Why is there iexplorer.exe on comp. startup with 90k+ mem usage and 98/99 CPU?

[iDKMyyBFFJiill]

FIrst off.. it takes like 5-10minutes for my computer to fullystartup. i have no idea why, but it used to take somewhat 30 seconds.. When i log in and after al lstartup applications are loaded, my computer seems reallyyyyy slow and freezes constantly. So one day i opened up tskmnger and i saw "iexplorer.exe" taking up 76k mem usage. Within two seconds, it raised all the way to 90-110k!!! under CPU, its listed as 98 and sometimes 99.
Im really confused because i dont know if theres something wrong with my computer( i know there is ), but i dont know what it is! ive ran multiple spyware and adware and anti viruses aswell and still the problem continues..

 

[Rik]

Hi iDKMyyBFFJiill and welcome to TechSpot.:wave:

Yout system is badly infected.

You need to have a read of this - If your system is infected. Read this before deciding whether to CLEAN or REFORMAT.

Then if you should wish to proceed with cleaning your system you need to go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, Combofix, and AVG Antispyware logs as ATTACHMENTS into this thread, only after doing the above.
We also need to know the result of Panda Antirootkit.


This thread is for the use of iDKMyyBFFJiill only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[iDKMyyBFFJiill]

Ok, here are my HJT log and Combofix
Panda Anti Rootkit detected No rootkits ( i dont know if theres a save log button or not but i couldnt find it)

as for AVG, how do i set it to quarentine or whatever because what i did was in the Scan settings, i put "Quarentine" as my default action for detected malware.
BUt when i saved the log, it still said "no Action taken everywhere"
AM i supposed to hit delete after scanning the malware, THEN save log?
I posted the AVG log anyway, its pretty useless for now i guess until i know what to do

 

[howard_hopkinso]

Hello and welcome to Techspot.

It appears you`re not running any antivirus or firewall software and your system is badly infected.

All items in your AVG Antispyware log say "No Action Taken". That`s because you haven`t told AVG Antispyware to quarantine it`s results as per the instructions. See this pictorial guide.

Make sure you follow all the instructions below exactly.

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

viewpoint
viewpoint toolbar
viewpoint manager
QdrModule
QdrDrive
DriveCleaner 2006 Free
Buffy Engine

Close control panel.

Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

Viewpoint Manager Service

Close the services window.


Open notepad and copy/paste the text in the quote box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Code:

File::
C:\WINDOWS\system32\sruusxm.dll,nsrxhv
C:\WINDOWS\system32\sruusxm.dll
C:\WINDOWS\system32\ClickToFindandFixErrors_US.ico
C:\WINDOWS\mrofinu72.exe
C:\Program Files\.autoreg
C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
C:\Program Files\ManagedDX.CAB
C:\Program Files\BDANT.cab
C:\Program Files\BDAXP.cab
C:\Program Files\dxnt.cab
C:\Program Files\BDA.cab
C:\Program Files\DirectX.cab
C:\Program Files\dxsetup.exe
C:\Program Files\dsetup32.dll
C:\Program Files\DSETUP.dll
C:\WINDOWS\system32\tvvwa.bak1
C:\WINDOWS\system32\tvvwa.bak2
C:\WINDOWS\system32\tvvwa.ini2
C:\WINDOWS\system32\xcrfsys.dat
C:\WINDOWS\system32\sruusxm.dll
D:\NTGLM7X.sys
C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.313
c:\docume~1\0x1af46\applic~1\elsekn~1

Folder::
C:\Program Files\Viewpoint
C:\Program Files\Common Files\{CC8D24A4-044E-1033-0905-030310080001}
C:\Documents and Settings\All Users\Application Data\flag ace stupid data
C:\VundoFix Backups
C:\qoobox
C:\ijji
C:\Program Files\QdrModule
C:\Program Files\QdrDrive
C:\Documents and Settings\Owner\Application Data\ijjigame
C:\Documents and Settings\0x2c9\Application Data\Viewpoint
C:\Documents and Settings\Jest\Application Data\Viewpoint
C:\Program Files\DriveCleaner 2006 Free
C:\Program Files\Common Files\DriveCleaner 2006 Free
C:\Documents and Settings\Owner\Desktop\CheatEngine
C:\Documents and Settings\Owner\Desktop\Ultra_Noob
C:\Program Files\Buffy Engine
C:\Documents and Settings\13\My Documents\Moonlight Engine 1083 + v46 ct + DXWnd
C:\Documents and Settings\Owner\Desktop\Kaspersky_Engine_5[1].3.309
C:\Documents and Settings\Owner\Desktop\Vicious_Engine_5.1
C:\Documents and Settings\Owner\Desktop\JMS Engine
C:\Documents and Settings\Owner\Desktop\Revolution_Engine_6.2_By_SHAK3
C:\Documents and Settings\Owner\Desktop\Akuma Engine
C:\Documents and Settings\Owner\Desktop\SPUCE 2.0

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"sruusxm.dll"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvvt]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sysfrcx]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzdn32]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriveCleaner 2006 Free]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAS_Check]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDR6_Check]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UDC6cw]

Save this as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot).
Download and install one antivirus and one firewall programme from the choices below.

AVG free or Avast antivirus programmes.

Zonealarm Kerio or Comodo free firewall programmes.

Run the antivirus updates and do a full system scan. Delete whatever is found, including anything placed in the Virus vault/Quarantine.

Post the contents of Combofix.txt in your next reply together with a fresh HJT log and a fresh AVG Antispyware log.

Regards Howard :wave: :wave:

This thread is for the use of iDKMyyBFFJiill only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[iDKMyyBFFJiill]

Here is the AVG AntiSpyware Log, the ComboFix log, and the fresh hjt log.

Anything that was placed in the Anti-Spyware Quarentine list i deleted

 

[howard_hopkinso]

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

Update.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKCU\..\Policies\Explorer\Run: [{CC8D24A4-044E-1033-0905-030310080001}] "C:\Program Files\Common Files\{CC8D24A4-044E-1033-0905-030310080001}\Update.exe" mc-110-12-0000272

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or folders(if there).

C:\Program Files\Common Files\{CC8D24A4-044E-1033-0905-030310080001}
C:\qoobox

Reboot into normal mode and rehide your protected OS files.

Post a fresh HJT log.

Regards Howard

This thread is for the use of iDKMyyBFFJiill only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[iDKMyyBFFJiill]

I fixed this:

O4 - HKCU\..\Policies\Explorer\Run: [{CC8D24A4-044E-1033-0905-030310080001}] "C:\Program Files\Common Files\{CC8D24A4-044E-1033-0905-030310080001}\Update.exe" mc-110-12-0000272


There was no. "C:\Program Files\Common Files\{CC8D24A4-044E-1033-0905-030310080001}"

but i found and deleted "C:\qoobox"

Attached Fresh HJT

 

[howard_hopkinso]

Unfortunately, the O4 - HKCU\..\Policies\Explorer\Run: [{CC8D24A4-044E-1033-0905-030310080001}] "C:\Program Files\Common Files\{CC8D24A4-044E-1033-0905-030310080001}\Update.exe" mc-110-12-0000272 entry is still showing up in your HJT log.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Click start/run and type regedit into the run box and press the enter key. When the window appears maximise it. Click file/export and save a copy of your registry to wherever you want.

Click edit and choose find. Type/or copy and paste {CC8D24A4-044E-1033-0905-030310080001} into the dialogue box and click the find next button. Regedit will now search your registry for any entries that contain a reference to {CC8D24A4-044E-1033-0905-030310080001} and display them in the righthand pane. Right click on any such {CC8D24A4-044E-1033-0905-030310080001} entries and choose delete.

Now click edit again and choose find next. Again, delete any entries that reference {CC8D24A4-044E-1033-0905-030310080001}.

Repeat the above, until no more {CC8D24A4-044E-1033-0905-030310080001} entries are found.

Close regedit.

Reboot into normal mode and rehide your protected OS files.

Post a fresh HJT log.

Regards Howard

This thread is for the use of iDKMyyBFFJiill only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[iDKMyyBFFJiill]

One entry related to {CC8D24A4-044E-1033-0905-030310080001} was found and deleted.

I dont know if this has anything to do with it, but all my Bookmarks on FireFox are gone now, not a big deal at all. but just letting ya know

Fresh HJT Log attached

 

[howard_hopkinso]

Your HJT log is now clean.

Click start/run and type combofix /u into the run box and hit the enter key. This should get rid of Combofix and all it`s folders etc.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

As for your FF bookmarks problem, see this post HERE.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of iDKMyyBFFJiill only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[iDKMyyBFFJiill]

The bookmark thing didnt work. I mean, it did, but after i imported it from my desktop (where i pasted it from the search window), when i went into FF and hit bookmarks, the only thing that appeared was "Help and Tutorials","Customize FireFox", "Get Involved", and "About Us". Its no big deal though, I had a bunch of crap on it anyways.

Thank you very much for your help :]
I no longer have a problem with iexplorer.exe taking 90k+ of my memory usage and freezing up my comp, and im prettty much spyware/virus free

But i have on more thing I do need help with.
I dont know wether this goes into "Security and Web" or not but here we go:
When i boot up my computer, it takes about 5-10minutes for everything to load. It used to take about 30 seconds. After I'm logged in my computer as Owner, the screen is just frozen with no desktop icons or Start menu. After a couple of minutes, my desktop icons start appearing SLOWLY. At first, one is on the desktop, then more come in over time. What can I do about this?? Its killliiing meee