CPU problem

Discussion in 'adware, spyware & hijack cleaning' started by Brian McMahan, May 10, 2004.

Thread Status:
Not open for further replies.
  1. Lately I have been having trouble with my computer. After about 20 minutes after I connect to the net (56k dial up), my cpu will lock up to 100% and everything will go super sluggish. I went around normal, just having task manager and msn messenger open. And still after the 20 minutes, task manager shows CPU at 100%, but memory at about 30%.

    My computer specs are :
    AMD Athlon 950 Mhz
    Nvideo Gforce FX 5600 w/ 256 mb ddr
    128 MB SDRAM
    40 gig maxtor harddrive
    30 gig harddrive ( can't remember brand )
    DVD ROm and Soiny CD RW

    I did an Ad aware scan, and a hijack log.

    Logfile of HijackThis v1.97.7
    Scan saved at 7:42:14 PM, on 5/10/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    D:\WINNT\System32\smss.exe
    D:\WINNT\system32\winlogon.exe
    D:\WINNT\system32\services.exe
    D:\WINNT\system32\lsass.exe
    D:\WINNT\system32\svchost.exe
    D:\WINNT\system32\spoolsv.exe
    D:\WINNT\System32\svchost.exe
    D:\PROGRA~1\Navnt\navapsvc.exe
    D:\PROGRA~1\Navnt\npssvc.exe
    D:\WINNT\System32\nvsvc32.exe
    D:\WINNT\system32\regsvc.exe
    D:\WINNT\system32\MSTask.exe
    D:\WINNT\System32\WBEM\WinMgmt.exe
    D:\WINNT\system32\svchost.exe
    D:\WINNT\Explorer.EXE
    D:\PROGRA~1\Navnt\alertsvc.exe
    D:\Program Files\NetWaiting\netwaiting.exe
    D:\WINNT\system32\sccmgr.exe
    D:\WINNT\system32\RUNDLL32.EXE
    D:\Program Files\Navnt\navapw32.exe
    D:\Documents and Settings\Brian1\My Documents\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310}_ - (no file)
    R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
    R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
    O2 - BHO: (no name) - {3212BCA5-DFC1-4587-AD42-A4462C1D417E} - (no file)
    O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FB-EF60B19DB42E} - D:\PROGRA~1\Srng\SNHelper.dll (file missing)
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINNT\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [NPS Event Checker] D:\PROGRA~1\Navnt\npscheck.exe
    O4 - HKLM\..\Run: [Windows Service] winsvc.exe
    O4 - HKLM\..\Run: [ModemOnHold] D:\Program Files\NetWaiting\netwaiting.exe
    O4 - HKLM\..\Run: [NeroCheck] D:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [TV Media] D:\Program Files\TV Media\Tvm.exe
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = D:\Program Files\Navnt\navapw32.exe
    O8 - Extra context menu item: Download with TrueSpeed Download Manager - D:\Program Files\TrueSpeed\DBooster.htm
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_41.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/135c8a529869b9719100/netzip/RdxIE601.cab
    O16 - DPF: {5C7F15E1-F31A-44FD-AA1A-2EC63AAFFD3A} - http://www.atelys.com/src/Speedup.ocx
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38083.9103009259
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D6B2DD49-9184-4334-92E1-D2432EBD2C4E} (Ircchat Control) - http://www.eyechat.org/ircchat.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab27571.cab



    If you could help me, thanks a bunch.


    Brian McMahan
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    Hi Brian McMahan,

    Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:


    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310}_ - (no file)
    R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
    R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
    O2 - BHO: (no name) - {3212BCA5-DFC1-4587-AD42-A4462C1D417E} - (no file)
    O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FB-EF60B19DB42E} - D:\PROGRA~1\Srng\SNHelper.dll (file missing)

    O4 - HKLM\..\Run: [Windows Service] winsvc.exe

    O4 - HKLM\..\Run: [TV Media] D:\Program Files\TV Media\Tvm.exe

    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/135c8a529869b9719100/netzip/RdxIE601.cab

    Then reboot into safe mode and delete:
    D:\Program Files\TV Media <= entire folder
    winsvc.exe <= probably http://www.sophos.com/virusinfo/analyses/w32sdboto.html

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.