Tech Support Guy banner
Status
Not open for further replies.
1 - 10 of 10 Posts

·
Registered
Joined
·
8 Posts
Discussion Starter · #1 ·
This question is actually going to be for a friend of mine mostly and secondly for me. We have the same issue.

Note:
  • We both have Norton Antivirus 2007 and the latest updates
  • We both Have Zone Alarm Pro and the latest updates
  • We both have all the latest drivers for all our hardware and use third party driver toolkits just to be sure about it
  • We both Recently formated and reinstalled windows and made sure we have all the latest windows updates
  • We both scan for viruses and other types of malware religiously
  • We are NOT overclocking
System specs :
My system specs
Code:
[B]Operating System[/B]
Windows XP Professional Service Pack 2 (build 2600)

[B]System Model[/B]
Compaq Presario 061 DT078A-ABA S6030NX NA410 0n41411RE101KAME210
Enclosure Type: Desktop

[B]Processor[/B]
2.07 gigahertz AMD Athlon XP
128 kilobyte primary memory cache
512 kilobyte secondary memory cache

[B]Memory Modules[/B]
960 Megabytes Installed Memory

Slot 'A0' has 512 MB
Slot 'A1' has 512 MB

[B]Local Drive Volumes[/B]
c: (NTFS on drive 0) 81.95 GB 65.65 GB free 
d: (NTFS on drive 1) 20.41 GB 17.04 GB free

[B]Drives[/B]
102.37 Gigabytes Usable Hard Drive Capacity
82.69 Gigabytes Hard Drive Free Space

ASUS CRW-4824AH [CD-ROM drive]
IDE-DVD ROM 16x [CD-ROM drive]
3.5" format removeable media [Floppy drive]

Maxtor 4R080L0 [Hard drive] (81.96 GB) -- drive 0
QUANTUM FIREBALLlct20 20 [Hard drive] (20.42 GB) -- drive 1, s/n 352106361639, rev APL.0900, SMART Status: Healthy

[B]Display[/B]
VIA/S3G UniChrome IGP [Display adapter]
HP MX75 [Monitor] (15.7"vis, s/n THLEH17839, February 2002)

[B]Communications[/B]
SoftV92 Data Fax Modem
1394 Net Adapter
NETGEAR WG311v3 802.11g Wireless PCI Adapter
VIA Rhine II Fast Ethernet Adapter

The problem -
For some strange reason my computer will be completely idle and out of nowhere the CPU will start running high (fast).

I mean, it's literally out of nowhere because there are no changes in whatever i am doing. I will leave the computer completely untouched, without being connected to the internet and the CPU will just go off on its own running at high speeds out of nowhere. I don't even have a screensaver.
 

·
Registered
Joined
·
11,849 Posts
Welcome to TSG....

I just want to see what processes are running etc.

To download HJTsetup.exe To Download HijackThis go to the following: http://www.thespykiller.co.uk/forum/index.php?action=tpmod;dl=item5
Filename = 1137518044HJTsetup.exe

Save the file to your desktop.
Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\HijackThis.
Continue to click Next in the setup dialog boxes until you get to the Select Additional Tasks dialog.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialog box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
At the top of the Notepad HJT log screen, hit Edit then Select All then click Edit and then click Copy doing that copies the text to the clipboard, you won't see it yet....
Come back here to this thread and Paste the log in your next reply. DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

A security expert should take a look at your log - please be patient.
 

·
Registered
Joined
·
8 Posts
Discussion Starter · #3 ·
Here you go

Logfile of HijackThis v1.99.1
Scan saved at 9:40:43 PM, on 1/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
Code:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\StillSecure\Safe Access Agent\SAService.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\NORTON~1\navw32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Danny Michel\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.ny-dev.com/[/url]
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {465E08E7-F005-4389-980F-1D8764B3486C} - (no file)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - [url]http://www.tenebril.com/assets/activeX/SpywareScanner.ocx[/url]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1164829910078[/url]
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - [url]http://www.trendmicro.com/spyware-scan/as4web.cab[/url]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Safe Access Agent (SafeAccessAgent) - StillSecure - C:\Program Files\StillSecure\Safe Access Agent\SAService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 

·
Registered
Joined
·
475 Posts
Check out this process: ALCXMNTR.EXE I seem to remember that it's a tracking program for music? May be phoning home? After getting IE7 many users noted high/unexplained CPU function. IE7 activated a Microsoft advanced language text switching feature in XP called ctfmon.exe. If you plan to keep all your system's text in English all the time, go to Control Panel>Regional and Language Options>Languages>Detail>Advanced, and check the box for "Turn off advanced text services." Ctfmon.exe will stop running in the background.
 

