|
| | | New Member
Group: Forum Members
Last Login: 1/25/2008 1:02 PM
Posts: 8, Visits: 13 |
| hey guys my computer has been in a mess for the past whole month & it has gone bad again.let me tell you how eaxctly it is behaving::
1.now the cpu usage does go upto 100% but it doesnt happen as soon as the desktop apperas.it remains normal for a few minutes & then suddenly shoots upto 100%.
2.when the cpu usage has gone upto 100% & i try to restart computer then it just remains stuck on the "Windows is shutting down" screen & i have to manually restart it & even on restarting it reaches only as far as the windowws xp screen(with the blue bar running across the screen) & then shuts down.now if i try to start it again then it would again reach that win xp screen & shuts down.also the beep i hear when the computer starts up is a bit different from the usual one.if i got a beep normally then at these times i hear something like beeeeeeep.however if i start it after 5-10 mins then it does boot up but yeah the cpu usage does reach 100% after sometime again.
now i have reformatted the computer about 3-4 times each time deleting & formatting the partition where win xp was installed.i have run all the softwares mentioned by you & a dozen others like norton antivirus,avg,tuneup utilities,spyware doctor & regcure but no success whatsoever.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:11:34 PM, on 1/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sify Broadband\BBClient.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Sify Broadband\BBImpSec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sify.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://jhalak.sify.com/index.php?from=bb?userid=32514&check=9ec1c5eaebf22e49
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{51825100-764F-4142-8153-B35B1B08671C}: NameServer = 202.144.50.4,202.144.66.6
O17 - HKLM\System\CS1\Services\Tcpip\..\{51825100-764F-4142-8153-B35B1B08671C}: NameServer = 202.144.50.4,202.144.66.6
O17 - HKLM\System\CS2\Services\Tcpip\..\{51825100-764F-4142-8153-B35B1B08671C}: NameServer = 202.144.50.4,202.144.66.6
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
--
End of file - 2940 bytes
please help me!!!!!!!!!!!! |
| |
| | | 
Senior Forum Moderator
Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 28,842, Visits: 54,734 |
| Welcome
You're Hijackthis log looks clean,your issue more than likely is driver related.
Make sure you have all the latest drivers installed,specially video and sound.
Check on your motherboard manufacturers website for chipset driver/BIOS updates.
Click on Start/Run,type eventvwr then press Enter.
Check in the System and Application logs for errors,see if there are any clues as to whats happening.
Run the following anyway:
If you have previously downloaded ComboFix,please delete that version now.
Warning
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an expert,not for private use.
Using this tool incorrectly could render your system/pc inoperable.
Now download Combofix by sUBs and save to your desktop.
Alternative Combofix download link HERE.
Note
It is important that it is saved directly to your desktop
Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.
Do NOT post the ComboFix-quarantined-files.txt unless I ask.
Note
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.
________________________________________
ASAP & UNITE member since 2006
 
|
| |
| | | New Member
Group: Forum Members
Last Login: 1/25/2008 1:02 PM
Posts: 8, Visits: 13 |
| my combofix log!!!!!
ComboFix 08-01-23.2 - Administrator 2008-01-23 22:29:10.1 - [color=red]FAT32[/color]x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.445 [GMT 5.5:30]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.
((((((((((((((((((((((((( Files Created from 2007-12-23 to 2008-01-23 )))))))))))))))))))))))))))))))
.
2008-01-23 22:27 . 2000-08-31 08:0051,200--a------C:\WINDOWS\Nircmd.exe
2008-01-23 22:15 . 2008-01-23 22:15d--------C:\TC
2008-01-23 21:13 . 2008-01-23 21:13d--------C:\Program Files\VideoLAN
2008-01-23 14:52 . 2007-02-28 15:252,182,144---------C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-01-23 14:52 . 2007-02-28 15:232,137,600---------C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-01-23 14:52 . 2007-02-28 14:462,017,280---------C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-01-23 14:38 . 2008-01-23 14:38d--hs----C:\FOUND.003
2008-01-23 10:27 . 2008-01-23 10:27d--hs----C:\FOUND.002
2008-01-22 14:05 . 2008-01-22 14:05d--hs----C:\FOUND.001
2008-01-22 09:29 . 2008-01-22 09:29d--------C:\Program Files\MSXML 4.0
2008-01-21 18:05 . 2007-10-30 22:23360,832---------C:\WINDOWS\system32\dllcache\tcpip.sys
2008-01-20 02:46 . 2008-01-20 02:47d--------C:\Program Files\MSXML 6.0
2008-01-20 02:41 . 2005-06-28 10:2122,752--a------C:\WINDOWS\system32\spupdsvc.exe
2008-01-20 02:37 . 2008-01-20 02:37d--h-----C:\WINDOWS\$hf_mig$
2008-01-19 13:06 . 2008-01-19 13:0616--a------C:\WINDOWS\system\cmicnfg.ini
2008-01-18 23:54 . 2007-07-30 19:19271,224--a------C:\WINDOWS\system32\mucltui.dll
2008-01-18 23:54 . 2007-07-30 19:1834,136--a------C:\WINDOWS\system32\wucltui.dll.mui
2008-01-18 23:54 . 2007-07-30 19:1930,072--a------C:\WINDOWS\system32\mucltui.dll.mui
2008-01-18 23:54 . 2007-07-30 19:1925,944--a------C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-01-18 23:54 . 2007-07-30 19:1925,944--a------C:\WINDOWS\system32\wuapi.dll.mui
2008-01-18 23:54 . 2007-07-30 19:1820,312--a------C:\WINDOWS\system32\wuaueng.dll.mui
2008-01-18 23:36 . 2008-01-18 23:36d--hs----C:\Recycled
2008-01-18 23:34 . 2008-01-18 23:34d--------C:\Program Files\uTorrent
2008-01-18 23:00 . 2008-01-18 23:000--a------C:\WINDOWS\nsreg.dat
2008-01-18 22:16 . 2008-01-18 22:16d--------C:\Program Files\Trend Micro
2008-01-18 21:43 . 2008-01-18 21:43d--------C:\Program Files\Alwil Software
2008-01-18 21:42 . 2003-03-11 07:39155,648-ra------C:\WINDOWS\system32\igfxres.dll
2008-01-18 21:40 . 2003-03-11 07:40503,808-ra------C:\WINDOWS\system32\igfxress.dll
2008-01-18 21:19 . 2008-01-18 21:19d--------C:\Program Files\Sify Broadband
2008-01-18 21:18 . 2008-01-18 21:1835--a------C:\bberror1.sbl
2008-01-18 21:08 . 2008-01-18 21:08d--hs----C:\FOUND.000
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-18 15:25---------d--h--wC:\Program Files\Uninstall Information
2008-01-18 15:02---------d-----wC:\Program Files\microsoft frontpage
2008-01-18 14:48---------d-----wC:\Program Files\Windows Media Connect 2
2007-12-04 14:5693,264----a-wC:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:5594,544----a-wC:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:5323,152----a-wC:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:5142,912----a-wC:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:4926,624----a-wC:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04837,496----a-wC:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:5495,608----a-wC:\WINDOWS\system32\AvastSS.scr
2007-11-14 07:26450,560----a-wC:\WINDOWS\system32\dllcache\jscript.dll
2007-11-07 09:50727,040----a-wC:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:50727,040----a-wC:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 09:553,065,856----a-wC:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:351,287,680----a-wC:\WINDOWS\system32\quartz.dll
2007-10-29 22:351,287,680----a-wC:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 12:09228,864----a-wC:\WINDOWS\system32\wmasf.dll
2007-10-27 12:09228,864----a-wC:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:348,460,288----a-wC:\WINDOWS\system32\dllcache\shell32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SifyBB"="C:\Program Files\Sify Broadband\BBImpSec.exe" [2006-04-21 20:04 127085]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2006-11-20 09:51 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-03-11 07:54 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-03-11 07:41 114688]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 18:30 79224]
"Cmaudio"="cmicnfg.cpl" []
S3 autorun;autorun;c:\huadio.tmp [2008-01-18 20:56]
*Newly Created Service* - PROCEXP90
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-23 22:31:50
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
|
| |
| | |
Senior Forum Moderator
Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 28,842, Visits: 54,734 |
| The next time your cpu jumps to 100%,right click on your taskbar and select 'Task Manager'.
Under the 'Processes' tab let me know the exact name of the process using up all the cycles.
