DaniWeb IT Discussion Community

DaniWeb IT Discussion Community (http://www.daniweb.com/forums/index.php)
-   Viruses, Spyware and other Nasties (http://www.daniweb.com/forums/forum64.html)
-   -   100% cpu usage - spyware problem (http://www.daniweb.com/forums/thread23080.html)

twoc May 5th, 2005 12:48 am
100% cpu usage - spyware problem
 
hi! any help given is much much appreciated. i really need to get some work done and my pc is running extremely slow. i've run panda scan, trendmicro, adaware, spybot, stinger, cwshredder, avg!!!

here is my hijack this log:

thanks in advance!!
twoc

Logfile of HijackThis v1.99.1
Scan saved at 10:28:50 PM, on 03/05/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
e:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
e:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\mysql\bin\mysqld-nt.exe
C:\WINNT\System32\nvsvc32.exe
C:\PROGRA~1\Bell\ACCESS~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
E:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINNT\System32\RUNDLL32.EXE
E:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINNT\MXOALDR.EXE
E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
E:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINNT\DvzCommon\DvzMsgr.exe
C:\Program Files\Exif Launcher\QuickDCF.exe
C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
E:\program files\cwshredder\SpySub.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\WINNT\System32\wuauclt.exe
E:\program files\firefox\firefox.exe
E:\program files\hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.simplysoap.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sympatico.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.ca
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>
R3 - URLSearchHook: HyperSearchHook - {C69D0BFE-3584-447B-BB42-ADADECD323C0} - C:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - e:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CWebDirObj Object - {C003C49F-53E4-4A72-B7D6-0B2B9997392F} - C:\WINNT\webdir.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [MaxtorOneTouch] E:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINNT\MXOALDR.EXE
O4 - HKLM\..\Run: [AVG7_CC] e:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] e:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] e:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DataViz Messenger.lnk = C:\WINNT\DvzCommon\DvzMsgr.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk.disabled
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\Exif Launcher\QuickDCF.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: NetAssistant.lnk.disabled
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: QuickBooks Update Agent.lnk.disabled
O4 - Global Startup: SpySubtract.lnk = E:\program files\cwshredder\SpySub.exe
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sympatico.ca
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: Apache2 - Unknown owner - C:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - e:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - e:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\Bell\ACCESS~1\app\pppoeservice.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - E:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - E:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe

DMR May 5th, 2005 4:09 pm
Re: 100% cpu usage - spyware problem
 
Your log is pretty clean; just a couple of small nasties to fix. Put a check next to the following items and then click the "Fix checked" button:

R3 - URLSearchHook: HyperSearchHook - {C69D0BFE-3584-447B-BB42-ADADECD323C0} - C:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll (file missing)
O2 - BHO: CWebDirObj Object - {C003C49F-53E4-4A72-B7D6-0B2B9997392F} - C:\WINNT\webdir.dll


More than anything, your log indicates that you've a got fair amount of programs and processes fired up, including a web server and a MySQL database. It's possible that you're just overtaxing the system.

If you open Windows Task Manager and monitor the CPU and memory usage of the running processes, can you determine which of them is hogging your resources?

twoc May 5th, 2005 4:20 pm
Re: 100% cpu usage - spyware problem
 
Thanks DMR.

I've deleted the 2 entries you indicated.

I have
spySub.exe
WPC54CFG.exe
svchost.exe
vsmon.exe
avgcc.exe
odhost.exe

using the most resources.

I've been using the webserver/sql server for development for quite a while - but only had the slow down very recently. the only new things i installed were the s/w for cleaning the computer.

i've tried to kill some of the processes but it says i don't have access.

any ideas?

DMR May 5th, 2005 5:16 pm
Re: 100% cpu usage - spyware problem
 
Well, there's nothing suspicious about the processes you listed. They're necessary components of your Wireless software and your anti-virus/anti-spyware applications, and unfortunatley there are all known to be a bit on the resource-intensive side.

In terms of the "access denied" error, you will get that when you try to use Task Manager to kill certain running processes. In those instances you should use whatever Exit/Shut Down/etc. option is built into the programs, or turn off the option to automatically run the programs at Windows start-up and then reboot.

In general though, I can't think of anything that would be the obvious cause for the resource drain. Your best bet is probably to experiment with disabling/shutting things down one at a time to see if you can narrow down the possibile suspects.

twoc May 5th, 2005 5:35 pm
Re: 100% cpu usage - spyware problem
 
Thanks for all your help DMR. I will experiment with shutting down some of these apps.

have a great day!
twoc

DMR May 5th, 2005 5:45 pm
Re: 100% cpu usage - spyware problem
 
You're welcome. Let us know if you find a solution.


All times are GMT -4. The time now is 4:57 pm.

Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC