Dementia: System CPU overusage

Question

Dementia 0 Newbie Poster

20 Years Ago

I would be downloading and running Ad-Aware and Spybots Search & Destroy, two of the best malware/spyware scanning programs out there. Just do the web update to get current reference first.

I downloaded both of these, and though they did show up a bunch a spyware.... that was not the problem. I THINK that WSup.exe was a virus of some kind (that may have taken over the other program), and when I deleted it and the other program that 'didn't look right' (they were labeled as .exe files but 'looked' like i.e. pages) WToolsA.exe (still don't know if that was supposed to be there or not) the problem went away. Now, we are having a couple of problems now, but it's more of a I click on a link and it doesn't open a new window like it used to. I don't know if this is because of what I deleted or if I still have some setting wrong.

And, and just for any one actually keeping track, I am aware of what normal CPU usage is like, and what I saw WAS NOT normal CPU usage; one, normal usage DOES NOT jump around (the way it seemed to be doing here) and two, as soon as I even deactivated those particular programs, the CPU usage went back to normal levels. I may not be totally techie, but I know a thing or two, and what ever the problem was, it was definately not normal computer behaviour. Any one with any idea on the links not being clickable and going through, I would appreciate help....bf is getting a bit p'o'd :evil: that he can't click through on some of his porn sites. (Oh, & just in case anyone was wondering, yes, that picture is really me.) Thanks.

Bless & blessed be,
Dementia Armand

dementia@dementedmind.net

(My band)
http://www.deaddolls.us
(My record label)
http://www.dementedmind.net
(My electronics store)
http://www.electronicaemporia.com

windows-virus

2 Contributors
2 Replies
117 Views
6 Days Discussion Span
Latest Post 20 Years Ago Latest Post by Dementia

caperjack 875 I hate 20 Questions

20 Years Ago

Download 'Hijack This!'.HERE

Unzip (extract) it to a folder of its own.Like c:\HJT\hijackthis.exe , Then Doubleclick HijackThis.exe (in the new folder), and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, then Ctrl-A to Select All, and copy its contents here. for hijackthis,most of what it lists will be harmless or even essential, don't fix anything yet.

reboot computer and post a new hijackthis log

PS: I went to you web site ,you have more problems than spyware [you have no top for one of your outfits]!LOL :)

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Dementia 0 Newbie Poster · Answer 1 · 2004-06-19T06:41:37+00:00

;) Well, this is the Hijack this file......
did find a couple of other viruses the other day, though....
self-extracting cabinet kind of virus.
Sorry, forgot to write down the name...
though so far I think most of the viruses that have come in have been variations of various Trojans....

Hijack this log:

Logfile of HijackThis v1.97.7
Scan saved at 7:37:38 PM, on 6/18/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\System32\msdtc.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\ssoftsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\NetZero\exec.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Cryptainer LE\cryptainerle.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Program Files\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;64.136.29.34; searchap.untd.com;127.0.0.1;localhost; *windowsupdate.microsoft.com;*windowsupdate.com; *wustat.windows.com;*.nyc.office.juno.com;*.corp.netzero.net; *.kbb.com;*.flipdog.com;*.pogo.com; *test-speed.com;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Dominis\Application Data\Mozilla\Profiles\default\d4uhq8vk.slt\prefs.js)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: (no name) - {9B7AA30F-8FEF-4896-8DA0-D858AE072976} - c:\windows\system32\adwarepopupstopper.dll (file missing)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\hcm.exe" -w
O4 - HKCU\..\RunOnce: [untd_recovery] C:\Program Files\NetZero\qsacc\x1exec.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1085260574250
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/294130595c435cbd6216/netzip/RdxIE601.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} -
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} -
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.paltalk.com/download/0.x/regdload.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7385972F-937A-4C14-BA57-1ECBAD402365}: NameServer = 64.136.28.120 64.136.28.133

If anything here looks wrong, please feel free to bother me again LOL
(and yes, I do know not to run 2 anti-virus programs at the same time, one or the other is always turned off)
Oh and in response to:
(PS: I went to you web site ,you have more problems than spyware [you have no top for one of your outfits]!LOL)
That was supposed to be that way. A stylized version of that picture is also on the back cover of my album. If you order one from my site, you can see for yourself. {Wink wink} Thanks, doll.