·
Registered
Joined
·
1,182 Posts
Ad-Aware SE Personal
I run this daily

SpywareBlaster 3.5.1
I update once a week (keeps bad pages with known malware that cold cause damage from being displayed.)

Spybot - Search & Destroy
Daily or every other day

CwShredder
This is one I only use once a week or month lol but good to have

AVG Anti-Spyware
In order to get full use of this one you have to buy it but has a free trial. Good program to have and run before you run Hijackthis. (just another tool to remove spyware that the other two may miss) Only download if you are having a serious issue unless you want to pay and have it.

Download and update (update is very important before you scan) boot into safe mode (You do not need to boot into safe mode every time to run programs. Some malware cannot be fully removed or detected unless you are in Safemode, This is why I recommend running it the first time in safe mode then perhaps once a month in safe mode)

With some computers if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the "F8 key", tap the "F8 key" continuously until you get the startup menu.

Scan the computer,

Boot backup into Normal mode, download

This program here is more what I'm thinking you may need but having the others is always a good thing.
CodeStuff Starter manage your startup programs

Disable all startup programs that you "do not" need running at startup.

A guide to hep keep a smooth system.
Maintain your system with Windows XP

Diskeeper
The best program to use for defragging
 

·
Registered
Joined
·
2,344 Posts
Sometimes the problems are more deep seeded than those programs can work with. They alone will not provide absolute protection.

1101doc, OneLuv and schusterjo: unless you are authorised by the moderators of TSG to handle malware issues, it is NOT recommended to provide more than pointers or concern towards a HijackThis log. Providing actual assistance, when you are not qualified to do so, can lead to serious problems on the person's machine if they approach it without consultation. It can also lead to temporary or permanent removal from TSG (depending on how serious the moderators see this).
 

·
Registered
Joined
·
1,182 Posts
Techkid, far as i see nobody is even said one thing mentioning any pointer regardin Hijackthis. Adaware,spybot search and destroy ,spyblaster and AVg antispyware are all commonly recommended programs from every tech help forum. It always good to have spyware remover along with the virus protection. Why the heck you think Microsoft came out with their own spyware scanner called defender? Nobody recommended one thing about removing anything from Hijackthis log.
Examples across the web
http://forums.g4tv.com/messageview.cfm?catid=64&threadid=192397

http://www.pcguide.com/vb/showthread.php?t=15179

http://www.tech-forums.net/showthread.php?threadid=36259

http://forums.tomcoyote.org/index.php?showtopic=57813

1000's of more forums offer the same advice.

Another good page to check out is this one
http://spywarewarrior.com/rogue_anti-spyware.htm
shows you all the bad spyware removers (is yours on the list) and also shows you the good ones towards the bottom, (the ones I recommend are on that list) Always best to use more then just one spyware remover becuase no one is 100% nor is having a few of them but it is closer to 100% then just using one. It may find things the other didn't and vise verse

Scanning for spyware is recommend, it will cause your Internet speed to be slow, can cause damage to your computer if you do not scan.

Startup, controlling startup programs is most defiantly advised by any tech, You have way to many things running at the same time your computer takes forever to boot and is very slow during operation.

So, read before you make such a comment, LOL whats funny is if you don't recommend such programs your computer is probably filled with stuff you don't even know about.
 

·
Registered
Joined
·
15 Posts
sinjix, that's Microsoft Windows for ya :up: . Unnecessary usage of system resources out of nowhere. Who knows what it could be? A security threat, M$ background process, another program? The only permanent solution is find an operating system that doesn't hog all of your cpu and memory. Unfortunately for most people, this rules out everything except Linux.
 

·
Registered
Joined
·
2,344 Posts
schusterjo: OK. I may have over-reacted in regards to my post. But OneLuv and 1101doc are most likely borderline. It still had to be said, though.
 
1 - 10 of 10 Posts
Status
Not open for further replies.
Top