system
January 8, 2004, 1:09am
1
hi,
i’m experiencing some real trouble with my cpu’s behaviour at the moment. for the most part of last year i havn’t been able to use system restore at all, neither have i been able to download microsoft updates, in both cases when i try to restore/dl updates the system shuts down immediately.
as a matter of fact the system restarts by itself almost every time the computer is idle. i’ve learned to live with it as i have no friends who knows about this kind stuff and i have never found anything by using any antivirus software (i’ve tried the most).
but the last week it’s been behaving even stranger, the problem is “surfing”. i cannot use websites that has java windows or links that opens a new page, therefore i cannot even check my email. also when ever entering a site the computer stalls for a while and the CPU usage in my taskbar increases to 100%. often it stays 100% until i restart.
ok, i’m really desperate and am hoping that someone recognizes anything that could be the problem. i’m thankful for any help whatsoever!!
/daniel
raman
January 8, 2004, 4:52am
2
Please post a Hijackthis log, if you want to get help: http://mjc1.com/mirror/hjt/
system
January 9, 2004, 4:07pm
3
Logfile of HijackThis v1.97.7
Scan saved at 17:06:06, on 2004-01-09
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Tiscali SE\Tiscali ADSL Bredband\fts.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\windows\system32\nscntrl.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Kazaa Lite K++\Kazaa.kpp
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\fhgfhfghgfh\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://aifind.info/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://aifind.info/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://aifind.info/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-space.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.skunk.nu/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.search-space.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O1 - Hosts: 205.177.124.66 auto.search.msn.com
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000001} - (no file)
O2 - BHO: (no name) - {00110011-4B0B-44D5-9718-90C88817369B} - ¦C:\WINDOWS\NavExt.dll (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - ¦C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (file missing)
O2 - BHO: (no name) - {09F0F280-FB9A-481B-B69A-CB00DC44D027} - C:\PROGRA~1\ADVANC~1\POPUPJ~1.DLL
O2 - BHO: (no name) - {77712A64-F30B-47C8-A363-CDA1CEC7DC1B} - C:\PROGRA~1\ADVANC~1\ADVANC~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: CustomToolbar.clsCustomToolbar - {21301D69-B8F1-46AA-B0B5-09EE2285914C} - C:\WINDOWS\ctb\CustomToolbar.dll
O3 - Toolbar: Alive Text to Speech - {954F618B-0DEC-4D1A-9317-E0FC96F87865} - (no file)
O4 - HKLM..\Run: [Tiscali SE fts] “C:\Program Files\Tiscali SE\Tiscali ADSL Bredband\fts.exe”
O4 - HKLM..\Run: [Shell32] Shell32.exe
O4 - HKLM..\Run: [RDLL] RunDll16.exe
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM..\Run: [nscntrl] c:\windows\system32\nscntrl.exe /noconnect
O4 - HKLM..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM..\Run: [SCANINICIO] “C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe”
O4 - HKLM..\Run: [APVXDWIN] “C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE” /s
O4 - HKLM..\RunServices: [RDLL] RunDll16.exe
O4 - HKCU..\Run: [System Mechanic Popup Stopper] “C:\Program Files\iolo\System Mechanic 4 Professional\PopupStopper.exe”
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Related (HKLM)
O9 - Extra ‘Tools’ menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra ‘Tools’ menuitem: Messenger (HKLM)
O16 - DPF: {00000000-CDDC-0704-0B53-2C8830E9FAEC} (IELoaderCtl Class) - http://install.global-netcom.de/ieloader.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20011217/qtinstall.info.apple.com/qt505/se/win/QuickTimeInstaller.exe
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia_XP.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {94742E3F-D9A1-4780-9A87-2FFA43655DA2} - http://usa-scripts.downloadv3.com/binaries/DialHTML/EGDHTML_pack_XP.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E9041F85-3C18-4A7E-A29D-E24F84B79BF1} - http://e2give.com/downloads/UGO20.exe
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw15fd.law15.hotmail.msn.com/activex/HMAtchmt.ocx
O19 - User stylesheet: C:\WINDOWS\hh.htt (HKLM)
raman
January 9, 2004, 4:21pm
4
Okay, it seems that you are infected with an SDbot Variant and an coolwebsearch Hijacker.
Please copy your Hijackthis into a seperate folder and fix the following things:
O4 - HKLM..\Run: [Shell32] Shell32.exe
O4 - HKLM..\Run: [RDLL] RunDll16.exe
O4 - HKLM..\RunServices: [RDLL] RunDll16.exe
O16 - DPF: {00000000-CDDC-0704-0B53-2C8830E9FAEC} (IELoaderCtl Class) - http://install.global-netcom.de/ieloader.cab
O16 - DPF: {94742E3F-D9A1-4780-9A87-2FFA43655DA2} - http://usa-scripts.downloadv3.com/binaries/DialHTML/EGDHTML_pack_XP.cab
O16 - DPF: {E9041F85-3C18-4A7E-A29D-E24F84B79BF1} - http://e2give.com/downloads/UGO20.exe
After a restart, please delete these file Rundll16.EXE and test the shell32.exe here: http://www.kaspersky.com/remoteviruschk.html
and say what is reported.
Than read this site carefully and download the offered Cleaner: http://www.merijn.org/cwschronicles.html .
After that update your Windows( www.windowsupdate.com ) and post a new log.
system
January 9, 2004, 9:28pm
5
thanks a lot!
everything seems working the way it should, i can access website with java, i was able download windows updates and everything else that didn’t work before.
so once again…thank you a lot!
/daniel