PDA

View Full Version : Task manager wont open, plus pc is running VERY slow.



Fizzix
08-05-2005, 10:20 AM
Hello,

Well, as title states, the task bar wont open, so i cant close any program that seems to be using 100% cpu. if this is the case, as the pc is running very slow like all the cpu power is taken up.

keep getting derbiz things popping up, how ever i dont reckon they would make the pc run this slow.

at times it freezes for a good 10 seconds, then starts, to run very slow again.

possible trojan/worm? or spywear

also keep getting "webpage unavailable offline" when im alredy online popping up

had a few other problems latly too. how ever, this is a brad new harddrive with a fresh first install, and with in a few moments of the pc connecting to the net this started

if any one can help, it would be very much apperciated.

please let me know if you need any further infomation

Regards

Sam

P.S

Xp Pro btw

Dannz
08-05-2005, 10:25 AM
I advise you to Run Spybot/Adaware and a virus scan

Speedy Gonzales
08-05-2005, 10:26 AM
Download Hijackthis and post a log here.

http://www.merijn.org/files/hijackthis.zip

From here http://www.spywareinfo.com/~merijn/

After u download it, make a folder HJT and extract this zip file into it.

Then run it, then scan, then copy and paste what appears back here.

Fizzix
08-05-2005, 11:00 AM
unfortunailly hijack this dosnt open either, closes when open, on merjin.org it says something about wwwcoolwebsearch or something like this, trojan.

and lots of varints of it.

if any one could help with this it would be apreciated. im currently about to start a program dedicated to getting rid of this trojan "spysubtract" i belive it is caleld

ill let you know who i get on

Sam.

Fizzix
08-05-2005, 11:09 AM
nope, this didnt find anything.

and hijack this still fails to open.

:(

Speedy Gonzales
08-05-2005, 11:10 AM
Have u tried running it in Safe Mode??

Dannz
08-05-2005, 11:22 AM
Have you tried to run a virus scan?

Fizzix
08-05-2005, 11:23 AM
ill try now....

Fizzix
08-05-2005, 11:35 AM
ah ha! that worked then

log file =

Logfile of HijackThis v1.99.1
Scan saved at 00:25:01, on 08/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\SCardClnt.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Sam\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://community.derbiz.com/
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteoho32.exe
O4 - HKLM\..\Run: [sysPersonalFirewall] msnmssgr.exe
O4 - HKLM\..\Run: [System32] crsvvc.exe
O4 - HKLM\..\Run: [Windows Workstation Start Service] mslanmgr.exe
O4 - HKLM\..\Run: [Microsoft Crs Fix Serv] wincrs.exe
O4 - HKLM\..\Run: [USB Device] win32usb.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [CT Control Settings] CTSVCCD.EXE
O4 - HKLM\..\Run: [MSN] Msnmrg.exe
O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\System32\uk_nm.exe -N
O4 - HKLM\..\RunServices: [sysPersonalFirewall] msnmssgr.exe
O4 - HKLM\..\RunServices: [System32] crsvvc.exe
O4 - HKLM\..\RunServices: [Windows Workstation Start Service] mslanmgr.exe
O4 - HKLM\..\RunServices: [Microsoft Crs Fix Serv] wincrs.exe
O4 - HKLM\..\RunServices: [USB Device] win32usb.exe
O4 - HKLM\..\RunServices: [CT Control Settings] CTSVCCD.EXE
O4 - HKLM\..\RunServices: [MSN] Msnmrg.exe
O4 - HKLM\..\RunOnce: [sysPersonalFirewall] msnmssgr.exe
O4 - HKLM\..\RunOnce: [USB Device] win32usb.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [sysPersonalFirewall] msnmssgr.exe
O4 - HKCU\..\Run: [USB Device] win32usb.exe
O4 - HKCU\..\Run: [Microsoft Crs Fix Serv] wincrs.exe
O4 - HKCU\..\Run: [CT Control Settings] CTSVCCD.EXE
O4 - HKCU\..\Run: [MSN] Msnmrg.exe
O4 - HKCU\..\RunServices: [MSN] Msnmrg.exe
O4 - HKCU\..\RunOnce: [USB Device] win32usb.exe
O4 - HKCU\..\RunOnce: [sysPersonalFirewall] msnmssgr.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1115420811573
O17 - HKLM\System\CS2\Services\Tcpip\..\{1C8FFB03-D0EC-43D7-BF3A-EFB747F58749}: NameServer = 194.74.65.68 194.72.9.34
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Smart Card Client (SCardClnt) - Unknown owner - C:\WINDOWS\System32\SCardClnt.exe
O23 - Service: Windows 32-bit PnP Driver (winpnp32) - Unknown owner - C:\WINDOWS\System32\winpnp32.exe






ive also noticed, that it the comp seems to run ok, but i get redirected to a site at a random occasion, and its then that the problems start to happen.

the whole pc slows down, not just net,

ie playing a avi file, it will jump and skip etc.

Speedy Gonzales
08-05-2005, 12:05 PM
Looks like u have a few worms on that system. Tick the following and tick fix.

Then reboot. Also get the Gaobot tool from the Symantec site, as shown below.

C:\WINDOWS\System32\SCardClnt.exe

This maybe a worm - Gaobot or a variant.

Removal tool

http://securityresponse1.symantec.com/sarc/sarc.nsf/html/w32.gaobot.removal.tool.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://community.derbiz.com/

O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteoho32.exe

O4 - HKLM\..\Run: [sysPersonalFirewall] msnmssgr.exe

O4 - HKLM\..\Run: [System32] crsvvc.exe

O4 - HKLM\..\Run: [Windows Workstation Start Service] mslanmgr.exe

O4 - HKLM\..\Run: [USB Device] win32usb.exe

This maybe this http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.dhv.html

Or another variant of the Gaobot worm.

Use that removal tool above to see if it removes it.

O4 - HKLM\..\Run: [CT Control Settings] CTSVCCD.EXE

This looks like a worm. - And yet another variant of Gabot.

O4 - HKLM\..\Run: [MSN] Msnmrg.exe

O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\System32\uk_nm.exe -N
O4 - HKLM\..\RunServices: [sysPersonalFirewall] msnmssgr.exe
O4 - HKLM\..\RunServices: [System32] crsvvc.exe
O4 - HKLM\..\RunServices: [Windows Workstation Start Service] mslanmgr.exe
O4 - HKLM\..\RunServices: [Microsoft Crs Fix Serv] wincrs.exe
O4 - HKLM\..\RunServices: [USB Device] win32usb.exe
O4 - HKLM\..\RunServices: [CT Control Settings] CTSVCCD.EXE
O4 - HKLM\..\RunServices: [MSN] Msnmrg.exe
O4 - HKLM\..\RunOnce: [sysPersonalFirewall] msnmssgr.exe
O4 - HKLM\..\RunOnce: [USB Device] win32usb.exe

O4 - HKCU\..\Run: [sysPersonalFirewall] msnmssgr.exe
O4 - HKCU\..\Run: [USB Device] win32usb.exe
O4 - HKCU\..\Run: [Microsoft Crs Fix Serv] wincrs.exe
O4 - HKCU\..\Run: [CT Control Settings] CTSVCCD.EXE
O4 - HKCU\..\Run: [MSN] Msnmrg.exe
O4 - HKCU\..\RunServices: [MSN] Msnmrg.exe
O4 - HKCU\..\RunOnce: [USB Device] win32usb.exe
O4 - HKCU\..\RunOnce: [sysPersonalFirewall] msnmssgr.exe

O23 - Service: Smart Card Client (SCardClnt) - Unknown owner - C:\WINDOWS\System32\SCardClnt.exe

O23 - Service: Windows 32-bit PnP Driver (winpnp32) - Unknown owner - C:\WINDOWS\System32\winpnp32.exe

This by the looks of it is a worm.

Fizzix
08-05-2005, 12:16 PM
Ok, thank you very much, i shall do this asap.

was just wondering, will all this be causing the extram slowness of my pc?

and what about this damn wwwcoolwebsearch thing?

Kind Regards

Sam.

Speedy Gonzales
08-05-2005, 12:23 PM
No worries. Umm I would say that derbiz.com entry would slow things down.

BUT all the files i posted back to delete would definitely make things go slow!

For Coolwebsearch, try this from the makers site

http://cwshredder.net/bin/CWShredder.exe

From here http://www.intermute.com/spysubtract/cwshredder_download.html

I would tick those entries in Hijackthis first then tick fix, then reboot, then after u download this coolwebsearch removal tool, do a scan....That should be it!

Fizzix
08-05-2005, 12:42 PM
ive tried getting rid of derbiz.com for a while, but seems to keep coming back

almost instant :(

but i shall try what you said again

thanks mucho amounts :P

Fizzix
08-05-2005, 12:45 PM
oh also forgot to mention that the gaobot worm you mentioned wasnt found on my pc.

well, so says the removal tool.

Quote

"Symantec W32.Gaobot FixTool 1.30.0

W32.Gaobot has not been found on your computer."

Speedy Gonzales
08-05-2005, 01:03 PM
Have u ticked the entries I posted? And ticked then clicked on fix?? Did the rest of those entries I posted come back??

Is this derbiz entry the only one left??

Or try this

http://dl.filekicker.com/send/file/153006-O03L/trjsetup.exe

From here http://www.simplysup.com/tremover/

Download it, run it, update it (this is only a trial), then scan.

Then select the utilities menu, select the 3/4/5/6th option....

OK thats good if Gaobot wasnt found.

tweak'e
08-05-2005, 01:06 PM
boot into safe mode and run an uptodate antivirus. AVG (http://www.majorgeeks.com/download886.html) is a good free one if you don't have one. then run adaware and/or spybot.

there is a possibility you have elite tool bar.

spyware tools advailable here (http://www.majorgeeks.com/downloads31.html)

Fizzix
08-05-2005, 01:11 PM
so far

so good.

all back to normal, i can now enjoy my new 2 meg line, (had it instaleld friday....problem started...friday lol)

but thanks a lot people (espically Speedy Gonzales)

any other problemmos and ill let yuo know :p

Thanks again.

Sam.

Speedy Gonzales
08-05-2005, 01:32 PM
Good to hear its running PROPERLY!

So, I take it, its running a bit faster now?

Just make sure u keep XP up to date! And you've got some virus / spyware program installed.

Fizzix
09-05-2005, 02:31 AM
yep running lot like it should do...

how ever still have a shut down prob.

goes to the shut don screen "saving latest settings" etc then thats as far as it ever gets.

this only happens when machine is on for a while. if its on for 10 mins then shut down, no problem

think its something to do with task bar again,as the connection icon, never dissaperas when i tell it to disconnect.

thus causing a "end now" pop up, an no shut down...

:-/

Speedy Gonzales
09-05-2005, 07:43 AM
Try updating the videocard drivers, if u know what videocard drivers to get.

Also, is hibernation on?? Do u use it??

It sounds like something is freezing (which can happen) when u go to shutdown..

Does it give the name of the program, that u have to terminate/end??

Fizzix
10-05-2005, 01:58 AM
hmm, i reckon my pc just donst like me much.

shutdown/restart works fine now..

how ever, the net (firefox) seems to run slow, its nothing effecting the pc, as the comp still runs as fast as it shuold do.

how ever the net is taking its time about things, untill ill click a link, the status bar at the bottom will zoom to the finish, but nothing will happen.

just get "done" at the bottom left hand side of the window.

dosnt matter how fast/slow i click it, it will always do the same thing.

and people say pc's are good eh?

:p