Computer support [Archive] - WinDrivers Computer Tech Support Forums

Click to See Complete Forum and Search --> : Computer support

issues

November 15th, 2003, 12:25 AM

Hello , I am seeking for some support on my computer problems , hope I came to the right place. :p

Well heres my problem, my comp seems to be freezing often and going very slow. Its been like this for about 2-3 weeks. Sometimes I am trying to open a
program and no matter how many times I click on it it wont open, then when I view my Processes running and it shows the program I was trying to open under there and it wouldn't let me open the program till I ended the process. But it would take like 5 minutes for the process to end....and also i'm having some trouble with my kazaa-lite. First of all when I open it and view my "Traffic" it lists each thing i'm downloading very slowly. Also when ever I switch users for the day and come back , my kazaa-lite is minimized and It wont seem to maximize so I have to close it which takes like 5 minutes. Sometimes when i'm switching users for instance when I am getting off my sisters name and going back to mine it sometimes freezes in the procise. I still have alot of space left
and can't seem to find any viruses, I have recently been infected with the cmd32.exe virus and other viruses, but i'm pretty sure I got rid of all of them.

Heres my hijackthis log incase this might help:

Logfile of HijackThis v1.97.5
Scan saved at 11:47:33 PM, on 11/14/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Trend Micro\PC-cillin 2003\Tmntsrv.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\Zone Labs\ZoneAlarm\zapro.exe
C:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Screenshot Utility\ScreenshotUtility.exe
C:\Program Files\Trend Micro\PC-cillin 2003\tmproxy.exe
C:\WINDOWS\System32\mdm.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/yessentials_cq/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/yessentials_cq/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\ycomp5_1_6_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\ycomp5_1_6_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\Zone Labs\ZoneAlarm\zapro.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe"
O4 - HKLM\..\RunServices: [CMD] cmd32.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Startup: Screenshot Utility.lnk = C:\Program Files\Screenshot Utility\ScreenshotUtility.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: Yahoo! Login (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Advisor (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

------------------------------------------------------------------------

Well if anyone can help please do. Also I didn't post all my problems so i'll post them once I remember them.

-Thanks

Lowland

November 15th, 2003, 04:48 AM

Welcome to windrivers!

That's a pile of info, but what's the operating system and computer specs, machine age? I'm guessing OK, but if you're trying to run that lot on a 133 with 16mb ram....

Plus, kazaa........ I'm always wary of this, and you have other freeware programs running. You should look at integrating your security better, probably with some paid for stuff if you can. I know a lot of people here like zone alarm lite (I'm guessing your is) which is free.

I'm sure others here will want to help...

Archer

November 15th, 2003, 06:23 AM

OK Crsytal ball,crystal ball what system do they have............

Its a Compaq possibly a Presario and they may reside in the UK.........

Just messin ;) :D
Like lowland stated a bit more information on the hardware would help but at a long shot I would suggest it is memory related.

NooNoo

November 15th, 2003, 08:35 AM

Well I can deduce s/he is running XP, has an nvidea graphics card, soundmax compaq sound and a conexant modem. :)

using my intuition I think mdm.exe is the problem (http://support.microsoft.com/default.aspx?scid=kb;en-us;321410)

It doesn't need to be running.... but it is usually associated with office rather than works.

Failing that, we are going to need hardware specs, specifically the presario model number, ram, free space on the hard drive and whether you are on broadband or dialup.

TripleRLtd

November 15th, 2003, 10:35 AM

Good Crystal Ball Archer, and good intuit NooNoo.http://forums.windrivers.com/images/smilies/smile.gif
Also, NooNoo, he/she has Works (especially in the case of Compuke)which would include Word and hence be a "mini" Office.
What bugs me (no not debug) is the fact you have many recent "issues" with viruses and probably spyware/malware.
Ever run Spybot issues?

issues

November 15th, 2003, 01:55 PM

Microsoft Windows XP
Home Edition
Version 2002

Compaq Presario
AMD Athlon(tm)XP 1600+
1.40Ghz
224 MB of RAM

11.3 GB of free space
and also i'm using Broadband

geoscomp

November 15th, 2003, 02:14 PM

" - HKLM\..\RunServices: [CMD] cmd32.exe "

how are you checking for viruses? Here are trend micro's list for the kwbot worm:

To enable its automatic execution on every Windows startup, it creates either of the two following sets of autorun registry entries, depending on the file name of its dropped copy:

SET 1 (for the dropped file, system32.exe):

HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Runonce
SystemSAS = "system32.exe"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\Run
SystemSAS = "system32.exe"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\RunServices
SystemSAS = "system32.exe"

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\
CurrentVersion\Runonce
SystemSAS = "system32.exe"

SET 2 (for the dropped file, cmd32.exe):

HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Runonce
CMD = "cmd32.exe"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\Run
CMD = "cmd32.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\RunServices
CMD = "cmd32.exe"

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\
CurrentVersion\Runonce
CMD = "cmd32.exe"

NooNoo

November 15th, 2003, 03:49 PM

heheh missed that, good call geo.

issues

November 15th, 2003, 06:18 PM

How do I get rid of those in the regedit?

TripleRLtd

November 15th, 2003, 08:33 PM

issues

November 15th, 2003, 11:41 PM

Well now that I fixed the cmd32.exe problem (I hope)

I'm trying to figure out how to fix my kazaa issues
because it keeps "Not Responding" and then after
I close it I look at processes and kazaalite.kpp is
still running and it takes a while to end it and it also
does that when I close it at the task bar and it wont
let me open kazaa again still kazaalite.kpp is closed.

Any help?

NooNoo

November 16th, 2003, 01:10 AM

nope, not with kazaa. You load a virus superhighway on your machine, thats your problem.

confus-ed

November 16th, 2003, 05:25 AM

nope, not with kazaa. You load a virus superhighway on your machine, thats your problem.

Well not to dispute that particular conclusion ;) ... but errr ummm errr ... there's a whole lots of 'spurious' processes floating about there, which will suck the life out of your cpu ... just what apps loaded what & why probably will remain a mystery, but I'd suggest 'slimming' them down would help muchly !!

Mdm.exe though not a virus is 'spurious' - its a part of office, it is this - The Machine Debug Manager is used for Debugging Applications and is Installed by the Microsoft Script Editor which is included in Microsoft Office (http://www.liutilities.com/products/wintaskspro/processlibrary/mdm/)

& some more 'spurious' performance degraders ... 'OSA9.EXE' m$ 'findfast' feature, again an office 'app' & a real resource hog - ho-ho-ho !

& I could keep typing for a long time ! :rolleyes:

The bottom line is stop installing loads of 'stuff' without realising what effect they have !

You might be much quicker with a format & re-install, than try & untangle this 'mess' ;)

Visgothy

November 17th, 2003, 10:48 AM

latetly I have fixed many problem by running SPYBOT. To remove malware and other abusive stuff.

silencio

November 17th, 2003, 03:42 PM

nope, not with kazaa. You load a virus superhighway on your machine, thats your problem.
No doubt! It's like painting a big red X on your but during gay pride week. ...man, I could take this joke so much farther.