Computer infected (CPU very often at 100%)

Greetings!

I've gone through the "READ & RUN ME FIRST" since yesterday now. The CounterSpy alone took almost 10 hours. The programs detected different infections. I attach the logs as instructed. Should I still use the suggested HijackThis, 1.99.1 or the newer one (2.0.2)?


Thanks a million in advance,
Christian

 

My mistake.

 

I'm sorry, but for some reason I could not find where to save a log with CounterSpy when I was in Safe Mode.

As for the Panda ActiveScan log, I get an "Upload error" message, so I simply post it here as it is very short:


Incident Status Location

Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Christian Hultholm\Cookies\christian_hultholm@toplist[1].txt

 

Okey, I just had a look at CounterSpy now, while in Normal Mode and here's the "Last Scan Results":


Scan History Details
Start Date: 02/11/2007 15:19:10
End Date: 02/11/2007 23:27:03
Total Time: 487 Min 53 Sec
Detected security risks

WhenU.Save Adware (General) more information...
Details: WhenU.SaveNow is an adware application that displays pop-up advertising on the desktop in response to users' web browsing.
Status: Quarantined

Files detected
C:\Program Files\WinAce\VVSNInst.exe

 

Here's a Combofix log attached as well.

 

Use the version requested from the READ ME.

Downloading, Installing, and Running HijackThis

 

Thanks! The log is now attached.

 

Please attach fresh logs from GetRunKey & ShowNew.

 

Sorry for the long delay!

Thanks once again for helping!

 

We have updated our Guides and Procedures, please go to the thread below and run MGTools and attach the log (MGLogs.zip).

Windows XP Cleaning Procedure

 

The requested log is attached.

I'm really grateful for the help; my computer seems to be dying on me.

 

Hi Eilenach,
Welcome back!
I still like your name.

I'm checking your logs, but you could help me some by letting me know if you are still working on the same problem you came in here with in December, or if there are new issues and symptoms. Please describe everything related you can.

The first thing I can see is that you haven't installed and run CCleaner. Please do this before you do anything else. If you haven't installed it, you can find it in the READ & RUN ME FIRST. The instructions for running it can be found there as well.

I didn't find anything in your MGlogs. It would be a good idea to run the newest Combofix, but only the newest one. You can find that in the above link as well. After you run CCleaner, scroll down to the bottom of the page of the READ & RUN ME and click on the link for the XP Cleaning procedures. In the next page, you can find the link for the instructions for Combofix.

Also, if your guest account hasn't been disabled, please do that.


Thanks.
abri

 

Thank you!
The beacon never fades.

Yes, the processor is more and more frequently running at 100% for no obivous reason. The process(es) "stealing" the capacity seem to vary, but very often it is Taskmanager. Sometimes Firefox and Windows Media Player can be guilty as well.

Now I've updated CCleaner and run it with default options, in accordance with the instructions.

I've also downloaded ComboFix and run it. Since the log was too big to attach, I pasted it in the previous message.

I just checked, and the guest account is "off".

Thanks again for helping!

 

Hi Eilenach,
I'm attaching your inline log here.
abri

 

Thank you.

Any suggestions?


For instance, now I'm only listening to a song through Firefox which results in this:


Image name, CPU
System, 38
firefox.exe, 27
taskmgr.exe, 21
EXPLORER.EXE, 08
Acer.Empowering.Framework.Launcher.exe, 02
CRSS.EXE

resulting in 100%. The consuming applications vary, but it stays steady at 100%.

 

Hi Elienach,

Two things:
Just as a thought Chaslang wondered if the Vista Codecs you downloaded might be the problem.

Secondly, you could run a rootkit scan by going to Alternate Scans and scrolling about halfway down the page to the list of rootkit scans. Pick out one or two, I suggest GMER and/or AVG Antirootkit. For the GMER, there is an extra link for instructions on how to use it so you don't need the first GMER link, because that link is also in the one with the instructions.

Attach the logs to your next post.
abri

 

Hi again!

I'm sorry, Vista Codecs? I wasn't aware that I have anything such installed. Anyhow, should I get rid of them and if, how?

I have run the "in-depth search" with AVG Anti-Rootkit and it didn't find anything. I also ran GMER and its log is attached.

Thank you!

 

Hi eilenach,

Your GMER log looks okay. If you go to add/remove programs, you'll see the Vista Codec Package in the uninstalls list. It's listed at a lot of sites for downloading, so if you uninstall it and find there is some need for it later, you can get it back. If you uninstall it, see if it makes any difference in what your cpu readings are. I'm wondering a bit about possible software conflicts. You might also try playing around with different antivirus / firewall combinations. I recommend posting in the Software Forum as they may have some thoughts about your cpu's running that high. I can't find anything that makes me think the problem is a malware problem.

I'm going to post the final cleanup instructions for you.

abri