Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

slow boot and high CPU usage

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

slow boot and high CPU usage

Unread postby sag19330184 » August 21st, 2010, 11:30 am

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:34:25, on 8/21/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\VIRTUA~1\System\VCDPlay.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Virtual CD v4\System\VCDTray.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Virtual CD v4\System\vcdsecs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,C:\WINDOWS\system32\a8515bae.exe,C:\WINDOWS\system32\ldmzeg.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [VCDPlayer] C:\PROGRA~1\VIRTUA~1\System\VCDPlay.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Закачать все при помощи FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Закачать при помощи FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/softwar ... launch.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{44110585-4257-4AA9-B56F-A698E096FB41}: NameServer = 195.34.32.116 212.188.4.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2AA73A7-6599-454A-A14E-69BA1EFE31B6}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE9E9FB0-7884-4F26-AA00-A3B12E1E41F9}: NameServer = 212.188.4.10,195.34.32.116
O17 - HKLM\System\CS1\Services\Tcpip\..\{44110585-4257-4AA9-B56F-A698E096FB41}: NameServer = 195.34.32.116 212.188.4.10
O17 - HKLM\System\CS2\Services\Tcpip\..\{44110585-4257-4AA9-B56F-A698E096FB41}: NameServer = 195.34.32.116 212.188.4.10
O17 - HKLM\System\CS3\Services\Tcpip\..\{44110585-4257-4AA9-B56F-A698E096FB41}: NameServer = 195.34.32.116 212.188.4.10
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: mt41hub - Invalid registry found
O20 - Winlogon Notify: WinCtrl32 - Invalid registry found
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: B-Service - Unknown owner - C:\Documents and Settings\SAG\Application Data\Mikogo\B-Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Radmin Server V3 (RServer3) - Famatech International Corp. - C:\WINDOWS\system32\rserver30\RServer3.exe
O23 - Service: VCDSecS - H+H Software GmbH - C:\Program Files\Virtual CD v4\System\vcdsecs.exe

--
End of file - 7899 bytes


uninstalllist:
7-Zip 4.57
ACDSee 9 Photo Manager
Ace DivX Player
Active File Compare 2.0 beta 1
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Photoshop CS
Adobe Reader 7.0
Anti Trojan Elite 3.9.4
AP Tuner 3.08
ArtMoney PRO v7.27
Borland Delphi 7
Copy Utility
CSL ARM Toolchain (arm-symbianelf) 2005-Q1C
DivX Codec
EPSON Photo Print
EPSON Smart Panel
EPSON TWAIN 5
Extensis pxl SmartScale 1.0
FAR file manager
FlashGet 1.9.6.1073
Free Colored ScrollBars 2.2
Full Tilt Poker
GameSpy Arcade
GIMP 2.4.2
Hamachi 1.0.3.0
Heroes III SaveEditor
Heroes of Migth and Magic 3: World Tournament 0.32
Hex-Rays Decompiler v1.0
HiJackThis
Hotfix for Windows XP (KB909394)
ICM Trainer Light
ICQ
IDA Pro Advanced v5.2 with WinCE v5.0 debugger
IrfanView (remove only)
Java 2 Runtime Environment Standard Edition v1.2.2
Java(TM) 6 Update 21
Leaf
McAfee SecurityCenter
MetaTrader 4.00
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft ActiveSync 4.0
Microsoft Office - i?ioanneiiaeuiue auione aa?nee 2003
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Visual Studio 2005 Tools for Office Runtime
Mikogo
Miranda IM 0.8.1
Mozilla Firefox (2.0.0.8)
MSXML 6.0 Parser (KB925673)
Parimatch
PartyPoker
PocketPref
PokerStars
PowerDVD
PROMT Expert 8 Giant Try-Buy
QuickTime
Radmin Server 3.3
S60 3rd Edition FP1 SDK for Symbian OS
Samsung Media Studio
ScanToWeb
Skype™ 4.0
Smart Web Builder 1.53
Spider Player 2.3.1.3
Undelete Plus 2.94
Virtual CD v4
Visual Studio 2005 Tools for Office Second Edition Runtime
Winamp
Windows Communication Foundation
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Presentation Foundation
Windows Workflow Foundation
WinRAR archiver
WinZip
XviD MPEG-4 Video Codec
yandexmaps

problem description:
i had Kaspersky AVP 9.0, however my PC was infected with at least 10 viruses and trojans. Few to mention:
- backdoor.zapinit.88
- backdoor.zapinit.46
- trojan.rvz.10
- trojan.winspy.921
- win32.hllw.okamai
these 10 viruses were cured/deleted by DrWEB antivirus.
After reboot my PC became very slow. Booting took +5 more minutes than usual. Access to many antivirus websites was denied (i made "route -f", rebooted and now i have access to any websites as usual).
Then i uninstalled Kaspersky antivirus and installed McAfee Security Center.
Still following problems occur:
1) booting is very slow, +5 more minutes than usual.
2) CPU usage is almost all the time 100%, so PC is very slow. Most of CPU usage by process rapimgr.exe
my system info: CPU Pentium 4 , 1400MHz, RAM 256MB, Windows XP SP2
sag19330184
Active Member
 
Posts: 1
Joined: August 21st, 2010, 10:52 am
Advertisement
Register to Remove

Re: slow boot and high CPU usage

Unread postby askey127 » August 24th, 2010, 6:54 am

sag19330184
Sorry for the delay.
While we are working on this, please don't Uninstall, Delete, Install or Scan with anything unless I ask
Your machine is suffering from not being updated, and having far too many processes running for the amount of RAM.

ANYTHING you can do to get another 256Mb RAM installed will pay big dividends.
256Mb RAM cards that will fit that machine are nearly free.
-----------------------------------------------------------
Remove Registry items with HighjackThis. Start HijackThis.
Click Do System Scan Only. When the Scan is complete, Check the following entries:
(Some of these lines may be missing)
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,C:\WINDOWS\system32\a8515bae.exe,C:\WINDOWS\system32\ldmzeg.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O8 - Extra context menu item: &???????? ??? ??? ?????? FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &???????? ??? ?????? FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - (no file)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{44110585-4257-4AA9-B56F-A698E096FB41}: NameServer = 195.34.32.116 212.188.4.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE9E9FB0-7884-4F26-AA00-A3B12E1E41F9}: NameServer = 212.188.4.10,195.34.32.116
O17 - HKLM\System\CS1\Services\Tcpip\..\{44110585-4257-4AA9-B56F-A698E096FB41}: NameServer = 195.34.32.116 212.188.4.10
O17 - HKLM\System\CS2\Services\Tcpip\..\{44110585-4257-4AA9-B56F-A698E096FB41}: NameServer = 195.34.32.116 212.188.4.10
O17 - HKLM\System\CS3\Services\Tcpip\..\{44110585-4257-4AA9-B56F-A698E096FB41}: NameServer = 195.34.32.116 212.188.4.10
O20 - Winlogon Notify: mt41hub - Invalid registry found
O20 - Winlogon Notify: WinCtrl32 - Invalid registry found

Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked
Click the "X" in the upper right corner of the HiJackThis window to close it.
----------------------------------------------
Run Temp File Cleaner
Download Temp File Cleaner and save it to your desktop.
Double click to run it.
If you have a lot of junk files to remove, it could take a while, so please be patient and let it finish.
When it's done, if it asks to Reboot, choose to do so. This will remove files that could not be removed while Windows was running.
After Restart, log back in to your usual account.
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :
Active File Compare 2.0 beta 1
Adobe Reader 7.0
FlashGet 1.9.6.1073
Full Tilt Poker
Java 2 Runtime Environment Standard Edition v1.2.2
PartyPoker

Take extra care in answering questions posed by any Uninstaller.
----------------------------------------------
Run Temp File Cleaner Again
Double click TFC.exe to run it.
If you have a lot of junk files to remove, it could take a while, so please be patient and let it finish.
When it's done, if it asks to Reboot (and it will), choose to do so. This will remove files that could not be removed while Windows was running.
After Restart, log back in to your usual account.

Let me know how this part goes, and we can further disinfect the machine, and start updates.
You may find it's a bit faster.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: slow boot and high CPU usage

Unread postby NonSuch » August 28th, 2010, 1:44 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 300 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware