Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

iexplore.exe uses all my CPU resource

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: iexplore.exe uses all my CPU resource

Unread postby djtyrer » March 5th, 2010, 6:13 am

Followed the instructions, copied combofix to desktop. However, when I run it, I only get a small Combofix progress bar which disappears after a few seconds then nothing. Don't get any of the screens shown in the user guide. Could it be running in the background? Disabled AVG9 as per instructions but internet connection still on and firewall still active. Could this be the problem?

Thanks!
djtyrer
Active Member
 
Posts: 13
Joined: February 17th, 2010, 9:02 am
Advertisement
Register to Remove

Re: iexplore.exe uses all my CPU resource

Unread postby Katana » March 5th, 2010, 1:13 pm

Reboot your machine, and then run ComboFix using these instructions:

Click the Windows 'Start' button > Select 'Run' - then copy/paste the following bolded text into the run box & click OK.

"%userprofile%\desktop\combofix.exe" /killall

When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: iexplore.exe uses all my CPU resource

Unread postby djtyrer » March 5th, 2010, 2:28 pm

Hi, ran combofix in safe mode. Thanks

ComboFix 10-03-04.04 - Administrator 05/03/2010 12:28:01.1.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.266 [GMT 0:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-3000059173-1555948214-1078165881-500
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2010-02-05 to 2010-03-05 )))))))))))))))))))))))))))))))
.

2010-03-05 01:23 . 2010-03-05 01:23 -------- dc----w- c:\documents and settings\Administrator\Application Data\AVG9
2010-03-04 18:52 . 2010-03-04 18:52 360584 -c--a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-03-04 18:52 . 2010-03-04 18:52 74760 -c--a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\UniversalDD.sys
2010-03-04 18:52 . 2010-03-04 18:52 28424 -c--a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-03-04 18:52 . 2010-03-04 18:52 25608 -c--a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSxx.sys
2010-03-04 18:52 . 2010-03-04 18:52 30216 -c--a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSFilter.sys
2010-03-04 18:52 . 2010-03-04 18:52 25736 -c--a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSShim.sys
2010-03-04 18:52 . 2010-03-04 18:52 122376 -c--a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSDriver.sys
2010-03-04 18:52 . 2010-03-04 18:52 333192 -c--a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-03-04 18:52 . 2010-03-04 18:52 161800 -c--a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgrkx86.sys
2010-03-04 18:46 . 2010-02-24 21:53 1007896 -c--a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-03-04 18:46 . 2010-02-24 21:53 1658136 -c--a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-03-04 18:46 . 2010-02-24 21:53 613656 -c--a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-03-04 18:46 . 2010-02-24 21:53 800536 -c--a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-03-01 21:31 . 2010-03-01 21:31 86016 -c--a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-03-01 21:21 . 2010-03-01 21:21 503808 -c--a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-554333c1-n\msvcp71.dll
2010-03-01 21:21 . 2010-03-01 21:21 499712 -c--a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-554333c1-n\jmc.dll
2010-03-01 21:21 . 2010-03-01 21:21 348160 -c--a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-554333c1-n\msvcr71.dll
2010-03-01 21:21 . 2010-03-01 21:21 61440 -c--a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-17482255-n\decora-sse.dll
2010-03-01 21:21 . 2010-03-01 21:21 12800 -c--a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-17482255-n\decora-d3d.dll
2010-03-01 21:20 . 2010-03-01 21:20 411368 -c--a-w- c:\windows\system32\deploytk.dll
2010-03-01 20:56 . 2010-03-01 20:57 -------- dc----w- C:\rsit
2010-03-01 19:52 . 2010-03-01 19:52 -------- dc----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-03-01 19:52 . 2010-03-01 19:52 -------- dc----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2010-03-01 19:52 . 2010-01-07 16:07 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-01 19:52 . 2010-03-01 19:52 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-01 19:52 . 2010-03-01 20:45 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-01 19:52 . 2010-01-07 16:07 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys
2010-03-01 19:31 . 2010-02-12 10:03 293376 -c----w- c:\windows\system32\browserchoice.exe
2010-02-28 19:49 . 2009-11-25 13:02 1230080 -c--a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2010-02-26 20:34 . 2010-02-24 21:53 3499288 -c--a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avguires.dll
2010-02-26 20:34 . 2010-02-24 21:53 2422552 -c--a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avguiadv.dll
2010-02-26 20:34 . 2010-02-24 21:53 4043544 -c--a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-02-26 20:34 . 2010-02-24 21:53 2033432 -c--a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-02-26 20:34 . 2010-02-24 21:53 3304216 -c--a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgdiagex.exe
2010-02-26 20:34 . 2010-02-24 21:53 1207064 -c--a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgabout.dll
2010-02-25 20:07 . 2010-02-25 20:05 1261336 -c--a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-02-25 20:07 . 2010-02-25 19:54 3777816 -c--a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-02-24 21:59 . 2010-02-24 21:59 -------- dcsh--w- c:\documents and settings\LocalService\IETldCache
2010-02-24 21:54 . 2010-02-24 21:54 -------- dc----w- C:\$AVG
2010-02-24 21:54 . 2010-03-04 18:50 12464 -c--a-w- c:\windows\system32\avgrsstx.dll
2010-02-24 21:54 . 2010-03-04 18:50 25096 -c--a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-02-24 21:54 . 2010-03-04 18:49 52872 -c--a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-02-24 21:54 . 2010-03-04 18:51 242696 -c--a-w- c:\windows\system32\drivers\avgtdix.sys
2010-02-24 21:53 . 2010-03-04 18:50 216200 -c--a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-24 21:53 . 2010-03-04 18:50 29512 -c--a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-02-24 21:53 . 2010-03-05 10:45 -------- dc----w- c:\windows\system32\drivers\Avg
2010-02-24 21:53 . 2010-02-24 21:58 -------- dc----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-02-24 21:52 . 2010-02-24 21:52 50968 -c--a-w- c:\windows\system32\avgfwdx.dll
2010-02-24 21:52 . 2010-02-24 21:52 30104 -c--a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-02-24 21:52 . 2010-02-24 21:52 -------- dc----w- c:\program files\AVG
2010-02-24 21:52 . 2010-02-24 21:52 -------- dc----w- c:\documents and settings\All Users\Application Data\avg9
2010-02-17 11:34 . 2010-02-17 11:34 -------- dc----w- c:\program files\Trend Micro
2010-02-07 20:35 . 2010-02-07 20:35 2550 -c--a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{D5EA1755-1899-4380-A4BA-83840648CBDA}\MainExecutableShortcutIcon.exe
2010-02-07 20:35 . 2010-02-07 20:35 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\Valued Opinions
2010-02-07 20:35 . 2010-02-07 20:35 -------- dc----w- c:\program files\Valued Opinions

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-04 18:30 . 2008-10-07 12:53 -------- dc----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-03-02 19:54 . 2010-03-02 19:54 -------- dc----w- c:\program files\JMF2.1.1e
2010-03-01 21:30 . 2009-08-09 20:57 -------- dc----w- c:\documents and settings\All Users\Application Data\NOS
2010-03-01 21:27 . 2009-08-09 20:57 -------- dc----w- c:\program files\NOS
2010-03-01 21:22 . 2005-05-17 16:36 -------- dc----w- c:\program files\Common Files\Java
2010-03-01 21:19 . 2005-05-17 16:36 -------- dc----w- c:\program files\Java
2010-02-26 20:37 . 2005-05-17 16:37 -------- dc-h--w- c:\program files\InstallShield Installation Information
2010-02-26 20:37 . 2005-06-20 09:18 -------- dc----w- c:\program files\Canon
2010-02-25 20:17 . 2005-05-17 16:39 -------- dc----w- c:\program files\Common Files\Symantec Shared
2010-02-24 22:01 . 2005-05-17 16:39 -------- dc----w- c:\program files\Norton AntiVirus
2010-02-24 21:25 . 2005-05-17 16:39 -------- dc----w- c:\documents and settings\All Users\Application Data\Symantec
2010-02-17 14:29 . 2005-06-21 18:58 27640 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-17 14:26 . 2005-06-21 18:47 -------- dc----w- c:\program files\MapInfo
2010-02-11 19:56 . 2008-09-05 14:36 -------- dc----w- c:\program files\Lx_cats
2010-02-11 16:35 . 2010-02-11 16:35 2601804 -c--a-w- c:\documents and settings\All Users\SPL1C.tmp
2010-02-11 16:35 . 2005-07-06 17:39 -------- dc----w- c:\documents and settings\Administrator\Application Data\AdobeUM
2010-01-28 08:34 . 2005-06-20 20:34 -------- dc----w- c:\program files\Google
2010-01-14 19:35 . 2010-01-14 19:35 -------- dc----w- c:\program files\TomTom International B.V
2010-01-10 13:11 . 2010-01-10 13:11 -------- dc----w- c:\documents and settings\NetworkService\Application Data\Trusteer
2010-01-06 12:41 . 2010-01-06 12:41 -------- dc----w- c:\documents and settings\Administrator\Application Data\Trusteer
2010-01-06 12:41 . 2010-01-06 12:41 -------- dc----w- c:\program files\Trusteer
2010-01-06 12:40 . 2010-01-06 12:40 -------- dc----w- c:\documents and settings\All Users\Application Data\Trusteer
2010-01-05 13:09 . 2010-01-05 13:09 -------- dc----w- c:\program files\3ivx
2010-01-05 13:09 . 2010-01-05 13:09 -------- dc----w- c:\documents and settings\All Users\Application Data\Flip Video
2010-01-05 12:55 . 2010-01-05 12:55 -------- dc----w- c:\program files\Flip Video
2009-12-31 16:50 . 2004-08-04 08:00 353792 -c--a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2004-08-04 08:00 343040 -c--a-w- c:\windows\system32\mspaint.exe
2009-12-14 19:15 . 2009-12-14 19:15 2146304 -c--a-w- c:\windows\system32\GPhotos.scr
2009-12-14 07:08 . 2004-08-04 08:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26 . 2004-08-04 08:00 2145280 -c--a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-04 08:00 2023936 -c--a-w- c:\windows\system32\ntkrnlpa.exe
2007-06-01 18:29 . 2007-06-01 18:28 80 -csh--r- c:\windows\system32\30152FC785.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 13:02 1230080 -c--a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IW_Drop_Icon"="c:\program files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe" [2004-07-30 1123840]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-04-11 1409024]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-07 39408]
"PanelApp"="c:\documents and settings\Administrator\Local Settings\Application Data\Valued Opinions\PanelApp\PanelApp.exe" [2009-12-30 31232]
"RealPlayer"="c:\program files\Real\RealPlayer\realplay.exe" [2006-05-31 1003520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-09-30 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-09-30 126976]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 65536]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-02-09 30192]
"lxdjamon"="c:\program files\Lexmark 1400 Series\lxdjamon.exe" [2007-04-30 20480]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-06-26 868352]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Motive SmartBridge"="c:\progra~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe" [2006-02-06 462935]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BT Broadband Desktop Help.lnk - c:\program files\BT Broadband Desktop Help\bin\matcli.exe [2006-11-6 217088]
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-7-31 111376]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-7-31 51984]
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2006-6-2 589824]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
VPN Client.lnk - c:\windows\Installer\{6DC47739-3BB0-4494-A43D-193BF54070AE}\Icon3E5562ED7.ico [2005-7-6 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-04 18:50 12464 -c--a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\utorrent\\utorrent.exe"=
"c:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxdjcoms.exe"=
"c:\\Program Files\\Lexmark 1400 Series\\App4R.exe"=
"c:\\Program Files\\Lexmark 1400 Series\\lxdjamon.exe"=
"c:\\WINDOWS\\system32\\lxdjcfg.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft SQL Server\\MSSQL$MV\\Binn\\sqlservr.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjtime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjwbgw.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjpswx.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [24/02/2010 21:54 25096]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [24/02/2010 21:54 52872]
R0 Gonzales;Gonzales;c:\windows\system32\drivers\Gonzales.sys [25/10/2006 19:59 7040]
R1 vobiw;vobiw;c:\windows\system32\drivers\vobIW.sys [01/09/2004 13:50 188416]
R3 Bonifay;Bonifay;c:\windows\system32\drivers\Bonifay.sys [25/10/2006 19:59 12160]
R3 cdrdrv;Cdrdrv;c:\windows\system32\drivers\Cdrdrv.sys [03/08/2004 10:10 62976]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [24/02/2010 21:53 216200]
S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [24/02/2010 21:54 242696]
S1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [17/02/2010 11:44 58984]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [17/02/2010 11:44 108904]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [04/03/2010 18:50 308064]
S2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [04/03/2010 18:50 2325816]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [04/03/2010 18:50 5888008]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [30/12/2009 23:24 135664]
S2 lxdjCATSCustConnectService;lxdjCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdjserv.exe [05/09/2008 14:27 99248]
S2 MSSQL$MV;MSSQL$MV;c:\program files\Microsoft SQL Server\MSSQL$MV\Binn\sqlservr.exe -sMV --> c:\program files\Microsoft SQL Server\MSSQL$MV\Binn\sqlservr.exe -sMV [?]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [17/02/2010 11:44 779496]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 11:31 92008]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [24/02/2010 21:52 30104]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [24/02/2010 21:52 30104]
S3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [24/02/2010 21:53 122376]
S3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [24/02/2010 21:53 30216]
S3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [24/02/2010 21:53 26120]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [20/06/2005 20:36 30192]
S3 PanelSvc;PanelSvc;c:\program files\Valued Opinions\PanelApp\PanelSvc.exe [30/12/2009 11:20 91136]
S3 SQLAgent$MV;SQLAgent$MV;c:\program files\Microsoft SQL Server\MSSQL$MV\Binn\sqlagent.EXE -i MV --> c:\program files\Microsoft SQL Server\MSSQL$MV\Binn\sqlagent.EXE -i MV [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-03-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 11:34]

2010-03-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-14 08:23]

2010-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-30 23:24]

2010-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-30 23:24]

2010-03-05 c:\windows\Tasks\User_Feed_Synchronization-{4CBB5D9D-894A-4EE0-AC6E-70E859F0E134}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.bt.com/btbroadbandstart
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} - hxxps://internetbankingplus2.firstdirec ... doorFD.cab
DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} - hxxps://moneymanager.egg.com/Pinsafe/ac ... acking.cab
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-lxdjmon.exe - c:\program files\Lexmark 1400 Series\lxdjmon.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
AddRemove-GSpot - c:\program files\GSpot\Uninstall.exe
AddRemove-{7585478E9D9B42108671C12F8714CEFE} - c:\program files\DivX\ConverterUninstall.exe
AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9} - c:\program files\DivX\DivXPlayerUninstall.exe
AddRemove-{B13A7C41581B411290FBC0395694E2A9} - c:\program files\DivX\ConverterUninstall.exe
AddRemove-{B7050CBDB2504B34BC2A9CA0A692CC29} - c:\program files\DivX\DivXWebPlayerUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-05 12:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4113112717-2487586359-2322467008-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ec,fe,86,6c,8e,25,45,42,aa,42,68,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ec,fe,86,6c,8e,25,45,42,aa,42,68,\

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
.
**************************************************************************
.
Completion time: 2010-03-05 12:54:59 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-05 12:54

Pre-Run: 31,042,977,792 bytes free
Post-Run: 31,789,633,536 bytes free

- - End Of File - - E6C1876A6A942D1297C8B71153827BB5
djtyrer
Active Member
 
Posts: 13
Joined: February 17th, 2010, 9:02 am

Re: iexplore.exe uses all my CPU resource

Unread postby Katana » March 6th, 2010, 5:41 am

There is no sign of infection showing, is it just IE that is slow ?

If so, it may be worth trying a reinstall.

Reinstall Internet Explorer 8
To download and reinstall Internet Explorer 8 for Windows XP, visit the following Microsoft Download Center Web site:
http://www.microsoft.com/windows/intern ... 81977282a8
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: iexplore.exe uses all my CPU resource

Unread postby djtyrer » March 6th, 2010, 6:35 am

thanks for the advice. I tried it but no difference I'm afraid. Yes, it's just IE running slow. Really frustrating! I think maybe time for a new computer?
djtyrer
Active Member
 
Posts: 13
Joined: February 17th, 2010, 9:02 am

Re: iexplore.exe uses all my CPU resource

Unread postby Katana » March 6th, 2010, 4:05 pm

djtyrer wrote:I think maybe time for a new computer?


If it was the machine, I suspect that other programs would have problems as well.

It sounds like it may be a problem with some unsigned drivers, but unfortunately you are now outside my area of knowledge.
I'm going to have to recommend that you visit one of the tech forums for assistance.

http://www.techsupportforum.com/
http://www.bleepingcomputer.com/forums/
http://forums.whatthetech.com/forums.html

All the forums above have good support for software/OS problems, and I'm sure they will be able to help.

When you start your thread, explain what the problem is and let them know that you have been checked for malware.

----------------------------------------------------------------------------------------
Congratulations your logs look clean :)

Let's see if I can help you keep it that way

First lets tidy up

Uninstall Combofix
  • This will clear your System Volume Information restore points and remove all the infected files that were quarantined
  • Click START then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
    • Image

You can also delete any logs we have produced and any other tools we have downloaded.

----------------------------------------------------------- -----------------------------------------------------------

The following is some info to help you stay safe and clean.


You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partne ... bscan.html

!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE for details

AntiSpyware
    AntiSpyware is not the same thing as Antivirus.
    Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
    You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
    Most of the programs in this list have a free (for Home Users ) and paid versions,
    it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
  • Spybot - Search & Destroy <<< A must have program
    • It includes host protection and registry protection
    • A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
  • MalwareBytes Anti-malware <<< A New and effective program
  • a-squared Free <<< A good "realtime" or "on demand" scanner
  • superantispyware <<< A good "realtime" or "on demand" scanner

Prevention
    These programs don't detect malware, they help stop it getting on your machine in the first place.
    Each does a different job, so you can have more than one
  • Winpatrol
    • An excellent startup manager and then some !!
    • Notifies you if programs are added to startup
    • Allows delayed startup
    • A must have addition
  • SpywareBlaster 4.0
    • SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
  • SpywareGuard 2.2
    • SpywareGuard provides real-time protection against spyware.
    • Not required if you have other "realtime" antispyware or Winpatrol
  • ZonedOut
    • Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
  • MVPS HOSTS
    • This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
    • For information on how to download and install, please read this tutorial by WinHelp2002.
    • Not required if you are using other host file protections

Internet Browsers
    Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
    Using a different web browser can help stop malware getting on your machine.
    • Make your Internet Explorer more secure - This can be done by following these simple instructions:
      1. From within Internet Explorer click on the Tools menu and then click on Options.
      2. Click once on the Security tab
      3. Click once on the Internet icon so it becomes highlighted.
      4. Click once on the Custom Level button.
        • Change the Download signed ActiveX controls to Prompt
        • Change the Download unsigned ActiveX controls to Disable
        • Change the Initialise and script ActiveX controls not marked as safe to Disable
        • Change the Installation of desktop items to Prompt
        • Change the Launching programs and files in an IFRAME to Prompt
        • Change the Navigate sub-frames across different domains to Prompt
        • When all these settings have been made, click on the OK button.
        • If it prompts you as to whether or not you want to save the settings, press the Yes button.
      5. Next press the Apply button and then the OK to exit the Internet Properties page.
    If you are still using IE6 then either update, or get one of the following.
    • FireFox
      • With many addons available that make customization easy this is a very popular choice
      • NoScript and AdBlockPlus addons are essential
    • Opera
      • Another popular alternative
    • Netscape
      • Another popular alternative
      • Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies
    Temporary Internet Files are mainly the files that are downloaded when you open a web page.
    Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
    It is a good idea to empty the Temporary Internet Files folder on a regular basis.

    Tracking Cookies are files that websites use to monitor which sites you visit and how often.
    A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
    CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords

    Both of these can be cleaned manually, but a quicker option is to use a program
  • ATF Cleaner
    • Free and very simple to use
  • CCleaner
    • Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again :D


If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: iexplore.exe uses all my CPU resource

Unread postby NonSuch » March 10th, 2010, 12:25 am

As this issue appears to be resolved, this topic is now closed.

You can help support this site from this link :
Donations For Malware Removal
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 292 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware