100 % cpu at reboot and no access to Windows update
Solved/Closed
yanu22
Posts
7
Registration date
Monday December 10, 2012
Status
Member
Last seen
December 22, 2012
-
Dec 19, 2012 at 04:52 AM
yanu22 - Dec 30, 2012 at 05:53 AM
yanu22 - Dec 30, 2012 at 05:53 AM
Related:
- 100 % cpu at reboot and no access to Windows update
- Kmspico windows 10 - Download - Other
- Ms access download - Download - Databases
- No signal on monitor but cpu running - Guide
- Blackmagic disk speed test windows - Download - Diagnosis and monitoring
- How do i update my facebook account to new version and design - Guide
14 responses
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,169
Dec 19, 2012 at 05:32 AM
Dec 19, 2012 at 05:32 AM
Hello,
At first glance, your system is very much infected by all kinds of malware (spyrare, adware, trojan horse) including a rootkit.
I also noticed that you have cracked applications and key generators. I trust that you are willing to delete those, otherwise will not be able to help you.
At first glance, your system is very much infected by all kinds of malware (spyrare, adware, trojan horse) including a rootkit.
I also noticed that you have cracked applications and key generators. I trust that you are willing to delete those, otherwise will not be able to help you.
yanu22
Posts
7
Registration date
Monday December 10, 2012
Status
Member
Last seen
December 22, 2012
Dec 19, 2012 at 05:40 AM
Dec 19, 2012 at 05:40 AM
yes no problem just list them thank you
yanu22
Posts
7
Registration date
Monday December 10, 2012
Status
Member
Last seen
December 22, 2012
Dec 19, 2012 at 06:13 AM
Dec 19, 2012 at 06:13 AM
i got those old crack games from others but i understand it is not a proper way to play it.
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,169
Dec 19, 2012 at 06:15 AM
Dec 19, 2012 at 06:15 AM
First lets try to gain some power.
This only a first step and considering all the infected files and that I must soon sign off, we may not be able to do everything today.
(You have 4 browser applications, do you need so many?)
Attacking the rootkit
1. Downnload the following on your desktop:
https://support.kaspersky.com/downloads/utils/tdsskiller.zip
2. Close all running application including this one.
3. Unzip the folder and run the tool.
4. Once the scan is finished, check all the items found and delete.
5. Close the tool
Attacking some viruses
On your desktop, ZHP Diag created an icon called ZHP Fix
1. Open ZHP Fix
2. Copy the following lines:
[MD5.0A61A3ACE26CA4FC637BC8AF8C05CC00] - (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe [115032] [PID.] O4 - HKLM\..\Run: [SweetIM] . (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Sweetpacks Communicator] . (.SweetIM Technologies Ltd. - Update Manager for SweetPacks.) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
O42 - Logiciel: SweetIM for Messenger 3.7 - (.SweetIM Technologies Ltd..) [HKLM] -- {A0C9DF2B-89B5-4483-8983-18A68200F1B4} O42 - Logiciel: SweetPacks bundle uninstaller - (.SweetIM Technologies Ltd..) [HKLM] -- {0C43FE6B-E881-4AFC-B384-4AEBC90047E8}
O42 - Logiciel: pdfforge Toolbar v5.0 - (.Spigot, Inc..) [HKLM] -- {7F77DB04-A969-40a4-89EF-06CE06D56524} [HKCU\Software\BitLord]
[HKCU\Software\C:] => Trojan Remover
[HKCU\Software\Spointer]
[HKCU\Software\SweetIM]
[HKLM\Software\CrazyLoader]
[HKLM\Software\SweetIM]
O43 - CFD: 12/12/2012 - 19:47:19 - [7,547] ----D C:\Program Files\SweetIM
O43 - CFD: 09/04/2011 - 12:19:09 - [0,036] ----D C:\Documents and Settings\nd\Local Settings\Application Data\crazyloader Air
O43 - CFD: 19/03/2011 - 15:21:27 - [0] ----D C:\Documents and Settings\nd\Local Settings\Application Data\PackageAware
O47 - AAKE:Key Export SP - "C:\Program Files\BitLord\BitLord.exe" [Enabled] .(...) -- C:\Program Files\BitLord\BitLord.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\CrazyLoader\crazyloader.exe" [Enabled] .(...) -- C:\Program Files\CrazyLoader\crazyloader.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [Enabled] .(.SweetIM Technologies Ltd. - Update Manager for SweetPacks.) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
O53 - SMSR:HKLM\...\startupreg\HBLiteSA [Key] . (...) -- C:\Program Files\HBLite\bin\11.0.363.0\HBLiteSA.exe (.not file.)
O81 - IFC: Internet Feature Controls [HKLM] [FEATURE_BROWSER_EMULATION] -- svchost.exe
O81 - IFC: Internet Feature Controls [HKUS\.DEFAULT] [FEATURE_BROWSER_EMULATION] -- svchost.exe
O81 - IFC: Internet Feature Controls [HKUS\S-1-5-18] [FEATURE_BROWSER_EMULATION] -- svchost.exe
[MD5.D9DA3FDE1AEE64CEE57D4C57A538A53B] [SPRF][12/12/2012] (.SweetIM Technologies Ltd. - SweetIM Installer by SweetPacks.) -- C:\Documents and Settings\nd\Bureau\bundlesweetimsetup.exe [7739736] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Classes\bitlordunfinishedfile] => Infection BT (Spyware.WhenUSave)
[HKLM\Software\Classes\Crazyloader.Spointer] => Infection BT (Adware.SPointer)
[HKLM\Software\Classes\Crazyloader.Spointer.1] => Infection BT (Adware.SPointer)
[HKLM\Software\Classes\Crazyloader.SpointerCtrl] => Infection BT (Adware.SPointer)
[HKLM\Software\Classes\Crazyloader.SpointerCtrl.1] => Infection BT (Adware.SPointer)
[HKLM\Software\Classes\Interface\{471E3998-588E-41D5-A874-FA11C44B70DE}] => Infection PUP (PUP.OfferBox)
[HKLM\Software\Classes\TypeLib\{63AF3145-D2DC-4F1D-BB3A-3AAD9FEC3430}] => Infection PUP (PUP.OfferBox)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6DF77AA3-27AF-46f2-A1DA-B569AC6BEEFF}] => Infection PUP (PUP.OfferBox)
[HKLM\Software\Classes\Interface\{6F6C45E4-E231-4F0F-8CD8-AA5770303EAA}] => Infection PUP (PUP.OfferBox)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}] => Infection BT (Toolbar.Babylon)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5F65718-341D-4e7d-9842-FCB9CC89527E}] => Infection BT (Adware.Spointer)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C5F65718-341D-4e7d-9842-FCB9CC89527E}] => Infection BT (Adware.Spointer)
[HKLM\Software\Classes\Interface\{D4E856E7-C034-49BA-BFEF-B785F3CBD7BA}] => Infection PUP (PUP.OfferBox)
[HKLM\Software\Classes\TypeLib\{D530F69A-EB2D-4EC6-BD37-E123AEFCA011}] => Infection PUP (PUP.OfferBox)
[HKLM\Software\Classes\Interface\{DB7A9C36-6C85-48BE-BA8D-151B6B144BE0}] => Infection PUP (PUP.OfferBox)
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DBA4B812-2415-4000-AFCB-56F53E668DC5}] => Infection PUP (PUP.OfferBox)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] => Infection BT (Adware.Yontoo)
[HKLM\Software\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}] => Infection BT (Toolbar.Babylon)
[HKLM\Software\Classes\Interface\{F77F3DFC-F5DC-4316-AB50-B50B16F2BEF4}] => Infection PUP (PUP.OfferBox)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}] => Infection BT (Hijack.Browser)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}] => Infection BT (Hijack.Browser)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] => Infection BT (Adware.Yontoo)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] => Infection BT (Adware.Yontoo)
[HKCU\Software\bitlord] => Infection BT (Spyware.WhenU-Save)
[HKLM\Software\Mozilla\Firefox\Extensions]:crazyloader@spointer.com => Infection BT (Adware.SPointer)
C:\Program Files\SweetIM => Infection PUP (PUP.SweetIM)
C:\Documents and Settings\nd\Local Settings\Application Data\Crazyloader Air => Infection BT (Adware.SPointer)
O90 - PUC: "B2FD9C0A5B9838449838816A28001F4B" . (.SweetIM for Messenger 3.7.) -- C:\WINDOWS\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
3. Click on the clipboard icon and a GO button will appear.
4. Click on go
5. Close ZHP Fix
6. Make you delete all ZHP Logs otherwise you may not be able to produce a new one.
7. Produce another log and upload it. Also tell me if you see any improvements.
Good luck
This only a first step and considering all the infected files and that I must soon sign off, we may not be able to do everything today.
(You have 4 browser applications, do you need so many?)
Attacking the rootkit
1. Downnload the following on your desktop:
https://support.kaspersky.com/downloads/utils/tdsskiller.zip
2. Close all running application including this one.
3. Unzip the folder and run the tool.
4. Once the scan is finished, check all the items found and delete.
5. Close the tool
Attacking some viruses
On your desktop, ZHP Diag created an icon called ZHP Fix
1. Open ZHP Fix
2. Copy the following lines:
[MD5.0A61A3ACE26CA4FC637BC8AF8C05CC00] - (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe [115032] [PID.] O4 - HKLM\..\Run: [SweetIM] . (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Sweetpacks Communicator] . (.SweetIM Technologies Ltd. - Update Manager for SweetPacks.) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
O42 - Logiciel: SweetIM for Messenger 3.7 - (.SweetIM Technologies Ltd..) [HKLM] -- {A0C9DF2B-89B5-4483-8983-18A68200F1B4} O42 - Logiciel: SweetPacks bundle uninstaller - (.SweetIM Technologies Ltd..) [HKLM] -- {0C43FE6B-E881-4AFC-B384-4AEBC90047E8}
O42 - Logiciel: pdfforge Toolbar v5.0 - (.Spigot, Inc..) [HKLM] -- {7F77DB04-A969-40a4-89EF-06CE06D56524} [HKCU\Software\BitLord]
[HKCU\Software\C:] => Trojan Remover
[HKCU\Software\Spointer]
[HKCU\Software\SweetIM]
[HKLM\Software\CrazyLoader]
[HKLM\Software\SweetIM]
O43 - CFD: 12/12/2012 - 19:47:19 - [7,547] ----D C:\Program Files\SweetIM
O43 - CFD: 09/04/2011 - 12:19:09 - [0,036] ----D C:\Documents and Settings\nd\Local Settings\Application Data\crazyloader Air
O43 - CFD: 19/03/2011 - 15:21:27 - [0] ----D C:\Documents and Settings\nd\Local Settings\Application Data\PackageAware
O47 - AAKE:Key Export SP - "C:\Program Files\BitLord\BitLord.exe" [Enabled] .(...) -- C:\Program Files\BitLord\BitLord.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\CrazyLoader\crazyloader.exe" [Enabled] .(...) -- C:\Program Files\CrazyLoader\crazyloader.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [Enabled] .(.SweetIM Technologies Ltd. - Update Manager for SweetPacks.) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
O53 - SMSR:HKLM\...\startupreg\HBLiteSA [Key] . (...) -- C:\Program Files\HBLite\bin\11.0.363.0\HBLiteSA.exe (.not file.)
O81 - IFC: Internet Feature Controls [HKLM] [FEATURE_BROWSER_EMULATION] -- svchost.exe
O81 - IFC: Internet Feature Controls [HKUS\.DEFAULT] [FEATURE_BROWSER_EMULATION] -- svchost.exe
O81 - IFC: Internet Feature Controls [HKUS\S-1-5-18] [FEATURE_BROWSER_EMULATION] -- svchost.exe
[MD5.D9DA3FDE1AEE64CEE57D4C57A538A53B] [SPRF][12/12/2012] (.SweetIM Technologies Ltd. - SweetIM Installer by SweetPacks.) -- C:\Documents and Settings\nd\Bureau\bundlesweetimsetup.exe [7739736] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Classes\bitlordunfinishedfile] => Infection BT (Spyware.WhenUSave)
[HKLM\Software\Classes\Crazyloader.Spointer] => Infection BT (Adware.SPointer)
[HKLM\Software\Classes\Crazyloader.Spointer.1] => Infection BT (Adware.SPointer)
[HKLM\Software\Classes\Crazyloader.SpointerCtrl] => Infection BT (Adware.SPointer)
[HKLM\Software\Classes\Crazyloader.SpointerCtrl.1] => Infection BT (Adware.SPointer)
[HKLM\Software\Classes\Interface\{471E3998-588E-41D5-A874-FA11C44B70DE}] => Infection PUP (PUP.OfferBox)
[HKLM\Software\Classes\TypeLib\{63AF3145-D2DC-4F1D-BB3A-3AAD9FEC3430}] => Infection PUP (PUP.OfferBox)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6DF77AA3-27AF-46f2-A1DA-B569AC6BEEFF}] => Infection PUP (PUP.OfferBox)
[HKLM\Software\Classes\Interface\{6F6C45E4-E231-4F0F-8CD8-AA5770303EAA}] => Infection PUP (PUP.OfferBox)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}] => Infection BT (Toolbar.Babylon)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5F65718-341D-4e7d-9842-FCB9CC89527E}] => Infection BT (Adware.Spointer)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C5F65718-341D-4e7d-9842-FCB9CC89527E}] => Infection BT (Adware.Spointer)
[HKLM\Software\Classes\Interface\{D4E856E7-C034-49BA-BFEF-B785F3CBD7BA}] => Infection PUP (PUP.OfferBox)
[HKLM\Software\Classes\TypeLib\{D530F69A-EB2D-4EC6-BD37-E123AEFCA011}] => Infection PUP (PUP.OfferBox)
[HKLM\Software\Classes\Interface\{DB7A9C36-6C85-48BE-BA8D-151B6B144BE0}] => Infection PUP (PUP.OfferBox)
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DBA4B812-2415-4000-AFCB-56F53E668DC5}] => Infection PUP (PUP.OfferBox)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] => Infection BT (Adware.Yontoo)
[HKLM\Software\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}] => Infection BT (Toolbar.Babylon)
[HKLM\Software\Classes\Interface\{F77F3DFC-F5DC-4316-AB50-B50B16F2BEF4}] => Infection PUP (PUP.OfferBox)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}] => Infection BT (Hijack.Browser)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}] => Infection BT (Hijack.Browser)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] => Infection BT (Adware.Yontoo)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] => Infection BT (Adware.Yontoo)
[HKCU\Software\bitlord] => Infection BT (Spyware.WhenU-Save)
[HKLM\Software\Mozilla\Firefox\Extensions]:crazyloader@spointer.com => Infection BT (Adware.SPointer)
C:\Program Files\SweetIM => Infection PUP (PUP.SweetIM)
C:\Documents and Settings\nd\Local Settings\Application Data\Crazyloader Air => Infection BT (Adware.SPointer)
O90 - PUC: "B2FD9C0A5B9838449838816A28001F4B" . (.SweetIM for Messenger 3.7.) -- C:\WINDOWS\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
3. Click on the clipboard icon and a GO button will appear.
4. Click on go
5. Close ZHP Fix
6. Make you delete all ZHP Logs otherwise you may not be able to produce a new one.
7. Produce another log and upload it. Also tell me if you see any improvements.
Good luck
yanu22
Posts
7
Registration date
Monday December 10, 2012
Status
Member
Last seen
December 22, 2012
Dec 20, 2012 at 05:27 AM
Dec 20, 2012 at 05:27 AM
hi
i already tried TDSSkiller it never found anything and this time also
not result, it also true when i run mbam it does not found anything.
ok i run the zhp fix ok , after reboot it seems a bit faster and cpu stay more still than before when no programs running but it still goes high sometimes. However when i run any programs it goes to 99%
thanks for your help i haven't got a log yet, it takes ages. I 'll put it later.
i already tried TDSSkiller it never found anything and this time also
not result, it also true when i run mbam it does not found anything.
ok i run the zhp fix ok , after reboot it seems a bit faster and cpu stay more still than before when no programs running but it still goes high sometimes. However when i run any programs it goes to 99%
thanks for your help i haven't got a log yet, it takes ages. I 'll put it later.
Didn't find the answer you are looking for?
Ask a question
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,169
Dec 20, 2012 at 05:31 AM
Dec 20, 2012 at 05:31 AM
Never mind the log for now, upload it after running the following tool:
To keep your system safe, you must follow the instructions hereunder to the letter:
1. Download Combofix to your desktop.
https://www.bleepingcomputer.com/download/combofix/
(click on the download @ bleeping computer button)
2.Close all open Windows including this one.
Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.
3. Double click on the ComboFix icon.
Windows is issuing this prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.
4. Accept the disclaimer and the recovery
5.You should now press the Yes button to continue. If at any time during the Recovery Console installation you receive a message stating that it failed to install, please allow ComboFix to continue with the scan of your computer.
ComboFix will disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings.
If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
During the process, please do not mouse click nor must you tap on the keyboard. Let the tool run.
Good luck
P.S. I'm getting writer's cramps.
To keep your system safe, you must follow the instructions hereunder to the letter:
1. Download Combofix to your desktop.
https://www.bleepingcomputer.com/download/combofix/
(click on the download @ bleeping computer button)
2.Close all open Windows including this one.
Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.
3. Double click on the ComboFix icon.
Windows is issuing this prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.
4. Accept the disclaimer and the recovery
5.You should now press the Yes button to continue. If at any time during the Recovery Console installation you receive a message stating that it failed to install, please allow ComboFix to continue with the scan of your computer.
ComboFix will disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings.
If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
During the process, please do not mouse click nor must you tap on the keyboard. Let the tool run.
Good luck
P.S. I'm getting writer's cramps.
yanu22
Posts
7
Registration date
Monday December 10, 2012
Status
Member
Last seen
December 22, 2012
Dec 21, 2012 at 04:31 AM
Dec 21, 2012 at 04:31 AM
hi
thanks you very much for your help
combofix is still working I'll keep you posted
thanks again
thanks you very much for your help
combofix is still working I'll keep you posted
thanks again
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,169
Dec 21, 2012 at 05:58 AM
Dec 21, 2012 at 05:58 AM
After Combofix, please upload a new ZHP Diag log
yanu22
Posts
7
Registration date
Monday December 10, 2012
Status
Member
Last seen
December 22, 2012
Dec 21, 2012 at 02:01 PM
Dec 21, 2012 at 02:01 PM
hi
combofix done here is the log
http://speedy.sh/7ueCP/ZHPDiag.Txt
pc ok when nothing run but cpu still 99% when i run a program
thanks
combofix done here is the log
http://speedy.sh/7ueCP/ZHPDiag.Txt
pc ok when nothing run but cpu still 99% when i run a program
thanks
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,169
Dec 21, 2012 at 06:05 PM
Dec 21, 2012 at 06:05 PM
Hello
What part of France are you from ? Just curious.
Please open ZHP Fix as you did before.
Copy the following
Click on clip board and click on go
HKLM\Software\13fe]
M3 - MFPP: Plugins - [nd] -- C:\Documents and Settings\nd\Application Data\Mozilla\Firefox\Profiles\ybgpfqub.default\searchplugins\sweetim.xml => Toolbar.SweetIM
M2 - MFEP: prefs.js [nd - ybgpfqub.default\{EEE6C361-6118-11DC-9C72-001320C79847}] [] SweetPacks Toolbar for Firefox v1.6.0.3 (.SweetIM Technologies LTD..) => Toolbar.SweetIM
O2 - BHO: (no name) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} Clé orpheline => Conduit Softonic Toolbar
O2 - BHO: (no name) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Clé orpheline => Toolbar.Skype
O42 - Logiciel: Skype Toolbars - (.Skype Technologies S.A..) [HKLM] -- {A29549FD-65F3-440C-A552-6B8114CF319D} => Toolbar.Skype
O42 - Logiciel: Softonic-Eng7 Toolbar - (.Softonic-Eng7.) [HKLM] -- Softonic-Eng7 Toolbar => Toolbar.Conduit
[HKCU\Software\Softonic-Eng7] => Toolbar.Conduit
[HKLM\Software\Softonic-Eng7] => Toolbar.Conduit
O43 - CFD: 27/03/2011 - 22:31:56 - [11,404] ----D C:\Program Files\Softonic-Eng7 => Toolbar.Conduit
O43 - CFD: 01/04/2011 - 22:22:37 - [5,679] ----D C:\Documents and Settings\nd\Local Settings\Application Data\Softonic-Eng7 => Toolbar.Conduit
[HKLM\Software\Classes\sim-packages] => Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0C43FE6B-E881-4AFC-B384-4AEBC90047E8}] => Toolbar.SweetIM
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}] => Toolbar.SFR
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}] => Toolbar.SFR
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}] => Toolbar.Conduit
[HKLM\Software\Classes\TypeLib\{4d3b167e-5fd8-4276-8fd7-9df19c1e4d19}] => Toolbar.SweetIM
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] => Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] => Toolbar.Skype
[HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] => Toolbar.Skype
[HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] => Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] => Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] => Toolbar.Skype
[HKLM\Software\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] => Toolbar.Skype
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] => Toolbar.Skype
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E] => Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6] => Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7] => Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852] => Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0] => Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA] => Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96] => Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8] => Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01] => Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59] => Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED] => Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472] => Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296] => Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888] => Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC] => Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA] => Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E] => Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF] => Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E] => Toolbar.Ask
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM] => Toolbar.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A29549FD-65F3-440C-A552-6B8114CF319D}] => Toolbar.Skype
C:\Documents and Settings\nd\Application Data\Mozilla\Firefox\Profiles\ybgpfqub.default\SearchPlugins\sweetim.xml => Toolbar.SweetIM
O90 - PUC: "DF94592A3F56C0445A25B61841FC13D9" . (.Skype Toolbars.) -- C:\WINDOWS\Installer\{A29549FD-65F3-440C-A552-6B8114CF319D}\IconUninstallIco => Toolbar.Skype
Close ZHP Fix
I would also like that you delete the following:
C:\Nouveau dossier\Trojan.Remover.v6.7.6.WinALL.Incl.Keygen.and.Patch-BRD\brtr676a.zip => Crack, KeyGen, Keymaker - Possible Malware
C:\Nouveau dossier\Trojan.Remover.v6.7.6.WinALL.Incl.Keygen.and.Patch-BRD\brtr676b.zip => Crack, KeyGen, Keymaker - Possible Malware
E:\Nouveau dossier\Trojan.Remover.v6.7.6.WinALL.Incl.Keygen.and.Patch-BRD\brtr676a.zip => Crack, KeyGen, Keymaker - Possible Malware
E:\Nouveau dossier\Trojan.Remover.v6.7.6.WinALL.Incl.Keygen.and.Patch-BRD\brtr676b.zip
C:\Program Files\ComicRack
C:\Program Files\Cracklock
C:\Program Files\Spybot
Go to:
C:\WINDOWS\Prefetch
Delete the contents
The rootkit is still present that's why you run at 99%
Please download and run the following tool and then upload another ZHP Diag log, after you delete all previous one
http://www.gmer.net/
What part of France are you from ? Just curious.
Please open ZHP Fix as you did before.
Copy the following
Click on clip board and click on go
HKLM\Software\13fe]
M3 - MFPP: Plugins - [nd] -- C:\Documents and Settings\nd\Application Data\Mozilla\Firefox\Profiles\ybgpfqub.default\searchplugins\sweetim.xml => Toolbar.SweetIM
M2 - MFEP: prefs.js [nd - ybgpfqub.default\{EEE6C361-6118-11DC-9C72-001320C79847}] [] SweetPacks Toolbar for Firefox v1.6.0.3 (.SweetIM Technologies LTD..) => Toolbar.SweetIM
O2 - BHO: (no name) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} Clé orpheline => Conduit Softonic Toolbar
O2 - BHO: (no name) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Clé orpheline => Toolbar.Skype
O42 - Logiciel: Skype Toolbars - (.Skype Technologies S.A..) [HKLM] -- {A29549FD-65F3-440C-A552-6B8114CF319D} => Toolbar.Skype
O42 - Logiciel: Softonic-Eng7 Toolbar - (.Softonic-Eng7.) [HKLM] -- Softonic-Eng7 Toolbar => Toolbar.Conduit
[HKCU\Software\Softonic-Eng7] => Toolbar.Conduit
[HKLM\Software\Softonic-Eng7] => Toolbar.Conduit
O43 - CFD: 27/03/2011 - 22:31:56 - [11,404] ----D C:\Program Files\Softonic-Eng7 => Toolbar.Conduit
O43 - CFD: 01/04/2011 - 22:22:37 - [5,679] ----D C:\Documents and Settings\nd\Local Settings\Application Data\Softonic-Eng7 => Toolbar.Conduit
[HKLM\Software\Classes\sim-packages] => Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0C43FE6B-E881-4AFC-B384-4AEBC90047E8}] => Toolbar.SweetIM
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}] => Toolbar.SFR
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}] => Toolbar.SFR
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}] => Toolbar.Conduit
[HKLM\Software\Classes\TypeLib\{4d3b167e-5fd8-4276-8fd7-9df19c1e4d19}] => Toolbar.SweetIM
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] => Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] => Toolbar.Skype
[HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] => Toolbar.Skype
[HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] => Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] => Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] => Toolbar.Skype
[HKLM\Software\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] => Toolbar.Skype
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] => Toolbar.Skype
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E] => Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6] => Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7] => Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852] => Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0] => Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA] => Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96] => Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8] => Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01] => Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59] => Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED] => Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472] => Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296] => Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888] => Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC] => Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA] => Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E] => Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF] => Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E] => Toolbar.Ask
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM] => Toolbar.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A29549FD-65F3-440C-A552-6B8114CF319D}] => Toolbar.Skype
C:\Documents and Settings\nd\Application Data\Mozilla\Firefox\Profiles\ybgpfqub.default\SearchPlugins\sweetim.xml => Toolbar.SweetIM
O90 - PUC: "DF94592A3F56C0445A25B61841FC13D9" . (.Skype Toolbars.) -- C:\WINDOWS\Installer\{A29549FD-65F3-440C-A552-6B8114CF319D}\IconUninstallIco => Toolbar.Skype
Close ZHP Fix
I would also like that you delete the following:
C:\Nouveau dossier\Trojan.Remover.v6.7.6.WinALL.Incl.Keygen.and.Patch-BRD\brtr676a.zip => Crack, KeyGen, Keymaker - Possible Malware
C:\Nouveau dossier\Trojan.Remover.v6.7.6.WinALL.Incl.Keygen.and.Patch-BRD\brtr676b.zip => Crack, KeyGen, Keymaker - Possible Malware
E:\Nouveau dossier\Trojan.Remover.v6.7.6.WinALL.Incl.Keygen.and.Patch-BRD\brtr676a.zip => Crack, KeyGen, Keymaker - Possible Malware
E:\Nouveau dossier\Trojan.Remover.v6.7.6.WinALL.Incl.Keygen.and.Patch-BRD\brtr676b.zip
C:\Program Files\ComicRack
C:\Program Files\Cracklock
C:\Program Files\Spybot
Go to:
C:\WINDOWS\Prefetch
Delete the contents
The rootkit is still present that's why you run at 99%
Please download and run the following tool and then upload another ZHP Diag log, after you delete all previous one
http://www.gmer.net/
yanu22
Posts
7
Registration date
Monday December 10, 2012
Status
Member
Last seen
December 22, 2012
Dec 22, 2012 at 10:03 AM
Dec 22, 2012 at 10:03 AM
hi
je suis de la région auvergne près du puy de dome
ok je continue en anglais donc?
i 've run the gmer soft it found some things rookit
but i don't know if it fixed it, I just say ok
then i disinstall programs you mentioned
here is the log
http://speedy.sh/Y9f2G/ZHPDiag.Txt
thanks again but I won't be close to that computer for a few days I will reply
when I can work on it again
Bonne fêtes and have a merry time.
je suis de la région auvergne près du puy de dome
ok je continue en anglais donc?
i 've run the gmer soft it found some things rookit
but i don't know if it fixed it, I just say ok
then i disinstall programs you mentioned
here is the log
http://speedy.sh/Y9f2G/ZHPDiag.Txt
thanks again but I won't be close to that computer for a few days I will reply
when I can work on it again
Bonne fêtes and have a merry time.
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,169
Dec 22, 2012 at 04:56 PM
Dec 22, 2012 at 04:56 PM
It's been a pleasure trying to help you. I will post my latest findings after I analyse your latest log and wait for your feedback.
Joyeux Noël, bonne et heureuse année du Québec.
Joyeux Noël, bonne et heureuse année du Québec.
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,169
Dec 22, 2012 at 05:48 PM
Dec 22, 2012 at 05:48 PM
Pas joli!
I wonder if you have sent me the correct log. If all of the previous ZHP Diag logs have not been completely deleted from the computer and if you attempt another analysis, the logs will not be updated.
The reasons I say this is that the rootkit shows and also the cracked software and key gens. The cracked software and keygen contained the rootkit which were sent to you by UTorrent, Soulseek and Soulseek2.
Have you deleted the cracks and key gen before or after the ZHP Diag analysis ?
Like the following line is definately a rootkit:
O81 - IFC: Internet Feature Controls [HKUS\.DEFAULT] [FEATURE_BROWSER_EMULATION] -- svchost.exe
Best regards
I wonder if you have sent me the correct log. If all of the previous ZHP Diag logs have not been completely deleted from the computer and if you attempt another analysis, the logs will not be updated.
The reasons I say this is that the rootkit shows and also the cracked software and key gens. The cracked software and keygen contained the rootkit which were sent to you by UTorrent, Soulseek and Soulseek2.
Have you deleted the cracks and key gen before or after the ZHP Diag analysis ?
Like the following line is definately a rootkit:
O81 - IFC: Internet Feature Controls [HKUS\.DEFAULT] [FEATURE_BROWSER_EMULATION] -- svchost.exe
Best regards
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,169
Dec 23, 2012 at 05:13 PM
Dec 23, 2012 at 05:13 PM
Hi, me again,
These will be my last instructions to you.
1. Ignore my previous message.
2. Please launch ZHP Fix and copy the following lines after which you will click on the clipboard icon and then on GO
O81 - IFC: Internet Feature Controls [HKLM] [FEATURE_BROWSER_EMULATION] -- svchost.exe
O81 - IFC: Internet Feature Controls [HKUS\.DEFAULT] [FEATURE_BROWSER_EMULATION] -- svchost.exe
O81 - IFC: Internet Feature Controls [HKUS\S-1-5-18] [FEATURE_BROWSER_EMULATION] -- svchost.exe
O23 - Service: Creative Service for CDROM Access (Creative Service for CDROM Access) . (.Creative Technology Ltd - Creative Service for CDROM Access.) - C:\WINDOWS\system32\CTsvcCDA.exe => Unknown owner%Creative Technology
SR - | Auto 12/12/1999 44032 | (Creative Service for CDROM Access) . (.Creative Technology Ltd.) - C:\WINDOWS\system32\CTsvcCDA.exe
O43 - CFD: 27/03/2011 - 19:01:29 - [15,056] ----D C:\Program Files\ComicRack
O43 - CFD: 24/04/2010 - 16:04:06 - [2,389] ----D C:\Program Files\Cracklock
3. Open Explorer and go to programme files, is you see ComicRack and Cracklock, please delete them.
4. Go to c:\windows\system32\ delete CTsvcCDA.exe it's useless.
5. Go to C:Windows, delete soundman.exe, it's totaly useless.
6. Consider if you wish to keep Soulseek, Soulseek2 and UTorrent, they vectors for intrusion and infection.
7. You have a toolbar called SweetIm with your Firefox, it's spyware. You may wish to delete it.
8. I suggest that you remove Softsonic software.
9. Your Windows is in great need for update and you should upgrade to SP3.
10. Please remove Malwarebyte, Spyware Guard and McAfee Security Scan as they may conflict with Panda.
11, Delete Combofix.
12. Run CCleaner for both unwanted files and also for the Registry.
13. Defragment your disk
14. After the above, your computer should be cleaned and working fine.
Best regards
These will be my last instructions to you.
1. Ignore my previous message.
2. Please launch ZHP Fix and copy the following lines after which you will click on the clipboard icon and then on GO
O81 - IFC: Internet Feature Controls [HKLM] [FEATURE_BROWSER_EMULATION] -- svchost.exe
O81 - IFC: Internet Feature Controls [HKUS\.DEFAULT] [FEATURE_BROWSER_EMULATION] -- svchost.exe
O81 - IFC: Internet Feature Controls [HKUS\S-1-5-18] [FEATURE_BROWSER_EMULATION] -- svchost.exe
O23 - Service: Creative Service for CDROM Access (Creative Service for CDROM Access) . (.Creative Technology Ltd - Creative Service for CDROM Access.) - C:\WINDOWS\system32\CTsvcCDA.exe => Unknown owner%Creative Technology
SR - | Auto 12/12/1999 44032 | (Creative Service for CDROM Access) . (.Creative Technology Ltd.) - C:\WINDOWS\system32\CTsvcCDA.exe
O43 - CFD: 27/03/2011 - 19:01:29 - [15,056] ----D C:\Program Files\ComicRack
O43 - CFD: 24/04/2010 - 16:04:06 - [2,389] ----D C:\Program Files\Cracklock
3. Open Explorer and go to programme files, is you see ComicRack and Cracklock, please delete them.
4. Go to c:\windows\system32\ delete CTsvcCDA.exe it's useless.
5. Go to C:Windows, delete soundman.exe, it's totaly useless.
6. Consider if you wish to keep Soulseek, Soulseek2 and UTorrent, they vectors for intrusion and infection.
7. You have a toolbar called SweetIm with your Firefox, it's spyware. You may wish to delete it.
8. I suggest that you remove Softsonic software.
9. Your Windows is in great need for update and you should upgrade to SP3.
10. Please remove Malwarebyte, Spyware Guard and McAfee Security Scan as they may conflict with Panda.
11, Delete Combofix.
12. Run CCleaner for both unwanted files and also for the Registry.
13. Defragment your disk
14. After the above, your computer should be cleaned and working fine.
Best regards
hello again
thanks, this will be also my last mail.
I did all you said, still there was high cpu then i look at process explorer
and there was hardware interrupts eating most of the cpu !! looking up
from the net I've check if it had switched to PIO instead of DMA transfer and it was the case for one of my partition !! so it was not a malware problem (even if my pc was full of problem) but a hardware problem. It seem that windows try 8 time to use DMA and if no success it switches to PIO transfer (using all cpu) , the solution uninstall all primary and secondary ati ide in device manager and then reboot !!!!! windows reisntall all/
ok so now everything is even better than before thanks to you and your disponibility, merci
thanks, this will be also my last mail.
I did all you said, still there was high cpu then i look at process explorer
and there was hardware interrupts eating most of the cpu !! looking up
from the net I've check if it had switched to PIO instead of DMA transfer and it was the case for one of my partition !! so it was not a malware problem (even if my pc was full of problem) but a hardware problem. It seem that windows try 8 time to use DMA and if no success it switches to PIO transfer (using all cpu) , the solution uninstall all primary and secondary ati ide in device manager and then reboot !!!!! windows reisntall all/
ok so now everything is even better than before thanks to you and your disponibility, merci
