computer lag hijack

C

CmoAMD

New Member
high cpu usage when barely doing anything

Logfile of HijackThis v1.99.1
Scan saved at 11:30:47 AM, on 7/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1104890113\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Jonathan\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com/start.html
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1104890113\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com/start.html
O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1095105930035
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing)
 
There's nothing that jumps out in your log.Open windows Task Manager and see what process is causing it.You could also do the following Dianogistic scan from Kaspersky http://kaspersky.com/kos/english/kavwebscan.html

Click Accept
When the updates are finished downloading, click Next, Scan Settings
Under Scan using the following antivirus database:, select extended
Make sure the Scan Archives and Scan Mail Bases options are selected as well. Click OK
Click My Computer and wait for the scan to finish
Click Save Report As. Under Save as type:, select Text file. Save this log to your Desktop.If any infections are present, post a copy of it here.
 
Ok will do, can you tell me the Start - Run - "Command" that shows whats in your startup?
 
Last edited:
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, July 30, 2006 3:56:43 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 30/07/2006
Kaspersky Anti-Virus database records: 210844
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 53214
Number of viruses found: 7
Number of infected objects: 4327
Number of suspicious objects: 0
Duration of the scan process: 01:58:58

Infected Object Name / Virus Name / Last Action
C:\!KillBox\Buddy.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.a skipped
C:\Documents and Settings\Jonathan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-5ad1bcbe-4ca870d5.zip/javainstaller/InstallerApplet.class Infected: Trojan-Downloader.Java.OpenStream.w skipped
C:\Documents and Settings\Jonathan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-5ad1bcbe-4ca870d5.zip ZIP: infected - 1 skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\System Volume Information\_restore{42448179-F96E-40DD-9773-28545D5D7179}\RP693\A0254832.exe Infected: Trojan-Downloader.Win32.Zlob.jl skipped
C:\System Volume Information\_restore{42448179-F96E-40DD-9773-28545D5D7179}\RP693\A0254841.bat Infected: Trojan.BAT.Netstop.t skipped
C:\System Volume Information\_restore{42448179-F96E-40DD-9773-28545D5D7179}\RP693\A0254842.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{42448179-F96E-40DD-9773-28545D5D7179}\RP693\A0254843.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\System Volume Information\_restore{42448179-F96E-40DD-9773-28545D5D7179}\RP693\A0254844.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
(a bunch of skipped down to this one)
C:\System Volume Information\_restore{42448179-F96E-40DD-9773-28545D5D7179}\RP693\A0259161.exe Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\WINDOWS\system32\interf.tlb Infected: Trojan-Downloader.Win32.Zlob.jh skipped

Scan process completed.
 
Download, install and update this freebie-Superantispyware http://www.superantispyware.com/download.html You will need it in safemode.

Download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ You will need it later in safe mode.

Update Ewido.

Go to 'control panel/java/' and delete the files in the temp section.

Next, please reboot your computer in Safe Mode by doing the following :

Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;

Instead of Windows loading as normal, a menu with options should appear;

Select the first option, to run Windows in Safe Mode, then press "Enter".

Choose your usual account.

Make sure non of your security programs are running.

Double-click on Killbox.exe to run it.
Put a tick by Standard File Kill.
In the "Full Path of File to Delete" box, copy and paste the following line.

C:\WINDOWS\system32\interf.tlb


Click on the button that has the red circle with the X in the middle after you enter the file.
It will ask for confimation to delete the file.
Click Yes.

Continuing from safemode, begin running your scans and let them delete what they find.Run them in this order.

Ewido
Superantispyware

Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Reboot into normal windows and run the online scan from 'Panda' here http://www.pandasoftware.com/products/activescan.htm Once finished, run 'HJT' again and post your new
 
You must log in or register to reply here.
Back
Top