1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

please analyze hijackthis log-computer freezing

Discussion in 'Virus & Other Malware Removal' started by jesseskipper, Apr 30, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. jesseskipper

    jesseskipper Thread Starter

    Joined:
    Apr 30, 2004
    Messages:
    24
    My computer has been very slow and occasionally freezing up the past few days. It has never donme this before. I am running windows 2000. I have webroot spysweeper (purchased at office depot), zone alarm firewall, and symantec anti-virus. I've also downloaded bazooka and spy hunter free anti-spyware. none of the anti-spyware programs shows anything except: spy hunter shows "seekseek" in a certain registry location, but will not remove it without my buying the full software. I looked around and found instructions for removing seekseek myself, and based on that it looks like I don't have it: the files I am supposed to remove are not on my computer, either in the places they say they should be, or, based on a search, at all; and the registry entries I am supposed to change aren't there either. Is this a scam to get me to buy the software, or is the seekseek program sometimes in different places and in different forms than what I read?

    of course, i get a dozen or more e-mails every day with virus attachments on them. I never open them, and often get the notification windows asking me what to do. I always choose to delete the attachment, then i delete the e-mail altogether and then empty the deleted items folder.

    I particpate in several list serves, and sometimes open attachments, but of course not if there's been a warning the attachment is infected.

    In checking my processes through task manager, I have noted huge cpu use by CFD.exe. I've tried to shut it down, but it doesn't stay shut down and it appears it is in fact somehow necessary despite what I've read over the past few days while trying to figure this out on my own. Also, i've had some runtime error messages for cfd.exe, most recently that it shut down incorrectly (or something like that) when I haven't done anything.

    also, ccd.exe always asks permission to access the internet, which i grant based on what i read earlier.

    anyway, here's my hijackthis log. I hope someone can help me, I have a lot of work to do and this is really slowing me down.

    Logfile of HijackThis v1.97.7
    Scan saved at 8:51:19 PM, on 4/29/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\svchost.exe
    C:\PROGRA~1\Navnt\navapsvc.exe
    C:\PROGRA~1\Navnt\npssvc.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\SYSTEM32\ZoneLabs\vsmon.exe
    C:\WINNT\system32\BRMFRSMG.EXE
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\PROGRA~1\Navnt\alertsvc.exe
    C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
    C:\PROGRA~1\HPCD-W~1\DirectCD\directcd.exe
    C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe
    C:\WINNT\System32\qttask.exe
    C:\Program Files\Navnt\POPROXY.EXE
    C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
    C:\progra~1\scansoft\paperp~1\pptd40nt.exe
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\Program Files\Support.com\bin\tgcmd.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\ScanSoft\PaperPort\PopUp\SmartUI.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\Program Files\Navnt\navapw32.exe
    C:\Program Files\Road Runner\Medic\RRMedic.exe
    C:\Program Files\ScanSoft\PaperPort\Pplinks.exe
    C:\PROGRA~1\BROADJ~1\CORREC~1\CCD.exe
    C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\Office\WINWORD.EXE
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\taskmgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [cpqek] C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\HPCD-W~1\DirectCD\directcd.exe
    O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe
    O4 - HKLM\..\Run: [NPS Event Checker] C:\PROGRA~1\Navnt\npscheck.exe
    O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\Navnt\defalert.exe
    O4 - HKLM\..\Run: [3c1807pd] C:\WINNT\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd
    O4 - HKLM\..\Run: [QuickTime Task] C:\WINNT\System32\qttask.exe
    O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Navnt\POPROXY.EXE
    O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
    O4 - HKLM\..\Run: [PaperPort PTD] c:\progra~1\scansoft\paperp~1\pptd40nt.exe
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\BRMFLPRO\SetDefPrt.exe
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [REGSHAVE] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /nosystray /deaf
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\SpyHunter\SpyHunter.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKLM\..\RunOnce: [KB837272] "C:\WINNT\INF\unregmp2.exe" /UpdateWMP
    O4 - Startup: Medic.lnk = C:\Program Files\Road Runner\Medic\RRMedic.exe
    O4 - Global Startup: Brother SmartUI PopUp.lnk = C:\Program Files\ScanSoft\PaperPort\PopUp\SmartUI.exe
    O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
    O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = C:\Program Files\Navnt\navapw32.exe
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://activex.microsoft.com/activex/controls/macromedia/Swdir.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/2...apple.com/qt502/us/win/QuickTimeInstaller.exe
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/16758e7da707b7b6d515/netzip/RdxIE601.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37880.9156712963
    O16 - DPF: {ACEFFC26-4628-11D1-B14A-105C01C13001} (WSpell Spelling Checker Control) - https://www.pdesigner.com/pd3/htmlEditor/wspell.cab
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DCE3340D-3568-4883-8B15-F6E296BC9445} (NCSVersion Class) - http://www.leepa.org/ecwplugins/ncs.cab
    O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! WebCam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
     
  2. jesseskipper

    jesseskipper Thread Starter

    Joined:
    Apr 30, 2004
    Messages:
    24
    btw, another reason I don't think I have seek seek is that it is suppsoed to divert your home page to sme other home page. that isn't happening. also, I got the spy hunter weeks ago, and it showed the seekseek, well before my problems started a few days ago.
     
  3. jesseskipper

    jesseskipper Thread Starter

    Joined:
    Apr 30, 2004
    Messages:
    24
    no help?
     
  4. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,116
    Is this a stand alone or networked pc?
     
  5. jesseskipper

    jesseskipper Thread Starter

    Joined:
    Apr 30, 2004
    Messages:
    24
    one other computer is networked.
     
  6. jesseskipper

    jesseskipper Thread Starter

    Joined:
    Apr 30, 2004
    Messages:
    24
    in other words, this computer is networked to one other. a friend did it, but i understand it's a very basic networking set-up, using the software that was included with windows in the computers. i have a cable modem and router, so both computers go through the router.

    btw, my original post referred to spyhunter, and i had an experience with it today that prompted me to come back here to see what i could find out about it. following is my reply post on another thread. it may be interesting.

    anyway, i'd still apreciate any help with my hjt log.

    "I posted a hijackthis log and questions a few days ago and no one has replied. the following is related to that post, so if this piques your interest and you'd like to take a look i'd appreciate it.

    as mentioned in my earlier post, i had downloaded the free spyhunter weeks ago and it also showed seekseek. i also did not want to buy spyhunter, so searched the internet for instructions on how to remove seekseek. what I found gave instructions for removing specific files and changing specific registry entries. I did not have any of these files or entries on my computer, leading me to believe that spyhunter was mistaken and probably intentionally giving a false alarm in order to sell their software.

    the post above tends to confirm that suspicion.

    last week, based on info here, i downloaded ad-aware, ran it, and removed what I think were some dialers inadvertently downloaded while surfing. ad-aware did not show me having seekseek. i also have webroot spyseeker, which has never shown seekseek.

    today i updated ad-aware, scanned again, and lo and behold it showed the spy hunter software as undesirable, calling it a data miner. so i deleted spy hunter.

    it appears ad-aware has concluded that not only is spy hunter ineffective but is a form of spyware (malware? I'm not sure I've got the terminology down yet) itself.

    anyone else have the same experience? any comments on spyhunter? i'd like to know, and I am posting this for general info."
     
  7. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,116
    Spyhunter question has been answered in the other thread.

    Do you and the other machine share a printer?
    If so is it on the slow machine or the other machine.
     
  8. jesseskipper

    jesseskipper Thread Starter

    Joined:
    Apr 30, 2004
    Messages:
    24
    no, at least we don't actually do it. whether or not it's set up that way i don't know. i don't think so.

    btw, just had another of the CFD.exe error messages. twice in the past 15 minutes i got the following error message:

    microsoft visual c++ runtime library

    Runtime error!

    PROGRAM: C:\PROGRA~1\BROADJ~1\CLIENT~1\CFD.exe

    R6025
    -pure virtual function call
     
  9. jesseskipper

    jesseskipper Thread Starter

    Joined:
    Apr 30, 2004
    Messages:
    24
    what do you mean the spyhunter question has been answered in the other thread? which other thread?


    and, i am curious why you are asking about my networking set-up?
     
  10. jesseskipper

    jesseskipper Thread Starter

    Joined:
    Apr 30, 2004
    Messages:
    24
    i realize i may not have answered your question. if a printer is shared, it's the printer on the slow computer.
     
  11. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,116
  12. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,116
    W2K can act very much like you are describing in a network environment if you have mapped drives that are not currently on line or shared printers can do the same thing if it is set as the default and not available.
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/225225

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice