Files\RALINK\Common\RaUI.exe O8 - Extra context menu item: &Download All with FlashGet - F:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - F:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Search with Wanadoo - res://F:\WINDOWS\system32\WSBar.dll/VSearch.htm O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - F:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - F:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - F:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple, Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - F:\WINDOWS\ATKKBService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - F:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - F:\WINDOWS\System32\wltrysvc.exe -- End of file - 8232 bytes Quote
AdvancedSetup Posted January 14, 2008 Posted January 14, 2008 Go here and get Process Explorer v11.04 http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx This will tell you what is running behind each one of the svchost.exe files AutoRuns for Windows v9.02 http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx This will show you all types of items that are starting when your computer starts. Be careful with it, but uncheck items that you KNOW FOR SURE that you don't use or rarely use There is no since in loading most of this stuff up all the time. If you need help with deciding let us know, don't just delete items with AutoRuns. You should also create a new System Restore just in case before messing with it too much. Quote Need help with your computer problems? Then why not join Free PC Help. Register hereIf Free PC Help has helped you then please consider a donation. Click here Malwarebytes' Anti-Malware | Malwarebytes' Products | SUPERAntispyware | HijackThis | Spybot Search & Destroy | hpHosts | SpywareBlaster | WinPatrol | SiteHound | FireFox | NoScript | Adblock Plus | Sandboxie | Acronis True Image | ThreatFire | ESET Online Scanner | Kaspersky Online Scanner | Panda Online Scanner | Trend Online Scanner | Avira AntiVir Personal | Avast Free AV | CCleaner | ATF-Cleaner | Online Armor Firewall | Outpost Firewall Free | DirectX | Office Compatibility Pack | Office 2003 (SP3) | SubInACL | Windows Defender | Windows Installer 3.1 | IE7 XP | XP SP3 for IT | Sysinternals | Virtual PC 2007 | Returnil We are all members helping other members.Please return here where you may be able to help someone else.After all, no one knows everything and you may have the answer that someone needs.
RandyL Posted January 14, 2008 Posted January 14, 2008 Hi prince; All great advice above. You do really have to get your startup programs down to a minimum. But the first thing I would do is clean your machine thouroughly. AVG and AdAware by themselves are not good enough to clean what you obviously have on your computer. I would run all these programs as I usually do when I see a system such as yours. First uninstall any programs that may harbor issues. Scan again with your AVG. Scan again with AdAware. http://www.lavasoftusa.com/products/ad_aware_free.php Scan with Spybot S&D. http://www.safer-networking.org/en/index.html Scan with SuperAntSpyware. http://www.superantispyware.com/superantispywarefreevspro.htmlhttp://www.superantispyware.com/superantispywarefreevspro.html Do an online scan with housecall. http://housecall.trendmicro.com/ More programs or steps may be needed. Once you're sure it's clean turn system restore off, then on then make a restore point. Get your startup programs under control. Pacs-portal. Learn more and database. http://www.pacs-portal.co.uk/startup_index.htm Sysinfo. Database. http://www.sysinfo.org/startuplist.php Use AdvancedSetup's links to look into your processes. RandyL Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
Seth Posted January 14, 2008 Posted January 14, 2008 Automatic Updates can often cause an out of control process. I've used LimeWire for years on three computers with no issue, as downloading music in Canada is legal. Most of my customers use LW as well with no issue. Unlike most P2P software, LW does not come bundled with malware. Here is a copy of a post I made to a Canadian member on another forum, that needed advice on her teenager using LW: Queeny, Not only is music sharing through Limewire safe, but it's legal in Canada. Whenever you buy a blank cd or dvd, you pay a small levee which goes to the music industry. The MYTH of file sharing originates from the following (none of which applies to Limewire when downloading music). 1) "I heard downloading music with P2P (peer to peer) software will give my computer viruses". "I have no evidence to prove it, but I read it on the internet so it must be true". "Therefore, I'll spread the word ad nauseum". 2) Most P2P's come bundled with some sort of malware. Limewire does not. 3) There is some malware that infects illegal SOFTWARE sharing through P2P's, but music downloads are of little threat when compared to... 4) ...messages such as the ones I posted in "How to Prevent A Malware Infection". Utilize good internet security, recognize the signs of malware, and let the kids have fun with Limewire...but go into Limewire's preferences and disable adult content. Trust me Queeny, the kids on messaging services (like MSN Messenger) and "entertainment sites" geared toward the younger crowd, pose a hell of a lot more risk than downloading music with Limewire. ...a follow up post when she asked about Kazaa: Kazaa comes bundled with malware. There is a "cracked" version of it called KazaaLite that has had the embedded malware removed. Doesn't matter though, as Kazaa has been replaced with the malware free Limewire (http://www.limewire.com). What you're reading on the other sites in regards to P2P is general misinformation for the reasons I stated in my last post. Besides, since file sharing is illegal in the US, then they obviously don't have any experience with it. Almost all computer infections derive from being duped by similar messages such as: "We've detected that your computer has Spyware (or registry errors/traces of porn). Click here to install such and such program to fix the problem". "Check out this cool picture I just sent you" when using instant messaging programs. Always confirm with the sender that they actually sent the picture. "To view this video, you need to install our codec (or media player)". As a general rule of thumb, if the video can't be played in Window's Media Player, Quick Time, or the DivX media player, then it's likely a TH. Obvious signs of infection are scare tactics advertisement popups , and unusual behavior from your browser. Yuki, Run HT again and put a check on only these two entries: O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - F:\WINDOWS\system32\WSBar.dll O8 - Extra context menu item: Search with Wanadoo - res://F:\WINDOWS\system32\WSBar.dll/VSearch.htm Click Fix Checked and restart the computer when prompted. Run the antimalware apps that Randy posted. Once that's all done, we can get rid of your needless startup items. BTW-You should be able to get temporary control of the system by right clicking on that process and choosing End Process Tree. Quote Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here
prince_yuki Posted January 14, 2008 Author Posted January 14, 2008 Hi again guys/gals, thanks for the help so far =]. My computer is a bit cleaner now. What should I do next? I've removed the two items that Seth mentioned (thankyou) and rescanned my computer with all of the programs which Randy posted for me (thankyou). I have looked at the process tree for that svchost.exe and stopped the automatic updates temporaily to see if there was any change. There wasn't, but at least we can now rule this out =]. the processes included are nothing out of the ordinary but there are A LOT!shouldn't they be divided between the other svchost's? I don't know, but you guys/gals have been fab so far =]. This problem just doesnt want to budge lol John Quote
Seth Posted January 14, 2008 Posted January 14, 2008 Let's see if the problem exists in Safe Mode: Keep tapping F8 as soon as you turn on the computer and choose Safe Mode from the menu. Quote Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here
AdvancedSetup Posted January 14, 2008 Posted January 14, 2008 You need to download and install this application. The other programs typically will not show you the process tree. Viewing what is behind svchost.exe requires a process tree to be shown. Process Explorer v11.04 http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx This will tell you what is running behind each one of the svchost.exe files You can sort it by TREE VIEW and find each of the svchost.exe files to see what is being loaded with them and see if they appear to be legitimate files or not. Quote Need help with your computer problems? Then why not join Free PC Help. Register hereIf Free PC Help has helped you then please consider a donation. Click here Malwarebytes' Anti-Malware | Malwarebytes' Products | SUPERAntispyware | HijackThis | Spybot Search & Destroy | hpHosts | SpywareBlaster | WinPatrol | SiteHound | FireFox | NoScript | Adblock Plus | Sandboxie | Acronis True Image | ThreatFire | ESET Online Scanner | Kaspersky Online Scanner | Panda Online Scanner | Trend Online Scanner | Avira AntiVir Personal | Avast Free AV | CCleaner | ATF-Cleaner | Online Armor Firewall | Outpost Firewall Free | DirectX | Office Compatibility Pack | Office 2003 (SP3) | SubInACL | Windows Defender | Windows Installer 3.1 | IE7 XP | XP SP3 for IT | Sysinternals | Virtual PC 2007 | Returnil We are all members helping other members.Please return here where you may be able to help someone else.After all, no one knows everything and you may have the answer that someone needs.
