| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 57620 | 2005-05-07 23:20:00 | Task manager wont open, plus pc is running VERY slow. | Fizzix (8060) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 353169 | 2005-05-07 23:20:00 | Hello, Well, as title states, the task bar wont open, so i cant close any program that seems to be using 100% cpu. if this is the case, as the pc is running very slow like all the cpu power is taken up. keep getting derbiz things popping up, how ever i dont reckon they would make the pc run this slow. at times it freezes for a good 10 seconds, then starts, to run very slow again. possible trojan/worm? or spywear also keep getting "webpage unavailable offline" when im alredy online popping up had a few other problems latly too. how ever, this is a brad new harddrive with a fresh first install, and with in a few moments of the pc connecting to the net this started if any one can help, it would be very much apperciated. please let me know if you need any further infomation Regards Sam P.S Xp Pro btw |
Fizzix (8060) | ||
| 353170 | 2005-05-07 23:25:00 | I advise you to Run Spybot/Adaware and a virus scan | Dannz (1668) | ||
| 353171 | 2005-05-07 23:26:00 | Download Hijackthis and post a log here. www.merijn.org From here www.spywareinfo.com After u download it, make a folder HJT and extract this zip file into it. Then run it, then scan, then copy and paste what appears back here. |
Speedy Gonzales (78) | ||
| 353172 | 2005-05-08 00:00:00 | unfortunailly hijack this dosnt open either, closes when open, on merjin.org it says something about wwwcoolwebsearch or something like this, trojan. and lots of varints of it. if any one could help with this it would be apreciated. im currently about to start a program dedicated to getting rid of this trojan "spysubtract" i belive it is caleld ill let you know who i get on Sam. |
Fizzix (8060) | ||
| 353173 | 2005-05-08 00:09:00 | nope, this didnt find anything. and hijack this still fails to open. :( |
Fizzix (8060) | ||
| 353174 | 2005-05-08 00:10:00 | Have u tried running it in Safe Mode?? | Speedy Gonzales (78) | ||
| 353175 | 2005-05-08 00:22:00 | Have you tried to run a virus scan? | Dannz (1668) | ||
| 353176 | 2005-05-08 00:23:00 | ill try now.... | Fizzix (8060) | ||
| 353177 | 2005-05-08 00:35:00 | ah ha! that worked then log file = Logfile of HijackThis v1 . 99 . 1 Scan saved at 00:25:01, on 08/05/2005 Platform: Windows XP SP1 (WinNT 5 . 01 . 2600) MSIE: Internet Explorer v6 . 00 SP1 (6 . 00 . 2800 . 1106) Running processes: C:\WINDOWS\System32\smss . exe C:\WINDOWS\system32\winlogon . exe C:\WINDOWS\system32\services . exe C:\WINDOWS\system32\lsass . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\System32\SCardClnt . exe C:\WINDOWS\Explorer . EXE C:\Documents and Settings\Sam\Local Settings\Temp\Temporary Directory 2 for hijackthis . zip\HijackThis . exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://community . derbiz . com/ O4 - HKLM\ . . \Run: [IMJPMIG8 . 1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG . EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\ . . \Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP . EXE /SYNC O4 - HKLM\ . . \Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP . EXE /IMEName O4 - HKLM\ . . \Run: [NvCplDaemon] RUNDLL32 . EXE C:\WINDOWS\System32\NvCpl . dll,NvStartup O4 - HKLM\ . . \Run: [nwiz] nwiz . exe /install O4 - HKLM\ . . \Run: [NvMediaCenter] RUNDLL32 . EXE C:\WINDOWS\System32\NvMcTray . dll,NvTaskbarInit O4 - HKLM\ . . \Run: [GSICONEXE] GSICON . EXE O4 - HKLM\ . . \Run: [DSLAGENTEXE] dslagent . exe USB O4 - HKLM\ . . \Run: [C-Media Mixer] Mixer . exe /startup O4 - HKLM\ . . \Run: [checkrun] C:\windows\system32\eliteoho32 . exe O4 - HKLM\ . . \Run: [sysPersonalFirewall] msnmssgr . exe O4 - HKLM\ . . \Run: [System32] crsvvc . exe O4 - HKLM\ . . \Run: [Windows Workstation Start Service] mslanmgr . exe O4 - HKLM\ . . \Run: [Microsoft Crs Fix Serv] wincrs . exe O4 - HKLM\ . . \Run: [USB Device] win32usb . exe O4 - HKLM\ . . \Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1 . 5 . 0_01\bin\jusched . exe O4 - HKLM\ . . \Run: [CT Control Settings] CTSVCCD . EXE O4 - HKLM\ . . \Run: [MSN] Msnmrg . exe O4 - HKLM\ . . \Run: [ASDPLUGIN] C:\WINDOWS\System32\uk_nm . exe -N O4 - HKLM\ . . \RunServices: [sysPersonalFirewall] msnmssgr . exe O4 - HKLM\ . . \RunServices: [System32] crsvvc . exe O4 - HKLM\ . . \RunServices: [Windows Workstation Start Service] mslanmgr . exe O4 - HKLM\ . . \RunServices: [Microsoft Crs Fix Serv] wincrs . exe O4 - HKLM\ . . \RunServices: [USB Device] win32usb . exe O4 - HKLM\ . . \RunServices: [CT Control Settings] CTSVCCD . EXE O4 - HKLM\ . . \RunServices: [MSN] Msnmrg . exe O4 - HKLM\ . . \RunOnce: [sysPersonalFirewall] msnmssgr . exe O4 - HKLM\ . . \RunOnce: [USB Device] win32usb . exe O4 - HKCU\ . . \Run: [ctfmon . exe] C:\WINDOWS\System32\ctfmon . exe O4 - HKCU\ . . \Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr . Exe" /background O4 - HKCU\ . . \Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs . exe" /background O4 - HKCU\ . . \Run: [sysPersonalFirewall] msnmssgr . exe O4 - HKCU\ . . \Run: [USB Device] win32usb . exe O4 - HKCU\ . . \Run: [Microsoft Crs Fix Serv] wincrs . exe O4 - HKCU\ . . \Run: [CT Control Settings] CTSVCCD . EXE O4 - HKCU\ . . \Run: [MSN] Msnmrg . exe O4 - HKCU\ . . \RunServices: [MSN] Msnmrg . exe O4 - HKCU\ . . \RunOnce: [USB Device] win32usb . exe O4 - HKCU\ . . \RunOnce: [sysPersonalFirewall] msnmssgr . exe O4 - Global Startup: SpySubtract . lnk = C:\Program Files\interMute\SpySubtract\SpySub . exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1 . 5 . 0_01\bin\npjpi150_01 . dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1 . 5 . 0_01\bin\npjpi150_01 . dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS . EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS . EXE O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - . windowsupdate . microsoft . com/v5consumer/V5Controls/en/x86/client/wuweb_site . cab?1115420811573" target="_blank">v5 . windowsupdate . microsoft . com O17 - HKLM\System\CS2\Services\Tcpip\ . . \{1C8FFB03-D0EC-43D7-BF3A-EFB747F58749}: NameServer = 194 . 74 . 65 . 68 194 . 72 . 9 . 34 O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss . exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32 . exe O23 - Service: Smart Card Client (SCardClnt) - Unknown owner - C:\WINDOWS\System32\SCardClnt . exe O23 - Service: Windows 32-bit PnP Driver (winpnp32) - Unknown owner - C:\WINDOWS\System32\winpnp32 . exe ive also noticed, that it the comp seems to run ok, but i get redirected to a site at a random occasion, and its then that the problems start to happen . the whole pc slows down, not just net, ie playing a avi file, it will jump and skip etc . |
Fizzix (8060) | ||
| 353178 | 2005-05-08 01:05:00 | Looks like u have a few worms on that system . Tick the following and tick fix . Then reboot . Also get the Gaobot tool from the Symantec site, as shown below . C:\WINDOWS\System32\SCardClnt . exe This maybe a worm - Gaobot or a variant . Removal tool . symantec . com/sarc/sarc . nsf/html/w32 . gaobot . removal . tool . html" target="_blank">securityresponse1 . symantec . com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://community . derbiz . com/ O4 - HKLM\ . . \Run: [checkrun] C:\windows\system32\eliteoho32 . exe O4 - HKLM\ . . \Run: [sysPersonalFirewall] msnmssgr . exe O4 - HKLM\ . . \Run: [System32] crsvvc . exe O4 - HKLM\ . . \Run: [Windows Workstation Start Service] mslanmgr . exe O4 - HKLM\ . . \Run: [USB Device] win32usb . exe This maybe this . symantec . com/avcenter/venc/data/w32 . spybot . dhv . html" target="_blank">securityresponse . symantec . com Or another variant of the Gaobot worm . Use that removal tool above to see if it removes it . O4 - HKLM\ . . \Run: [CT Control Settings] CTSVCCD . EXE This looks like a worm . - And yet another variant of Gabot . O4 - HKLM\ . . \Run: [MSN] Msnmrg . exe O4 - HKLM\ . . \Run: [ASDPLUGIN] C:\WINDOWS\System32\uk_nm . exe -N O4 - HKLM\ . . \RunServices: [sysPersonalFirewall] msnmssgr . exe O4 - HKLM\ . . \RunServices: [System32] crsvvc . exe O4 - HKLM\ . . \RunServices: [Windows Workstation Start Service] mslanmgr . exe O4 - HKLM\ . . \RunServices: [Microsoft Crs Fix Serv] wincrs . exe O4 - HKLM\ . . \RunServices: [USB Device] win32usb . exe O4 - HKLM\ . . \RunServices: [CT Control Settings] CTSVCCD . EXE O4 - HKLM\ . . \RunServices: [MSN] Msnmrg . exe O4 - HKLM\ . . \RunOnce: [sysPersonalFirewall] msnmssgr . exe O4 - HKLM\ . . \RunOnce: [USB Device] win32usb . exe O4 - HKCU\ . . \Run: [sysPersonalFirewall] msnmssgr . exe O4 - HKCU\ . . \Run: [USB Device] win32usb . exe O4 - HKCU\ . . \Run: [Microsoft Crs Fix Serv] wincrs . exe O4 - HKCU\ . . \Run: [CT Control Settings] CTSVCCD . EXE O4 - HKCU\ . . \Run: [MSN] Msnmrg . exe O4 - HKCU\ . . \RunServices: [MSN] Msnmrg . exe O4 - HKCU\ . . \RunOnce: [USB Device] win32usb . exe O4 - HKCU\ . . \RunOnce: [sysPersonalFirewall] msnmssgr . exe O23 - Service: Smart Card Client (SCardClnt) - Unknown owner - C:\WINDOWS\System32\SCardClnt . exe O23 - Service: Windows 32-bit PnP Driver (winpnp32) - Unknown owner - C:\WINDOWS\System32\winpnp32 . exe This by the looks of it is a worm . |
Speedy Gonzales (78) | ||
| 1 2 3 | |||||