Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Slow start up, cpu power draining for no reason.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Slow start up, cpu power draining for no reason.

Unread postby Jacob A » December 22nd, 2010, 7:56 pm

Hello deltalima :)
Ok will try and free up the harddrives! Before I came here I ran a Malwarebytes anti-malware scan and it found I think something will post that log too!

Malware Scan new:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Databasversion: 5363

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2010-12-23 00:50:15
mbam-log-2010-12-23 (00-50-14).txt

Skanningstyp: Snabbskanning
Antal skannade objekt: 137458
Förfluten tid: 18 minut(er), 41 sekund(er)

Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 0
Infekterade registernycklar: 0
Infekterade registervärden: 0
Infekterade registerdataposter: 0
Infekterade mappar: 0
Infekterade filer: 0

Infekterade minnesprocesser:
(Inga illasinnade poster hittades)

Infekterade minnesmoduler:
(Inga illasinnade poster hittades)

Infekterade registernycklar:
(Inga illasinnade poster hittades)

Infekterade registervärden:
(Inga illasinnade poster hittades)

Infekterade registerdataposter:
(Inga illasinnade poster hittades)

Infekterade mappar:
(Inga illasinnade poster hittades)

Infekterade filer:
(Inga illasinnade poster hittades)


Malware Scan old:


Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Databasversion: 5317

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2010-12-15 10:43:39
mbam-log-2010-12-15 (10-43-39).txt

Skanningstyp: Snabbskanning
Antal skannade objekt: 137869
Förfluten tid: 19 minut(er), 25 sekund(er)

Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 0
Infekterade registernycklar: 2
Infekterade registervärden: 0
Infekterade registerdataposter: 0
Infekterade mappar: 0
Infekterade filer: 0

Infekterade minnesprocesser:
(Inga illasinnade poster hittades)

Infekterade minnesmoduler:
(Inga illasinnade poster hittades)

Infekterade registernycklar:
HKEY_CLASSES_ROOT\AppID\activex.DLL (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.

Infekterade registervärden:
(Inga illasinnade poster hittades)

Infekterade registerdataposter:
(Inga illasinnade poster hittades)

Infekterade mappar:
(Inga illasinnade poster hittades)

Infekterade filer:
(Inga illasinnade poster hittades)


Over and out!
Jacob A
Regular Member
 
Posts: 26
Joined: December 2nd, 2008, 7:08 pm
Advertisement
Register to Remove

Re: Slow start up, cpu power draining for no reason.

Unread postby deltalima » December 23rd, 2010, 3:35 am

Hi Jacob A,

Please delete the file

C:\Documents and Settings\Jacob\Mina dokument\Virus fix\VirtumundoBeGone.exe

Upload a File to Virustotal

Please go to Virustotal

Copy/paste this file and path into the white box at the top:
c:\windows\system32\ctfmon.exe

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Slow start up, cpu power draining for no reason.

Unread postby Jacob A » December 23rd, 2010, 8:55 am

Hello deltalima!

I deleted VirtumundoBeGone.exe file!

VirusTotal Scan of ctfmon.exe:

File name:
ctfmon.exe
Submission date:
2010-12-23 12:51:24 (UTC)
Current status:
queued queued (#2) analysing finished
Result:
0/ 43 (0.0%)

Antivirus Version Last Update Result
AhnLab-V3 2010.12.23.04 2010.12.23 -
AntiVir 7.11.0.148 2010.12.23 -
Antiy-AVL 2.0.3.7 2010.12.23 -
Avast 4.8.1351.0 2010.12.23 -
Avast5 5.0.677.0 2010.12.22 -
AVG 9.0.0.851 2010.12.23 -
BitDefender 7.2 2010.12.23 -
CAT-QuickHeal 11.00 2010.12.23 -
ClamAV 0.96.4.0 2010.12.23 -
Command 5.2.11.5 2010.12.23 -
Comodo 7158 2010.12.23 -
DrWeb 5.0.2.03300 2010.12.23 -
Emsisoft 5.1.0.1 2010.12.23 -
eSafe 7.0.17.0 2010.12.22 -
eTrust-Vet 36.1.8056 2010.12.23 -
F-Prot 4.6.2.117 2010.12.22 -
F-Secure 9.0.16160.0 2010.12.23 -
Fortinet 4.2.254.0 2010.12.23 -
GData 21 2010.12.23 -
Ikarus T3.1.1.90.0 2010.12.23 -
Jiangmin 13.0.900 2010.12.22 -
K7AntiVirus 9.74.3319 2010.12.22 -
Kaspersky 7.0.0.125 2010.12.23 -
McAfee 5.400.0.1158 2010.12.23 -
McAfee-GW-Edition 2010.1C 2010.12.23 -
Microsoft 1.6402 2010.12.23 -
NOD32 5727 2010.12.23 -
Norman 6.06.12 2010.12.23 -
nProtect 2010-12-23.02 2010.12.23 -
Panda 10.0.2.7 2010.12.22 -
PCTools 7.0.3.5 2010.12.23 -
Prevx 3.0 2010.12.23 -
Rising 22.79.02.04 2010.12.23 -
Sophos 4.60.0 2010.12.23 -
SUPERAntiSpyware 4.40.0.1006 2010.12.23 -
Symantec 20101.3.0.103 2010.12.23 -
TheHacker 6.7.0.1.104 2010.12.21 -
TrendMicro 9.120.0.1004 2010.12.23 -
TrendMicro-HouseCall 9.120.0.1004 2010.12.23 -
VBA32 3.12.14.2 2010.12.23 -
VIPRE 7770 2010.12.23 -
ViRobot 2010.12.23.4216 2010.12.23 -
VirusBuster 13.6.108.0 2010.12.22 -

Full Malwarebytes Anti-Malware scan:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Databasversion: 5379

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2010-12-23 13:31:32
mbam-log-2010-12-23 (13-31-24).txt

Skanningstyp: Fullständig skanning (C:\|E:\|F:\|G:\|I:\|)
Antal skannade objekt: 319634
Förfluten tid: 5 timme(ar), 56 minut(er), 6 sekund(er)

Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 0
Infekterade registernycklar: 0
Infekterade registervärden: 0
Infekterade registerdataposter: 0
Infekterade mappar: 0
Infekterade filer: 3

Infekterade minnesprocesser:
(Inga illasinnade poster hittades)

Infekterade minnesmoduler:
(Inga illasinnade poster hittades)

Infekterade registernycklar:
(Inga illasinnade poster hittades)

Infekterade registervärden:
(Inga illasinnade poster hittades)

Infekterade registerdataposter:
(Inga illasinnade poster hittades)

Infekterade mappar:
(Inga illasinnade poster hittades)

Infekterade filer:
c:\system volume information\_restore{1b99ac46-0e4e-4d26-b634-5f13441f5c56}\RP1121\A0197510.exe (Trojan.Agent.CK) -> No action taken.
e:\spel installations filer\gta.iv.crack.securom.bypass.launcher.uber-proper-fed0r\launchgtaiv.exe (Risktool.Crack) -> No action taken.
i:\Spel\call of duty 4 - modern warfare\#readme#\rzr-cod4-keygen.exe (Trojan.Agent.CK) -> No action taken.
Jacob A
Regular Member
 
Posts: 26
Joined: December 2nd, 2008, 7:08 pm

Re: Slow start up, cpu power draining for no reason.

Unread postby deltalima » December 23rd, 2010, 1:00 pm

Hi Jacob A,

Infekterade filer: 3


The first of the 3 infected files is in the System Restore area and will be removed once we have finished.

The other 2 are cracks and must be removed. Please see here.

We can remove using OTL, we will also remove some old quarantined files.

