Member Avatar for ravengal_420

Hey everyone I am having some problems with my computer... whenever i try to watch something on winamp or play any music the audio comes out with *pause play pause play* effect... but it only seems to do it when my cpu spikes up to 10% or higher... also when i am in my task manager looking at the processes, the cpu will not match up to what is working (example: there are 4 processes running at 5%, but yet my cpu will be at like 45% :-| ) its like something else is taking up my cpu that isnt coming up on my task manager... anyways, heres my hijacklog... i wasnt sure if this would help or not... THANK YOU IN ADVANCE!!! ;)

Logfile of HijackThis v1.99.1
Scan saved at 1:22:40 AM, on 5/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ana\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mchsi.com/belleplaine
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebSWK.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_4us.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

  • 2 Contributors
  • 9 Replies
  • 331 Views
  • 2 Weeks Discussion Span
  • Latest Post Latest Post by DMR

Recommended Answers

All 9 Replies

Member Avatar for DMR

Your log is actually very clean; there are no signs of malicious activity there at all.

While a clean HJT log does not necessarilly mean that your system is totally clean, there are plenty of non-malicious reasons for abnormal CPU usage. However, if you'd like to examine your system further before ruling out the possibility of infections, do the following:

- Download and run these detection and removal tools; let them fix anything they find:

Ad Aware SE Personal
SpyBot Search & Destroy
Microsoft AntiSpyware beta


- Run a few of these free online virus/spyware scans:

http://housecall.trendmicro.com/
http://www.kaspersky.com/scanforvirus.html
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
http://www.ravantivirus.com/scan/
http://www.bitdefender.com/scan/licence.php

Member Avatar for ravengal_420

Thanks DMR... well i have spybot and adaware and they didnt find anything... the only thing that did find junk on my computer was Panda... heres what it found:
Adware-KeenValue C:\WINDOWS\system32\drivers\etc\hosts.bho
Adware-SAHAgent C:\WINDOWS\system32\SHAgentNew.dll
Adware-IPInsight C:\WINDOWS\inf\consorr.inf
Adware-NavHelper C:\Program Files\ Ares (P2P Program)
Adware-ILookup C:\WINDOWS\ILookup
Adware-Blazefind Windows Registry
Spyware-LocalNRD C:\WINDOWS\inf\localNRD.inf
Adware-WUpd C:\Doc.andSet\Ana\Application Data\Business Logic\UWC\Backup\...
Adware-IPInsight C:\WINDOWS\inf\conscorr.inf
Spyware-LocalNRD C:\WINDOWS\inf\localNrd.inf
Adware-KeenValue C:\WINDOWS\system32\drivers\etc\hosts.bho
Adware-SAHAgent C:\WINDOWS\system32\SHAgentNew.dll

Should I go into my computer and find this stuff? Its weird bc even when my screensaver is up it starts and stops too lol TY :)

Member Avatar for DMR

Those files are definitely components of malious infections, but it looks like they're only "leftovers" for the most part. If they were active, we'd see plenty of evidence of them in your HJT log.

1. Delete these files:

C:\WINDOWS\system32\drivers\etc\hosts.bho
C:\WINDOWS\system32\SHAgentNew.dll
C:\WINDOWS\inf\consorr.inf
C:\WINDOWS\inf\localNRD.inf

2. Delete these folders entirely:

C:\WINDOWS\ILookup
C:\Documents and Settings\Ana\Application Data\Business Logic

3. It's your decision to keep or uninstall the Ares program, but since filesharing is a great way to get yourself infected with malware, I'd suggest dumping it.

Member Avatar for ravengal_420

aight :) i deleted all that junk... thanks a lot dmr... i have another question... i have been having problems with my D: drive also... I would just post another thread for it but it seems to be tied with this problem... my D: drive has been disappearing on me lately... it will pop up and disappear whenever it wants to... and it seems that whenever it disappears i dont have a skipping problem.. but when it starts to skip i go to my computer and there it is! is there a way to scan my computer to bring it back up cuz its a pain in the butt not havin it up even tho my computer is acting dumb. When it is gone I cant get anything to play on my D: drive bc my auto-run wont work either... Let me know what you think... Thanks a bunch!

Member Avatar for DMR

I have to log off shortly, but let me ask a few quick questions to start with:

A "skipping" problem?

- Do you mean that the D drive contains music that skips when you're palying it?

- If so, in which program does this happen?

- When you say that the D drive "disappears", where exactly does it disappear from? Do you mean that it is no longer visible in your WIndows Explorer window?

Member Avatar for ravengal_420

The skipping problem is what I have been trying to fix... Its when any sort of music is playing and it will go *audio pause audio pause* When I say my D drive disappears I mean I will go to My Computer and my D drive does not show up. I havent had a problem with this before but I have had a problem with my auto run... and because I dont have auto run on my D drive when it disappears from My Computer I cant play anything because auto-run doesnt start the CD automatically. Sorry if this is confusing... Im confused as hell too lol...

Member Avatar for DMR

Sorry for the redundant questions about the drive. I was responding to three other threads when I posted here, and got your post confuzzled with one of the others I was working on...

Drive drop-offs are often hardware-related, and could even be a sign that the drive is failing. You might want to back up the music files on the drive if they're important to you.

Some software things you can check:

1. Right-click on the My Computer icon and choose the Manage option. In the window that opens, click on Disk Management and see what the system has to report about the D drive. Check the drive's status both when it's behaving normally, and when it has dropped off line.

2. Right-click on the D drive in Disk Manager, choose Properties, and click the Tools tab in the Properties window. Run the Error Checking and Defragment tools.

3. Open the Event Viewer utitlity in your Administrative Tools control panel. Look through the System and Application log files for any error or warning messages that might be related to the drive. Double-clicking any of the messages will open a window with more details; post the full and exact contents of that window for any messages you see that might relate to the problem.


4. Hardware issues to check:

- The data cable between the drive and computer's motherboard can become loose or even damaged. Disconnect and reconnect the cable, making sure that it is seated firmly and correctly.

- Replace the cable with a new one.

- Check the Master/Slave/Cable Select jumper on the drive; make sure it is set properly.

- PCs have two "channels" to which drives can be connected. Connect the D drive to the ribbon cable that goes to the other channel, making sure that the Master/Slave jumper is set according to the drive's position on the channel.

Member Avatar for ravengal_420

hey dmr sorry it took me so long to write back but my d drive has not come back up at all... but i will have a friend take a look at it and see what he can do... thanks a lot for your help!!! :)

Member Avatar for DMR

OK- keep us posted; let us know what you find...

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.