Processes

DrizztPie · Sep 6, 2004

Hey, I have a problem. My computer is going really slow and its not a bad comp really...
Intel Celeron Processor
664 MHz
192 MB RAM (Bad I know)

But anyways, I think I have way too many processes going....i took a screenie, hope someone out there can help.

Oh yeah, and please help. :grunt

TheHybrid · Sep 6, 2004

Wow. Try doing a virus scan.

Sicloan · Sep 6, 2004

http://www.sysinfo.org/startuplist.php

If you want to find out what processes are and why they are running then go there and search through each or you process to single out the bad ones.

Korittke · Sep 7, 2004

What matters is the ones that run under Default.

DrizztPie · Sep 7, 2004

I checked all of them and they are all normal. As you can tell my computer shouldn't be running so slow as it is...for the last couple of days ive been having MORE problems. Its staying at the screen BEFORE it asks hat account to login on. It stays there for a while. I usually restart and it works. I dont know how long it would stay at that same screen...never lasted that long...

Master.America · Sep 7, 2004

You've got a ton of processes running for Norton... wow. Disable all of its "run at startup" options as you can. Get XP SP2 and just use its firewall. You don't need winamp or quicktime to run at startup either... they like to do tha too. You can disable all these from RUN > MSCONFIG if you want. It looks like you use Internet Explorer to browse the internet, so you'll probably have plenty of spyware you'll want to scan for. Use Adaware for that. Clean out your recycle bin and get rid of useless desktop items to cut down on startup times a bit. There are TONS of tweaks and utilities out there that can get your PC back up to speed.

x42bn6 · Sep 8, 2004

You could have a keylogged DLL or something, I don't know.

http://www.spychecker.com/download/download_hijackthis.html

Download, scan, save log and post.

SweatyOgre · Sep 8, 2004

You have a 664 mhz processor, you can't expect it to run lightning fast.

Korittke · Sep 8, 2004

SweatyOgre said:
You have a 664 mhz processor, you can't expect it to run lightning fast.

I didn't even think of that, he's right. 664 MHZ + Windows XP = :-/

DrizztPie · Sep 8, 2004

iT NEVER DID IT BEFORE AS i THINK i SAID BEFORE

Whoa, really sorry caps

EDIT: Forgot the log

Logfile of HijackThis v1.97.7
Scan saved at 2:46:01 PM, on 08/09/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\System32\mnmsrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\RavSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\System32\wapisvcc.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Default\Local Settings\Temporary Internet Files\Content.IE5\QVST4ROT\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?c=2c00&s=consumer&LC=1009
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Rogers Hi-Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com*
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
R3 - Default URLSearchHook is missing
O1 - Hosts file is located at: C:\WINDOWS\nsdb\hosts
O1 - Hosts: 81.211.105.69 lender-search.com
O1 - Hosts: 81.211.105.68 hot-searches.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_12_0.dll
O2 - BHO: (no name) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\3.bin\MYBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1721.0\en-ca\msntb.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [CursorXP] "C:\Program Files\CursorXP\CursorXP.exe" -s
O4 - HKCU\..\Run: [Steam] H:\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe
O4 - HKCU\..\Run: [WTSC] C:\WINDOWS\System32\wapisvcc.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)
O9 - Extra 'Tools' menuitem: AV Home (HKLM)
O9 - Extra button: Translate (HKLM)
O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: iFinger (HKLM)
O9 - Extra button: AOL Instant Messenger (TM) (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O15 - Trusted Zone: http://www.battleforums.com
O15 - Trusted Zone: www.cokemusic.com
O15 - Trusted Zone: http://www.geocities.com
O15 - Trusted Zone: http://www.neopets.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_42.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {CF051549-EDE1-40F5-B440-BCD646CF2C25} (Ppinstall Control) - http://www.163.com/wwwimages/sms/ppinstall22.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FE1A240F-B247-4E06-A600-30E28F5AF3A0} - file://C:\install.cab

:corn waiting lol. Thanks BTW :fwink

jd-inflames · Sep 8, 2004

Actually, the fact that it is only 664 isn't nearly as bad as the fact that it is a Celeron. I'm guessing that you have a socket 370 (I think that's the number *brainfart*), replace it with a Pentium 3. If your board can support it, that particular ZIF can take up to a 1GHz.

DrizztPie · Sep 8, 2004

What about the log man...THE LOG!!!! Help me

x42bn6 · Sep 9, 2004

C:\WINDOWS\System32\wapisvcc.exe

Definite worm, JimmySurf or something. Instructions later.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com*
O1 - Hosts: 81.211.105.69 lender-search.com
O1 - Hosts: 81.211.105.68 hot-searches.com

... Spyware?

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load

Adware.WinFavorites

O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe

One of many variants of WhatU's adware.

First, download Spybot Search & Destroy and Ad-Aware 6 (read the Files you need thread), update the definitions, and scan for spyware. You have 2 variants, possibly 3.

For your worm, I found a questionable site with details on this.

1) Start your system in Safe Mode.
2) Delete any of the following files. NOTE: If you are worried, if you find one of these files, rename it with an underscore at the end so it can always be restored if it is legitimate.

wnsintsv.exe
wcpsu.exe
wtssvsu.exe
wapisvcc.exe (This is yours)
wtstr.exe
wtssu.exe
wnscpsv
wnsinttr.exe
wtssvcc.exe
wapisvtr.exe
wintsvsu.exe
winsintit.exe
wnsapitr.exe
wcpsvit.exe
wnscpcc.exe
wtssvcc.exe

3) Run HiJackThis and delete the checked entries like I said.
4) Get a free anti-virus software (any suggestions?) and make sure you run Spybot and Ad-Aware regularly. Also, Immunize yourself with Spybot's protection engine, and keep SDHelper.exe and TeaTimer.exe resident if your computer can take it (192MB is OK, I suppose). You can terminate TeaTimer.exe if it starts to lag.

Again, this is at your own risk.....

DrizztPie · Sep 9, 2004

Well, I messes around ALOT, i had over 58 virus'...Yes, I admit it. pr0n!
Anyways, no long loading times or anything. Thanks guys

x42bn6 · Sep 10, 2004

DrizztPie said:
Well, I messes around ALOT, i had over 58 virus'...Yes, I admit it. pr0n!
Anyways, no long loading times or anything. Thanks guys

58 viruses? *new record, IMO*

On the other hand, you're welcome.

SweatyOgre · Sep 10, 2004

Nope, my ex girlfriend had 300.

Korittke · Sep 10, 2004

Quit talking, a girl's comp can't handle 300 processes, no matter what they do or don't do.

drax · Sep 11, 2004

Eheh, sounds like what our comp has, except I've scanned it with 3 virus scanners and it STILL says the damn keylogger isn't a virus or dangerous.

x42bn6 · Sep 13, 2004

Korittke said:
Quit talking, a girl's comp can't handle 300 processes, no matter what they do or don't do.

Non-EXE viruses, macros, DLLs, dormant EXE files?

Note that all keyloggers are dangerous unless you are hacking D2 or something

|). And not all keyloggers are identified as dangerous. What they do is look at the file in hexadecimal and find code that might be dangerous (like 'listens on port 80) or something.*

Processes

Member!

Member!

BattleForums Senior Member

Member!

Member!

Premium Member

Retired Staff

BattleForums Senior Member

Member!

Member!

Melodic Murderer

Member!

Retired Staff

Member!

Retired Staff

BattleForums Senior Member

Member!

Member!

Retired Staff