Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What is wrong? Memory?


  • Please log in to reply
9 replies to this topic

#1 Bert

Bert

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:40 AM

Posted 23 August 2004 - 11:01 PM

Hi,
A few weeks ago my computer was infected with viruses and spy ware. Thanks to the people on this website I was able to get my computer clean (I think). Now I have installed an anti virus program, Spybot, Ad-aware, Spy-sweeper and Spyware blaster. The trouble is that when I play some slide shows on my computer, that the music stutters and also the dissolves between the different slides is jerky. I have looked at the windows task manager but donít know what to look for or what it means. I have only the slideshow running, but it says there are 39 processes. The Physical memory (K) is total 523276, available mostly around 280000, and system cache around 141850. Can you maybe explain what I have to do to have the slideshows run smooth as they did before my computer got infected. Just in case there is still something wrong with my computer, I will also send a log file and hope you can take a look at that also.
Thanks for your help with this problem.
Regards
Bert

Logfile of HijackThis v1.97.7
Scan saved at 11:48:46 PM, on 8/23/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ltmsg.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Documents and Settings\Bert Schmitz\My Documents\Bert's Stuff\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [EPSON Stylus C80 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE /P23 "EPSON Stylus C80 Series" /O6 "USB001" /M "Stylus C80"
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: MoneySide (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.worldnet.att.net
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://apps.cfgnh.org/Citrix/ICAWEB/en/ica32/ica32t.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://D:\Content\include\msSecUcd.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/...7458.5306481481
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

BC AdBot (Login to Remove)

 


m

#2 cowsgonemadd3

cowsgonemadd3

    Feed me some spyware!


  • Banned
  • 4,557 posts
  • OFFLINE
  •  
  • Local time:01:40 AM

Posted 24 August 2004 - 08:06 AM

I aint going to mess with your hijackthis we will let a mod do that but what I hear is that you said you have 39 processes running? Your free mem is very low. I had 29 processes running and my pc was slow. Just for the question how much ram do you have? like 256mb or 512? Are you running xp? right next to your clock how many icons are there? Some processes are running all the time in the background and if you dont use them then they just slow your pc down........

#3 Bert

Bert
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:40 AM

Posted 24 August 2004 - 09:25 AM

I have 512MB of Ram and have XP Home, next to the clock are 4 or 5 Icons, I am at my work now and I don't know what they are, I know one is Norton anti virus, and another one is Spysweeper. I will look tonight and report back.
Thanks,
Bert

#4 Bert

Bert
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:40 AM

Posted 24 August 2004 - 05:40 PM

looking at my computer at home, I see next to the clock 9 small icons. 1 Quik Time, 2 Music Match Jukebox, 3 Epson Status Monitor, 4 On AC power, 5 Local area Connection, 6 Webroot Spy Sweeper, 7 Noton Anti Virus, 8 Volume Control, and 9 Spy Bot SD resident.
When I am on the internet there are 2 more 1 for the connection service and 1 for the World net. I closed "Quik time" and "Music match" and Webroot spy sweeper. I dont know how to close "ON AC power" "volume Control" "Local area Connection -that states a network cable is unplugged"
I hope you can give me some clues as what I have to do?
Regards,
Bert

#5 cowsgonemadd3

cowsgonemadd3

    Feed me some spyware!


  • Banned
  • 4,557 posts
  • OFFLINE
  •  
  • Local time:01:40 AM

Posted 24 August 2004 - 07:20 PM

Ok heres something to do. If you dont use the network connection which I dont neither do this:
Go to start/connect to/network connection should be below your internet connections/right click and hit disable. It will remove that icon.
You must have a laptop if it says on ac power. This you cannot remove or it doesnt take up enough space to worry about. Volume control you prob need this but if you dont do this: go to control panel/audio devices/the first tab should pop up that says volume/hit the box where it says place icon in the taskbar. It will be gone but if you need it any time in the future then just re-enable it. Do you know how to get the taskmanager open? Hit ctrl/alt/delete key all at the same time(just hold one and hit next and hold and hit delete. Under that window there should be a tab that has processes. How many are running? I may have been wrong about your mem being real low. I have free now 64112 bytes you said you have 280000 or did you add another zero?

#6 Bert

Bert
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:40 AM

Posted 24 August 2004 - 09:22 PM

I deleted the volume control and the local area connection. The ON AC power can that be because I have an external hard drive? Where can I see how much memory I have free? I am on the Internet and running the task Manager at this moment . When I am looking at the task Manager now it says 39 Processes. Under the Performance tab I see under Physical Memory (K), Total 523276, Available298740, System Cache 361108.
There is maybe an different problem or related. While I was printing a page 30 minutes ago, the printer stopped printing half way in the page, than discharged the page and 3 blank pages after that and than printed the second half on the fifth page. I was going to install the printer following instructions from the book. Go to start/ all programs/ Epson Printers and then Epson printer Software Uninstall. The window I got was ERROR "Can not find Shell Dll' . When I click to close that window a message says " cwindowssystem32spooldriversw32x86 epupdate.exe (or one of it component) check to insure that the path and filename are correct and all the required libraries are available. What can I do? Am I still infected with an Virus?
Please give instructions.
Regards,
Bert

#7 cowsgonemadd3

cowsgonemadd3

    Feed me some spyware!


  • Banned
  • 4,557 posts
  • OFFLINE
  •  
  • Local time:01:40 AM

Posted 25 August 2004 - 07:55 AM

Well that error while printing means a dll is bad or corrupted. Take a look at this link it gives you some details about that. Is your pc still slow? I have more steps we can do to speed it up. 39 processes is alot of them and most likely is your problem. http://daniweb.com/techtalkforums/thread8191.html

Edited by cowsgonemadd3, 25 August 2004 - 07:56 AM.


#8 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:11:40 PM

Posted 25 August 2004 - 08:27 AM

Cows, in no way should you be responding to a log of any kind, or troubleshooting a system, other than to say "Here is the link to the proper forum". :thumbsup:

Bert, please update your version of HJT to 1.98.2:
http://www.downloads.subratam.org/hijackthis.zip

Post your log in the HJT analysis section of the forum, and either Grinler or myself (Or Cold) will be able to help...

#9 cowsgonemadd3

cowsgonemadd3

    Feed me some spyware!


  • Banned
  • 4,557 posts
  • OFFLINE
  •  
  • Local time:01:40 AM

Posted 25 August 2004 - 08:55 AM

Sure ok mental note taken. Sorry......I didnt mess with the hijackthis?

#10 Bert

Bert
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:40 AM

Posted 25 August 2004 - 09:30 AM

Thanks, I will continue this tread in the HJT forum tonight when I come home.
Bert




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users