prince_yuki Posted January 15, 2008 Author Posted January 15, 2008 Hey, im at college at the moment but as soon as i get home, I will try safe mode (thanks seth). Ive already got process explorer, (thanks Advanced) that was what I used. I will look again and post the list of services it is running? might be something there that shouldnt be. Thanks peeps =] John Quote
Seth Posted January 15, 2008 Posted January 15, 2008 To disable your needless startup programs: Start>Run>Type in msconfig and click ok. Put a dot on Selective Startup, then click the Startup tab. Uncheck the following: RTHDCPL Alcmtr NvCplDaemon nwiz Adobe Photo Downloader or anything Adobe NvMediaCenter AGEIA TkBellExe realsched.exe QuickTime Task iTunesHelper snpstd ABIT msnmsgr - If you would would rather click it on when needed, go into it's preferences and disable it from starting when Windows starts. DAEMON Tools ANYTHING Ctfmon (Very Important!) Click apply,ok, and restart when prompted. You'll know you did it right if a system utility message appears on the restart (just put a check in Don't show me this message again). Quote Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here
prince_yuki Posted January 15, 2008 Author Posted January 15, 2008 Hokie poke, will do =] thankyou seth (Y) Quote
prince_yuki Posted January 16, 2008 Author Posted January 16, 2008 Hi again peeps, here's the process tree for the svchost thats taking up the majority of my processing power: In the fade in description box it shows: Services: Automatic Updates [wuauserv] Background Intelligent transfer service [bITS] COM+ Event System [Event System] Computer Browser [browser] Cryptographic Services [CryptSvc] Windows Audio [audioSrv] DHCP Client [Dhcp] Error Reporting Service [ERSvc] Fast User Switching Compatibility [FastUserSwitchingCompatibility] Help and Support [helpsvc] HID Input Service [HidServ] Server [lanmanserver] Workstation [lanmanworkstation] Network Connections [Netman] Network Location awareness (NLA) [Nla] Remote Access Connection Manager [RasMaN] Task Scheduler [schedule] Secondary Logon [seclogon] System Event Notification [sENS] Windows Firewall/Internet Connection Sharing (ICS) [sharedAccess] Shell Hardware Detection [shellHWDetection] System Restore Service [srservice] Telephony [TapiSrv] Themes [Themes] Distributed Link Tracking Client [TrkWks] Windows Time [W32Time] Windows Management Instrumentation [winmgmt] Security Center [wscsvc] Wireless Zero Configuration [WZCSVC] I was thinking of posting the autoruns log too but its a bit messy =/ If it would help then tell me and I'll pm it or post here, but it's hooooge and messy lol thanks, John Quote
Seth Posted January 16, 2008 Posted January 16, 2008 The startup items from post 15 are very important. Have you done that yet? Quote Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here
prince_yuki Posted January 18, 2008 Author Posted January 18, 2008 Yep, done those startup items now =] Thankyou, John Quote
prince_yuki Posted January 18, 2008 Author Posted January 18, 2008 The Svchost is still pummeling my cpu, is there anything in the services list thats a bit odd? :s Cheers Quote
Seth Posted January 18, 2008 Posted January 18, 2008 Have you run the scans that were mentioned? As your HT log shows signs of infection. For Super, you need to update it and run a full scan. Also run an online scan from these sites: http://www.bitdefender.com and http://www.eset.com/onlinescan/ Run HT again and put a check on the following lines only: O2 - BHO: SystemApp - {163D9676-810E-11DC-8314-0800200C9A66} - F:\Program Files\SystemApp\ie-improver.dll O8 - Extra context menu item: Search with Wanadoo - res://F:\WINDOWS\system32\WSBar.dll/VSearch.htm Also check the Event Viewer for clues. You should be able to temporarily gain control of the system by right clicking on that process and ending it and/or the process tree. Quote Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here
AdvancedSetup Posted January 18, 2008 Posted January 18, 2008 Well unless it's a rootkit that process tree that he last posted aside from maybe a couple items are all normal for the system to be using. Agree though that the system needs to be completely clean before doing much else and there is no single scanner that can or will catch everything. I know it's a pain and quite time consuming, but you need to run scans to clean the system up. Quote Need help with your computer problems? Then why not join Free PC Help. Register hereIf Free PC Help has helped you then please consider a donation. Click here Malwarebytes' Anti-Malware | Malwarebytes' Products | SUPERAntispyware | HijackThis | Spybot Search & Destroy | hpHosts | SpywareBlaster | WinPatrol | SiteHound | FireFox | NoScript | Adblock Plus | Sandboxie | Acronis True Image | ThreatFire | ESET Online Scanner | Kaspersky Online Scanner | Panda Online Scanner | Trend Online Scanner | Avira AntiVir Personal | Avast Free AV | CCleaner | ATF-Cleaner | Online Armor Firewall | Outpost Firewall Free | DirectX | Office Compatibility Pack | Office 2003 (SP3) | SubInACL | Windows Defender | Windows Installer 3.1 | IE7 XP | XP SP3 for IT | Sysinternals | Virtual PC 2007 | Returnil We are all members helping other members.Please return here where you may be able to help someone else.After all, no one knows everything and you may have the answer that someone needs.
prince_yuki Posted January 18, 2008 Author Posted January 18, 2008 hokie poke guys =] will let you know when I'm done thanks again for you your time guys =] John Quote
prince_yuki Posted January 19, 2008 Author Posted January 19, 2008 ok, ive scanned with them online scanners, had to install the active x controls for them aswell and Ive updated and scanned with Superantispyware too Quote
RandyL Posted January 19, 2008 Posted January 19, 2008 Hi prince; Did they detect and remove anything? If so do you remember what? Is there any change? RandyL Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.