MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Internet slowdown (cmd.exe)
October 20, 2019, 08:29:05 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
October 20, 2019, 08:29:05 PM

Login with username, password and session length
 Featured Sites:
News
12th Anniversary Celebrating 12 Years! (1997 - 2009) 12th Anniversary
Thanks to ALL that make this site what it is!
  0 Members and 1 Guest are viewing this topic.
Pages: [1] 2  All Go Down Print
Author Topic: Internet slowdown (cmd.exe)  (Read 5395 times)
Digiblog
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 3


Bookmark and Share

View Profile
« on: May 14, 2004, 01:40:51 PM »

After getting rid of sasser a couple days ago, wierd things started happening with my internet connection. "cmd.exe" popups appear and dissapear every now and then, and my net speed and overall system speed drops dramatically.

anyone know what's going on??
Logged

 
Digiblog
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 3


Bookmark and Share

View Profile
« Reply #1 on: May 14, 2004, 01:54:56 PM »

heres my hijack log:

Logfile of HijackThis v1.97.7
Scan saved at 15:53:38, on 14/05/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\Ati2evxx.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\System32\mspmspsv.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\Ati2evxx.exe
D:\WINNT\Explorer.EXE
D:\WINNT\system32\devldr32.exe
D:\WINNT\system32\dvrvideo.exe
D:\Program Files\Fichiers communs\Stardock\TrayServer.exe
C:\program files\creative\AudioHQ\AHQTB.EXE
D:\Program Files\Fichiers communs\Real\Update_OB\evntsvc.exe
D:\WINNT\tppaldr.exe
D:\WINNT\system32\dla\tfswctrl.exe
D:\Program Files\Winamp99\Winampa.exe
E:\Easy Office\EasySpeller.exe
D:\winnt\system32\sncntr.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\WINNT\system32\rundll32.exe
D:\WINNT\system32\csrs.exe
D:\WINNT\system32\wuauct.exe
D:\WINNT\system32\internat.exe
D:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
D:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
D:\Program Files\SoftMaker\Shared Tools\Smash\Smash.exe
D:\Program Files\Sony Handheld\HOTSYNC.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Documents and Settings\Alessandro Riviera\Mes documents\C+ Presentation\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://193.125.201.50
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://in.webcounter.cc/--/?cwvag (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://in.webcounter.cc/--/?cwvag (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R3 - Default URLSearchHook is missing
F1 - win.ini: run=d:\winnt\system32\dvrvideo.exe
O1 - Hosts: 193.125.201.50 ie.search.msn.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: UCmore - The Search Accelerator Toolbar - {44BE0690-5429-47f0-85BB-3FFD8020233E} - D:\Program Files\TheSearchAccelerator\UCMTSAIE.dll
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "D:\Program Files\Fichiers communs\Stardock\TrayServer.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AudioHQ] c:\program files\creative\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [TkBellExe] D:\Program Files\Fichiers communs\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [NeroCheck] D:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TPP Auto Loader] D:\WINNT\tppaldr.exe
O4 - HKLM\..\Run: [NAV Agent] D:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [dla] D:\WINNT\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp99\Winampa.exe"
O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "D:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
O4 - HKLM\..\Run: [winmain] winmain.exe
O4 - HKLM\..\Run: [EasySpeller] E:\Easy Office\EasySpeller.exe -n
O4 - HKLM\..\Run: [spoolsvv] D:\WINNT\system32\spoolsvv.exe -invisible
O4 - HKLM\..\Run: [sncntr] d:\winnt\system32\sncntr.exe /nocomm
O4 - HKLM\..\Run: [Soundmx] D:\WINNT\system32\soundmx.exe
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Videocntl] d:\winnt\system32\videocntl.exe
O4 - HKLM\..\Run: [NetWork] csrs.exe
O4 - HKLM\..\Run: [Network Service] wuauct.exe
O4 - HKLM\..\Run: [Dvrvideo] d:\winnt\system32\dvrvideo.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 D:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup
O4 - HKLM\..\RunServices: [NetWork] csrs.exe
O4 - HKLM\..\RunServices: [Network Service] wuauct.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ATI Launchpad] "D:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [RoboForm] "D:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Smash] "D:\Program Files\SoftMaker\Shared Tools\Smash\Smash.exe"
O4 - HKCU\..\Run: [Dvrvideo] d:\winnt\system32\dvrvideo.exe
O4 - Startup: UCmore XP - The Search Accelerator.lnk = D:\WINNT\system32\rundll32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HotSync Manager.lnk = D:\Program Files\Sony Handheld\HOTSYNC.EXE
O8 - Extra context menu item: Conversion CLI
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #2 on: May 15, 2004, 01:02:55 AM »

Hi Diqibloq, You seem to have quite a bit going on in your log.
This may seem like a overkill but it may all be necessary

There are 4 tools I would like you to download

New.net uninstaller----Save this to your desktop for now
http://www.new.net/support/uninstall6_10.exe

CWShredder(You have Cool Web infection, among other things)
http://www.spywareinfo.com/~merijn/files/CWShredder.exe
Save to desktop for now

Adaware (free version)
http://download.com.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button
Save to hard drive and Install----We'll run this later

Another Spyware Checker, I use both Adaware and Spybot
and there both free
Spybot 1.3
http://www.safer-networking.org/index.php?page=download
Install---Run this later please

First would you please close down all browsers and windows--- Open and run the New.net uninstaller
RESTART your computer
After restarting your computer don't connect to the Net,
Open and Run CWShredder, Click FIX and let it fix all problems
Again RESTART your computer.

Next run AD-Aware 6
Check for updates online(important)
Set these options
 Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:
check: "Unload recognized processes during scanning."

- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:
Check: "Let Windows remove files in use after reboot."

Press "Scan Now"

- Check option "Use Custom scanning options"
- Check option "Activate In-Depth Scan"
- Press "Select drives\folders to scan"
- Select the active partition which is usually C:

Now press "Next" to let Ad-aware scan your drives...
It will find a number of "bad" files and registry keys.
Right-click in that pane and choose "select all"

Now press "Next" again.
It will ask you whether you'd like to remove all checked items. Click OK.
Logged

 
deg├?┬╝ello
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 7


Bookmark and Share

View Profile
« Reply #3 on: May 17, 2004, 02:52:26 AM »

Hi everyone.

I'm having the same problem as Digiblog after getting rid of Sasser.  My 'cmd.exe' windows pop up (about 4 of them) shortly after logging on, and the entire system immediately slows down.

Benditup, I followed all your steps (found lots of junk, thanks for the tips!), but it has not stopped the problem, unfortunately.

In addition, I just downloaded 'Hijackthis' so I can post a log, and everytime I try and run a scan, the program strangely disappears

Any further help you could offer would be greatly appreciated.  Thank you.
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #4 on: May 17, 2004, 03:11:43 AM »

Are you getting any error messages when trying to run it?
Can you try downloading it again

http://www.spywareinfo.com/~merijn/files/HijackThis.exe

You may even want to try downloading Stinger
http://vil.nai.com/vil/stinger/
Disconnect from the Internet completely when running it
or restart in safe mode
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001060608000039

What OS are you running?

« Last Edit: May 17, 2004, 03:14:09 AM by benditup » Logged

 
deg├?┬╝ello
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 7


Bookmark and Share

View Profile
« Reply #5 on: May 17, 2004, 04:13:24 AM »

No, I don't get an error message.  The program just vanishes.  The Sasser-related Windows update, '835732', also did this when I tried to install it.  It would just disappear after the first few steps.(I eventually was able to get it installed.)

I downloaded 'HijackThis' again, from your link, and it still disappears shortly after starting.  But, I was able to save the log before it vanished.

Also, I've already run Stinger.

Thanks again for your help; I really appreciate it.

Here's the log:

Logfile of HijackThis v1.97.7
Scan saved at 12:08:31 AM, on 17/05/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Dan Kirley\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.diamonddavidleeroth.com/forums/forumdisplay.php?f=5
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Freedom Popup Killer - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Freedom BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [System Updater Service] wmiprvsw.exe
O4 - HKLM\..\Run: [System Updater Process] wmiprvse.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\RunServices: [System Updater Service] wmiprvsw.exe
O4 - HKLM\..\RunServices: [System Updater Process] wmiprvse.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
O9 - Extra button: Microsoft
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #6 on: May 17, 2004, 04:49:22 AM »

Let's try this first
Putting Hijackthis on your desktop is not a good idea, but since it is there, could you Right click an empty spot on your desktop and then Select NEW----Folder---Name that new folder HJT---Copy and paste Hijackthis into that new folder and then delete the original one...
Open task manager (CTRL-Alt-DEL)
End process on these if found
wmiprvsw.exe
wmiprvse.exe

We'll try to do this fast or try it in Safe Mode

Do another Scan with Hijackthis and put a check next to these entries
and then FIX checked with ALL other windows closed

O4 - HKLM\..\Run: [System Updater Service] wmiprvsw.exe
O4 - HKLM\..\Run: [System Updater Process] wmiprvse.exe
O4 - HKLM\..\RunServices: [System Updater Service] wmiprvsw.exe
O4 - HKLM\..\RunServices: [System Updater Process] wmiprvse.exe

RESTART your computer and then visit Housecall's and do a scan
Let if fix all problems
http://housecall.trendmicro.com/
Post back with a Fresh hijackthis log afterwards so we can deal with the rest
Logged

 
deg├?┬╝ello
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 7


Bookmark and Share

View Profile
« Reply #7 on: May 17, 2004, 06:22:28 AM »

Okay, I ran HJT and did a fix on those four entries, but it didn't stop the problem (it just happened after I restarted the computer).  I think we're on the right track though.

Here's a related article that was just sent to me from Compaq
support: http://support.microsoft.com/default.aspx?id=170086

Before I read your post, I was attempting to follow the article's instructions re. looking for troublesome entries in the Registry with the Registry Editor.  When I looked in "IHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" as the article instructs, I found the aforementioned 'wmiprvsw.exe' entries.  I was just wondering what to do with them, when I read your post.  (Now that I've done the HJT fix, they aren't there now.)

Also, I've noticed that once the System32 windows open (about 4 of them), the Registry Editor won't run properly.  It keeps closing.  (Just like HJT.)  Before the System32 windows open, it runs fine.

 



« Last Edit: May 17, 2004, 07:05:33 AM by deg » Logged

 
deg├?┬╝ello
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 7


Bookmark and Share

View Profile
« Reply #8 on: May 17, 2004, 06:37:37 AM »

Here's my most recent HJT log:

Logfile of HijackThis v1.97.7
Scan saved at 2:34:00 AM, on 17/05/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
C:\Documents and Settings\Dan Kirley\Desktop\HijackThis.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.diamonddavidleeroth.com/forums/forumdisplay.php?f=5
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Freedom Popup Killer - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Freedom BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
O9 - Extra button: Microsoft
Logged

 
deg├?┬╝ello
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 7


Bookmark and Share

View Profile
« Reply #9 on: May 17, 2004, 07:01:15 AM »

Actually, I think it might be fixed, benditup.  I just rebooted, and it seems to not be happening...  I'll see how things go tomorrow, and let you know.  

Thanks so much for your help; this thing's been driving me crazy for a week now.
« Last Edit: May 17, 2004, 07:04:20 AM by deg » Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #10 on: May 18, 2004, 02:12:15 AM »

Just a recommendation
I would stop this process in your task manager
P2P Networking.exe

Enter your Add/Remove programs via control panel and uninstall it.....
Logged

 
Digiblog
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 3


Bookmark and Share

View Profile
« Reply #11 on: May 18, 2004, 09:04:38 PM »

well i've followed all of Benditup's inital recommendations (huge thanks by the way) and it did clean up coolweb infection as well as  the "cmd.exe" slowdown problem...for a couple days (well more like 48 hours). The "cmd.exe" issue is now recurring again...Angry

Interesting to hear i'm not the only one with this issue, also, hijack this also crashes within seconds...

Deguello if you have successfully eradicated the whole issue, please let me know how as i have also been going crazy for just over a week now!!


