Go Back   Forums > Community Chatterbox > Tech Corner
Memberlist Forum Rules Search Today's Posts Mark Forums Read
Search Forums:
Click here to use Advanced Search

Reply
 
Thread Tools Display Modes
Old 05-07-2010, 05:33 PM   #1
Fubb
GreatCanadianMan
 
Fubb's Avatar


 
Join Date: May 2008
Location: Swan River, Canada
Posts: 842
Angry 'Puter Problem.

So far today I have had to Restart my computer TWICE.

not once, TWICE! Why? Because of this;

On start up, everything runs fine, i can open stuff, etc etc, but once I end up closing everything, eg im bored and go to do something else so i close Firefox, etc so the tray has no programs opened on it, if I try and open something again, nothing happens. The cursor has the little hour glass icon, but nothing loads (I can't even ctrl-alt-delete)

Any solutions?

I checked all my process's that are on right now, the only ones using CPU are;

System Idle Process; 96-99 cpu
FireFox.exe 1-3 but its a 0 now
Plugin Container 1-3 but it's at 0 now.

NOW do any of these other processes sound familiar or strange to you?

Vid.exe
spoolsv.exe
smss.exe (I think thats a normal one though)
jqs.exe
RTHPCPL.exe
rundll32.exe
jusched.exe
hpweSchd2.exe
iyxotlutssd.exe
wmiprvse.exe
wkcalrem.exe

Im only putting them down because well, i don't even know where to being to look for a solution, and right now im blaming a virus. Malware Bytes and CCCleaner'd yesterday and got rid of stuff, but it didn't seem to solve the problem...
__________________
Kugarfang: o hai guiz im trying to find this techno song from the radio and it goes like this:

DUN duuuunnnn dudududududun SPLOOSH duuunnnnn


We ate the horse.

Last edited by Fubb; 05-07-2010 at 05:41 PM.
Fubb is offline                         Send a private message to Fubb
Reply With Quote
Old 05-07-2010, 05:46 PM   #2
Tulac
Union Leader



 
Join Date: Dec 2004
Location: Zagreb, Croatia
Posts: 1,867
Default

System idle processes take 99% of your CPU? There's something wrong right there.

Also, knowing your OS and specs would be nice.
__________________
[14-12, 16:08] TotalAnarchy: but the greatest crime porn has done is the fact that it's all fake and emotionless, that's why I prefer anime hentai frankly
Tulac is offline                         Send a private message to Tulac
Reply With Quote
Old 05-07-2010, 05:48 PM   #3
Acethor
HECU Marine
 
Acethor's Avatar




 
Join Date: Jul 2008
Location: Stockholm, Sweden
Posts: 1,242
Default

I'm suspicious of iyxotlutssd.exe and wkcalrem.exe.

One or both of these may be a virus.

Besides those two Vid.exe might be something, but then again maybe you were running a program. All other processes look normal (unless they were also infected).
__________________


We need help!! Click the link above if you're interested!
Acethor is offline                         Send a private message to Acethor
Reply With Quote
Old 05-07-2010, 05:57 PM   #4
Fubb
GreatCanadianMan
 
Fubb's Avatar


 
Join Date: May 2008
Location: Swan River, Canada
Posts: 842
Default

Intel Core 2 Quad CPU Q8300 @ 2.5Ghz, 2.5Ghz, 3.5GB RAM

Hardrive; 464 GB
FreeSpace 146GB (Thinking of running a disk defrag and deleting a ton of stuff

Recently downloaded thing gummies that I can THINK of.

Dev C++ Package Mananger
DC++
CC Cleaner
Malwarebytes Anti-Malware
Notrium

Havn't been browsing suspicious sites or anything like that (no porn for Fubbles!)

Thought Norton was coming up with 'intrusion blocked' whenever i searched google, that problem first arose (atleast i noticed it) when i was on Deviant Art.
__________________
Kugarfang: o hai guiz im trying to find this techno song from the radio and it goes like this:

DUN duuuunnnn dudududududun SPLOOSH duuunnnnn


We ate the horse.
Fubb is offline                         Send a private message to Fubb
Reply With Quote
Old 05-07-2010, 06:17 PM   #5
Fubb
GreatCanadianMan
 
Fubb's Avatar


 
Join Date: May 2008
Location: Swan River, Canada
Posts: 842
Default

Kai

So after a quick Scan with Malware bytes, it found 14 little thing gummies, so i had them fixed (come to think of it, i wish they were quarantined to i coulda seen there paths)

so now of the list of processes, these are what i haz.

Vid.exe
spoolsv.exe
smss.exe (I think thats a normal one though)
jqs.exe
RTHPCPL.exe
rundll32.exe
jusched.exe
hpwuSchd2.exe
iyxotlutssd.exe
wmiprvse.exe
wkcalrem.exe

So the iyxotlutssd.exe has disappeared it seems.

Also it appears malware does quarantining the trojans, etc, i have, ill see if i can copy and paste the log file it created from the scan.
__________________
Kugarfang: o hai guiz im trying to find this techno song from the radio and it goes like this:

DUN duuuunnnn dudududududun SPLOOSH duuunnnnn


We ate the horse.
Fubb is offline                         Send a private message to Fubb
Reply With Quote
Old 05-07-2010, 06:18 PM   #6
_r.u.s.s.
I'm not Russ
but an ex-alektorophobic
 
_r.u.s.s.'s Avatar


 
Join Date: May 2005
Location: Nitra, Slovakia
Posts: 6,533
Default

rundll32 shouldn't be running on an idle pc in background, did you have some system panel shown up?

btw
Quote:
Originally Posted by Tulac View Post
System idle processes take 99% of your CPU? There's something wrong right there.
nope, this is normal

also, it sounds like your pc frozen when you were idle because your screensaver popped up.. because it's the only thing that `happens` when you're idle. don't you have some ultra super 3d screen saver which deadlocks your pc?
__________________
_r.u.s.s. is offline                         Send a private message to _r.u.s.s.
Reply With Quote
Old 05-07-2010, 06:23 PM   #7
Fubb
GreatCanadianMan
 
Fubb's Avatar


 
Join Date: May 2008
Location: Swan River, Canada
Posts: 842
Default

So here are the bits and pieces from the scan log

******
Scan type: Quick scan
Objects scanned: 134447
Time elapsed: 11 minute(s), 23 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
C:\Documents and Settings\Heely\Local Settings\Application Data\umqpneoce\iyxotlutssd.exe (Trojan.Downloader) -> Unloaded process successfully.

********

So thats that i guess, but i fear my pc may still be funky.

****

HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\rblbauik (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\rblbauik (Trojan.Downloader) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Heely\Local Settings\Application Data\umqpneoce\iyxotlutssd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Heely\Local Settings\Temp\sUTA.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\iMiE.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\MUwR.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\DRlP.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\3LPC7GF7\n002106201304r0409J1100 0601R30892d84W8501b9ecXd68e55cdY9abed613Z0100f0801[1] (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\3LPC7GF7\n002106201304r0409J1100 0601R8ff7fa9cW8501b9ecX98155d0fYd424feadZ0100f0800[1] (Trojan.Downloader) -> Quarantined and deleted successfully.


**********

System Idle is still at 99 and rundl32 is also on.

What do you mean by system panel russle sprouts??
__________________
Kugarfang: o hai guiz im trying to find this techno song from the radio and it goes like this:

DUN duuuunnnn dudududududun SPLOOSH duuunnnnn


We ate the horse.
Fubb is offline                         Send a private message to Fubb
Reply With Quote
Old 05-07-2010, 08:26 PM   #8
_r.u.s.s.
I'm not Russ
but an ex-alektorophobic
 
_r.u.s.s.'s Avatar


 
Join Date: May 2005
Location: Nitra, Slovakia
Posts: 6,533
Default

rundll32 usually shows up when you invoke something from windows, for example like services window or i don't know, mouse settings window (but it can be something else too, this is just one common thing)

try ctrl-alt deleting rundll32 and see what happens

also, type msconfig, then click "run" tab and see what else may bring rundll32 up
but if you want to remove something you better do it other way, let me know if you want to

also, get this wonderful tool and see what actually calls that rundll32
__________________
_r.u.s.s. is offline                         Send a private message to _r.u.s.s.
Reply With Quote
Reply


Similar Threads
Thread Thread Starter Forum Replies Last Post
Problem Fubb Tech Corner 6 11-02-2010 08:11 PM
.exe problem jonahjuice Troubleshooting 7 13-06-2009 03:41 PM
Problem Dark Piedone Tech Corner 12 02-01-2006 08:22 PM
Sim Problem Xin Troubleshooting 6 25-06-2005 11:16 AM

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump
 


The current time is 05:50 AM (GMT)

 
Powered by vBulletin® Version 3.7.1
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.