Tech Support banner

Status
Not open for further replies.
1 - 6 of 6 Posts

·
Registered
Joined
·
34 Posts
Discussion Starter #1
Hello, i have been helped here before, and i must say the support is excellent. Ive recently purchased a new system so had to reinstall windows, and now i have a few problems.

1. Every time the computer restarts, 'Windows Installer' window pops up as if it was installing something, however i dont know what it is.
2. svchosts.exe eating cpu

Hijackthis Log-------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 10:18:05 PM, on 25/09/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Trend Micro\Internet Security 2005\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Trend Micro\Internet Security 2005\Tmntsrv.exe
C:\PROGRA~1\Trend Micro\Internet Security 2005\tmproxy.exe
C:\PROGRA~1\Trend Micro\Internet Security 2005\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Telstra\Cable Login\bpcable.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Telstra\Toolbar\bpumTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\Antivirus\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passport.net/uilogin.srf?lc=1033&id=20960
O2 - BHO: ActivateBand Class - {4C7B6DE1-99A4-4CF1-8B44-68889900E1D0} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: BigPond Toolbar - {7A431EC4-CC21-4DF7-9DB1-A2CF74C4CC98} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [BigPond Toolbar] "C:\Program Files\Telstra\Toolbar\bpumTray.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127648435640
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSN Messenger\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\Trend Micro\Internet Security 2005\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\Trend Micro\Internet Security 2005\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\Trend Micro\Internet Security 2005\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\Trend Micro\Internet Security 2005\tmproxy.exe

Im pretty sure i have a few more problems in their, any help is appreciated.

*Im using Windows XP, Service Pack 1

Thanks
 

·
TSF Security Manager, Emeritus
Joined
·
52,197 Posts
Ive recently purchased a new system so had to reinstall windows
I'm not sure I follow you here. A new system comes with OS installed, yes?

Anyhoo....I'm not seeing anything in that log, and what you describe sounds more like a driver issue, particluarly since you've just done a reinstall. Have a look at your Device Manager and see if there are any issues present. Go to Start>Run and type devmgmt.msc and then press Enter. Look for Yellow Exclamation points or Red Xs. Report your findings here.
 

·
Registered
Joined
·
34 Posts
Discussion Starter #3
Hey,
I bought a new pc, so i reinstalled windows.

under device manager their are two yellow exclamation marks:
1. RAID Controller
2. USB controller

and one red cross
1. Gigabit Ethernet Adapter (i disabeled it myself)

So the Hijackthis log was 100% ok?

Thanks for the help.
 

·
TSF Security Manager, Emeritus
Joined
·
52,197 Posts
Hi eRrand -

Not that it matters to the issue, I'm just trying to understand....why would you reinstall windows on a new PC? Is this a custom made which came with no OS? Is it a major manufacturer, and you don't like all their junk? Or the reinstall is not on the new PC?

As I suspected, it would appear as though you have a driver installation issue with your USB device and RAID controller. Can you tell us what exactly the issues are as stated in Device Manager?

If driver related, you will need the driver disk which came with the PC, or the add-on cards, depending on whether the devices are on the motherboard or add-ons. If you don't have the driver disks, let us know.

As to the HJT log, yes it's clean. However, HJT doesn't see everything malware these days. Once we've resolved your Installer issue, we'll run a couple more tools to be certain you're clean.
 

·
Registered
Joined
·
34 Posts
Discussion Starter #5
I bought a new 64-bit motherboard and CPU, so i had to re-formatt the computer, thats what i meant, sorry if it was a bit vague.

The windows installer issue seems to have solved it self.

My only major problem is the svchost.exe, it keeps hogging the CPU usage at 100%. ive checked for viruses but my software hasnt been able to detect anything.

Thanks for any help.
 

·
TSF Security Manager, Emeritus
Joined
·
52,197 Posts
Now, that, I understand. Thanks.

Let's have you run a couple of our favorite scanners to help us rule out malware. I see that you have Ewido, but please update it's definitions and run the scan in safe mode as indicated, and post the log here.

Download CWShredder at http://www.greyknight17.com/spy/CWShredder.exe and run it. Click on 'I Agree' button if you agree. Click on 'Fix' (it will automatically fix anything it finds for you) and then click OK. If it asks if you want to delete a certain random file, choose No and post that filename here. Let it finish the scan and then hit Next and Exit.

Please download Ad-aware at http://www.lavasoftusa.com/ and install it if you don't have it already. Make sure it's the newest version and check for any updates before running it. Also go to http://www.lavasoftusa.com/software/addons/vx2cleaner.shtml to download the plug-in for fixing VX2 variants. Do NOT run the scan yet.

Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknight17.com/spy/CleanUp.exe ) and install it. CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp!. Run CleanUp! and click on the Options button. Uncheck 'Scan local drives for temporary files'. Also uncheck those two Newsgroup entries if you don't want to delete them. Click OK and then click on the CleanUp! button. Let it run. After it's done, choose Yes to logoff.

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.

Run a scan with Adaware, including the VX2 add on. Go into Ad-aware->Add-ons and select VX2 Cleaner. Then click Run Tool and OK to start it. If it's clean, it will say Status System Clean. Otherwise, you will have to click on the Clean button to remove the VX2 infection. Please configure Adaware with the following settings:

Click on the Gear icon (second from the left) to access the preferences/settings window

1. In the General window make sure the following are selected:
--> Automatically save logfile
--> Automatically quarantine objects prior to removal
--> Safe Mode (always request confirmation)
2. Click on the Scanning button on the left and select :
--> Scan within archives
--> Scan active processes
--> Scan registry
--> Deep-scan registry
--> Scan my IE Favorites for banned URLs
--> Scan my Hosts file
· Under Select drives & folders to scan, choose:
--> Select all of your hard drives that are not selected already
Click on the Advanced button on the left and select:
--> Include additional object information
--> Include negligible objects information
--> Include environment information
Click the Tweak button and select:
· Under the Scanning Engine:
--> Unload recognized processes & modules during scan
· Under the Cleaning Engine:
--> Let Windows remove files in use at next reboot
Click on Proceed to save the settings.

Click Start and on the next screen choose:
--> Use custom scanning options
Click Next and Ad-aware will scan your hard drive(s) with the options you have selected.

Save the log file when it asks and then click Finish. Do NOT post this log file unless the experts has requested it. These files are usually very big and we won't need it in most cases.When finished, mark everything for removal and get rid of it. (Right-click on any of the entries and choose Select All from the drop down menu and click Next).

Now open Ewido and do a scan on your system.

* Click on scanner
* Click on Complete System Scan and the scan will begin.
* NOTE: During some scans with Ewido it is finding cases of false positives.
o You will need to step through the process of cleaning files one-by-one.
o If Ewido detects a file you KNOW to be legitimate, select none as the action.
o Do NOT select 'Perform action on all infections'
o If you are unsure of any entry found, select none for now as the action.
* Once the scan has completed, there will be a button located on the bottom of the screen named Save report
* Click Save report.
* Save the report .txt file to your desktop or a location where you can find it easily.

Note: There is no need to purchase Ewido. It will remain as the freeware version after the trial period, which means the guard process will no longer work, but the scanner will be just as effective.

Reboot into normal mode now.

Perform an online scan with Internet Explorer with Panda ActiveScan - requires Internet Explorer

  1. Click on the Scan your PC button & a 'pop up' window shall appear. * ensure that your pop up blocker doesn't block it
  2. Click On 'Scan Now'
  3. Enter your e-mail address & click 'Scan Now' ...begins downloading Panda's ActiveX controls.- 8MB
  4. Begin the scan by selecting My Computer
    * You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
  5. If it finds any malware, it will offer you a report. Click on see report
  6. Then click Save report
  7. Post the contents of the report in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan

Make sure you have ALL Critical Updates installed, excluding SP2, at this point.
 
1 - 6 of 6 Posts
Status
Not open for further replies.
Top