-
November 15th, 2003, 12:25 AM
#1
Computer support
Hello , I am seeking for some support on my computer problems , hope I came to the right place.
Well heres my problem, my comp seems to be freezing often and going very slow. Its been like this for about 2-3 weeks. Sometimes I am trying to open a
program and no matter how many times I click on it it wont open, then when I view my Processes running and it shows the program I was trying to open under there and it wouldn't let me open the program till I ended the process. But it would take like 5 minutes for the process to end....and also i'm having some trouble with my kazaa-lite. First of all when I open it and view my "Traffic" it lists each thing i'm downloading very slowly. Also when ever I switch users for the day and come back , my kazaa-lite is minimized and It wont seem to maximize so I have to close it which takes like 5 minutes. Sometimes when i'm switching users for instance when I am getting off my sisters name and going back to mine it sometimes freezes in the procise. I still have alot of space left
and can't seem to find any viruses, I have recently been infected with the cmd32.exe virus and other viruses, but i'm pretty sure I got rid of all of them.
Heres my hijackthis log incase this might help:
Logfile of HijackThis v1.97.5
Scan saved at 11:47:33 PM, on 11/14/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Trend Micro\PC-cillin 2003\Tmntsrv.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\Zone Labs\ZoneAlarm\zapro.exe
C:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Screenshot Utility\ScreenshotUtility.exe
C:\Program Files\Trend Micro\PC-cillin 2003\tmproxy.exe
C:\WINDOWS\System32\mdm.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://store.presario.net/scripts/re...c=1c02&lc=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/yessen...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/re...c=1c02&lc=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/yessen.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\ycomp5_1_6_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\ycomp5_1_6_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\Zone Labs\ZoneAlarm\zapro.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe"
O4 - HKLM\..\RunServices: [CMD] cmd32.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Startup: Screenshot Utility.lnk = C:\Program Files\Screenshot Utility\ScreenshotUtility.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: Yahoo! Login (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Advisor (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
------------------------------------------------------------------------
Well if anyone can help please do. Also I didn't post all my problems so i'll post them once I remember them.
-Thanks
-
November 15th, 2003, 04:48 AM
#2
Welcome to windrivers!
That's a pile of info, but what's the operating system and computer specs, machine age? I'm guessing OK, but if you're trying to run that lot on a 133 with 16mb ram....
Plus, kazaa........ I'm always wary of this, and you have other freeware programs running. You should look at integrating your security better, probably with some paid for stuff if you can. I know a lot of people here like zone alarm lite (I'm guessing your is) which is free.
I'm sure others here will want to help...
-
November 15th, 2003, 06:23 AM
#3
Registered User
OK Crsytal ball,crystal ball what system do they have............
Its a Compaq possibly a Presario and they may reside in the UK.........
Just messin
Like lowland stated a bit more information on the hardware would help but at a long shot I would suggest it is memory related.
Last edited by Archer; November 15th, 2003 at 06:26 AM.
-
November 15th, 2003, 08:35 AM
#4
Driver Terrier
Well I can deduce s/he is running XP, has an nvidea graphics card, soundmax compaq sound and a conexant modem.
using my intuition I think mdm.exe is the problem
It doesn't need to be running.... but it is usually associated with office rather than works.
Failing that, we are going to need hardware specs, specifically the presario model number, ram, free space on the hard drive and whether you are on broadband or dialup.
Never, ever approach a computer saying or even thinking "I will just do this quickly."
-
November 15th, 2003, 10:35 AM
#5
Banned
Good Crystal Ball Archer, and good intuit NooNoo.
Also, NooNoo, he/she has Works (especially in the case of Compuke)which would include Word and hence be a "mini" Office.
What bugs me (no not debug) is the fact you have many recent "issues" with viruses and probably spyware/malware.
Ever run Spybot issues?
-
November 15th, 2003, 01:55 PM
#6
Microsoft Windows XP
Home Edition
Version 2002
Compaq Presario
AMD Athlon(tm)XP 1600+
1.40Ghz
224 MB of RAM
11.3 GB of free space
and also i'm using Broadband
-
November 15th, 2003, 02:14 PM
#7
Registered User
" - HKLM\..\RunServices: [CMD] cmd32.exe "
how are you checking for viruses? Here are trend micro's list for the kwbot worm:
To enable its automatic execution on every Windows startup, it creates either of the two following sets of autorun registry entries, depending on the file name of its dropped copy:
SET 1 (for the dropped file, system32.exe):
HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Runonce
SystemSAS = "system32.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\Run
SystemSAS = "system32.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\RunServices
SystemSAS = "system32.exe"
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\
CurrentVersion\Runonce
SystemSAS = "system32.exe"
SET 2 (for the dropped file, cmd32.exe):
HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Runonce
CMD = "cmd32.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\Run
CMD = "cmd32.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\RunServices
CMD = "cmd32.exe"
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\
CurrentVersion\Runonce
CMD = "cmd32.exe"
-
November 15th, 2003, 03:49 PM
#8
Driver Terrier
heheh missed that, good call geo.
Never, ever approach a computer saying or even thinking "I will just do this quickly."
-
November 15th, 2003, 06:18 PM
#9
How do I get rid of those in the regedit?
-
November 15th, 2003, 08:33 PM
#10
Banned
Originally Posted by geoscomp
" - HKLM\..\RunServices: [CMD] cmd32.exe "
how are you checking for viruses? Here are trend micro's list for the kwbot worm:
To enable its automatic execution on every Windows startup, it creates either of the two following sets of autorun registry entries, depending on the file name of its dropped copy:
SET 1 (for the dropped file, system32.exe):
HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Runonce
SystemSAS = "system32.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\Run
SystemSAS = "system32.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\RunServices
SystemSAS = "system32.exe"
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\
CurrentVersion\Runonce
SystemSAS = "system32.exe"
SET 2 (for the dropped file, cmd32.exe):
HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Runonce
CMD = "cmd32.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\Run
CMD = "cmd32.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\RunServices
CMD = "cmd32.exe"
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\
CurrentVersion\Runonce
CMD = "cmd32.exe"
-
November 15th, 2003, 11:41 PM
#11
Well now that I fixed the cmd32.exe problem (I hope)
I'm trying to figure out how to fix my kazaa issues
because it keeps "Not Responding" and then after
I close it I look at processes and kazaalite.kpp is
still running and it takes a while to end it and it also
does that when I close it at the task bar and it wont
let me open kazaa again still kazaalite.kpp is closed.
Any help?
-
November 16th, 2003, 01:10 AM
#12
Driver Terrier
nope, not with kazaa. You load a virus superhighway on your machine, thats your problem.
Never, ever approach a computer saying or even thinking "I will just do this quickly."
-
November 16th, 2003, 05:25 AM
#13
Geezer
Originally Posted by NooNoo
nope, not with kazaa. You load a virus superhighway on your machine, thats your problem.
Well not to dispute that particular conclusion ... but errr ummm errr ... there's a whole lots of 'spurious' processes floating about there, which will suck the life out of your cpu ... just what apps loaded what & why probably will remain a mystery, but I'd suggest 'slimming' them down would help muchly !!
Mdm.exe though not a virus is 'spurious' - its a part of office, it is this - The Machine Debug Manager is used for Debugging Applications and is Installed by the Microsoft Script Editor which is included in Microsoft Office
& some more 'spurious' performance degraders ... 'OSA9.EXE' m$ 'findfast' feature, again an office 'app' & a real resource hog - ho-ho-ho !
& I could keep typing for a long time !
The bottom line is stop installing loads of 'stuff' without realising what effect they have !
You might be much quicker with a format & re-install, than try & untangle this 'mess'
-
November 17th, 2003, 10:48 AM
#14
Registered User
latetly I have fixed many problem by running SPYBOT. To remove malware and other abusive stuff.
Coffee flows in my veins...
-
November 17th, 2003, 03:42 PM
#15
Registered User
Originally Posted by NooNoo
nope, not with kazaa. You load a virus superhighway on your machine, thats your problem.
No doubt! It's like painting a big red X on your but during gay pride week. ...man, I could take this joke so much farther.
Deliver me from Swedish furniture!
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Bookmarks