cpu at 100%

  pollpott 22:02 02 Jan 2005

the processes monitor shows that WintaskAd.exe is using 95 - 100% of the processor capacity , can I do something about this?

  ACOLYTE 22:15 02 Jan 2005

According to click here

its spy ware and should be removed

  Nellie2 22:21 02 Jan 2005

Hi pollpott

Could you download, set up, update and run adaware and spybot search and destroy... let them fix what they find download links and set up instructions click here

Then reboot and download hijackthis v1.99.0 click here. Extract it into it's own folder and click the 'do a system scan and save logfile button' It may take a little while.

Do not fix anything yourself... a lot of what hijackthis lists is useful and even essential to the running of your pc. Post the logfile in this thread (you may have to do it in two posts as there is an 800 word limit to your posts here)I'll pop back later on or tomorrow and have a look at it for you.

  pollpott 10:51 03 Jan 2005

Running processes:
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SAGEM\TalkTalk Broadband\dslmon.exe
C:\Documents and Settings\martyn\My Documents\New Folder\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

  pollpott 10:53 03 Jan 2005

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = click here
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = click here
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = click here (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = click here
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = click here=?ÃA????
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
R3 - Default URLSearchHook is missing
O1 - Hosts: click here
O1 - Hosts: your.com
O1 - Hosts: amateur.gayhost4free.com
O1 - Hosts: anal.gayhost4free.com
O1 - Hosts: bear.gayhost4free.com
O1 - Hosts: bizarre.gayhost4free.com
O1 - Hosts: blowjobs.gayhost4free.com
O1 - Hosts: bondage.gayhost4free.com
O1 - Hosts: cumshots.gayhost4free.com
O1 - Hosts: dicks.gayhost4free.com
O1 - Hosts: ebony.gayhost4free.com
O1 - Hosts: ethnic.gayhost4free.com
O1 - Hosts: fetish.gayhost4free.com
O1 - Hosts: group.gayhost4free.com
O1 - Hosts: hardcore.gayhost4free.com
O1 - Hosts: incest.gayhost4free.com
O1 - Hosts: masturbation.gayhost4free.com
O1 - Hosts: military.gayhost4free.com
O1 - Hosts: movies.gayhost4free.com
O1 - Hosts: twinks.gayhost4free.com
O1 - Hosts: uniform.gayhost4free.com
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe

  pollpott 10:55 03 Jan 2005

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [Update] C:\WINDOWS\csrss.exe /i
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
O4 - HKLM\..\Run: [tblfunc] tblmouse.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [wmiprv] wmiprv.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NvCplScan] msc32.exe
O4 - HKLM\..\Run: [Microsofts Legacy Support] java.exe
O4 - HKLM\..\Run: [MS Manager32 Startup] manager32.exe
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvzhi32.exe
O4 - HKLM\..\Run: [Windows Media Player] msa.exe
O4 - HKLM\..\Run: [sdkupdate22] SDK0mCORE.exe
O4 - HKLM\..\Run: [start uploading] smsss.exe
O4 - HKLM\..\Run: [Windows ServeAd] C:\Program Files\Windows ServeAd\WinServAd.exe
O4 - HKLM\..\Run: [VtbD] C:\WINDOWS\bddmggbu.exe
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [olmvgrml] C:\WINDOWS\olmvgrml.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [wmiprv] wmiprv.exe
O4 - HKLM\..\RunServices: [NvCplScan] msc32.exe
O4 - HKLM\..\RunServices: [Microsofts Legacy Support] java.exe
O4 - HKLM\..\RunServices: [MS Manager32 Startup] manager32.exe
O4 - HKLM\..\RunServices: [Windows Media Player] msa.exe
O4 - HKLM\..\RunServices: [sdkupdate22] SDK0mCORE.exe
O4 - HKLM\..\RunServices: [start uploading] smsss.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Documents and Settings\Annmarie\Desktop\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [wmiprv] wmiprv.exe
O4 - HKCU\..\Run: [Windows Media Player] msa.exe
O4 - HKCU\..\Run: [start uploading] smsss.exe
O4 - HKCU\..\RunServices: [start uploading] smsss.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?

  pollpott 10:57 03 Jan 2005

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\TalkTalk Broadband\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll (file missing)
O9 - Extra button: FreeMP3download - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\System32\FreeMP3download (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.msn.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - click here
O16 - DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} (FrontdoorFD Profile Manager Class) - click here
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - click here
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - click here
O17 - HKLM\System\CCS\Services\Tcpip\..\{044A0D0E-22F8-4390-B744-FE7A0AC5BAB8}: NameServer =
O17 - HKLM\System\CS1\Services\Tcpip\..\{044A0D0E-22F8-4390-B744-FE7A0AC5BAB8}: NameServer =
O19 - User stylesheet: (file missing)
O23 - Service: AOL Spyware Protection Service - Unknown - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Tablet Service - Aiptek - C:\WINDOWS\System32\Wt32exe.exe
O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe
HI Nellie2,
thanks for the help with this it is much appreciated.

  Nellie2 18:07 03 Jan 2005

Oh dear, you have a few problems there! We will need to do this in stages.

To start with you have Spybots Tea Timer running, this is an excellent program but will resist changes that we need to make to your system so can you disable it for now instructions click here

Now download FxAgentB.exe from click here and save it to your desktop. After downloading, double-click the FxAgentB file to run it and the program will scan your entire hard drive - this may take a while. When it is done, it will generate a log file called FxAgentB.log - save that information as you will need to paste it here later. Reboot when done.

Next click click here to download CWShredder by Merijn Bellekom and run it, hit 'fix' as opposed to 'scan only'.

Then run Adaware again. Before scanning click on "check for updates now" to make sure you have the latest reference file. Click "Start", select "Perform Full System scan" and "Next" to start the scan. When the scan is finished, the screen will tell you if anything has been found, click "Next". The bad files will be listed, right click the pane and click "Select all objects" - this will put a check mark in the box at the side, click "Next" again and click "OK" at the prompt "# objects will be removed. Continue?".

Reboot when done, and finally for this time download The Hoster from click here Run it and put a check mark against all the hosts (unless there are any that you have set yourself) apart from this line Localhost

Then press the 'delete checked lines' button.

Reboot and then run hijackthis again and post a fresh log.. but this time can you include the header.. this is the very top bit which tells me what your operating system is and what version of hijackthis you are using etc.

  pollpott 19:53 03 Jan 2005

Response to running agent.B removal tool was... Symantec Backdoor.Agent.B.Removal tool "Backdoor.Agent.B has not been found on your computer" is that what was expected?

  Nellie2 20:37 03 Jan 2005

You had some tell tale signs but not all of them so asking you to run FXAgentB was a just in case sort of thing! :)

  pollpott 21:05 03 Jan 2005


This thread is now locked and can not be replied to.

Elsewhere on IDG sites

iMac Pro review

See iconic duo Smith and Foulkes' epic animation for the BBC's Winter Olympics coverage

iMac Pro review

Idées cadeaux pour geeks et tech addicts