Jump to content

svchost.exe causing 100% cpu usage

carterhelp
 Share

Recommended Posts

carterhelp

carterhelp

Posted
Posted

I think my computer is infected. I found & removed "Malware Protection" virus but there must still be something causing problems. One of the problems is the svchost.exe process causing 100% cpu usage. I also have internet redirection problems. I downloaded & ran the Combofix.exe & here is the log file from that:

ComboFix 11-06-15.04 - Carol WS #5 06/16/2011 12:12:34.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1278.988 [GMT -5:00]

Running from: c:\documents and settings\Carol WS #5\Desktop\ComboFix.exe

AV: McAfee VirusScan *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Carol WS #5\Application Data\Sun\ddee.dat

c:\documents and settings\Carol WS #5\Application Data\Sun\mnj.dat

c:\documents and settings\Carol WS #5\Application Data\Sun\mxd1.txt

c:\documents and settings\Carol WS #5\Application Data\Sun\ppkk.dat

c:\documents and settings\Carol WS #5\Application Data\Sun\uuoo.dat

c:\documents and settings\Carol WS #5\WINDOWS

c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-05-16 to 2011-06-16 )))))))))))))))))))))))))))))))

.

.

2011-06-16 12:29 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys

2011-06-16 12:29 . 2011-04-29 19:07 852480 -c----w- c:\windows\system32\dllcache\vgx.dll

2011-06-15 19:39 . 1996-12-02 23:44 582144 ----a-w- c:\program files\Common Files\Microsoft Shared\DAO350.DLL

2011-06-15 19:37 . 1999-12-17 16:57 26896 ----a-w- c:\windows\system32\Hh.exe

2011-06-15 14:28 . 2011-06-16 17:00 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2011-06-14 19:05 . 1996-12-02 23:44 582144 ----a-w- c:\program files\Common Files\Microsoft Shared\DAO\DAO350.DLL

2011-06-10 17:11 . 2011-06-10 17:11 -------- d-----w- C:\$AVG

2011-06-10 16:40 . 2011-06-10 16:40 -------- d-----w- c:\documents and settings\Carol WS #5\Application Data\AVG10

2011-06-10 16:34 . 2011-06-10 16:34 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files

2011-06-10 16:31 . 2011-06-16 16:47 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10

2011-06-10 16:29 . 2011-06-16 17:00 -------- d-----w- c:\program files\AVG

2011-06-10 16:24 . 2011-06-16 16:45 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2011-06-09 20:22 . 2011-06-09 20:22 -------- d-----w- c:\documents and settings\Carol WS #5\Application Data\Malwarebytes

2011-06-09 20:22 . 2011-06-09 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-02 15:31 . 2005-12-09 01:28 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 16:19 . 2004-08-12 13:22 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 14:47 . 2004-08-12 13:33 667136 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 14:47 . 2004-08-12 13:30 61952 ----a-w- c:\windows\system32\tdc.ocx

2011-04-25 14:47 . 2004-08-12 13:19 81920 ----a-w- c:\windows\system32\ieencode.dll

2011-04-25 12:56 . 2004-08-12 13:19 369664 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37 . 2004-08-12 13:23 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2011-04-13 18:30 . 2011-04-13 18:30 37027 ----a-w- c:\windows\atmoUn.exe

.

<pre>
c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate .exe
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
c:\program files\ScanSoft\OmniPageSE4\OpwareSE4 .exe
</pre>

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [N/A]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-25 122939]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]

.

c:\documents and settings\Carol WS #5\Start Menu\Programs\Startup\

Eagle Listener.lnk - c:\3apps\Catapult\3listen.exe [2011-6-14 573440]

Eagle Scheduler.lnk - c:\3apps\Catapult\Sched.exe [2010-10-26 745472]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"23514:TCP"= 23514:TCP:spport

.

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 8:48 AM 135664]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 8:48 AM 135664]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 13:48]

.

2011-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 13:48]

.

.

------- Supplementary Scan -------

.

uInternet Connection Wizard,ShellNext = iexplore

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

TCP: Interfaces\{28CC0F2B-9A16-47BE-B4AD-A286619AFC77}: NameServer = 64.254.32.10,64.254.32.11

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-16 12:21

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: ST340014A rev.8.16 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

.

device: opened successfully

user: MBR read successfully

error: Read A device attached to the system is not functioning.

kernel: MBR read successfully

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x8972131B

user & kernel MBR OK

.

**************************************************************************

.

Completion time: 2011-06-16 12:24:54

ComboFix-quarantined-files.txt 2011-06-16 17:24

.

Pre-Run: 25,578,061,824 bytes free

Post-Run: 25,694,121,984 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 284D46F54CA430F2D229836ACB79CD32

Link to post
Share on other sites
Firefox

Firefox

Posted
Posted

Hello, and Welcome to Malwarebytes

If you think you are infected, here are the steps needed to get your computer cleaned....

Please read the following so that you can begin the cleaning process:

You have 3 Options that you can choose from as listed below:

[*]Option 1

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.