Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Explorer.exe @ Constant 99% Cpu Usage.


  • This topic is locked This topic is locked
33 replies to this topic

#1 Alrescha

Alrescha

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 08 October 2006 - 11:37 AM

Hi.

The problem I am having is that my CPU is running at 100% constantly, more spicifically explorer.exe runs @ a constant 95 - 99%. This is leaving my system very slow. The problem started 2 days ago for no apparent reason. I have tried system restore and run all relevant spyware/virus scans etc. My PC is a Packard Bell with 2.6 GHZ P4 and 512 RAM.

Logfile of HijackThis v1.99.1
Scan saved at 17:07:15, on 08/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\user\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [F5D9050] C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: WIKI.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: MSMPSVC - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe" -n 4 (file missing)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe


Task Manager Screen Grab


Please help and thanks in advance.

BC AdBot (Login to Remove)

 


m

#2 Alrescha

Alrescha
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 14 October 2006 - 10:53 AM

Additional Info -

When I have a program open such as Windows Media Player is shares the CPU usage about 50% each, as soon as Windows Media Players is closed the CPU all goes to explorer.exe, some times System Idle Process take 99% of the CPU power. But generally explorer.exe uses 99% CPU even with no user programs open.

#3 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:39 PM

Posted 15 October 2006 - 05:46 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:
I apologize for the delay getting to your log, the helpers here are very busy.


What can you tell me about this file?

O20 - AppInit_DLLs: WIKI.DLL


If you are unsure about it, see if you can locate it on your computer. Let me know where you find it.


Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#4 Alrescha

Alrescha
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 15 October 2006 - 08:14 AM

Hi, and thanks for your reply.

I ran a search on "wiki.dll" and this returned no results (looking in hidden and system folders) I then ran a search on "wiki" and this returned web pages I have visited from Wikipedia and 1 file called "wikitekss" that is in C:\Program Files\Belkin\F5D9050, this is my Belkin Wireless USB adaptor. It says it opens with Crypto Shell Extensio if that helps.


user - 06-10-15 14:03:36.10 Service Pack 2
ComboFix 06.10.14.1 - Running from: "C:\Documents and Settings\user\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-09-15 to 2006-10-15 ))))))))))))))))))))))))))))))))))


2006-10-09 18:43 178,408 --a------ C:\WINDOWS\system32\muweb.dll
2006-10-09 18:43 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2006-10-08 15:13 82,944 --a------ C:\WINDOWS\system32\drivers\msfwdrv.sys
2006-10-08 15:13 27,648 --a------ C:\WINDOWS\system32\drivers\MpFilter.sys
2006-10-08 15:13 108,032 --a------ C:\WINDOWS\system32\drivers\msfwhlpr.sys
2006-09-21 16:42 618,328 --a------ C:\WINDOWS\system32\WINSSWEBAGENT.DLL


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-14 03:24 -------- d-------- C:\Program Files\Microsoft Windows OneCare Live
2006-10-08 15:13 -------- d-------- C:\Program Files\MSXML 4.0
2006-10-08 15:09 -------- d-------- C:\Program Files\Internet Explorer
2006-09-13 06:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-12 17:51 1245184 --a------ C:\WINDOWS\system32\msxml4.dll
2006-09-10 13:15 -------- d-------- C:\Program Files\EwisoftWeb
2006-09-10 13:15 -------- d-------- C:\Documents and Settings\user\Application Data\Jasc
2006-09-03 18:56 73 --a------ C:\WINDOWS\system32\ssprs.dll
2006-09-03 18:56 205 --a------ C:\WINDOWS\system32\lsprst7.dll
2006-08-31 19:45 -------- d-------- C:\Program Files\Ableton
2006-08-31 18:59 20747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2006-08-31 18:59 -------- d-------- C:\Program Files\Belkin
2006-08-28 18:43 -------- d-------- C:\Documents and Settings\user\Application Data\dvdcss
2006-08-25 16:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-24 19:09 -------- d-------- C:\Program Files\BearShare
2006-08-21 13:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 10:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-16 12:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-08-16 10:37 225664 --a------ C:\WINDOWS\system32\drivers\tcpip6.sys
2006-07-27 14:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 09:24 72704 --a------ C:\WINDOWS\system32\hlink.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Sonic RecordNow!"=""
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"F5D9050"="C:\\Program Files\\Belkin\\F5D9050\\Belkinwcui.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"OneCareUI"="\"C:\\Program Files\\Microsoft Windows OneCare Live\\winssnotify.exe\""

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 06-10-15 14:04:24.81
C:\ComboFix.txt ... 06-10-15 14:04


Thanks

#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:39 PM

Posted 15 October 2006 - 11:06 AM

I don't see anything that concerns me in that log either. Let's dig a bit deeper and see what we can turn up.

Download Process Explorer from here and extract it to your desktop.
http://download.sysinternals.com/Files/ProcessExplorerNt.zip

Double click procexp.exe to start the program.
Hilight explorer.exe and you should see your CPU usage fluctuating just as it does in task manager.
On your keyboard hit CTRL - D to show the dll's associated with explorer.
Click File and Save to save a text report.

Please copy that text and paste it here in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#6 Alrescha

Alrescha
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 15 October 2006 - 01:46 PM

OK,

I looked up wiki.exe and found some other articles on it, this might interest you - Click here I ran filefind as suggested and this came up with nothing, also I looked again at hijackthis and under more info it said that wiki.dll loads files into the memory about the same time as the boot process and stays there until the system is shut down. It said this is rare and usualy used by Trojans. Hope that helps a bit.

Process PID CPU Description Company Name
alg.exe 2092 Application Layer Gateway Service Microsoft Corporation
Belkinwcui.exe 1340 Belkin Wireless Client Utility Belkin
bittorrent.exe 1644 1.52
csrss.exe 776 Client Server Runtime Process Microsoft Corporation
DPCs n/a 1.52 Deferred Procedure Calls
explorer.exe 180 Windows Explorer Microsoft Corporation
IEXPLORE.EXE 972 Internet Explorer Microsoft Corporation
IEXPLORE.EXE 256 Internet Explorer Microsoft Corporation
Interrupts n/a Hardware Interrupts
lsass.exe 856 LSA Shell (Export Version) Microsoft Corporation
MpEng.exe 1428 Microsoft Malware Protection Engine Host Microsoft Corporation
MSASCui.exe 1256 Windows Defender User Interface Microsoft Corporation
msfwsvc.exe 912 MSFWSVC service Microsoft Corporation
MsMpEng.exe 1280 Service Executable Microsoft Corporation
MSMPSVC.exe 1264 Microsoft Malware Protection Service Microsoft Corporation
msmsgs.exe 1532 Windows Messenger Microsoft Corporation
procexp.exe 1756 3.03 Sysinternals Process Explorer Sysinternals
services.exe 844 Services and Controller app Microsoft Corporation
slserv.exe 512 Smart Link
smss.exe 688 Windows NT Session Manager Microsoft Corporation
spoolsv.exe 368 Spooler SubSystem App Microsoft Corporation
svchost.exe 1008 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1068 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1508 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1628 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1772 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 552 Generic Host Process for Win32 Services Microsoft Corporation
System 4
System Idle Process 0 93.94
wdfmgr.exe 644 Windows User Mode Driver Manager Microsoft Corporation
winlogon.exe 800 Windows NT Logon Application Microsoft Corporation
winss.exe 1128 Windows Live OneCare Service Microsoft Corporation
winssnotify.exe 1444 Windows Live OneCare Tray Notification Microsoft Corporation
wmiprvse.exe 2792 WMI Microsoft Corporation

Process: explorer.exe Pid: 180

Name Description Company Name Version
AcGenral.dll Windows Compatibility DLL Microsoft Corporation 5.01.2600.2180
AcroIEHelper.dll Adobe Acrobat IE Helper Version 7.0 for ActiveX Adobe Systems Incorporated 7.00.0007.0142
AcroIEHelper.dll Adobe Acrobat IE Helper Version 7.0 for ActiveX Adobe Systems Incorporated 7.00.0007.0142
actxprxy.dll ActiveX Interface Marshaling Library Microsoft Corporation 6.00.2900.2180
advapi32.dll Advanced Windows 32 Base API Microsoft Corporation 5.01.2600.2180
apphelp.dll Application Compatibility Client Library Microsoft Corporation 5.01.2600.2180
atl.dll ATL Module for Windows XP (Unicode) Microsoft Corporation 3.05.2284.0000
batmeter.dll Battery Meter Helper DLL Microsoft Corporation 6.00.2900.2180
browselc.dll Shell Browser UI Library Microsoft Corporation 6.00.2900.2180
browseui.dll Shell Browser UI Library Microsoft Corporation 6.00.2900.2937
cfgmgr32.dll Configuration Manager Forwarder DLL Microsoft Corporation 5.01.2600.2180
clbcatq.dll Microsoft Corporation 2001.12.4414.0308
comctl32.dll User Experience Controls Library Microsoft Corporation 6.00.2900.2982
comctl32.dll Common Controls Library Microsoft Corporation 5.82.2900.2982
comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.00.2900.2180
comres.dll Microsoft Corporation 2001.12.4414.0258
credui.dll Credential Manager User Interface Microsoft Corporation 5.01.2600.2180
crypt32.dll Crypto API32 Microsoft Corporation 5.131.2600.2180
cryptui.dll Microsoft Trust UI Provider Microsoft Corporation 5.131.2600.2180
cscdll.dll Offline Network Agent Microsoft Corporation 5.01.2600.2180
cscui.dll Client Side Caching UI Microsoft Corporation 5.01.2600.2180
ctype.nls
davclnt.dll Web DAV Client DLL Microsoft Corporation 5.01.2600.2180
drprov.dll Microsoft Terminal Server Network Provider Microsoft Corporation 5.01.2600.2180
duser.dll Windows DirectUser Engine Microsoft Corporation 5.01.2600.2180
explorer.exe Windows Explorer Microsoft Corporation 6.00.2900.2180
gdi32.dll GDI Client DLL Microsoft Corporation 5.01.2600.2818
GdiPlus.dll Microsoft GDI+ Microsoft Corporation 5.01.3102.2180
imagehlp.dll Windows NT Image Helper Microsoft Corporation 5.01.2600.2180
index.dat
index.dat
index.dat
iphlpapi.dll IP Helper API Microsoft Corporation 5.01.2600.2912
kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.01.2600.2945
linkinfo.dll Windows Volume Tracking Microsoft Corporation 5.01.2600.2751
locale.nls
midimap.dll Microsoft MIDI Mapper Microsoft Corporation 5.01.2600.2180
mlang.dll Multi Language Support DLL Microsoft Corporation 6.00.2900.2180
mpr.dll Multiple Provider Router DLL Microsoft Corporation 5.01.2600.2180
MpShHook.dll Shell Execution Monitor Microsoft Corporation 1.01.1347.0000
msacm32.dll Microsoft ACM Audio Filter Microsoft Corporation 5.01.2600.2180
msacm32.drv Microsoft Sound Mapper Microsoft Corporation 5.01.2600.0000
msasn1.dll ASN.1 Runtime APIs Microsoft Corporation 5.01.2600.2180
mscms.dll Microsoft Color Matching System DLL Microsoft Corporation 5.01.2600.2709
msgina.dll Windows NT Logon GINA DLL Microsoft Corporation 5.01.2600.2180
msi.dll Windows Installer Microsoft Corporation 3.01.4000.2435
msimg32.dll GDIEXT Client DLL Microsoft Corporation 5.01.2600.2180
msvcp80.dll Microsoft® C++ Runtime Library Microsoft Corporation 8.00.50727.0042
msvcr71.dll Microsoft® C Runtime Library Microsoft Corporation 7.10.3052.0004
msvcr80.dll Microsoft® C Runtime Library Microsoft Corporation 8.00.50727.0042
msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.2180
netapi32.dll Net Win32 API DLL Microsoft Corporation 5.01.2600.2952
netrap.dll Net Remote Admin Protocol DLL Microsoft Corporation 5.01.2600.2180
netshell.dll Network Connections Shell Microsoft Corporation 5.01.2600.2180
netui0.dll NT LM UI Common Code - GUI Classes Microsoft Corporation 5.01.2600.2180
netui1.dll NT LM UI Common Code - Networking classes Microsoft Corporation 5.01.2600.2180
ntdll.dll NT Layer DLL Microsoft Corporation 5.01.2600.2180
ntlanman.dll Microsoft® Lan Manager Microsoft Corporation 5.01.2600.2180
ntshrui.dll Shell extensions for sharing Microsoft Corporation 5.01.2600.2180
odbc32.dll Microsoft Data Access - ODBC Driver Manager Microsoft Corporation 3.525.1117.0000
odbcint.dll Microsoft Data Access - ODBC Resources Microsoft Corporation 3.525.1117.0000
ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.01.2600.2726
oleaut32.dll Microsoft Corporation 5.01.2600.2180
pdfshell.dll PDF Shell Extension Adobe Systems, Inc. 7.00.0000.0000
powrprof.dll Power Profile Helper DLL Microsoft Corporation 6.00.2900.2180
rpcrt4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.2180
rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 5.01.2600.2161
rtutils.dll Routing Utilities Microsoft Corporation 5.01.2600.2180
samlib.dll SAM Library DLL Microsoft Corporation 5.01.2600.2180
secur32.dll Security Support Provider Interface Microsoft Corporation 5.01.2600.2180
serwvdrv.dll Unimodem Serial Wave driver Microsoft Corporation 5.01.2600.0000
setupapi.dll Windows Setup API Microsoft Corporation 5.01.2600.2180
shdoclc.dll Shell Doc Object and Control Library Microsoft Corporation 6.00.2900.2180
shdocvw.dll Shell Doc Object and Control Library Microsoft Corporation 6.00.2900.2987
shell32.dll Windows Shell Common Dll Microsoft Corporation 6.00.2900.2951
shellstyle.dll Windows Shell Style Resource Dll Microsoft Corporation 5.01.2600.0000
shimeng.dll Shim Engine DLL Microsoft Corporation 5.01.2600.2180
shimgvw.dll Windows Picture and Fax Viewer Microsoft Corporation 6.00.2900.2180
shlwapi.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.2900.2937
sortkey.nls
sorttbls.nls
sti.dll Still Image Devices client DLL Microsoft Corporation 5.01.2600.2180
stobject.dll Systray shell service object Microsoft Corporation 5.01.2600.2180
sxs.dll Fusion 2.5 Microsoft Corporation 5.01.2600.2180
themeui.dll Windows Theme API Microsoft Corporation 6.00.2900.2180
umdmxfrm.dll Unimodem Tranform Module Microsoft Corporation 5.01.2600.0000
unicode.nls
urlmon.dll OLE32 Extensions for Win32 Microsoft Corporation 6.00.2900.2960
user32.dll Windows XP USER API Client DLL Microsoft Corporation 5.01.2600.2622
userenv.dll Userenv Microsoft Corporation 5.01.2600.2180
uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.2900.2180
version.dll Version Checking and File Installation Libraries Microsoft Corporation 5.01.2600.2180
wdmaud.drv WDM Audio driver mapper Microsoft Corporation 5.01.2600.2180
webcheck.dll Web Site Monitor Microsoft Corporation 6.00.2900.2180
wininet.dll Internet Extensions for Win32 Microsoft Corporation 6.00.2900.2937
winmm.dll MCI API DLL Microsoft Corporation 5.01.2600.2180
winspool.drv Windows Spooler Driver Microsoft Corporation 5.01.2600.2180
winsta.dll Winstation Library Microsoft Corporation 5.01.2600.2180
wintrust.dll Microsoft Trust Verification APIs Microsoft Corporation 5.131.2600.2180
wldap32.dll Win32 LDAP API DLL Microsoft Corporation 5.01.2600.2180
ws2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.2180
ws2help.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.01.2600.2180
wsock32.dll Windows Socket 32-Bit DLL Microsoft Corporation 5.01.2600.2180
wtsapi32.dll Windows Terminal Server SDK APIs Microsoft Corporation 5.01.2600.2180
wzcsapi.dll Wireless Zero Configuration service API Microsoft Corporation 5.01.2600.2180
xpsp2res.dll Service Pack 2 Messages Microsoft Corporation 5.01.2600.2180


As you can see explorer.exe i not using all the CPU at present, ironically when I turn on my PC (about 5 mins ago) everything seems fairly normal. I will now re-start my PC and repeat this process if the CPU usage all goes to explorer.exe again.

#7 Alrescha

Alrescha
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 15 October 2006 - 01:53 PM

HI, I have re-started and all seems normal again, I also notice that wiki.dll is not showing in the above report so am presuming it is not running, there the reason all is normal.

So whats next?

#8 Alrescha

Alrescha
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 15 October 2006 - 01:59 PM

OK, it all just went awol again, heres the report.

Process PID CPU Description Company Name
alg.exe 2292 Application Layer Gateway Service Microsoft Corporation
Belkinwcui.exe 1620 Belkin Wireless Client Utility Belkin
csrss.exe 764 1.52 Client Server Runtime Process Microsoft Corporation
DPCs n/a Deferred Procedure Calls
explorer.exe 3824 93.94 Windows Explorer Microsoft Corporation
IEXPLORE.EXE 3532 Internet Explorer Microsoft Corporation
Interrupts n/a Hardware Interrupts
lsass.exe 844 LSA Shell (Export Version) Microsoft Corporation
MpEng.exe 1188 Microsoft Malware Protection Engine Host Microsoft Corporation
MSASCui.exe 1612 Windows Defender User Interface Microsoft Corporation
msfwsvc.exe 320 MSFWSVC service Microsoft Corporation
MsMpEng.exe 1124 Service Executable Microsoft Corporation
MSMPSVC.exe 1104 Microsoft Malware Protection Service Microsoft Corporation
msmsgs.exe 1656 Windows Messenger Microsoft Corporation
procexp.exe 152 4.55 Sysinternals Process Explorer Sysinternals
services.exe 832 Services and Controller app Microsoft Corporation
slserv.exe 2012 Smart Link
smss.exe 684 Windows NT Session Manager Microsoft Corporation
spoolsv.exe 1868 Spooler SubSystem App Microsoft Corporation
svchost.exe 1012 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1068 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1316 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1432 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1528 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 2040 Generic Host Process for Win32 Services Microsoft Corporation
System 4
System Idle Process 0
wdfmgr.exe 144 Windows User Mode Driver Manager Microsoft Corporation
winlogon.exe 788 Windows NT Logon Application Microsoft Corporation
winss.exe 352 Windows Live OneCare Service Microsoft Corporation
winssnotify.exe 1636 Windows Live OneCare Tray Notification Microsoft Corporation
wmiprvse.exe 3280 WMI Microsoft Corporation

Process: explorer.exe Pid: 3824

Name Description Company Name Version
AcGenral.dll Windows Compatibility DLL Microsoft Corporation 5.01.2600.2180
AcroIEHelper.dll Adobe Acrobat IE Helper Version 7.0 for ActiveX Adobe Systems Incorporated 7.00.0007.0142
AcroIEHelper.dll Adobe Acrobat IE Helper Version 7.0 for ActiveX Adobe Systems Incorporated 7.00.0007.0142
actxprxy.dll ActiveX Interface Marshaling Library Microsoft Corporation 6.00.2900.2180
advapi32.dll Advanced Windows 32 Base API Microsoft Corporation 5.01.2600.2180
apphelp.dll Application Compatibility Client Library Microsoft Corporation 5.01.2600.2180
atl.dll ATL Module for Windows XP (Unicode) Microsoft Corporation 3.05.2284.0000
avifil32.dll Microsoft AVI File support library Microsoft Corporation 5.01.2600.2180
batmeter.dll Battery Meter Helper DLL Microsoft Corporation 6.00.2900.2180
browselc.dll Shell Browser UI Library Microsoft Corporation 6.00.2900.2180
browseui.dll Shell Browser UI Library Microsoft Corporation 6.00.2900.2937
cfgmgr32.dll Configuration Manager Forwarder DLL Microsoft Corporation 5.01.2600.2180
clbcatq.dll Microsoft Corporation 2001.12.4414.0308
comctl32.dll User Experience Controls Library Microsoft Corporation 6.00.2900.2982
comctl32.dll Common Controls Library Microsoft Corporation 5.82.2900.2982
comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.00.2900.2180
comres.dll Microsoft Corporation 2001.12.4414.0258
credui.dll Credential Manager User Interface Microsoft Corporation 5.01.2600.2180
crypt32.dll Crypto API32 Microsoft Corporation 5.131.2600.2180
cryptui.dll Microsoft Trust UI Provider Microsoft Corporation 5.131.2600.2180
cscdll.dll Offline Network Agent Microsoft Corporation 5.01.2600.2180
cscui.dll Client Side Caching UI Microsoft Corporation 5.01.2600.2180
ctype.nls
davclnt.dll Web DAV Client DLL Microsoft Corporation 5.01.2600.2180
drprov.dll Microsoft Terminal Server Network Provider Microsoft Corporation 5.01.2600.2180
duser.dll Windows DirectUser Engine Microsoft Corporation 5.01.2600.2180
explorer.exe Windows Explorer Microsoft Corporation 6.00.2900.2180
gdi32.dll GDI Client DLL Microsoft Corporation 5.01.2600.2818
imagehlp.dll Windows NT Image Helper Microsoft Corporation 5.01.2600.2180
imm32.dll Windows XP IMM32 API Client DLL Microsoft Corporation 5.01.2600.2180
index.dat
index.dat
index.dat
iphlpapi.dll IP Helper API Microsoft Corporation 5.01.2600.2912
kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.01.2600.2945
l3codeca.acm MPEG Layer-3 Audio Codec for MSACM Fraunhofer Institut Integrierte Schaltungen IIS 1.09.0000.0305
linkinfo.dll Windows Volume Tracking Microsoft Corporation 5.01.2600.2751
locale.nls
midimap.dll Microsoft MIDI Mapper Microsoft Corporation 5.01.2600.2180
mlang.dll Multi Language Support DLL Microsoft Corporation 6.00.2900.2180
mpr.dll Multiple Provider Router DLL Microsoft Corporation 5.01.2600.2180
MpShHook.dll Shell Execution Monitor Microsoft Corporation 1.01.1347.0000
msacm32.dll Microsoft ACM Audio Filter Microsoft Corporation 5.01.2600.2180
msacm32.drv Microsoft Sound Mapper Microsoft Corporation 5.01.2600.0000
msasn1.dll ASN.1 Runtime APIs Microsoft Corporation 5.01.2600.2180
msgina.dll Windows NT Logon GINA DLL Microsoft Corporation 5.01.2600.2180
msi.dll Windows Installer Microsoft Corporation 3.01.4000.2435
msimg32.dll GDIEXT Client DLL Microsoft Corporation 5.01.2600.2180
msvcp80.dll Microsoft® C++ Runtime Library Microsoft Corporation 8.00.50727.0042
msvcr71.dll Microsoft® C Runtime Library Microsoft Corporation 7.10.3052.0004
msvcr80.dll Microsoft® C Runtime Library Microsoft Corporation 8.00.50727.0042
msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.2180
msvfw32.dll Microsoft Video for Windows DLL Microsoft Corporation 5.01.2600.2180
netapi32.dll Net Win32 API DLL Microsoft Corporation 5.01.2600.2952
netrap.dll Net Remote Admin Protocol DLL Microsoft Corporation 5.01.2600.2180
netshell.dll Network Connections Shell Microsoft Corporation 5.01.2600.2180
netui0.dll NT LM UI Common Code - GUI Classes Microsoft Corporation 5.01.2600.2180
netui1.dll NT LM UI Common Code - Networking classes Microsoft Corporation 5.01.2600.2180
ntdll.dll NT Layer DLL Microsoft Corporation 5.01.2600.2180
ntlanman.dll Microsoft® Lan Manager Microsoft Corporation 5.01.2600.2180
ntshrui.dll Shell extensions for sharing Microsoft Corporation 5.01.2600.2180
odbc32.dll Microsoft Data Access - ODBC Driver Manager Microsoft Corporation 3.525.1117.0000
odbcint.dll Microsoft Data Access - ODBC Resources Microsoft Corporation 3.525.1117.0000
ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.01.2600.2726
oleaut32.dll Microsoft Corporation 5.01.2600.2180
pdfshell.dll PDF Shell Extension Adobe Systems, Inc. 7.00.0000.0000
powrprof.dll Power Profile Helper DLL Microsoft Corporation 6.00.2900.2180
rpcrt4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.2180
rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 5.01.2600.2161
rtutils.dll Routing Utilities Microsoft Corporation 5.01.2600.2180
samlib.dll SAM Library DLL Microsoft Corporation 5.01.2600.2180
secur32.dll Security Support Provider Interface Microsoft Corporation 5.01.2600.2180
serwvdrv.dll Unimodem Serial Wave driver Microsoft Corporation 5.01.2600.0000
setupapi.dll Windows Setup API Microsoft Corporation 5.01.2600.2180
shdocvw.dll Shell Doc Object and Control Library Microsoft Corporation 6.00.2900.2987
shell32.dll Windows Shell Common Dll Microsoft Corporation 6.00.2900.2951
shellstyle.dll Windows Shell Style Resource Dll Microsoft Corporation 5.01.2600.0000
shellstyle.dll Windows Shell Style Resource Dll Microsoft Corporation 5.01.2600.0000
shellstyle.dll Windows Shell Style Resource Dll Microsoft Corporation 5.01.2600.0000
shimeng.dll Shim Engine DLL Microsoft Corporation 5.01.2600.2180
shlwapi.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.2900.2937
shmedia.dll Media File Property Extractor Shell Extension Microsoft Corporation 6.00.2900.2180
sortkey.nls
sorttbls.nls
sti.dll Still Image Devices client DLL Microsoft Corporation 5.01.2600.2180
stobject.dll Systray shell service object Microsoft Corporation 5.01.2600.2180
sxs.dll Fusion 2.5 Microsoft Corporation 5.01.2600.2180
themeui.dll Windows Theme API Microsoft Corporation 6.00.2900.2180
umdmxfrm.dll Unimodem Tranform Module Microsoft Corporation 5.01.2600.0000
unicode.nls
urlmon.dll OLE32 Extensions for Win32 Microsoft Corporation 6.00.2900.2960
user32.dll Windows XP USER API Client DLL Microsoft Corporation 5.01.2600.2622
userenv.dll Userenv Microsoft Corporation 5.01.2600.2180
uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.2900.2180
version.dll Version Checking and File Installation Libraries Microsoft Corporation 5.01.2600.2180
wdmaud.drv WDM Audio driver mapper Microsoft Corporation 5.01.2600.2180
webcheck.dll Web Site Monitor Microsoft Corporation 6.00.2900.2180
wininet.dll Internet Extensions for Win32 Microsoft Corporation 6.00.2900.2937
winmm.dll MCI API DLL Microsoft Corporation 5.01.2600.2180
winsta.dll Winstation Library Microsoft Corporation 5.01.2600.2180
wintrust.dll Microsoft Trust Verification APIs Microsoft Corporation 5.131.2600.2180
wldap32.dll Win32 LDAP API DLL Microsoft Corporation 5.01.2600.2180
wmpshell.dll Windows Media Player Launcher Microsoft Corporation 10.00.0000.3802
ws2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.2180
ws2help.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.01.2600.2180
wsock32.dll Windows Socket 32-Bit DLL Microsoft Corporation 5.01.2600.2180
wtsapi32.dll Windows Terminal Server SDK APIs Microsoft Corporation 5.01.2600.2180
wzcsapi.dll Wireless Zero Configuration service API Microsoft Corporation 5.01.2600.2180
xpsp2res.dll Service Pack 2 Messages Microsoft Corporation 5.01.2600.2180

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:39 PM

Posted 15 October 2006 - 04:23 PM

This is what shows in your second log that wasn't there in the first one.

l3codeca.acm MPEG Layer-3 Audio Codec for MSACM Fraunhofer Institut Integrierte Schaltungen IIS 1.09.0000.0305


I need to see a different type of log from Hijackthis
  • Run Hijackthis.
  • Click on "Open the Misc Tools section".
  • Next click on "Open uninstall manager".
  • Press the button 'save list'. It will open a Notepad file.
  • Place the content of that file here in your in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 Alrescha

Alrescha
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 16 October 2006 - 12:44 PM

OK heres the log.

Thanks

AC3Filter (remove only)
Acoustica Mixcraft
Adobe Download Manager 2.0 (Remove Only)
Adobe Photoshop 7.0
Adobe Reader 7.0.7
Ahead Nero Burning ROM
Any to Icon
AudioLabel
BearShare
Belkin Wireless G Plus MIMO USB Network Adapter
BitTorrent 4.4.1
DivX
DivX Player
DivX Web Player
Dr Watson for Microsoft Windows OneCare Live v1.1.1067.8
Easy DVD Clone
Elecard MPEG-2 Decoder&Streaming Pack
HijackThis 1.99.1
Korg Legacy Collection v1.0.0.2
Live 5.2
Macromedia Flash Player 8
Microsoft .NET Framework 2.0
Microsoft Malware Protection Engine Files
Microsoft Malware Protection On Access Scanner
Microsoft Protection Service
Microsoft Windows OneCare Live v1.1.1067.8
MSN Messenger 7.5
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 Parser and SDK
OpenMG Jukebox
OpenMG Secure Module 3.0.03
Paint Shop Pro 7 ESD
PX Engine
QuickTime Alternative 1.69
Real Alternative 1.48
Reason
R-Studio 3.0
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
SigmaTel C-Major Audio
Sonic RecordNow!
Sony Net MD Help
Steinberg Cubase LE
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB914882)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
WinAce Archiver
Windows Defender
Windows Defender Signatures
Windows Installer 3.1 (KB893803)
Windows Live OneCare
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:39 PM

Posted 16 October 2006 - 06:07 PM

Does this happen when you are browsing through your computer's folders?

Have you recently installed any audio or media programs or codecs?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 Alrescha

Alrescha
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 17 October 2006 - 02:13 PM

Yes, I can be browsing folders with no prgrams open and then the folder I d/click will atempt to open then freeze, go Non Responding the CPU usage will go to 100, once I close the folder through Task manager the CPU usage will return to normal.

The biggest problem seems when I open Windows Media Player CPU usage will go to 100%, even if I close it from the Process viewer in task Manager the CPU usage does not retun to normal until I restart the computer.

I have not installed any Audo or Media programs or Codecs recently, not that I know of anyway.

Should I attempt to uninstall this codec - l3codeca.acm MPEG Layer-3 Audio Codec for MSACM Fraunhofer Institut Integrierte Schaltungen IIS 1.09.0000.0305 , if so please tell me how?

Thanks

#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:39 PM

Posted 17 October 2006 - 03:22 PM

I think it's a bad codec that we're dealing with.

Please download Codec Sniper from here.
http://en.utilidades-utiles.com/download-codec-sniper.html

Be warned, it talks. :thumbsup:

Run the program and click Save Liste
Save it to your desktop as list.txt
Open list.txt and paste that text here in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#14 Alrescha

Alrescha
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 17 October 2006 - 03:24 PM

Here we go.

0#Direct Show#WMT MuxDeMux Filter#C:\Program Files\Movie Maker\wmm2filt.dll#-#2, 1, 4026, 0#ok
1#Direct Show#SonyCDSrcWriter#C:\Program Files\Common Files\Sony Shared\AVLib\SonyCDSrcWriter.ax#-#3.0.03.03110#ok
2#Direct Show#AAudioRipper#C:\Program Files\Ableton\Live 5.2\Program\AudioRipper.ax#-##ok
3#Direct Show#OpenMG Async. File Source#C:\Program Files\Common Files\Sony Shared\AVLib\OmgAfs.ax#-#3.0.03.03110#ok
4#Direct Show#Sony Audio CD Source Filter#C:\Program Files\Common Files\Sony Shared\AVLib\cdsrc.ax#-#3.0.03.03110#ok
5#Direct Show#Elecard MPEG Demultiplexer#C:\Program Files\Common Files\Elecard\empgdmx.ax#-#1, 0, 10, 50904#ok
6#Direct Show#Nero Digital Audio Decoder#C:\Program Files\Common Files\Ahead\DSFilter\NeAudio.ax#-#1.0.2.3#ok
7#Direct Show#Screen Capture filter#C:\WINDOWS\system32\wmpsrcwp.dll#-#10.00.00.3802#ok
8#Direct Show#SAL Output Converter#C:\Program Files\Common Files\Sony Shared\OpenMG\saloconv.ax#-#3.0.03.03110#ok
9#Direct Show#WMT AudioAnalyzer#C:\Program Files\Movie Maker\wmm2filt.dll#-#2, 1, 4026, 0#ok
10#Direct Show#Indeo® video 5.10 Compression Filter#C:\WINDOWS\system32\ir50_32.dll#-#R.5.10.15.2.55#ok
11#Direct Show#Windows Media Audio Decoder#C:\WINDOWS\system32\msadds32.ax#-#8.00.00.4487#ok
12#Direct Show#RealVideo Decoder#C:\Program Files\Real Alternative\RealMediaSplitter.ax#-#1, 0, 1, 1#ok
13#Direct Show#AC3 Parser Filter#C:\WINDOWS\system32\mpg2splt.ax#-##ok
14#Direct Show#WMT Format Conversion#C:\Program Files\Movie Maker\wmm2filt.dll#-#2, 1, 4026, 0#ok
15#Direct Show#WMT Black Frame Generator#C:\Program Files\Movie Maker\wmm2filt.dll#-#2, 1, 4026, 0#ok
16#Direct Show#Indeo® video 5.10 Decompression Filter#C:\WINDOWS\system32\ir50_32.dll#-#R.5.10.15.2.55#ok
17#Direct Show#WMT Screen Capture filter#C:\Program Files\Movie Maker\wmm2filt.dll#-#2, 1, 4026, 0#ok
18#Direct Show#Microsoft Screen Video Decompressor#C:\WINDOWS\system32\msscds32.ax#-#8.00.00.4487#ok
19#Direct Show#MPEG Layer-3 Decoder#C:\WINDOWS\system32\l3codecx.ax#-#1, 5, 0, 50#ok
20#Direct Show#Nero Audio Stream Renderer#C:\Program Files\Common Files\Ahead\DSFilter\NeRender.ax#-#1.00#ok
21#Direct Show#MPEG-2 Splitter#C:\WINDOWS\system32\mpg2splt.ax#-##ok
22#Direct Show#ACELP.net Sipro Lab Audio Decoder#C:\WINDOWS\system32\acelpdec.ax#-#1.40#ok
23#Direct Show#File Source (Netshow URL)#C:\WINDOWS\system32\wmpasf.dll#-#10.00.00.3802#ok
24#Direct Show#WMT Import Filter#C:\Program Files\Movie Maker\wmm2filt.dll#-#2, 1, 4026, 0#ok
25#Direct Show#Bitmap Generate#C:\Program Files\Movie Maker\wmm2filt.dll#-#2, 1, 4026, 0#ok
26#Direct Show#Windows Media Video Decoder#C:\WINDOWS\system32\wmvds32.ax#-#8.00.00.4487#ok
27#Direct Show#Windows Media Video Decoder#C:\WINDOWS\system32\wmv8ds32.ax#-#8.0.0.4000#ok
28#Direct Show#Elecard AC3 Decoder#C:\m2vcodec\ac3dec.ax#-#1.00#ok
29#Direct Show#WMT VIH2 Fix#C:\Program Files\Movie Maker\wmm2filt.dll#-#2, 1, 4026, 0#ok
30#Direct Show#Record Queue#C:\Program Files\Movie Maker\wmm2filt.dll#-#2, 1, 4026, 0#ok
31#Direct Show#Windows Media Multiplexer#C:\WINDOWS\system32\wmpasf.dll#-#10.00.00.3802#ok
32#Direct Show#ASX file Parser#C:\WINDOWS\system32\wmpasf.dll#-#10.00.00.3802#ok
33#Direct Show#ASX v.2 file Parser#C:\WINDOWS\system32\wmpasf.dll#-#10.00.00.3802#ok
34#Direct Show#NSC file Parser#C:\WINDOWS\system32\wmpasf.dll#-#10.00.00.3802#ok
35#Direct Show#Elecard MPEG Push Demultiplexer#C:\Program Files\Common Files\Elecard\empgpdmx.ax#-#1, 0, 11, 50830#ok
36#Direct Show#Windows Media source filter#C:\WINDOWS\system32\wmpasf.dll#-#10.00.00.3802#ok
37#Direct Show#Frame Eater#C:\Program Files\Movie Maker\wmm2filt.dll#-#2, 1, 4026, 0#ok
38#Direct Show#Elecard RTSP NetSource#C:\Program Files\Common Files\Elecard\RTSPNetSource.ax#-#0, 1, 14, 50905#ok
39#Direct Show#WST Decoder#C:\WINDOWS\system32\wstdecod.dll#-#5.3.2600.2180 (xpsp_sp2_rtm.040803-2158)#ok
40#Direct Show#Elecard MPEG2 Demultiplexer#C:\m2vcodec\mpeg2dmx.ax#-#1.00#ok
41#Direct Show#OpenMG Audio Decrypt Splitter#C:\Program Files\Common Files\Sony Shared\OpenMG\omgdec.ax#-#3.0.03.03110#ok
42#Direct Show#RealMedia Source#C:\Program Files\Real Alternative\RealMediaSplitter.ax#-#1, 0, 1, 1#ok
43#Direct Show#Nero Audio Sample Renderer#C:\Program Files\Common Files\Ahead\DSFilter\NeRender.ax#-#1.00#ok
44#Direct Show#DivX Decoder Filter#C:\WINDOWS\system32\divxdec.ax#-#6.1.1.1031#ok
45#Direct Show#WMT Sample Information Filter#C:\Program Files\Movie Maker\wmm2filt.dll#-#2, 1, 4026, 0#ok
46#Direct Show#VBI Surface Allocator#C:\WINDOWS\system32\vbisurf.ax#-#5.3.2600.2180 (xpsp_sp2_rtm.040803-2158)#ok
47#Direct Show#Microsoft MPEG-4 Video Decompressor#C:\WINDOWS\system32\mpg4ds32.ax#-#8.00.00.4487#ok
48#Direct Show#Nero Video Stream Renderer#C:\Program Files\Common Files\Ahead\DSFilter\NeRender.ax#-#1.00#ok
49#Direct Show#DivX Demux#C:\WINDOWS\system32\DivXMedia.ax#-#0.0.0.026#ok
50#Direct Show#OpenMG OmgSource Filter#C:\Program Files\Common Files\Sony Shared\OpenMG\omgsrc.ax#-#3.0.03.03110#ok
51#Direct Show#Elecard NWSource#C:\Program Files\Common Files\Elecard\enws.ax#-#0, 3, 14, 50829#ok
52#Direct Show#WMT Log Filter#C:\Program Files\Movie Maker\wmm2filt.dll#-#2, 1, 4026, 0#ok
53#Direct Show#WMT Virtual Renderer#C:\Program Files\Movie Maker\wmm2filt.dll#-#2, 1, 4026, 0#ok
54#Direct Show#RealAudio Decoder#C:\Program Files\Real Alternative\RealMediaSplitter.ax#-#1, 0, 1, 1#ok
55#Direct Show#GraphicEq#C:\Program Files\Common Files\Sony Shared\AVLib\GraphicEq.ax#-#1, 0, 0, 7120#ok
56#Direct Show#SonyMSAConverter#C:\Program Files\Common Files\Sony Shared\AVLib\SonyMSAConverter3.ax#-#3.0.03.03110#ok
57#Direct Show#AC3Filter#C:\Program Files\AC3Filter\ac3filter.ax#-#0.70b#ok
58#Direct Show#Sony IpScope2#C:\Program Files\Common Files\Sony Shared\AVLib\IpScope2.ax#-#2.2.00.08090#ok
59#Direct Show#.RAM file Parser#C:\WINDOWS\system32\wmpasf.dll#-#10.00.00.3802#ok
60#Direct Show#WMT DirectX Transform Wrapper#C:\Program Files\Movie Maker\wmm2filt.dll#-#2, 1, 4026, 0#ok
61#Direct Show#G.711 Codec#C:\WINDOWS\system32\g711codc.ax#-#5.1.2600.0 (xpclient.010817-1148)#ok
62#Direct Show#MPEG-2 Demultiplexer#C:\WINDOWS\system32\mpg2splt.ax#-##ok
63#Direct Show#Elecard PIM2 Null#C:\m2vcodec\pim2null.ax#-#1.00#ok
64#Direct Show#Indeo® audio software#C:\WINDOWS\system32\iac25_32.ax#-#2.05.53#ok
65#Direct Show#Windows Media Update Filter#C:\WINDOWS\system32\wmpasf.dll#-#10.00.00.3802#ok
66#Direct Show#ASF DIB Handler#C:\WINDOWS\system32\wmpasf.dll#-#10.00.00.3802#ok
67#Direct Show#ASF ACM Handler#C:\WINDOWS\system32\wmpasf.dll#-#10.00.00.3802#ok
68#Direct Show#ASF ICM Handler#C:\WINDOWS\system32\wmpasf.dll#-#10.00.00.3802#ok
69#Direct Show#ASF URL Handler#C:\WINDOWS\system32\wmpasf.dll#-#10.00.00.3802#ok
70#Direct Show#ASF JPEG Handler#C:\WINDOWS\system32\wmpasf.dll#-#10.00.00.3802#ok
71#Direct Show#ASF DJPEG Handler#C:\WINDOWS\system32\wmpasf.dll#-#10.00.00.3802#ok
72#Direct Show#ASF embedded stuff Handler#C:\WINDOWS\system32\wmpasf.dll#-#10.00.00.3802#ok
73#Direct Show#DivX Subtitle Decoder#C:\WINDOWS\system32\DivXMedia.ax#-#0.0.0.026#ok
74#Direct Show#9x8Resize#C:\Program Files\Movie Maker\wmm2filt.dll#-#2, 1, 4026, 0#ok
75#Direct Show#Elecard MPEG2 Video Decoder#C:\Program Files\Common Files\Elecard\em2vd.ax#-#1, 0, 77, 50824#ok
76#Direct Show#WIA Stream Snapshot Filter#C:\WINDOWS\system32\wiasf.ax#-##ok
77#Direct Show#Nero Video Decoder#C:\Program Files\Common Files\Ahead\DSFilter\NeVideo.ax#-#1, 1, 4, 6#ok
78#Direct Show#Allocator Fix#C:\Program Files\Movie Maker\wmm2filt.dll#-#2, 1, 4026, 0#ok
79#Direct Show#WMT Virtual Source#C:\Program Files\Movie Maker\wmm2filt.dll#-#2, 1, 4026, 0#ok
80#Direct Show#WMT Interlacer#C:\Program Files\Movie Maker\wmm2filt.dll#-#2, 1, 4026, 0#ok
81#Direct Show#Uncompressed Domain Shot Detection Filter#C:\Program Files\Movie Maker\wmm2filt.dll#-#2, 1, 4026, 0#ok
82#Direct Show#XML Playlist#C:\WINDOWS\system32\wmpasf.dll#-#10.00.00.3802#ok
83#Direct Show#Nero File Source#C:\Program Files\Common Files\Ahead\DSFilter\NeFileSrc.ax#-#1.00#ok
84#Direct Show#RealMedia Splitter#C:\Program Files\Real Alternative\RealMediaSplitter.ax#-#1, 0, 1, 1#ok
85#Direct Show#CyberLink QuickTime Source Filter#C:\Program Files\QuickTime Alternative\QuickTime.ax#-#1.00.1016#ok
86#Direct Show#WMT DV Extract#C:\Program Files\Movie Maker\wmm2filt.dll#-#2, 1, 4026, 0#ok
87#Direct Show#WMT Switch Filter#C:\Program Files\Movie Maker\wmm2filt.dll#-#2, 1, 4026, 0#ok
88#Direct Show#WMT Volume#C:\Program Files\Movie Maker\wmm2filt.dll#-#2, 1, 4026, 0#ok
89#Direct Show#Nero Video Sample Renderer#C:\Program Files\Common Files\Ahead\DSFilter\NeRender.ax#-#1.00#ok
90#Direct Show#Stretch Video#C:\Program Files\Movie Maker\wmm2filt.dll#-#2, 1, 4026, 0#ok
91#Direct Show#Elecard MPEG 2 Video Decoder#C:\m2vcodec\mpgdec.ax#-#1.22#ok
92#Direct Show#Elecard Audio Decoder#C:\Program Files\Common Files\Elecard\elaudec.ax#-#1, 5, 232, 50825#ok
93#Direct Show#SAL Input Converter#C:\Program Files\Common Files\Sony Shared\OpenMG\saliconv.ax#-#3.0.03.03110#ok
94#Audio-Codec#IMA ADPCM CODEC for MSACM#C:\WINDOWS\system32\imaadp32.acm#msacm.imaadpcm#5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)#ok
95#Audio-Codec#Microsoft ADPCM CODEC for MSACM#C:\WINDOWS\system32\msadp32.acm#msacm.msadpcm#5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)#ok
96#Audio-Codec#Microsoft CCITT G.711 (A-Law and u-Law) CODEC for MSACM#C:\WINDOWS\system32\msg711.acm#msacm.msg711#5.1.2600.0 (xpclient.010817-1148)#ok
97#Audio-Codec#Microsoft GSM 6.10 Audio CODEC for MSACM#C:\WINDOWS\system32\msgsm32.acm#msacm.msgsm610#5.1.2600.0 (xpclient.010817-1148)#ok
98#Audio-Codec#DSP Group TrueSpeech™ Audio Codec for MSACM V3.50#C:\WINDOWS\system32\tssoft32.acm#msacm.trspch#1.01#ok
99#Video-Codec#Cinepak® Codec#C:\WINDOWS\system32\iccvid.dll#vidc.cvid#1.10.0.11#ok
100#Video-Codec#Microsoft H.263 ICM Driver#C:\WINDOWS\system32\msh263.drv#vidc.i420#5.1.2600.2180#ok
101#Video-Codec##C:\WINDOWS\system32\ir32_32.dll#vidc.iv31##ok
102#Video-Codec##C:\WINDOWS\system32\ir32_32.dll#vidc.iv32##ok
103#Video-Codec#Intel Indeo® Video 4.5#C:\WINDOWS\system32\ir41_32.ax#vidc.iv41#4.51.16.03#ok
104#Video-Codec#Intel Indeo® Video YUV Codec#C:\WINDOWS\system32\iyuv_32.dll#vidc.iyuv#5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)#ok
105#Video-Codec#Microsoft RLE Compressor#C:\WINDOWS\system32\msrle32.dll#vidc.mrle#5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)#ok
106#Video-Codec#Microsoft Video 1 Compressor#C:\WINDOWS\system32\msvidc32.dll#vidc.msvc#5.1.2600.0 (xpclient.010817-1148)#ok
107#Video-Codec#Microsoft UYVY Video Decompressor#C:\WINDOWS\system32\msyuv.dll#vidc.uyvy#5.3.2600.2180 (xpsp_sp2_rtm.040803-2158)#ok
108#Video-Codec#Microsoft UYVY Video Decompressor#C:\WINDOWS\system32\msyuv.dll#vidc.yuy2#5.3.2600.2180 (xpsp_sp2_rtm.040803-2158)#ok
109#Video-Codec#Toshiba Video Codec#C:\WINDOWS\system32\tsbyuv.dll#vidc.yvu9#5.1.2600.0 (XPClient.010817-1148)#ok
110#Video-Codec#Microsoft UYVY Video Decompressor#C:\WINDOWS\system32\msyuv.dll#vidc.yvyu#5.3.2600.2180 (xpsp_sp2_rtm.040803-2158)#ok
111#Audio-Codec#Microsoft G.723.1 CODEC for MSACM#C:\WINDOWS\system32\msg723.acm#msacm.msg723#4.4.3400#ok
112#Video-Codec#Microsoft H.263 ICM Driver#C:\WINDOWS\system32\msh263.drv#vidc.m263#5.1.2600.2180#ok
113#Video-Codec#Microsoft H.261 ICM Driver#C:\WINDOWS\system32\msh261.drv#vidc.m261#5.1.2600.2180#ok
114#Audio-Codec#Windows Media Audio#C:\WINDOWS\system32\msaud32.acm#msacm.msaudio1#8.00.00.4487#ok
115#Audio-Codec#Audio codec for MS ACM#C:\WINDOWS\system32\sl_anet.acm#msacm.sl_anet#3.02#ok
116#Audio-Codec#Indeo® audio software#C:\WINDOWS\system32\iac25_32.ax#msacm.iac2#2.05.53#ok
117#Video-Codec#Intel Indeo® video 5.10#C:\WINDOWS\system32\ir50_32.dll#vidc.iv50#R.5.10.15.2.55#ok
118#Audio-Codec#MPEG Layer-3 Audio Codec for MSACM#C:\WINDOWS\system32\l3codeca.acm#msacm.l3acm#1, 9, 0, 0305#ok
119#Video-Codec#DivX#C:\WINDOWS\system32\DivX.dll#vidc.divx#6.1.1.1031#ok
120#Video-Codec#DivX#C:\WINDOWS\system32\DivX.dll#vidc.yv12#6.1.1.1031#ok
121#Audio-Codec#MSN Messenger Audio Codec#C:\WINDOWS\system32\sirenacm.dll#msacm.siren#7.5.0324.0#ok
122#Audio-Codec#ATRAC3 CODEC for MSACM#C:\WINDOWS\system32\atrac3.acm#msacm.atrac3#0.98.15.10#ok

#15 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:39 PM

Posted 17 October 2006 - 03:39 PM

Well those codecs all come up ok. Does this happen with random folders, or is there any pattern? For example does it happen when you open a folder that contains media files?

Let's go down another path and see where it gets us.

Go to this folder: C:\Windows
Make sure you are viewing the details and then click on Date Modified to sort everything so the most recent is up at the top.
Look for for files named KB######.log (where # represents random numbers) that are dated around the time you noticed your problem began.

If you find any, let me know which ones.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users