RE: CMD Slowing machine
From: Boenerge (Boenerge_at_discussions.microsoft.com)
Date: 12/13/04
- Next message: Lauren: "Unkown file in My Documents"
- Previous message: Steve N.: "Re: IP address conflict"
- In reply to: taipan541: "RE: CMD Slowing machine"
- Next in thread: Alex Nichol: "Re: CMD Slowing machine"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 13 Dec 2004 08:19:08 -0800
"taipan541" wrote:
>
>
> "Boenerge" wrote:
>
> > I am running XP home edition with SP2. The cmd.exe is running 5-6 processes
> > in the task manager which is using 100% ofthe CPU - slowing the machine down.
> > I have run a full system virus check (norton), also spyware (spybot, ad aware
> > and spyblaster). I also ran hijackthis, here are the reults:
> > Running processes:
> > C:\WINDOWS\System32\smss.exe
> > C:\WINDOWS\system32\winlogon.exe
> > C:\WINDOWS\system32\services.exe
> > C:\WINDOWS\system32\lsass.exe
> > C:\WINDOWS\system32\cmd.exe
> > C:\WINDOWS\system32\svchost.exe
> > C:\WINDOWS\system32\cmd.exe
> > C:\WINDOWS\system32\cmd.exe
> > C:\WINDOWS\system32\cmd.exe
> > C:\WINDOWS\System32\svchost.exe
> > C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
> > C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
> > C:\WINDOWS\Explorer.exe
> > C:\WINDOWS\system32\spoolsv.exe
> > C:\WINDOWS\system32\cisvc.exe
> > C:\Program Files\Norton AntiVirus\navapsvc.exe
> > C:\WINDOWS\system32\nvsvc32.exe
> > C:\Program Files\Norton AntiVirus\SAVScan.exe
> > C:\WINDOWS\System32\svchost.exe
> > C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
> > C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
> > C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
> > C:\Program Files\Common Files\Symantec Shared\ccApp.exe
> > C:\Program Files\Advanced System Optimizer\adblock.exe
> > C:\WINDOWS\system32\ctfmon.exe
> > C:\WINDOWS\system32\cmd.exe
> > C:\WINDOWS\system32\cmd.exe
> > C:\WINDOWS\system32\cmd.exe
> > C:\WINDOWS\system32\wuauclt.exe
> > C:\Program Files\Internet Explorer\iexplore.exe
> > C:\Program Files\Norton AntiVirus\OPScan.exe
> > D:\temp\Computer\HijackThis.exe
> >
> > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
> > http://www.tesco.net/
> > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
> > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
> > http://www.tesco.net
> > R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
> > R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
> > F0 - system.ini: Shell=Explorer.exe winsock.scr
> > F2 - REG:system.ini: Shell=Explorer.exe winsock.scr
> > O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program
> > Files\Yahoo!\common\ycomp5_2_3_0.dll
> > O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
> > Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
> > O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
> > C:\PROGRA~1\SPYBOT~1\SDHelper.dll
> > O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
> > Files\Norton AntiVirus\NavShExt.dll
> > O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
> > C:\Program Files\Yahoo!\common\ycomp5_2_3_0.dll
> > O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
> > C:\Program Files\Norton AntiVirus\NavShExt.dll
> > O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program
> > Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
> > O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
> > Shared\ccApp.exe"
> > O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
> > C:\WINDOWS\system32\NvCpl.dll,NvStartup
> > O4 - HKLM\..\Run: [dxset.exe] C:\WINDOWS\dxsetu.exe
> > O4 - HKCU\..\Run: [Systweak Ad and Popup Blocker] "C:\Program Files\Advanced
> > System Optimizer\adblock.exe"
> > O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
> > O8 - Extra context menu item: E&xport to Microsoft Excel -
> > res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
> > O9 - Extra button: Research (HKLM)
> > O12 - Plugin for .mp3: C:\Program Files\Internet
> > Explorer\PLUGINS\npqtplugin3.dll
> > O14 - IERESET.INF: START_PAGE_URL=http://www.tesco.net
> > O16 - DPF: NTLSignup - https://register.tesco.net/tesco/NTLSignup.cab
> > O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX
> > Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
> > O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) -
> > http://download.yahoo.com/dl/installs/bt/yregucfg.cab
> > O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
> > http://download.yahoo.com/dl/installs/yinst.cab
> > O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update
> > Installation Engine) -
> > http://office.microsoft.com/officeupdate/c...ontent/opuc.cab
> > O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) -
> > https://webresponse.one.microsoft.com/OAS/A...iveX/winrep.cab
> > O16 - DPF: {567A0EA2-5C76-497C-B95A-471944A1C843} (olConfig.onelogConfig) -
> > http://webrouter.hud.ac.uk/downloads/files/olBrow.CAB
> > O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -
> > http://v4.windowsupdate.microsoft.com/CAB/...8043.2035648148
> > O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) -
> > http://www.microsoft.com/security/controls.../20/SassCln.CAB
> > O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) -
> > http://register.btinternet.com/templates/b...bcontrol023.cab
> > O17 -
> > HKLM\System\CCS\Services\Tcpip\..\{E94222E0-078C-4CB5-A855-7D596302C61E}:
> > NameServer = 194.168.4.100 194.168.8.100
> >
> > Any further help will be gratefully received.
> > Thanks
>
> Hi Boenerge!!
> Hm, i am amazed that there is cmd runnin in da task manager??izzit in da
> background or foreground? is this matter juz happened or it had been happenin
> long time ago since you start using?? well, some viruses use stealth status
> that it cant be detected by almost all anti-viruses program. Also some
> viruses injects itself into other application and it is dificult for
> anti-virus software to scan. So all you gotta do is to investigate this
> virus. Try ending task at task manager one by one and try your machine. then
> if u get the correct name for the virus, try to search that file and delete
> it in 'safe mode'. ( only delete application that u suspect there is virus).
> From the list you showed, i can name you some of adware/spyware you have got.
> well, hope it helps. Byezzz!!!~~~
Taipan 541 I forgot, could you name the adware and spyware and how to get
rid of it.
Thanks
Boenerge
- Next message: Lauren: "Unkown file in My Documents"
- Previous message: Steve N.: "Re: IP address conflict"
- In reply to: taipan541: "RE: CMD Slowing machine"
- Next in thread: Alex Nichol: "Re: CMD Slowing machine"
- Messages sorted by: [ date ] [ thread ]