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :files
    e:\spel installations filer\gta.iv.crack.securom.bypass.launcher.uber-proper-fed0r\launchgtaiv.exe
    i:\Spel\call of duty 4 - modern warfare\#readme#\rzr-cod4-keygen.exe
    C:\Qoobox\Quarantine\C\WINDOWS\system32\ayixtoye.ini.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\bcrlxwmy.ini.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\ceypkiev.ini.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drnxtdbe.ini.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\erehhslp.ini.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\FhPVDcfe.ini.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\FhPVDcfe.ini2.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\ganurcxy.ini.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\gxxcfads.ini.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\iscpranv.ini.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\jausrsnb.ini.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\kjcmubsn.ini.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\mtwovscy.ini.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\npqgnflf.ini.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\nrvlgmqm.ini.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\nylnxpav.ini.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\phancduf.ini.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\qknbcoyx.ini.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\qmmbtgyq.ini.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\qsfykdmr.ini.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\quemeisl.ini.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\rkgadxhf.ini.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\rsorookf.ini.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\sclyfkgs.ini.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\shvpsxkx.ini.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\uvxotrpl.ini.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\visnuokf.ini.vir
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Now please run a new scan with ESET and post the log in your next reply.

CKScanner

  • Please download CKScanner from here to your Desktop.
  • Make sure that CKScanner.exe is on the your Desktop before running the application!
  • Double-click on CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved
  • Double-click on the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.

Next

  • Please download this tool from Microsoft.
  • Double click on MGADiag.exe to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Slow start up, cpu power draining for no reason.

Unread postby Jacob A » December 23rd, 2010, 1:17 pm

Hello deltalima will do so but just so you know eset took several hours for me last time and will probably take the same amount of time again so if I dont answer soon its because of that! :)
Jacob A
Regular Member
 
Posts: 26
Joined: December 2nd, 2008, 7:08 pm

Re: Slow start up, cpu power draining for no reason.

Unread postby deltalima » December 23rd, 2010, 1:30 pm

OK, well do all the other tasks then run ESET over night tonight if you wish.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Slow start up, cpu power draining for no reason.

Unread postby Jacob A » December 23rd, 2010, 2:20 pm

Hello deltalima :)

Here are all the logs:

OTL:

========== FILES ==========
e:\spel installations filer\gta.iv.crack.securom.bypass.launcher.uber-proper-fed0r\LaunchGTAIV.exe moved successfully.
i:\Spel\call of duty 4 - modern warfare\#readme#\rzr-cod4-keygen.exe moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ayixtoye.ini.vir moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\bcrlxwmy.ini.vir moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ceypkiev.ini.vir moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drnxtdbe.ini.vir moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\erehhslp.ini.vir moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\FhPVDcfe.ini.vir moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\FhPVDcfe.ini2.vir moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ganurcxy.ini.vir moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\gxxcfads.ini.vir moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\iscpranv.ini.vir moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\jausrsnb.ini.vir moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\kjcmubsn.ini.vir moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\mtwovscy.ini.vir moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\npqgnflf.ini.vir moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\nrvlgmqm.ini.vir moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\nylnxpav.ini.vir moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\phancduf.ini.vir moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\qknbcoyx.ini.vir moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\qmmbtgyq.ini.vir moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\qsfykdmr.ini.vir moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\quemeisl.ini.vir moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\rkgadxhf.ini.vir moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\rsorookf.ini.vir moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\sclyfkgs.ini.vir moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\shvpsxkx.ini.vir moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\uvxotrpl.ini.vir moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\visnuokf.ini.vir moved successfully.

OTL by OldTimer - Version 3.2.18.0 log created on 12232010_190453

CKScanner:

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program\bitlord\torrents\sid meier's civilization iv v1.74 + warlords v2.13 + beyond the sword v3.13 + nocd cracks.torrent
c:\program\bitlord\torrents\sid meier's civilization iv v1.74 + warlords v2.13 + beyond the sword v3.13 + nocd cracks.xml
c:\program\bitlord\torrents\timeshift + crack [multi5][pcdvd][www.zonatorrent.com].torrent
c:\program\bitlord\torrents\timeshift + crack [multi5][pcdvd][www.zonatorrent.com].xml
c:\program\bitlord\torrents\timeshift.keygen-reloaded.torrent
c:\program\bitlord\torrents\timeshift.keygen-reloaded.xml
c:\qoobox\quarantine\c\documents and settings\jacob\application data\utorrent\gta.iv.crack.securom.bypass.launcher.uber-proper-fed0r.torrent.vir
c:\qoobox\quarantine\c\documents and settings\jacob\application data\utorrent\spore.crackfix-reloaded.torrent.vir
c:\spel\firaxis games\sid meier's civilization 4\beyond the sword\mods\afterworld\assets\art\terrain\features\afterworldwalls\shadow_wall_2_cracked.dds
c:\spel\firaxis games\sid meier's civilization 4\beyond the sword\mods\afterworld\assets\art\terrain\features\afterworldwalls\wall_2_cracked.nif
c:\spel\firaxis games\sid meier's civilization 4\beyond the sword\mods\afterworld\assets\art\terrain\features\afterworldwalls\wall_2_cracked_diff.dds
c:\_otl\movedfiles\12232010_190453\e_spel installations filer\gta.iv.crack.securom.bypass.launcher.uber-proper-fed0r\launchgtaiv.exe
c:\_otl\movedfiles\12232010_190453\i_spel\call of duty 4 - modern warfare\#readme#\rzr-cod4-keygen.exe
scanner sequence 3.EH.11
----- EOF -----

MGADiag:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-B36HJ-48MK2-82RPR
Windows Product Key Hash: ucbP8yiqz/NbjARs/a8NgGDfun0=
Windows Product ID: 55716-010-5041452-22687
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {067540EB-9CE3-4855-9B99-747C7F7661A2}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.40.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: FCEE394C-458-80041002_025D1FF3-344-80041002_025D1FF3-229-80041002_025D1FF3-230-1_025D1FF3-238-2
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.9.40.0
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: FCEE394C-458-80041002_025D1FF3-344-80041002_025D1FF3-229-80041002_025D1FF3-230-1_025D1FF3-238-2

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{067540EB-9CE3-4855-9B99-747C7F7661A2}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-82RPR</PKey><PID>55716-010-5041452-22687</PID><PIDType>5</PIDType><SID>S-1-5-21-1454471165-796845957-839522115</SID><SYSTEM/><BIOS/><HWID>AE7C3F7F01842E76</HWID><UserLCID>041D</UserLCID><SystemLCID>041D</SystemLCID><TimeZone>Västeuropa, normaltid(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.9.40.0"/><File Name="WgaLogon.dll" Version="1.9.40.0"/></GANotification></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: no
Marker string from BIOS: N/A
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A

Over and out!
Jacob A
Regular Member
 
Posts: 26
Joined: December 2nd, 2008, 7:08 pm

Re: Slow start up, cpu power draining for no reason.

Unread postby deltalima » December 23rd, 2010, 2:24 pm

Hi Jacob A,

Please remove ALL cracked software or crack downloads then run CKScanner again and post the log.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Slow start up, cpu power draining for no reason.

Unread postby Jacob A » December 23rd, 2010, 2:43 pm

Hello deltalima deleted all I could find!

CKScan:

CKScanner - Additional Security Risks - These are not necessarily bad
c:\qoobox\quarantine\c\documents and settings\jacob\application data\utorrent\gta.iv.crack.securom.bypass.launcher.uber-proper-fed0r.torrent.vir
c:\qoobox\quarantine\c\documents and settings\jacob\application data\utorrent\spore.crackfix-reloaded.torrent.vir
c:\_otl\movedfiles\12232010_190453\e_spel installations filer\gta.iv.crack.securom.bypass.launcher.uber-proper-fed0r\launchgtaiv.exe
c:\_otl\movedfiles\12232010_190453\i_spel\call of duty 4 - modern warfare\#readme#\rzr-cod4-keygen.exe
scanner sequence 3.BB.11
----- EOF -----
Jacob A
Regular Member
 
Posts: 26
Joined: December 2nd, 2008, 7:08 pm

Re: Slow start up, cpu power draining for no reason.

Unread postby deltalima » December 23rd, 2010, 3:21 pm

OK, thanks.

Please run the ESET scan when you get chance, the only infected items it finds should be in the C:\_otl\movedfiles folder.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Slow start up, cpu power draining for no reason.

Unread postby deltalima » December 23rd, 2010, 4:35 pm

Hi Jacob A,

Also, could you please translate the following event log entries into English?

Error - 2010-12-17 22:55:27 | Computer Name = JAKE | Source = Disk | ID = 262155
Description = Drivrutinen hittade ett styrenhetsfel på \Device\Harddisk2\D.

Error - 2010-12-18 11:33:57 | Computer Name = JAKE | Source = Service Control Manager | ID = 7034
Description = Tjänsten Windows Installer avslutades oväntat. Detta har skett 1 gånger.

Error - 2010-12-18 11:34:06 | Computer Name = JAKE | Source = Service Control Manager | ID = 7034
Description = Tjänsten RIS avslutades oväntat. Detta har skett 1 gånger.


Next

Security Check
Please download Security Check ... by screen317. Save it to your desktop.
Alternate download site: Link 2
  1. Double click the SecurityCheck.exe icon to begin.
  2. Press the Space Bar when you see the "press any key to continue..." message.
    A Notepad results file will open automatically called checkup.txt
  3. Save "checkup.txt" to your desktop. (This output file is NOT automatically saved!)
  4. Please copy/paste the entire contents of the checkup.txt file into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Slow start up, cpu power draining for no reason.

Unread postby Jacob A » December 23rd, 2010, 7:56 pm

Hello deltalima :) I am going to try and translate as good as I can! Will run another eset scan during the night.


Error - 2010-12-17 22:55:27 | Computer Name = JAKE | Source = Disk | ID = 262155
Description = Drivrutinen hittade ett styrenhetsfel på \Device\Harddisk2\D.

--Description = The driver found a controller failure on \Device\Harddisk2\D.

Error - 2010-12-18 11:33:57 | Computer Name = JAKE | Source = Service Control Manager | ID = 7034
Description = Tjänsten Windows Installer avslutades oväntat. Detta har skett 1 gånger.

-- Description = The service Windows Installer was abruptly terminated. This has happened 1 time.
or unexpectedly shutdown.


Error - 2010-12-18 11:34:06 | Computer Name = JAKE | Source = Service Control Manager | ID = 7034
Description = Tjänsten RIS avslutades oväntat. Detta har skett 1 gånger.

-- Description = The service RIS was abruptly terminated. This has happened 1 time.
or unexpectedly shutdown.


If you want me to try and translate it different please ask :)
I got an error message during the "Preparing" phase of Security Check scan and it said:

AutoIt Error

Line -1:

Error: Variable must be of type "Object".

I pressed ok and here is my scan!

Security Check scan:

Results of screen317's Security Check version 0.99.8
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

ESET Online Scanner v3
Norman Virus Control
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Malwarebytes' Anti-Malware
HijackThis 2.0.2
TweakNow RegCleaner
Java(TM) 6 Update 23
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Reader 9.4.1 - Svenska
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
``````````End of Log````````````

Over and out!
Jacob A
Regular Member
 
Posts: 26
Joined: December 2nd, 2008, 7:08 pm

Re: Slow start up, cpu power draining for no reason.

Unread postby deltalima » December 23rd, 2010, 8:00 pm

Will run another eset scan during the night.


OK thanks. Please post the log when finished.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Slow start up, cpu power draining for no reason.

Unread postby Jacob A » December 24th, 2010, 7:09 pm

Hello deltalima :) Merry christmas! Here is my eset scan I think last time it didnt run full time this time it took 17:21:31 hours... is this normal? Anyway thats why I replied a bit later then usual!

Eset scan:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=aa35dbab8847534b9b149609dd689383
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-12-24 06:21:51
# local_time=2010-12-24 07:21:51 (+0100, Västeuropa, normaltid)
# country="Sweden"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=crash
# scanned=186151
# found=27
# cleaned=0
# scan_time=62491
C:\_OTL\MovedFiles\12232010_190453\C_Qoobox\Quarantine\C\WINDOWS\system32\ayixtoye.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\12232010_190453\C_Qoobox\Quarantine\C\WINDOWS\system32\bcrlxwmy.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\12232010_190453\C_Qoobox\Quarantine\C\WINDOWS\system32\ceypkiev.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\12232010_190453\C_Qoobox\Quarantine\C\WINDOWS\system32\drnxtdbe.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\12232010_190453\C_Qoobox\Quarantine\C\WINDOWS\system32\erehhslp.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\12232010_190453\C_Qoobox\Quarantine\C\WINDOWS\system32\FhPVDcfe.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\12232010_190453\C_Qoobox\Quarantine\C\WINDOWS\system32\FhPVDcfe.ini2.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\12232010_190453\C_Qoobox\Quarantine\C\WINDOWS\system32\ganurcxy.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\12232010_190453\C_Qoobox\Quarantine\C\WINDOWS\system32\gxxcfads.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\12232010_190453\C_Qoobox\Quarantine\C\WINDOWS\system32\iscpranv.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\12232010_190453\C_Qoobox\Quarantine\C\WINDOWS\system32\jausrsnb.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\12232010_190453\C_Qoobox\Quarantine\C\WINDOWS\system32\kjcmubsn.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\12232010_190453\C_Qoobox\Quarantine\C\WINDOWS\system32\mtwovscy.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\12232010_190453\C_Qoobox\Quarantine\C\WINDOWS\system32\npqgnflf.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\12232010_190453\C_Qoobox\Quarantine\C\WINDOWS\system32\nrvlgmqm.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\12232010_190453\C_Qoobox\Quarantine\C\WINDOWS\system32\nylnxpav.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\12232010_190453\C_Qoobox\Quarantine\C\WINDOWS\system32\phancduf.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\12232010_190453\C_Qoobox\Quarantine\C\WINDOWS\system32\qknbcoyx.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\12232010_190453\C_Qoobox\Quarantine\C\WINDOWS\system32\qmmbtgyq.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\12232010_190453\C_Qoobox\Quarantine\C\WINDOWS\system32\qsfykdmr.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\12232010_190453\C_Qoobox\Quarantine\C\WINDOWS\system32\quemeisl.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\12232010_190453\C_Qoobox\Quarantine\C\WINDOWS\system32\rkgadxhf.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\12232010_190453\C_Qoobox\Quarantine\C\WINDOWS\system32\rsorookf.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\12232010_190453\C_Qoobox\Quarantine\C\WINDOWS\system32\sclyfkgs.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\12232010_190453\C_Qoobox\Quarantine\C\WINDOWS\system32\shvpsxkx.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\12232010_190453\C_Qoobox\Quarantine\C\WINDOWS\system32\uvxotrpl.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\12232010_190453\C_Qoobox\Quarantine\C\WINDOWS\system32\visnuokf.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
Jacob A
Regular Member
 
Posts: 26
Joined: December 2nd, 2008, 7:08 pm

Re: Slow start up, cpu power draining for no reason.

Unread postby deltalima » December 24th, 2010, 7:19 pm

Hi Jacob A,

We have detected and quarantined some malware on your system, however the logs show no sign of any active malware.

The event logs indicate that there may be a hardware issue with one or more of the hard disks on the computer so the next step is to check all the drives.

Check Hard Disk For Errors:

Press Start->Run, then copy/paste the following command into the box and press OK:
cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
A blank command window will open on your desktop, then close in a few minutes. This is normal.
A file icon named checkhd.txt should appear on your Desktop.

Please repeat this and replace c: with each of the following drive letters so that you run the scan a total of 5 times,

E:
F:
G:
I:


The results will all append to the one log file named checkhd.txt on your Desktop. Please post the contents of this file.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 292 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware