944,218 Members | Top Members by Rank

Hardware and Software > Microsoft Windows > Viruses, Spyware and other Nasties > CPU bogged down. Spyware/Malware?
Ad:
You are currently viewing page 1 of this multi-page discussion thread
Permalink
Jun 25th, 2006
0

CPU bogged down. Spyware/Malware?

Expand Post »
My computer has recently been bogged down by what was at first a virus, and then a series of adware/malware programs that were (and some still are) running. I've gone through the "Fixes for Specific Infections" thread, as well as the "PC Cleaning Procedures & Detection Tools" thread, but I'm still having a huge delay in booting/shutting down the system, and unless I set priorities to my programs (Firefox, Explorer etc.) they take forever to load. I've had to disable IExplorer (Windows XP SP2) because I was getting popups for spyware/adware detectors all the time, which again slowed down my system. I'm not really sure what else I can do with this, as I've gone through the big threads (listed above) and haven't had full success.

I'm getting programs like ping.exe running always (with the address of C:\WINDOWS\system32\CROSOF~1\ping.exe and an extension of "C:\WINDOWS\system32\CROSOF~1\ping.exe" -vt ndrv running) and another one called jvaw~1.exe but I can't seem to remove them, no matter what I do.

Can anyone help me? Thanks in advance.
Similar Threads
Reputation Points: 10
Solved Threads: 0
Newbie Poster
BlooGoo is offline Offline
10 posts
since Jun 2006
Permalink
Jun 25th, 2006
0

Re: CPU bogged down. Spyware/Malware?

Plz download HJT from here.

After you download the zip extract the contents to a permanent folder such as C:\HJT or something similar.

Run the program and scan your computer. It will come up with alot of entries.(don't fix anything yet) There should be a save log option. It will save a log of the scan.

Post the HJT log in your next reply.
Team Colleague
Reputation Points: 55
Solved Threads: 39
A.K.A. The Laughing Man
kylethedarkn is offline Offline
600 posts
since May 2006
Permalink
Jun 26th, 2006
0

Re: CPU bogged down. Spyware/Malware?

This is my HJT log.

Quote ...
Logfile of HijackThis v1.99.1
Scan saved at 11:43:21 PM, on 25/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\FSI\F-Prot\fpavupdm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\FSI\F-Prot\F-StopW.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\CROSOF~1\ping.exe
C:\Documents and Settings\Family\My Documents\??stem\?ttrib.exe
C:\Documents and Settings\Family\Desktop\HJT\HijackThis.exe

R3 - URLSearchHook: (no name) - {0AA45C7C-98BD-B118-999D-E5FC5FF0BCE1} - C:\WINDOWS\system32\mchj.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Ucur] "C:\WINDOWS\system32\CROSOF~1\ping.exe" -vt ndrv
O4 - HKCU\..\Run: [Dzqn] C:\Documents and Settings\Family\My Documents\??stem\?ttrib.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: arpa.dll mmc.dll rundll.dll C:\WINDOWS\system32\arpa.dll
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program Files\FSI\F-Prot\fpavupdm.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
Reputation Points: 10
Solved Threads: 0
Newbie Poster
BlooGoo is offline Offline
10 posts
since Jun 2006
Permalink
Jun 26th, 2006
0

Re: CPU bogged down. Spyware/Malware?

I also get a pop-up that says 'This action cannot be completed because the other program is busy. Choose "Switch To" to activate the busy program and correct the problem,' with a "Switch To..." and "Retry" button able to be pushed. I'm not sure if this is a Windows notification, or a 3rd party scam.

Any ideas?
Reputation Points: 10
Solved Threads: 0
Newbie Poster
BlooGoo is offline Offline
10 posts
since Jun 2006
Permalink
Jun 26th, 2006
0

Re: CPU bogged down. Spyware/Malware?

Ping.exe is a valid process but jvaw~1.exe is not so lets get started.

First run HJT and check the following.
O4 - HKCU\..\Run: [Dzqn] C:\Documents and Settings\Family\My Documents\??stem\?ttrib.exe
O20 - AppInit_DLLs: arpa.dll mmc.dll rundll.dll C:\WINDOWS\system32\arpa.dll
Close all other windows and click fix checked.

Reboot to safe mode by tapping the F8 key during startup.
Delete the following files and folders.
C:\Documents and Settings\Family\My Documents\??stem\?ttrib.exe
C:\Documents and Settings\Family\My Documents\??stem
C:\WINDOWS\system32\arpa.dll
C:\WINDOWS\SYSTEM32\JVAW~1.EXE
Reboot Normally and reply with any problems that still exist. Also post a new HJT log.
Team Colleague
Reputation Points: 55
Solved Threads: 39
A.K.A. The Laughing Man
kylethedarkn is offline Offline
600 posts
since May 2006
Permalink
Jun 28th, 2006
0

Re: CPU bogged down. Spyware/Malware?

When I try to fix those entries in HJT I'm given an error pop-up:

Quote ...
An unexpected error has occurred at procedure: modBackup_MakeBackup(sItem=O20 - AppInit_DLLs: mmc.dll arpa.dll)
Error #5 - Invalid procedure call or argument

Please email me at merijn@spywareinfo.com, reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2900.2180
HijackThis version: 1.99.1

This message has been copied to your clipboard.
Click OK to continue the rest of the scan.
What do I do now?
Reputation Points: 10
Solved Threads: 0
Newbie Poster
BlooGoo is offline Offline
10 posts
since Jun 2006
Permalink
Jun 28th, 2006
0

Re: CPU bogged down. Spyware/Malware?

Move HJT to C:\HJT and try again.
Team Colleague
Reputation Points: 55
Solved Threads: 39
A.K.A. The Laughing Man
kylethedarkn is offline Offline
600 posts
since May 2006
Permalink
Jun 28th, 2006
0

Re: CPU bogged down. Spyware/Malware?

When I moved the folder to C:\ drive and retried the fix, I got the same error.

I booted into SafeMode and was able to delete the "?ttrib.exe" file and the "??stem" folder (system\attrib.exe), but was unable to delete the arpa.dll file. It said that it was in use by another program. Also, the jvaw~1.exe file did not exist. I'm really confused now ...

Here's my new HJT log file:
Quote ...
Logfile of HijackThis v1.99.1
Scan saved at 1:31:35 AM, on 28/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\FSI\F-Prot\fpavupdm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\CROSOF~1\ping.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R3 - URLSearchHook: (no name) - {00755647-9D85-EB24-A360-EF1C819DB3B1} - C:\WINDOWS\system32\dojuzf.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Ucur] "C:\WINDOWS\system32\CROSOF~1\ping.exe" -vt ndrv
O4 - HKCU\..\Run: [Dzqn] C:\DOCUME~1\MYDOCU~1\STEM~1\TTRIB~1.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: arpa.dll rundll.dll mmc.dll C:\WINDOWS\system32\arpa.dll
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program Files\FSI\F-Prot\fpavupdm.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
Reputation Points: 10
Solved Threads: 0
Newbie Poster
BlooGoo is offline Offline
10 posts
since Jun 2006
Permalink
Jun 28th, 2006
0

Re: CPU bogged down. Spyware/Malware?

Ok download pocket killbox from here.
Run killbox and check the box that says delete files on reboot.
Then select the all files button.
Go to the folder icon and navagate to the apra.dll and TTrib~1.exe click ok. When you go to the drop down box you should see them there.
Close all other windows and click on the kill button.(red circle with white x) Killbox should reboot your computer. After its done post a new HJT log.
Team Colleague
Reputation Points: 55
Solved Threads: 39
A.K.A. The Laughing Man
kylethedarkn is offline Offline
600 posts
since May 2006
Permalink
Jun 29th, 2006
0

Re: CPU bogged down. Spyware/Malware?

I can never find "TTRIB~1.EXE"! I deleted it in SafeMode once, but I've never been able to find it since (SafeMode or normal).

Here's the NEW log ...

Quote ...
Logfile of HijackThis v1.99.1
Scan saved at 11:44:43 PM, on 28/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\FSI\F-Prot\fpavupdm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\FSI\F-Prot\F-StopW.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\CROSOF~1\ping.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R3 - URLSearchHook: (no name) - {00755647-9D85-EB24-A360-EF1C819DB3B1} - C:\WINDOWS\system32\dojuzf.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Ucur] "C:\WINDOWS\system32\CROSOF~1\ping.exe" -vt ndrv
O4 - HKCU\..\Run: [Dzqn] C:\DOCUME~1\MYDOCU~1\STEM~1\TTRIB~1.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program Files\FSI\F-Prot\fpavupdm.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
Reputation Points: 10
Solved Threads: 0
Newbie Poster
BlooGoo is offline Offline
10 posts
since Jun 2006

This thread is solved

Either the thread starter or a moderator has marked this thread as solved. You can most likely trust the responses and answers given. There is most likely no reason for any further responses to be posted here. If you have a related question, please start a new thread in this forum instead.

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: Downloader EV Trojan--can't remove
Next Thread in Viruses, Spyware and other Nasties Forum Timeline: atmclk.exe virus help?





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC