Taskmanager, Command Prompt, Regedit, Slowness

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

XenoX101

Thread Starter
Joined
Jun 26, 2005
Messages
3
Hello all,

I am new to these forums and I have a bit of a problem, ok, a few problems.

1.) My task manager won't load, it just shows a busy sign on the mouse then the busy sign disappears and nothing happens, I tried running "taskmgr" with the Run command and it says the program is in use, probably a virus? I don't know.

2.) Regedit won't run, simply shows a window saying "Regedit.com" then "The NTVDM CPU has encountered an illegal instruction."

NOTE: Regedit DOES work if I use "regedt32" instead of "regedit" in the Run command line. Or if I use "regedit.exe". I am afraid to delete Regedit.com though.

3.) Command prompt won't run, same problem as above only with "Cmd.com"

NOTE: Command Prompt DOES work if I click the icon either in the quick launch or in the start menu, which links to "cmd.exe". Typing "cmd.exe" in the Run command line also works. I am afraid to delete Cmd.com though.

4.) Computer has been running really slow, I am not sure of why, but it takes a good while to load and even then it runs sluggish, I have Trend PC-Cillin updated to pattern 701 and it doesn't notice any viruses, I also use Norton Internet Security.

Here is my HijackThis log.

------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 11:36:12 PM, on 26/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
S:\Program Files\Norton Internet Security Family Edition\NISUM.EXE
s:\PROGRA~1\Navnt\npssvc.exe
C:\WINDOWS\System32\nvsvc32.exe
s:\Program Files\Trend Micro\PC-cillin 2003\Tmntsrv.exe
S:\Program Files\Norton Internet Security Family Edition\NISSERV.EXE
s:\Program Files\Trend Micro\PC-cillin 2003\tmproxy.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
S:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe
S:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe
S:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe
S:\Program Files\Norton Internet Security Family Edition\IAMAPP.EXE
V:\Utils\Winamp\Winampa.exe
V:\Utils\Daemon Tools\daemon.exe
V:\Utils\Nokia PC Suite\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\winupdates\winupdates.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\GEORGE~1.OMG\LOCALS~1\Temp\Rar$EX01.645\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - S:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Home\wsbho2k0.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - V:\Utils\FlashGet\jccatch.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - V:\Utils\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [pccguide.exe] "s:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "s:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "s:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] ;rem C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "V:\Utils\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [SmcService] S:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [QuickTime Task] "V:\Utils\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NPS Event Checker] s:\PROGRA~1\Navnt\npscheck.exe
O4 - HKLM\..\Run: [iamapp] "S:\Program Files\Norton Internet Security Family Edition\IAMAPP.EXE"
O4 - HKLM\..\Run: [WinampAgent] "V:\Utils\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "V:\Utils\Daemon Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PCSuiteTrayApplication] V:\Utils\Nokia PC Suite\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Microsoft Office.lnk = Q:\program files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - V:\Utils\AIM\aim.exe (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - V:\Utils\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - V:\Utils\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1095255762050
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O23 - Service: NAV Alert - Symantec Corporation - s:\PROGRA~1\Navnt\alertsvc.exe
O23 - Service: NAV Auto-Protect - Symantec Corporation - s:\PROGRA~1\Navnt\navapsvc.exe
O23 - Service: Norton Internet Security Family Edition Service (NISSERV) - Symantec Corporation - S:\Program Files\Norton Internet Security Family Edition\NISSERV.EXE
O23 - Service: NISUM - Symantec Corporation - S:\Program Files\Norton Internet Security Family Edition\NISUM.EXE
O23 - Service: Norton Program Scheduler - Symantec Corporation - s:\PROGRA~1\Navnt\npssvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - S:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - s:\Program Files\Trend Micro\PC-cillin 2003\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - s:\Program Files\Trend Micro\PC-cillin 2003\tmproxy.exe

Any help you guys can provide will be greatly appreciated.

Thanks in advance :).

- George Daneliuc
 
Joined
Aug 18, 2004
Messages
47
I can tell you already you have some type of bug - don't have time yet tho to look at your log 'cause I'm stepping out of the door.

In Windows, *.COM files always run first if there's a cmd.com versus a cmd.exe. That's why it's always a good idea to type the whole name "cmd.exe" like you did. You can delete the *.com files (regedit.com and cmd.com)

-nt20
 

XenoX101

Thread Starter
Joined
Jun 26, 2005
Messages
3
I cleaned the virus, but the slow-down continues, is there any chance anyone else can help? I have Ewido, Norton Antivirus 2005, Trend PC-Cillin, Spy Sweeper
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top