Anyways here is my latest HJT log:

Logfile of HijackThis v1.97.7
Scan saved at 22:47:07, on 18/05/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\Ati2evxx.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\system32\drivers\svchost.exe
D:\WINNT\System32\mspmspsv.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\Ati2evxx.exe
D:\WINNT\Explorer.EXE
D:\WINNT\system32\dvrvideo.exe
D:\WINNT\system32\devldr32.exe
C:\program files\creative\AudioHQ\AHQTB.EXE
D:\WINNT\tppaldr.exe
D:\WINNT\system32\dla\tfswctrl.exe
D:\Program Files\Winamp99\Winampa.exe
D:\winnt\system32\sncntr.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\WINNT\system32\csrs.exe
D:\WINNT\system32\internat.exe
D:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
D:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\alexstud\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R3 - Default URLSearchHook is missing
F1 - win.ini: run=d:\winnt\system32\dvrvideo.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AudioHQ] c:\program files\creative\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TPP Auto Loader] D:\WINNT\tppaldr.exe
O4 - HKLM\..\Run: [dla] D:\WINNT\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp99\Winampa.exe"
O4 - HKLM\..\Run: [winmain] winmain.exe
O4 - HKLM\..\Run: [sncntr] d:\winnt\system32\sncntr.exe /nocomm
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Videocntl] d:\winnt\system32\videocntl.exe
O4 - HKLM\..\Run: [NetWork] csrs.exe
O4 - HKLM\..\Run: [Dvrvideo] d:\winnt\system32\dvrvideo.exe
O4 - HKLM\..\RunServices: [NetWork] csrs.exe
O4 - HKLM\..\RunServices: [Network Service] wuauct.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ATI Launchpad] "D:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [Dvrvideo] d:\winnt\system32\dvrvideo.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HotSync Manager.lnk = D:\Program Files\Sony Handheld\HOTSYNC.EXE
O8 - Extra context menu item: Conversion CLI
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #12 on: May 18, 2004, 10:50:14 PM »

Here's what I can suggest for now until you get ALL latest critical
updates from Windows Updates---including service packs

Do you have a Firewall--Or hooked thru a router. If not you are open to reinfection
Sygate is my Personal Choice
http://smb.sygate.com/

Look for the free one under home/office

Also download a Trojan Scanner
http://www.emsisoft.com/en/software/free/ this one is free

This one has a trial version and comes highly recommended by others
http://www.mischel.dhs.org/trojanhunter.jsp  again remember to update

If you have problems running either of these scanners please try in safe mode, let me know what you find
Also can you let me know what this is, I've seen both of these related
to virus or trojan, but I want to be sure
O4 - HKLM\..\Run: [Dvrvideo] d:\winnt\system32\dvrvideo.exe
O4 - HKLM\..\Run: [Videocntl] d:\winnt\system32\videocntl.exe

How to start in safe mode
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406?OpenDocument&ExpandSection=3&Src=sec_doc_nam#_Section3

Please post back a Fresh hijackthis log afterwards and please visit windows update
Logged

 
deg├?┬╝ello
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 7


Bookmark and Share

View Profile
« Reply #13 on: May 19, 2004, 07:20:22 PM »

Well, it's now a few days later and it hasn't been happening.  Thanks again, benditup.

Digiblog, if you follow the link in one of my previous posts to the related Microsoft article, it should help you out.  It details a way of manually finding and deleting the things HijackThis would detect and fix, if you could run it, I believe.  For me, I had to get rid of some files named 'wmiprvsw.exe'


The article shows how to go into the registry (be careful- back it up first) and where to find the the problematic files, but besides offering a few possible examples, it doesn't tell you specifically which ones to delete.  Enter the mighty benditup. Wink Consult him/her re. which files you should get rid of.
Logged

 
deg├?┬╝ello
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 7


Bookmark and Share

View Profile
« Reply #14 on: May 19, 2004, 07:25:11 PM »

quote:
Originally posted by benditup

Just a recommendation
I would stop this process in your task manager
P2P Networking.exe

Enter your Add/Remove programs via control panel and uninstall it.....



I don't use Kazaa anymore, but I do use Bit Torrent and FTP to download lossless audio files.  Will these programs still work if I get rid of the P2P networking in my task manager?
« Last Edit: May 19, 2004, 07:27:03 PM by deg » Logged

 
Pages: [1] 2  All Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page September 02, 2018, 08:43:15 PM