CPU problem

Discussion in 'adware, spyware & hijack cleaning' started by Brian McMahan, May 10, 2004.

Thread Status:
Not open for further replies.
  1. Lately I have been having trouble with my computer. After about 20 minutes after I connect to the net (56k dial up), my cpu will lock up to 100% and everything will go super sluggish. I went around normal, just having task manager and msn messenger open. And still after the 20 minutes, task manager shows CPU at 100%, but memory at about 30%.

    My computer specs are :
    AMD Athlon 950 Mhz
    Nvideo Gforce FX 5600 w/ 256 mb ddr
    128 MB SDRAM
    40 gig maxtor harddrive
    30 gig harddrive ( can't remember brand )
    DVD ROm and Soiny CD RW

    I did an Ad aware scan, and a hijack log.

    Logfile of HijackThis v1.97.7
    Scan saved at 7:42:14 PM, on 5/10/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    D:\WINNT\System32\smss.exe
    D:\WINNT\system32\winlogon.exe
    D:\WINNT\system32\services.exe
    D:\WINNT\system32\lsass.exe
    D:\WINNT\system32\svchost.exe
    D:\WINNT\system32\spoolsv.exe
    D:\WINNT\System32\svchost.exe
    D:\PROGRA~1\Navnt\navapsvc.exe
    D:\PROGRA~1\Navnt\npssvc.exe
    D:\WINNT\System32\nvsvc32.exe
    D:\WINNT\system32\regsvc.exe
    D:\WINNT\system32\MSTask.exe
    D:\WINNT\System32\WBEM\WinMgmt.exe
    D:\WINNT\system32\svchost.exe
    D:\WINNT\Explorer.EXE
    D:\PROGRA~1\Navnt\alertsvc.exe
    D:\Program Files\NetWaiting\netwaiting.exe
    D:\WINNT\system32\sccmgr.exe
    D:\WINNT\system32\RUNDLL32.EXE
    D:\Program Files\Navnt\navapw32.exe
    D:\Documents and Settings\Brian1\My Documents\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310}_ - (no file)
    R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
    R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
    O2 - BHO: (no name) - {3212BCA5-DFC1-4587-AD42-A4462C1D417E} - (no file)
    O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FB-EF60B19DB42E} - D:\PROGRA~1\Srng\SNHelper.dll (file missing)
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINNT\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [NPS Event Checker] D:\PROGRA~1\Navnt\npscheck.exe
    O4 - HKLM\..\Run: [Windows Service] winsvc.exe
    O4 - HKLM\..\Run: [ModemOnHold] D:\Program Files\NetWaiting\netwaiting.exe
    O4 - HKLM\..\Run: [NeroCheck] D:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [TV Media] D:\Program Files\TV Media\Tvm.exe
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = D:\Program Files\Navnt\navapw32.exe
    O8 - Extra context menu item: Download with TrueSpeed Download Manager - D:\Program Files\TrueSpeed\DBooster.htm
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_41.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/135c8a529869b9719100/netzip/RdxIE601.cab
    O16 - DPF: {5C7F15E1-F31A-44FD-AA1A-2EC63AAFFD3A} - http://www.atelys.com/src/Speedup.ocx
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38083.9103009259
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D6B2DD49-9184-4334-92E1-D2432EBD2C4E} (Ircchat Control) - http://www.eyechat.org/ircchat.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab27571.cab



    If you could help me, thanks a bunch.


    Brian McMahan
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi Brian McMahan,

    Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:


    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310}_ - (no file)
    R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
    R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
    O2 - BHO: (no name) - {3212BCA5-DFC1-4587-AD42-A4462C1D417E} - (no file)
    O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FB-EF60B19DB42E} - D:\PROGRA~1\Srng\SNHelper.dll (file missing)

    O4 - HKLM\..\Run: [Windows Service] winsvc.exe

    O4 - HKLM\..\Run: [TV Media] D:\Program Files\TV Media\Tvm.exe

    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/135c8a529869b9719100/netzip/RdxIE601.cab

    Then reboot into safe mode and delete:
    D:\Program Files\TV Media <= entire folder
    winsvc.exe <= probably http://www.sophos.com/virusinfo/analyses/w32sdboto.html

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.