CMD Slowing machine

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I am running XP home edition with SP2. The cmd.exe is running 5-6 processes
in the task manager which is using 100% ofthe CPU - slowing the machine down.
I have run a full system virus check (norton), also spyware (spybot, ad aware
and spyblaster). I also ran hijackthis, here are the reults:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Advanced System Optimizer\adblock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Norton AntiVirus\OPScan.exe
D:\temp\Computer\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.tesco.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.tesco.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
F0 - system.ini: Shell=Explorer.exe winsock.scr
F2 - REG:system.ini: Shell=Explorer.exe winsock.scr
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program
Files\Yahoo!\common\ycomp5_2_3_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program Files\Yahoo!\common\ycomp5_2_3_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program
Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dxset.exe] C:\WINDOWS\dxsetu.exe
O4 - HKCU\..\Run: [Systweak Ad and Popup Blocker] "C:\Program Files\Advanced
System Optimizer\adblock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research (HKLM)
O12 - Plugin for .mp3: C:\Program Files\Internet
Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tesco.net
O16 - DPF: NTLSignup - https://register.tesco.net/tesco/NTLSignup.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX
Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) -
http://download.yahoo.com/dl/installs/bt/yregucfg.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update
Installation Engine) -
http://office.microsoft.com/officeupdate/c...ontent/opuc.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) -
https://webresponse.one.microsoft.com/OAS/A...iveX/winrep.cab
O16 - DPF: {567A0EA2-5C76-497C-B95A-471944A1C843} (olConfig.onelogConfig) -
http://webrouter.hud.ac.uk/downloads/files/olBrow.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -
http://v4.windowsupdate.microsoft.com/CAB/...8043.2035648148
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) -
http://www.microsoft.com/security/controls.../20/SassCln.CAB
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) -
http://register.btinternet.com/templates/b...bcontrol023.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{E94222E0-078C-4CB5-A855-7D596302C61E}:
NameServer = 194.168.4.100 194.168.8.100

Any further help will be gratefully received.
Thanks
 
Boenerge said:
I am running XP home edition with SP2. The cmd.exe is running 5-6 processes
in the task manager which is using 100% ofthe CPU - slowing the machine down.
I have run a full system virus check (norton), also spyware (spybot, ad aware
and spyblaster). I also ran hijackthis, here are the reults:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Advanced System Optimizer\adblock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Norton AntiVirus\OPScan.exe
D:\temp\Computer\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.tesco.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.tesco.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
F0 - system.ini: Shell=Explorer.exe winsock.scr
F2 - REG:system.ini: Shell=Explorer.exe winsock.scr
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program
Files\Yahoo!\common\ycomp5_2_3_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program Files\Yahoo!\common\ycomp5_2_3_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program
Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dxset.exe] C:\WINDOWS\dxsetu.exe
O4 - HKCU\..\Run: [Systweak Ad and Popup Blocker] "C:\Program Files\Advanced
System Optimizer\adblock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research (HKLM)
O12 - Plugin for .mp3: C:\Program Files\Internet
Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tesco.net
O16 - DPF: NTLSignup - https://register.tesco.net/tesco/NTLSignup.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX
Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) -
http://download.yahoo.com/dl/installs/bt/yregucfg.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update
Installation Engine) -
http://office.microsoft.com/officeupdate/c...ontent/opuc.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) -
https://webresponse.one.microsoft.com/OAS/A...iveX/winrep.cab
O16 - DPF: {567A0EA2-5C76-497C-B95A-471944A1C843} (olConfig.onelogConfig) -
http://webrouter.hud.ac.uk/downloads/files/olBrow.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -
http://v4.windowsupdate.microsoft.com/CAB/...8043.2035648148
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) -
http://www.microsoft.com/security/controls.../20/SassCln.CAB
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) -
http://register.btinternet.com/templates/b...bcontrol023.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{E94222E0-078C-4CB5-A855-7D596302C61E}:
NameServer = 194.168.4.100 194.168.8.100

Any further help will be gratefully received.
Thanks
Click to expand...

Hi Boenerge!!
Hm, i am amazed that there is cmd runnin in da task manager??izzit in da
background or foreground? is this matter juz happened or it had been happenin
long time ago since you start using?? well, some viruses use stealth status
that it cant be detected by almost all anti-viruses program. Also some
viruses injects itself into other application and it is dificult for
anti-virus software to scan. So all you gotta do is to investigate this
virus. Try ending task at task manager one by one and try your machine. then
if u get the correct name for the virus, try to search that file and delete
it in 'safe mode'. ( only delete application that u suspect there is virus).
From the list you showed, i can name you some of adware/spyware you have got.
well, hope it helps. Byezzz!!!~~~
 
Hi Boenerge!!
Hm, i am amazed that there is cmd runnin in da task manager??izzit in da
background or foreground? is this matter juz happened or it had been happenin
long time ago since you start using?? well, some viruses use stealth status
that it cant be detected by almost all anti-viruses program. Also some
viruses injects itself into other application and it is dificult for
anti-virus software to scan. So all you gotta do is to investigate this
virus. Try ending task at task manager one by one and try your machine. then
if u get the correct name for the virus, try to search that file and delete
it in 'safe mode'. ( only delete application that u suspect there is virus).
From the list you showed, i can name you some of adware/spyware you have got.
well, hope it helps. Byezzz!!!~~~
Click to expand...

Thanks Taipan 541,
It is running in the background. If I close CMD the machine works fine. I
have tried the norton's virus scanner, Ad Aware and spybot and all come up
clean. How can I get the name for the virus?
Boenerge
 
taipan541 said:
Boenerge said:
I am running XP home edition with SP2. The cmd.exe is running 5-6 processes
in the task manager which is using 100% ofthe CPU - slowing the machine down.
I have run a full system virus check (norton), also spyware (spybot, ad aware
and spyblaster). I also ran hijackthis, here are the reults:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Advanced System Optimizer\adblock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Norton AntiVirus\OPScan.exe
D:\temp\Computer\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.tesco.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.tesco.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
F0 - system.ini: Shell=Explorer.exe winsock.scr
F2 - REG:system.ini: Shell=Explorer.exe winsock.scr
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program
Files\Yahoo!\common\ycomp5_2_3_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program Files\Yahoo!\common\ycomp5_2_3_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program
Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dxset.exe] C:\WINDOWS\dxsetu.exe
O4 - HKCU\..\Run: [Systweak Ad and Popup Blocker] "C:\Program Files\Advanced
System Optimizer\adblock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research (HKLM)
O12 - Plugin for .mp3: C:\Program Files\Internet
Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tesco.net
O16 - DPF: NTLSignup - https://register.tesco.net/tesco/NTLSignup.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX
Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) -
http://download.yahoo.com/dl/installs/bt/yregucfg.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update
Installation Engine) -
http://office.microsoft.com/officeupdate/c...ontent/opuc.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) -
https://webresponse.one.microsoft.com/OAS/A...iveX/winrep.cab
O16 - DPF: {567A0EA2-5C76-497C-B95A-471944A1C843} (olConfig.onelogConfig) -
http://webrouter.hud.ac.uk/downloads/files/olBrow.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -
http://v4.windowsupdate.microsoft.com/CAB/...8043.2035648148
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) -
http://www.microsoft.com/security/controls.../20/SassCln.CAB
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) -
http://register.btinternet.com/templates/b...bcontrol023.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{E94222E0-078C-4CB5-A855-7D596302C61E}:
NameServer = 194.168.4.100 194.168.8.100

Any further help will be gratefully received.
Thanks
Click to expand...

Hi Boenerge!!
Hm, i am amazed that there is cmd runnin in da task manager??izzit in da
background or foreground? is this matter juz happened or it had been happenin
long time ago since you start using?? well, some viruses use stealth status
that it cant be detected by almost all anti-viruses program. Also some
viruses injects itself into other application and it is dificult for
anti-virus software to scan. So all you gotta do is to investigate this
virus. Try ending task at task manager one by one and try your machine. then
if u get the correct name for the virus, try to search that file and delete
it in 'safe mode'. ( only delete application that u suspect there is virus).
From the list you showed, i can name you some of adware/spyware you have got.
well, hope it helps. Byezzz!!!~~~
Click to expand...

Taipan 541 I forgot, could you name the adware and spyware and how to get
rid of it.
Thanks
Boenerge
 
Boenerge said:
I am running XP home edition with SP2. The cmd.exe is running 5-6 processes
in the task manager which is using 100% ofthe CPU - slowing the machine down.
I have run a full system virus check (norton), also spyware (spybot, ad aware
and spyblaster). I also ran hijackthis, here are the reults:
Click to expand...

Something in the startup must have run Cmd.exe (the command prompt
interpreter) to load and run a DOS program. Look in the MSConfig.exe
startup page
 
Thanks Alex

Alex Nichol said:
Something in the startup must have run Cmd.exe (the command prompt
interpreter) to load and run a DOS program. Look in the MSConfig.exe
startup page
Click to expand...
 
Back
Top