1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

ugent: please help! whats going on?

Discussion in 'Virus & Other Malware Removal' started by griswold, Apr 1, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. griswold

    griswold Thread Starter

    Joined:
    Feb 24, 2004
    Messages:
    33
    ok so all of the sudden my computer is acting real messed up. my processors are maxed out!and my pc is running so slow i cant do anything really, when i restart none of my startup programs really lode up in the toolbar and my pc is creeeping by. i have dual 2.4 xeons, it should be going a little faster than this! and i check the task manager and microsoft intellipoint is using 25% of my processing?? drl32.dll or something is using 40% ?? khost is using like another 25.. please help i dont know whats going on. when i was looking at add/remove programs i saw a bunch of windows xp hotfixes?? i dunno what thats about, when i go to the windows xp windows updates page it has errors and cant really give me any updates, im kind of worried, this doesnt look good. PLEASE help me. norton seems to be doing some weird things, it wont really run? and when i scan my computer using antivirus its not coming up with anything, but im almost positive i got hit with something. im worried, this computer is my life! please help me!!!
     
  2. griswold

    griswold Thread Starter

    Joined:
    Feb 24, 2004
    Messages:
    33
    one other thing, antivirus is showing my email scanning as ERROR. i dont know whats going on.
     
  3. bowmar

    bowmar

    Joined:
    May 30, 2003
    Messages:
    619
    First of all Griswold try an Online Scanner...
    http://housecall.trendmicro.com/

    Then download/install/run Ad-Aware (UpdateAlso)...
    http://www.lavasoft.de/software/adaware/

    Then download/install/run Spybot (Update Also)...
    http://www.safer-networking.org/index.php?page=tutorial

    If PC is not running any better, pretty sure it will be though, download, install & run Hijackthis, cut & paste the report back in this post, do not attempt to fix anything until someone gets back to you at this point though...
    http://www.spychecker.com/program/hijackthis.html

    Best of Luck Griswold !
     
  4. griswold

    griswold Thread Starter

    Joined:
    Feb 24, 2004
    Messages:
    33
    during my online scan it immediatly found and fixed something called ircflood something.. do you think this was it? the scan isnt done but i bet i got it on irc whatever it is, im going to run adaware and spybot, although i already have. thank you for your attention mr bowmar, i will be back with my hijackthis scan shortly
     
  5. griswold

    griswold Thread Starter

    Joined:
    Feb 24, 2004
    Messages:
    33
    oh and do you know what those windows xp hotfixes are on my add/remove programs? i bet there are 15 of them
     
  6. bowmar

    bowmar

    Joined:
    May 30, 2003
    Messages:
    619
    Do not remove the Hot Fixes as they are Windows Updates, could be correct about ircflood slowing the PC down as it is a tRojan that floods the IRC network.
    Best of Luck !
     
  7. griswold

    griswold Thread Starter

    Joined:
    Feb 24, 2004
    Messages:
    33
    thank you so much bowmar for helping me. here is my hijack log, i am infinitly greatful to you if you review this, because im sure hijack logs arent exactly thrilling to look through.






    Logfile of HijackThis v1.97.7
    Scan saved at 9:58:11 AM, on 4/1/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\NMSSvc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\PMJ151LA.BIN
    C:\Program Files\AlienAutopsy\TEKS_Service.exe
    C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\CTHELPER.EXE
    C:\WINDOWS\SYSTEM32\USRmlnkA.exe
    C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
    C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
    C:\WINDOWS\SYSTEM32\USRshutA.exe
    C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
    C:\WINDOWS\SYSTEM32\USRmlnkA.exe
    C:\WINDOWS\MXOALDR.EXE
    C:\WINDOWS\System32\rundll32.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\AlienAutopsy\Test_BS.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\highjack this\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://comcast.net/
    O1 - Hosts: 38.115.131.131 sk2.slsk.org
    O1 - Hosts: 38.115.131.131 http://www.slsk.org
    O1 - Hosts: 38.115.131.131 mail.slsk.org
    O1 - Hosts: 38.115.131.131 server.slsk.org
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [AlienAutopsy] "C:\Program Files\AlienAutopsy\Test_BS.exe" -h
    O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
    O4 - HKLM\..\Run: [RecoverFromReboo] C:\WINDOWS\Temp\RECOVE~1.EXE
    O4 - HKLM\..\Run: [TotalRecorderScheduler] C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
    O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~3\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft Hardware\Mouse\point32.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O9 - Extra button: NeoTrace It! (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...ple.com/drakken/us/win/QuickTimeInstaller.exe
    O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {97AFC0D9-660E-4ACE-B025-46FD64AE335A} (EmailImport.EmailImportControl) - http://www.friendster.com/import/emailimport.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
     
  8. griswold

    griswold Thread Starter

    Joined:
    Feb 24, 2004
    Messages:
    33
    im going to reboot, which by the way is when the problem usually sets in, if i can ever get into the task manager, which takes FOREVER cuase it runs so slow, i can end the processes that are taking up all my processing power, the odd thing is the processes are usually pretty normal stuff like i mentioned above, point23.exe rundll , etc.
     
  9. griswold

    griswold Thread Starter

    Joined:
    Feb 24, 2004
    Messages:
    33
    ok yea none of this stuff is working, when i reboot everything is slow, i did a print page of the tak manager, and look at what is using all my processing.. this is soo odd. i must have some sort of worm or something? check this out im not sure if this will help or not:
     

    Attached Files:

  10. griswold

    griswold Thread Starter

    Joined:
    Feb 24, 2004
    Messages:
    33
    will someone please review my hijackthis log? what do i know, but me looking over it there doesnt seem to be anything out of the ordianry, but then again , i dont even know what to look for really
     
  11. FinestRanger

    FinestRanger

    Joined:
    Oct 13, 2003
    Messages:
    2,367
  12. griswold

    griswold Thread Starter

    Joined:
    Feb 24, 2004
    Messages:
    33
    finest ranger,


    i have ad aware version 6 and i actually already did the custum scan like that.in my first post someone informed me of the correct options scheme.i am going to proceed to run those online scans, but can you look at my highjackthis log and tell me what you see?
     
  13. griswold

    griswold Thread Starter

    Joined:
    Feb 24, 2004
    Messages:
    33
    btw thank you!
     
  14. griswold

    griswold Thread Starter

    Joined:
    Feb 24, 2004
    Messages:
    33
    i saw in your sig that you have all your computer information. should i make that availabel? should i post my computer stats like those of your sig?
     
  15. FinestRanger

    FinestRanger

    Joined:
    Oct 13, 2003
    Messages:
    2,367
    griswold,

    I'm just passing along some useful information to ya...I'm no hijackthis evaluator...I haven't put the time and effort into it. As far as the info for my computer I find it easier to put it in my sig for future tech reference...it's easier than typing it all in and it's right there for them.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/216455

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice