HJT log

[Majestic]

can someone check my HJT logfile?

i have been experiencing a big slowdown on my desktop pc lately

and i dont know what the source or problem is

[Oddjob]

Yes, we'd be happy to help out so please post the log here with a brief description when you notice the slowdowns.


OJ

[Majestic]

here is the HJT log and a i noticed that my cpu usage is always at 100% recently



Logfile of HijackThis v1.99.1
Scan saved at 6:05:30 PM, on 6/11/2007
Platform: Windows XP SP2, v.2082 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2082)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
O1 - Hosts: 87.117.202.117 nprotect.roseonlinegame.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: Adobe Reader Synchronizer.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{841EC62B-1894-4430-A0C7-D23B1B8820C5}: NameServer = 192.168.2.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

[Basementgeek]

What file is using all your CPU usage ?

BG

[Majestic]

thats another problem... when i open my task manager it doesnt show that im using 100%

but when i minimized the task manager and the icon in the taskbar shows im using 100% and even the time in opening firefox has doubled



but when i click the task manager again to see which program is causing this

it reverts back to 10% cpu usage

[Oddjob]

The log is free form malware and I'm assuming you know why this entry is in the log ...

O1 - Hosts: 87.117.202.117 nprotect.roseonlinegame.com

(it relates to a UK site so is most likely genuine).

However, if you do not know why this entry is in the log we may advise you to fix it later. PLEASE LET US KNOW what you think.


Meantime, please download and install Process Explorer from here ....

http://www.microsoft.com/technet/sys...sExplorer.mspx


Run the program and you will see it shows details of all processes running on your system.

Click twice on the "CPU" column ... you will see all the processes using the most CPU resources are brought to the top.

Let us know which process(es) is/are using the most CPU.



OJ

[Majestic]

The log is free form malware and I'm assuming you know why this entry is in the log ...

O1 - Hosts: 87.117.202.117 nprotect.roseonlinegame.com


OJ

i would like to know how to remove it sir, it seems that it was due to a game our youngest brother tried to play months ago



and sir, i think i found out what program is eating my CPU.. its the AVG antispyware guard.exe

everytime it tries to update (which it sometimes take a very long time to connect) it somewhat makes my computer so slow. it shows in the process Explorer you made me run.

when i took the HJT log i turned that off, but i dont know if turning that off made any difference with the HJT

[Oddjob]

To remove that 01 entry ...

Open HJT ... click on 'Do a System Scan Only'... put a tick/check mark next to the entry IF it is still present ...

O1 - Hosts: 87.117.202.117 nprotect.roseonlinegame.com

Remember to close ALL open browser windows – including this one – before clicking on “Fix Checked” at the foot of the HijackThis window.

If you scan with HJT again that entry should be gone.


I see that the log has an entry instructing AVG Anti-Spyware to run but there may be something wrong with your copy of the program.

My advice would be to uninstall the program completely then re-install a fresh copy.


Please post back a fresh HJT log after any changes you make.

Please also give us another update on how it is working now.


OJ

[Majestic]

thank you sir oddjob for taking time in checking my problem out. i just made my AVG not to update automatically but manually. also i have done the steps in removing the item talked about above.. and i was trying to run every program in my computer to check if some of them causes problems and i encountered one in a game played by my brother named FLYFF Online

when i ran the game it resulted to a BSOD with the following Stop error

0x0000008E (0xc0000005, 0xad512ade, 0xb404dac0, 0x00000000)


is this connected with my problem? and do i need to post this in the computer Help thread?

[Oddjob]

Sounds to me as if you have now fixed your original problem. Is that right?

As to the BSOD I would agree ... yes, you are probably better off posting your question in the general computer help forum but, before you do that, please post a fresh HJT log so we can check there's nothing else needing to be fixed.

Have you tried reinstalling the game?

(by the way ... please stop calling me "sir". OJ will do )


OJ