________________________________________
ASAP & UNITE member since 2006
|
| |
| | | New Member
Group: Forum Members
Last Login: 1/25/2008 1:02 PM
Posts: 8, Visits: 13 |
| | i have already checked that thing but it dislays no process taking up majority of the resources.its just the same processew as the normal scenario but for some reeason the cpu usage is 100%.how is my combofix log??? |
| |
| | |
Senior Forum Moderator
Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 28,842, Visits: 54,734 |
| | |
| | | New Member
Group: Forum Members
Last Login: 1/25/2008 1:02 PM
Posts: 8, Visits: 13 |
| event viewer logs-
system logs-i got these errors displayed:
1.Event Type:Error
Event Source:Setup
Event Category:None
Event ID:60055
Date:2008-01-18
Time:20:51
User:N/A
Computer:SDASD-25F246D08
Description:
Windows Setup encountered non-fatal errors during installation. Please check the setuperr.log found in your Windows directory for more information.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
2.Event Type:Error
Event Source:W32Time
Event Category:None
Event ID:17
Date:2008-01-18
Time:20:54
User:N/A
Computer:SDASD-25F246D08
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
3.Event Type:Error
Event Source:Disk
Event Category:None
Event ID:7
Date:2008-01-21
Time:16:54
User:N/A
Computer:SDASD-25F246D08
Description:
The device, \Device\Harddisk0\D, has a bad block.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 07 00 04 c0 .......À
0010: 00 01 00 00 9c 00 00 c0 ......À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 2e f6 c4 00 00 00 00 ..öÄ....
0028: c8 1b 00 00 00 00 00 00 È.......
0030: ff ff ff ff 01 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @......
0040: 00 20 0a 12 40 03 20 40 . ..@. @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 00 00 00 78 44 54 82 ....xDT
0058: 00 00 00 00 48 42 54 82 ....HBT
0060: 02 00 00 00 17 7b 62 00 .....{b.
0068: 28 00 00 62 7b 17 00 00 (..b{...
0070: 08 00 00 00 00 00 00 00 ........
0078: f0 00 03 00 00 00 00 0b ð.......
0080: 00 00 00 00 00 00 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........
4.Event Type:Error
Event Source:NtServicePack
Event Category:None
Event ID:4373
Date:2008-01-22
Time:14:11
User:NT AUTHORITY\SYSTEM
Computer:SDASD-25F246D08
Description:
Windows XP KB941644 installation failed.
The directory or file cannot be created.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
5.Event Type:Error
Event Source:Windows Update Agent
Event Category:Installation
Event ID:20
Date:2008-01-22
Time:14:11
User:N/A
Computer:SDASD-25F246D08
Description:
Installation Failure: Windows failed to install the following update with error 0x80070052: Security Update for Windows XP (KB941644).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 57 69 6e 33 32 48 52 65 Win32HRe
0008: 73 75 6c 74 3d 30 78 38 sult=0x8
0010: 30 30 37 30 30 35 32 20 0070052
0018: 55 70 64 61 74 65 49 44 UpdateID
0020: 3d 7b 38 46 31 42 32 44 ={8F1B2D
0028: 42 45 2d 35 33 41 32 2d BE-53A2-
0030: 34 35 43 34 2d 38 33 43 45C4-83C
0038: 38 2d 43 43 43 30 39 33 8-CCC093
0040: 46 32 38 46 35 43 7d 20 F28F5C}
0048: 52 65 76 69 73 69 6f 6e Revision
0050: 4e 75 6d 62 65 72 3d 31 Number=1
0058: 30 31 20 00 01 .
6.Event Type:Error
Event Source:BROWSER
Event Category:None
Event ID:8032
Date:2008-01-24
Time:02:17
User:N/A
Computer:SDASD-25F246D08
Description:
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{51825100-764F-4142-8153-B35B1B08671C}. The backup browser is stopping.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: d4 04 00 00 Ô...
ALL OF THESE ERRORS WERE DISPLAYED MULTIPLE TIMES
APPLICATION LOGS-
1.Event Type:Error
Event Source:Application Hang
Event Category:(101)
Event ID:1002
Date:2008-01-18
Time:21:06
User:N/A
Computer:SDASD-25F246D08
Description:
Hanging application mmc.exe, version 5.2.3790.2612, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
For more |
| |
|
