Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please help to diagonsis. My PC is so slow


  • This topic is locked This topic is locked
1 reply to this topic

#1 puikay

puikay

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 18 August 2004 - 09:18 AM

When I started the computer I found out that my CPU usage is 100%. Below is the log. Please advise me on how to fix the problem. Thank you.

Logfile of HijackThis v1.98.2
Scan saved at 2:04:10, on 18/8/2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\msnmsgr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\Promon.exe
C:\WINNT\loadqm.exe
C:\WINNT\System32\Rundll32.exe
C:\Program Files\Common
Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\NETVIGATOR\NETVIGATOR
BROADBAND\driver\cFosDNT.exe
C:\WINNT\System32\internat.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINNT\System32\mdm.exe
C:\Downloads\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO -
{02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program
Files\Yahoo!\Messenger\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat
6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) -
{53707962-6F74-2D53-2644-206D7942484F} - C:\Program
Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IeCatch2 Class -
{A5366673-E8CA-11D3-9CD9-0090271D075B} -
C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: NTIECatcher Class -
{C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program
Files\Xi\Net Transport\NTIEHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1028,收音機[&R] -
{8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar -
{E0E899AB-F487-11D5-8D29-0050BA6940E3} -
C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Yahoo! Companion -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Messenger\ycomp5_1_6_0.dll
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [Synchronization Manager]
mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AxFilter] Rundll32.exe
C:\WINNT\DOWNLO~1\AxFilter.dll,Rundll32
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program
Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [cFosDNT] C:\Program
Files\NETVIGATOR\NETVIGATOR
BROADBAND\driver\cFosDNT.exe
O4 - HKLM\..\Run: [Windows Login] msnmsgr.exe
O4 - HKLM\..\RunServices: [Windows Login] msnmsgr.exe
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program
Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program
Files\ICQLite\ICQLite.exe -trayboot
O8 - Extra context menu item: Download all by Net
Transport - C:\PROGRA~1\Xi\NETTRA~1\NTAddList.html
O8 - Extra context menu item: Download by Net
Transport - C:\PROGRA~1\Xi\NETTRA~1\NTAddLink.html
O8 - Extra context menu item: E&xport to Microsoft
Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 使用 FlashGet 下載 -
C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 全部使用 FlashGet 下載 -
C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINNT\System32\msjava.dll
O9 - Extra button: 建立行動最愛 -
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program
Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program
Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: 建立行動最愛... -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program
Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: 手機短信 -
{5DA5CC16-90A8-4c78-AB5E-596BAEDD1289} -
http://sms.3721.com/ie/index.htm (file missing)
O9 - Extra button: ICQ Pro -
{6224f700-cba3-4071-b251-47cb894244cd} -
C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ -
{6224f700-cba3-4071-b251-47cb894244cd} -
C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: ICQ 4.0 -
{B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program
Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite -
{B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program
Files\ICQLite\ICQLite.exe
O9 - Extra button: Related -
{c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links -
{c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINNT\web\related.htm
O9 - Extra button: Real.com -
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: FlashGet -
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet -
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Yahoo! Messenger -
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C}
(Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71}
(RdxIE Class) -
http://207.188.7.150/13b7a2b432ae828a6506/...RdxIE601_tw.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61}
(趨勢科技線上掃毒程式) -
http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
(MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68}
(InstallShield International Setup Player) -
http://www.installengine.com/engine/isetup.cab
O16 - DPF: {A2979615-DC81-4AE4-A153-912E3C227058}
(Yahoo! 相簿輕鬆上載工具 Class) -
http://us.dl1.yimg.com/download.yahoo.com/...ropper1_1hk.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
(PopCapLoader Object) -
http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88}
(&Yahoo! Companion) -
http://us.dl1.yimg.com/download.companion....ebio5_1_6_0.cab
O17 -
HKLM\System\CS2\Services\Tcpip\..\{407F6ABE-6CB6-4684-BDBF-275E9114D69C}:
NameServer = 218.102.32.208 205.252.144.119

BC AdBot (Login to Remove)

 


m

#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,393 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:18 AM

Posted 18 August 2004 - 01:08 PM

I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button

O4 - HKLM\..\Run: [AxFilter] Rundll32.exe C:\WINNT\DOWNLO~1\AxFilter.dll,Rundll32
O4 - HKLM\..\Run: [Windows Login] msnmsgr.exe
O4 - HKLM\..\RunServices: [Windows Login] msnmsgr.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -http://207.188.7.150/13b7a2b432ae828af6506/...RdxIE601_tw.cab


Reboot your computer into Safe Mode and delete the following files:

Then delete these files or directories (Do not be concerned if they do not exist)

AxFilter.dll <-- search for and delete this file
C:\WINNT\System32\msnmsgr.exe

Reboot your computer to go back to normal mode and post a new log.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users