Tech Support Guy banner
Status
Not open for further replies.
1 - 4 of 4 Posts

·
Registered
Joined
·
3 Posts
Discussion Starter · #1 ·
Hello all,

I am new to these forums and I have a bit of a problem, ok, a few problems.

1.) My task manager won't load, it just shows a busy sign on the mouse then the busy sign disappears and nothing happens, I tried running "taskmgr" with the Run command and it says the program is in use, probably a virus? I don't know.

2.) Regedit won't run, simply shows a window saying "Regedit.com" then "The NTVDM CPU has encountered an illegal instruction."

NOTE: Regedit DOES work if I use "regedt32" instead of "regedit" in the Run command line. Or if I use "regedit.exe". I am afraid to delete Regedit.com though.

3.) Command prompt won't run, same problem as above only with "Cmd.com"

NOTE: Command Prompt DOES work if I click the icon either in the quick launch or in the start menu, which links to "cmd.exe". Typing "cmd.exe" in the Run command line also works. I am afraid to delete Cmd.com though.

4.) Computer has been running really slow, I am not sure of why, but it takes a good while to load and even then it runs sluggish, I have Trend PC-Cillin updated to pattern 701 and it doesn't notice any viruses, I also use Norton Internet Security.

Here is my HijackThis log.

------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 11:36:12 PM, on 26/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
S:\Program Files\Norton Internet Security Family Edition\NISUM.EXE
s:\PROGRA~1\Navnt\npssvc.exe
C:\WINDOWS\System32\nvsvc32.exe
s:\Program Files\Trend Micro\PC-cillin 2003\Tmntsrv.exe
S:\Program Files\Norton Internet Security Family Edition\NISSERV.EXE
s:\Program Files\Trend Micro\PC-cillin 2003\tmproxy.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
S:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe
S:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe
S:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe
S:\Program Files\Norton Internet Security Family Edition\IAMAPP.EXE
V:\Utils\Winamp\Winampa.exe
V:\Utils\Daemon Tools\daemon.exe
V:\Utils\Nokia PC Suite\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\winupdates\winupdates.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\GEORGE~1.OMG\LOCALS~1\Temp\Rar$EX01.645\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - S:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Home\wsbho2k0.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - V:\Utils\FlashGet\jccatch.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - V:\Utils\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [pccguide.exe] "s:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "s:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "s:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] ;rem C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "V:\Utils\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [SmcService] S:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [QuickTime Task] "V:\Utils\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NPS Event Checker] s:\PROGRA~1\Navnt\npscheck.exe
O4 - HKLM\..\Run: [iamapp] "S:\Program Files\Norton Internet Security Family Edition\IAMAPP.EXE"
O4 - HKLM\..\Run: [WinampAgent] "V:\Utils\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "V:\Utils\Daemon Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PCSuiteTrayApplication] V:\Utils\Nokia PC Suite\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Microsoft Office.lnk = Q:\program files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - V:\Utils\AIM\aim.exe (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - V:\Utils\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - V:\Utils\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1095255762050
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O23 - Service: NAV Alert - Symantec Corporation - s:\PROGRA~1\Navnt\alertsvc.exe
O23 - Service: NAV Auto-Protect - Symantec Corporation - s:\PROGRA~1\Navnt\navapsvc.exe
O23 - Service: Norton Internet Security Family Edition Service (NISSERV) - Symantec Corporation - S:\Program Files\Norton Internet Security Family Edition\NISSERV.EXE
O23 - Service: NISUM - Symantec Corporation - S:\Program Files\Norton Internet Security Family Edition\NISUM.EXE
O23 - Service: Norton Program Scheduler - Symantec Corporation - s:\PROGRA~1\Navnt\npssvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - S:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - s:\Program Files\Trend Micro\PC-cillin 2003\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - s:\Program Files\Trend Micro\PC-cillin 2003\tmproxy.exe

Any help you guys can provide will be greatly appreciated.

Thanks in advance :).

- George Daneliuc
 

·
Registered
Joined
·
47 Posts
I can tell you already you have some type of bug - don't have time yet tho to look at your log 'cause I'm stepping out of the door.

In Windows, *.COM files always run first if there's a cmd.com versus a cmd.exe. That's why it's always a good idea to type the whole name "cmd.exe" like you did. You can delete the *.com files (regedit.com and cmd.com)

-nt20
 

·
Registered
Joined
·
1 Posts

·
Registered
Joined
·
3 Posts
Discussion Starter · #4 ·
I cleaned the virus, but the slow-down continues, is there any chance anyone else can help? I have Ewido, Norton Antivirus 2005, Trend PC-Cillin, Spy Sweeper
 
1 - 4 of 4 Posts
Status
Not open for further replies.
Top