|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
|
|
#1
January 4th, 2005, 12:07 AM
|
|||
|
|||
100% CPU Utilization- HijackThis log enclosed. Any ideas?
Hello, I have an IBM NetVista Workstation with 512MB memory and a 80GB HDD. When I boot my PC, it immediately reaches 100%CPU in the Windows Task Manager list. I have not installed any new software in the past 2 months. My Hijackthis Log file is pasted below... Please help. Thanks!
Kevin kdb_reborn@comcast.net Logfile of HijackThis v1.98.0 Scan saved at 12:07:28 PM, on 1/3/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\NavNT\defwatch.exe C:\WINDOWS\system32\cba\pds.exe c:\sdwork\issimsvc.exe C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE C:\WINDOWS\System32\NMSSvc.exe C:\Program Files\NavNT\rtvscan.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\cba\xfr.exe C:\WINDOWS\system32\MsgSys.EXE C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Analog Devices\SoundMAX\Smtray.exe C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe C:\PROGRA~1\NavNT\vptray.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Zone Labs\Integrity Client\iclient.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\regedit.exe C:\Documents and Settings\Kevin Brown\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe O4 - HKLM\..\Run: [Tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe /server" O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\gyqpywgl.exe O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe O4 - HKLM\..\Run: [BAD_System Update] C:\WINDOWS\System32\znqxbmhx.exe O4 - HKLM\..\Run: [BAD_dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [System Update] C:\WINDOWS\System32\wpxessqh.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - Global Startup: Integrity Client.lnk = C:\Program Files\Zone Labs\Integrity Client\iclient.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ibmus2.ibm.com O17 - HKLM\Software\..\Telephony: DomainName = ibmus2.ibm.com O17 - HKLM\System\CCS\Services\Tcpip\..\{04C2FBC3-CCCB-40A1-A383-F2E71C8F20A0}: Domain = ibm.com O17 - HKLM\System\CCS\Services\Tcpip\..\{04C2FBC3-CCCB-40A1-A383-F2E71C8F20A0}: NameServer = 9.0.8.1,9.0.9.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{0A090547-2305-4DDA-903D-2B9871B581EF}: Domain = ibm.com O17 - HKLM\System\CCS\Services\Tcpip\..\{0A090547-2305-4DDA-903D-2B9871B581EF}: NameServer = 9.0.8.1,9.0.9.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{4C04AB7E-E142-4C67-AD78-F1778BA866A9}: Domain = attbi.com O17 - HKLM\System\CCS\Services\Tcpip\..\{E504F7C3-E3AC-42DC-A2FC-C7780213CE30}: Domain = ibm.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ibmus2.ibm.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ibm.com,ibmus2.ibm.com O17 - HKLM\System\CS1\Services\Tcpip\..\{04C2FBC3-CCCB-40A1-A383-F2E71C8F20A0}: Domain = ibm.com O17 - HKLM\System\CS1\Services\Tcpip\..\{04C2FBC3-CCCB-40A1-A383-F2E71C8F20A0}: NameServer = 9.0.8.1,9.0.9.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ibm.com,ibmus2.ibm.com O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O21 - SSODL: Web Event Logger - {79FEACFF-FFCE-815E-A900-316290B5B738} - C:\WINDOWS\System32\Lfaodpgj.dll
|
|
#2
January 10th, 2005, 05:49 PM
|
|||
|
|||
|
Hi rafikki1,
if you still need help, please post a fresh HijackThis log. Tom
__________________
HijackThis Ad-aware Spybot Search & Destroy SpywareBlaster SpywareGuard Housecall Online A/V Scan Please read the stickys at the top of the forum before posting!
|
|
#3
January 18th, 2005, 03:01 AM
|
|||
|
|||
Im Good. Had a Korsky Worm on my box
Quote:
thanks for the willingness to help... Found a Korsky worm on my Netvista. All is well!!!! Thanks again Kevin kdb_reborn@comcast.net
|
|
#4
January 19th, 2005, 12:01 PM
|
|||
|
|||
|
Quote:
Feel free to post a fresh HijackThis log for final review. Also, you are seriously behind on Windows Updates. This leaves your computer open to many threats. You will just get infected again if you don't install these! You need (at the minimum, XP Service Pack 1, Internet Explorer Service Pack 1 and all the critical updates that go along with them). Installing XP Service Pack 2 is up to you. I suggest visiting your computer (or motherboard) manufacturer's website and see if there are any updates to their firmware or drivers needed before applying Service Pack 2. Please update Windows and Internet Explorer. Download each critical update one by one, rebooting when necessary.. Repeat this until you get the message "no critical updates available". http://windowsupdate.microsoft.com/ Tom
|
|
| Viewing: Dev Shed Forums > System Administration > Antivirus Protection > 100% CPU Utilization- HijackThis log enclosed. Any ideas? |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
