Services.exe and Csrss.exe cause 100% CPU Usage

F

Figo

Dear All,

There a virus infected PC that when start up to Winodws XP Home Edition, it
always gets to 100% CPU Usage ( Task Manager show Services.exe and Csrss.exe
are the main process causing 100% Usage ), I tried many anti-virus or
anti-spy problem, but the problem is still existing, below is the report for
the infected PC, hope someone can help to find where the problem is and how
to killl this virus ! Thank you very much



Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:53:21 PM, on 10/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\aspimgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Admin\Desktop\Virus Related\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.kztechs.com/sreng/help2/apihook.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1597B44C-EA75-4C5A-BF42-545878455C25} - C:\Program
Files\iTunes\meposydi4444.dll (file missing)
O2 - BHO: (no name) - {35721A52-0E6E-4708-A767-D443939E6638} -
C:\WINDOWS\system32\clbcat.dll
O2 - BHO: (no name) - {48291E74-0979-EB5A-3A45-063AC20662C1} - C:\Program
Files\Jztpokxq\nwwmwkeg.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -
C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program
Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common
Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} -
C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Windows Live Toolbar Helper -
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live
Toolbar\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Windows Live Toolbar -
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live
Toolbar\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] ; C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil
/RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] ; C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
/SYNC
O4 - HKLM\..\Run: [PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
/IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless
Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet
Security\UrlLstCk.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch
Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP
Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [zzz_ImInstaller_IncrediMail]
C:\DOCUME~1\Admin\LOCALS~1\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe
-startup -product IncrediMail
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC
Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan
Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common
Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Audio Device Manager] ; WNDXP.exe
O4 - HKLM\..\Run: [defctgry] ; regsvr32 /u "C:\Documents and Settings\All
Users\Application Data\defctgry.dll"
O4 - HKLM\..\Run: [idmnerkz] ; rundll32.exe "C:\Program
Files\idmnerkz\wvcxkxov.dll",Init
O4 - HKLM\..\Run: [kyrcupzp] ; C:\Program Files\Cphjnecq\kyrcupzp.exe
O4 - HKLM\..\Run: [mstaskmgr.exe] ; C:\WINDOWS\system32\mstaskmgr.exe
O4 - HKLM\..\Run: [RegistryMonitor1] ;
O4 - HKLM\..\Run: [SC2] ; C:\Program Files\SecCenter\scprot4.exe
O4 - HKLM\..\Run: [startdrv] ; C:\WINDOWS\Temp\startdrv.exe
O4 - HKLM\..\Run: [SystemSv12] ; C:\WINDOWS\system32\newmaxxsv234.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] ; "C:\Program Files\Spyware
Doctor\swdoctor.exe" /Q
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite
6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware
Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite
6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk =
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program
Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program
Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -
C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {003FACAF-40CB-4358-96D2-B0D8CEF4DBF5} (SKeyHelper Class) -
https://bet.hongkongjockeyclub.com/ib/skey/en/cab/EWinSKey.CAB
O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} (DataStorage Class) -
http://txn02.hkjc.com/BetSlip/object/HKJCSecKey.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -
http://messenger.zone.msn.com/EN-IN/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient
Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All
Users\Documents\Settings\partnership.dll
O22 - SharedTaskScheduler: Browseui preloader -
{438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon -
{8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program
Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Microsoft ASPI Manager (aspimgr) - Unknown owner -
C:\WINDOWS\system32\aspimgr.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. -
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner -
C:\WINDOWS\SFA\command.exe (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON
CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development
Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -
C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program
Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service
(LightScribeService) - Unknown owner - C:\Program Files\Common
Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. -
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program
Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. -
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec
Corporation - C:\Program Files\Norton Internet Security\Norton
AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network
Monitor\netmon.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner -
C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity
Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

--
End of file - 12607 bytes


Regards,
Dan
 
B

Bill P

Figo said:
Dear All,

There a virus infected PC that when start up to Winodws XP Home Edition,
it
always gets to 100% CPU Usage ( Task Manager show Services.exe and
Csrss.exe
are the main process causing 100% Usage ), I tried many anti-virus or
anti-spy problem, but the problem is still existing, below is the report
for
the infected PC, hope someone can help to find where the problem is and
how
to killl this virus ! Thank you very much
Click to expand...


Hi Dan
Copy and paste the Highjackthis file here http://hijackthis.de/ and you will
see that you have a few nasties and a Trojan.
Regards
Bill
 
G

Gerry

What are these?
O4 - HKLM\..\Run: [defctgry] ; regsvr32 /u "C:\Documents and
Settings\All
Users\Application Data\defctgry.dll"
O4 - HKLM\..\Run: [idmnerkz] ; rundll32.exe "C:\Program
Files\idmnerkz\wvcxkxov.dll",Init
O4 - HKLM\..\Run: [kyrcupzp] ; C:\Program Files\Cphjnecq\kyrcupzp.exe

Post the HijackThis log to the HijackThis forum here:
http://aumha.net/

You will need to register with Aumha to be able to post.

Another useful site for advice is:
http://www.elephantboycomputers.com/page2.html#Removing_Malware

--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
Dear All,

There a virus infected PC that when start up to Winodws XP Home
Edition, it always gets to 100% CPU Usage ( Task Manager show
Services.exe and Csrss.exe are the main process causing 100% Usage ),
I tried many anti-virus or anti-spy problem, but the problem is still
existing, below is the report for the infected PC, hope someone can
help to find where the problem is and how to killl this virus ! Thank
you very much


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:53:21 PM, on 10/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\aspimgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton
AntiVirus\navapsvc.exe C:\Program Files\McAfee\Common
Framework\naPrdMgr.exe C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Admin\Desktop\Virus
Related\HiJackThis_v2.exe C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start
Page = about:blank R1 - HKCU\Software\Microsoft\Internet Connection
Wizard,ShellNext = http://www.kztechs.com/sreng/help2/apihook.htm
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no
name) - {1597B44C-EA75-4C5A-BF42-545878455C25} -
C:\Program Files\iTunes\meposydi4444.dll (file missing)
O2 - BHO: (no name) - {35721A52-0E6E-4708-A767-D443939E6638} -
C:\WINDOWS\system32\clbcat.dll
O2 - BHO: (no name) - {48291E74-0979-EB5A-3A45-063AC20662C1} -
C:\Program Files\Jztpokxq\nwwmwkeg.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}
- C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -
C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common
Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor -
{B56A7D7D-6927-48C8-A975-17DF180C71AC} -
C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: Windows Live Toolbar
Helper -
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live
Toolbar\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -
C:\Program Files\Norton Internet Security\Norton
AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus -
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton
Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Windows
Live Toolbar -
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live
Toolbar\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] ; C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE"
/Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] ; C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP
Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program
Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run:
[iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 -
HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet
Security\UrlLstCk.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch
Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default
Settings\cpqset.exe O4 - HKLM\..\Run: [LSBWatcher]
c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [HP
Software Update] C:\Program Files\Hewlett-Packard\HP Software
Update\HPWuSchd2.exe O4 - HKLM\..\Run: [zzz_ImInstaller_IncrediMail]
C:\DOCUME~1\Admin\LOCALS~1\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe
-startup -product IncrediMail
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program
Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan
Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common
Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Audio Device Manager] ; WNDXP.exe
O4 - HKLM\..\Run: [defctgry] ; regsvr32 /u "C:\Documents and
Settings\All Users\Application Data\defctgry.dll"
O4 - HKLM\..\Run: [idmnerkz] ; rundll32.exe "C:\Program
Files\idmnerkz\wvcxkxov.dll",Init
O4 - HKLM\..\Run: [kyrcupzp] ; C:\Program Files\Cphjnecq\kyrcupzp.exe
O4 - HKLM\..\Run: [mstaskmgr.exe] ; C:\WINDOWS\system32\mstaskmgr.exe
O4 - HKLM\..\Run: [RegistryMonitor1] ;
O4 - HKLM\..\Run: [SC2] ; C:\Program Files\SecCenter\scprot4.exe
O4 - HKLM\..\Run: [startdrv] ; C:\WINDOWS\Temp\startdrv.exe
O4 - HKLM\..\Run: [SystemSv12] ; C:\WINDOWS\system32\newmaxxsv234.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] ; "C:\Program Files\Spyware
Doctor\swdoctor.exe" /Q
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC
Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware
Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC
Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk =
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program
Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program
Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
- C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Spyware Doctor -
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -
C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Research -
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
- C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {003FACAF-40CB-4358-96D2-B0D8CEF4DBF5} (SKeyHelper Class) -
https://bet.hongkongjockeyclub.com/ib/skey/en/cab/EWinSKey.CAB
O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} (DataStorage Class)
- http://txn02.hkjc.com/BetSlip/object/HKJCSecKey.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload
Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -
http://messenger.zone.msn.com/EN-IN/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072}
(MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All
Users\Documents\Settings\partnership.dll
O22 - SharedTaskScheduler: Browseui preloader -
{438755C2-A8BA-11D1-B96B-00A0C90312E1} -
C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component
Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} -
C:\WINDOWS\system32\browseui.dll O23 - Service: Ad-Aware 2007 Service
(aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware
2007\aawservice.exe O23 - Service: Microsoft ASPI Manager (aspimgr) -
Unknown owner -
C:\WINDOWS\system32\aspimgr.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. -
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) -
Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccProxy.exe O23 - Service: Symantec Password Validation
(ccPwdSvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager
(ccSetMgr) - Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccSetMgr.exe O23 - Service: Command Service
(cmdService) - Unknown owner -
C:\WINDOWS\SFA\command.exe (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) -
SEIKO EPSON CORPORATION - C:\Program Files\Common
Files\EPSON\EBAPI\SAgent2.exe O23 - Service: HP WMI Interface
(hpqwmi) - Hewlett-Packard Development
Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -
C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program
Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service
(LightScribeService) - Unknown owner - C:\Program Files\Common
Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee,
Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program
Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. -
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) -
Symantec Corporation - C:\Program Files\Norton Internet
Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program
Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP -
C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec
Corporation - C:\Program
Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec
Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner -
C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC
Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) -
Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
Click to expand...
 
V

VanguardLH

improvepctools said:
Figo wrote on 10/15/2007 19:44 :
Click to expand...
I had this one also, I probably had as virus causing the cpu usage to be 100%
because after I used AVG it stopped from happening.
Click to expand...

So your "solution" to someone with an infected host is "probably a virus"
that you didn't identify and to a thread that was over 2 years old.

Look at the datestamps before replying.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Process dulication issue 3
Cannt access Microsoft Website 1
HiJack this log: 2
Microsoft Visual C++ runtime library error (smproxy.exe) 2
Server busy - switch to, retry comes up when opening files 0
No internet connection works + new computer slowness. HJT log incl 7
services32.exe failed 3
plz help me 3

Top