1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Computer hanging. Is this process safe? + HJT Log

Discussion in 'Virus & Other Malware Removal' started by doctor, May 27, 2009.

Thread Status:
Not open for further replies.
  1. doctor

    doctor Thread Starter

    Joined:
    Nov 11, 2003
    Messages:
    6
    Recently given a new computer. It's not the fastest, and memory may be an issue later, but has been ok for basic work now. No extras added when received, so I've been downloading them a bit at a time. In the past couple weeks, I noticed the computer getting slower and starting to hang online. This happens at random times, but seems to happen most when the computer has been on a while (cache issue?) or has been at rest (but still on). At first I thought this might be from my wireless network adapter hanging (signal isn't the best), but have become more concerned it's something more.

    When rebooting the computer one day there was a message that my password would be expiring within the next few days. This message continued to come up for the next few days, and on the last day before it was set to expire I reset the password. Now when I boot up, the computer sometimes goes to the password screen and sometimes just to a blank box where the name and password should be, with nothing to click on. The only thing that can be clicked on is the Rising Antivirus icon in the top left, but that doesn't open anything up. You then have to reboot or hit reset and hope you don't have to do the whole thing over again. It usually goes to the password section by the third try. This was never an issue before that "password reset" request came up. Was that message legitimate or a ruse to hijack the computer?

    I just did a check on the system config utility and the process VistaDrive is supposedly running at Startup. I've read conflicting info online, some saying VistaDrive.exe is a virus, other saying it's part of Rising Antivirus & Anti-Spyware scanner--which is on the system. Anyone know which is correct? I also downloaded Google Chrome, SeaMonkey with some add-ons, Smart Ram, Smart Defrag, and Advanced System Care. That's about all I can think of that might be causing a conflict. I'm running Windows XP Pro.

    Hope someone can advise on these problems. Thanks in advance.

    Here is my newly downloaded HiJack This report from 2.0.2 :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:26:11 PM, on 5/27/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Rising\Rav\CCENTER.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Rising\Rav\RavMonD.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Rising\Rav\rsnetsvr.exe
    C:\Program Files\Rising\Rav\RavTask.exe
    C:\Program Files\Rising\Rav\ScanFrm.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\VistaDrive\VistaDrive.exe
    C:\Program Files\Rising\Rav\RsTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\mozilla.org\SeaMonkey\SeaMonkey.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
    C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
    C:\Program Files\Belkin\F5D8053\Belkinwcui.exe
    C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe
    O4 - HKLM\..\Run: [RavTray] "C:\Program Files\Rising\Rav\RsTray.exe" -system
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SeaMonkey Quick Launch] "C:\Program Files\mozilla.org\SeaMonkey\SeaMonkey.exe" -turbo
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
    O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    O4 - Global Startup: Belkin F5D8053 N Wireless USB Adapter Utility.lnk = C:\Program Files\Belkin\F5D8053\Belkinwcui.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Rav Process Communication Center (RavCCenter) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCENTER.EXE
    O23 - Service: Rising RavTask Manager (RavTask) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\RavTask.exe
    O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\RavMonD.exe
    O23 - Service: Rising Scan Service (RsScanSrv) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\ScanFrm.exe

    --
    End of file - 4315 bytes
     
  2. doctor

    doctor Thread Starter

    Joined:
    Nov 11, 2003
    Messages:
    6
    Bump

    Problem still not fixed. Please help!

    New Log for new updates


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:23:15 PM, on 6/2/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.21020)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Rising\Rav\CCENTER.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Rising\Rav\RavMonD.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Rising\Rav\rsnetsvr.exe
    C:\Program Files\Rising\Rav\RavTask.exe
    C:\Program Files\Rising\Rav\ScanFrm.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Rising\Rav\RsTray.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
    C:\Program Files\Belkin\F5D8053v3011\Belkinwcui.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    O4 - HKLM\..\Run: [RavTray] "C:\Program Files\Rising\Rav\RsTray.exe" -system
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
    O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    O4 - Global Startup: Belkin F5D8053 N Wireless USB Adapter Utility.lnk = C:\Program Files\Belkin\F5D8053v3011\Belkinwcui.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1243555220865
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243545154080
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Rav Process Communication Center (RavCCenter) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCENTER.EXE
    O23 - Service: Rising RavTask Manager (RavTask) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\RavTask.exe
    O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\RavMonD.exe
    O23 - Service: Rising Scan Service (RsScanSrv) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\ScanFrm.exe

    --
    End of file - 4198 bytes
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/830493

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice