Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HJT log -- system stays at 100%

Started by ibroussard , Oct 31 2005 03:07 AM

  • Please log in to reply

#1
ibroussard
Posted 31 October 2005 - 03:07 AM

ibroussard

    Member

  • Member
  • PipPip
  • 12 posts
Symptoms -- On a laptop PC, if network cable is plugged in, processor goes to 100% and stays there. Task manager shows spooler.exe taking up almost all of the processor. If network cable is unplugged, processor stays at about 60% (most of it spooler.exe, some of it to services.exe). This is with no other applications running. Here's the log...

Thanks,
Ira

Logfile of HijackThis v1.99.1
Scan saved at 2:48:21 AM, on 10/31/2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\PackethSvc.exe
C:\WINNT\System32\drivers\trcboot.exe
C:\WINNT\System32\ati2evxx.exe
D:\Cisco Systems\VPN Client\cvpnd.exe
C:\WINNT\System32\DRIVERS\dcfssvc.exe
D:\Symantec\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINNT\System32\HPConfig.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
D:\Symantec\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINNT\System32\spooler.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\RexSvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\ZONELABS\minilog.exe
C:\WINNT\Explorer.Exe
C:\WINNT\System32\Atiptaxx.exe
C:\WINNT\System32\PRPCUI.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
D:\RealPlayer\realplay.exe
D:\RealJukebox\tsystray.exe
D:\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
D:\Symantec\SYMANT~1\SYMANT~1\vptray.exe
D:\XIRCOM\REX6000\IntellisyncForRex\rexsymon.exe
D:\Microsoft\ActiveSync 3.7\WCESCOMM.EXE
D:\Microsoft Office\Office\OSA.EXE
D:\Compaq\11Mbps Wireless LAN\Config.exe
D:\QUICKENW\QWDLLS.EXE
D:\ZoneAlarm Pro\ZoneAlarm\zapro.exe
D:\Intuit\QuickBooks\Components\QBAgent\qbdagent2001.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
D:\America Online 6.0\aoltray.exe
D:\lotus\wordpro\ltsstart.exe
D:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=interlock:80;gopher=interlock:80;http=interlock:80;https=interlock:80;socks=interlock:80
F2 - REG:system.ini: Shell=C:\WINNT\Explorer.Exe
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINNT\System32\nzdd.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RealTray] D:\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [RealJukeboxSystray] D:\RealJukebox\tsystray.exe
O4 - HKLM\..\Run: [EM_EXEC] D:\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [vptray] D:\Symantec\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [RexSyMon] D:\XIRCOM\REX6000\IntellisyncForRex\rexsymon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Microsoft\ActiveSync 3.7\WCESCOMM.EXE"
O4 - Startup: America Online 6.0 Tray Icon.lnk = D:\America Online 6.0\aoltray.exe
O4 - Startup: Lotus QuickStart.lnk = D:\lotus\wordpro\ltsstart.exe
O4 - Global Startup: Office Startup.lnk = D:\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = D:\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Configuration Utility.lnk = D:\Compaq\11Mbps Wireless LAN\Config.exe
O4 - Global Startup: RealDownload.lnk = D:\RealDownload\Realdownload.exe
O4 - Global Startup: MQSeries Task Bar.lnk = D:\MQSeries\bin\amqmtbrn.exe
O4 - Global Startup: Quicken Startup.lnk = D:\QUICKENW\QWDLLS.EXE
O4 - Global Startup: Billminder.lnk = D:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: ZoneAlarm Pro.lnk = D:\ZoneAlarm Pro\ZoneAlarm\zapro.exe
O4 - Global Startup: QuickBooks 2001 Delivery Agent.lnk = D:\Intuit\QuickBooks\Components\QBAgent\qbdagent2001.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office XP\Office10\OSA.EXE
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
O4 - Global Startup: VPN Client.lnk = D:\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - d:\Microsoft\ActiveSync 3.7\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - d:\Microsoft\ActiveSync 3.7\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - d:\Microsoft\ActiveSync 3.7\INETREPL.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: Sametime Meeting Room Client ST20H3 - http://www-125.ibm.c...gRoomClient.cab
O16 - DPF: {2B9D3FB5-44D9-4063-A0E4-AF3F3CB15555} (JNILoader Control) - http://www-125.ibm.c...STJNILoader.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.nor...n/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4AE782A3-35C1-49A5-98B1-AE6C70EEF2BD}: NameServer = 207.218.192.38,207.218.192.39
O17 - HKLM\System\CCS\Services\Tcpip\..\{93CA36DF-E694-481A-A37A-08CD714B5B71}: NameServer = 207.218.192.38,207.218.192.39
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD6E17A4-D552-4A70-81D6-5FDE2AB0006D}: NameServer = 207.218.192.38,207.218.192.39
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\ati2evxx.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - D:\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINNT\System32\DRIVERS\dcfssvc.exe
O23 - Service: DefWatch - Symantec Corporation - D:\Symantec\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: HP Configuration Service (HPConfig) - Hewlett-Packard - C:\WINNT\System32\HPConfig.exe
O23 - Service: TrueVector Basic Logging Client (minilog) - Zone Labs Inc. - C:\WINNT\system32\ZONELABS\minilog.exe
O23 - Service: IBM MQSeries (MQSeriesServices) - IBM Corporation - D:\MQSeries\bin\AMQSVC.EXE
O23 - Service: NICSer_WPC54 - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - D:\Symantec\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINNT\System32\PackethSvc.exe
O23 - Service: Print Spool Handler (Print Spooler) - Unknown owner - C:\WINNT\System32\spooler.exe
O23 - Service: USB to Serial COM Port Messages (RexService) - Unknown owner - C:\WINNT\SYSTEM32\RexSvc.exe
O23 - Service: TrcBoot - Unknown owner - C:\WINNT\System32\drivers\trcboot.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZONELABS\vsmon.exe
  • 0

Advertisements

#2
ukbiker
Posted 07 November 2005 - 02:50 PM

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi There

I am UKBiker and I will be helping you with this log. Let me have a look through it and I will post back here soon.
  • 0

#3
ukbiker
Posted 07 November 2005 - 04:23 PM

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi There

I am looking through your log, but in the meantime, would you please do the following


Update Ewido and run it in Safe mode. Have it fix everything it finds. save a copy of the scan report.

Reboot into normal mode.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post. Along with a fresh HJT log and the Ewido scan report.

  • 0

#4
ukbiker
Posted 14 November 2005 - 10:12 AM

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi there

can you tell me how you are getting on please?
  • 0

#5
ibroussard
Posted 14 November 2005 - 10:19 AM

ibroussard

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I got sidetracked on this, but hopefully will be able to work on it in the next day or so. When you say run Ewido in safe mode, do you mean boot the PC in safe mode then run it, or does Ewido have something called "safe mode"?

I'm a little hesitant about running Ewido. Last week I installed and ran it on another PC. If found a few things and deleted them. However, after I uninstalled Ewido, the next time I booted I had quite a few corrupt files that CHKDSK deleted. This almost never happens to me, so I'm wondering if Ewido had something to do with it.

Where is Gloucestershire? I have visited South UK (Winchester, Hampshire) once or twice a year on business for the last fifteen years. IBM has a large development lab in that area.

Thanks,
Ira
  • 0

#6
ukbiker
Posted 14 November 2005 - 10:28 AM

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi There

just to clarify, update Ewido, then boot into safe mode and run ewido as instructed. I think that the problems you mentioned are unconnected to the ewido scan, but remember, ewido can undo its removal and restore anything deleted from its backup. Its more likely that it was the uninstall that gave you problems, personally I wouldnt uninstall Ewido, after the free trial expires, you still have the update facility and on demand scanning available as a freebie, it is an excellent application to have onboard.

Gloucestershire is in the South west of the UK.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP