Sign In
Register
Help
This topic is locked
First..Windows XP, Ran current Spybot, Adaware, my Norton is updated daily "just in case LOL" and I show no infections and all spyware found has been fixed.
I can open ALL programs on my computer just fine and usage stays under 10%. And until yesterday AOL had virtually no impact on that. Then all of a sudden when AOL is opened, the CPU usage goes nuts...I have been able to isolate it to only when AOL is open BUT it is a process called WToolsA.exe that causes the huge CPU spikes and ONLY DOES THIS when AOL browser is open. Very strange. When AOL is NOT open, it stays at normal use level but with AOL open it goes to 69% 80% etc. in spikes every 20 seconds or so.
I've had this AOL email account for 12 years so I'm not willing to lose it. What is happened is tied to a "new" svchost maybe that seemed to appear recently. ALSO, THE CURSOR constantly goes from just a pointer to a combined pointer and hourglass when the 100% spikes happen several times per minute while AOL is open and ties to the WToolsA.exe file spikes.
I have had various worms, fixed them, trojans, etc. I've never been without antivirus software up to date. Only recently kept up on spyware but this is very scary as it appears to be either sending out or receiving from third party info.
I ALSO have IE which works FINE with no extra usage when just opened alone from the desktop. I ALSO have SBC Yahoo DSL custom browser which I rarely use but DID use this week and they have had some attacks I know.
I HAVE KEPT ALL CRITICAL WINDOWS XP updates up to date. What a pieceof crap this program was huh? Never seen so many problems. I cannot download Pack 1 which came out long ago due to OEM conflicts but Pack 1 not being installed has never been a problem and that's been almost two years now I believe.
I HAVE also restored back to the times when the updates were last downloaded to and various other times and then undid those but no change on this problem which appeared just two days ago and has got much worse.
As you can tell, I believe in giving too much rather than not enough info to people willing to help. All other programs work fine. In trying to fix this I corrupted the AOL user file for my main huge account...again which sucks. I have seen a couple of posts over the past two days of AOL users with nothing going BUT AOL with 100% usage issues suddenly so I guess it's an attack on a related DLL file and AOL? Spybot, newly updated did not help. This first scan is WITHOUT AOL OPEN, the second one posted is with AOL open and the problem happening. It is for SURE that ToolsA process that is spiking which appears right before/after waol in the list of processes I believe.
I have to leave town and I am scared to death - I havel 55GB of data on this computer and I've only been able to back up some of it.
I WILL have a laptop on the road with me for this week so even though I HAVE read all of the guidelines, rules, and the quickstart suggestions, sure would be nice for someone to email me a reading of my hijackthis report. I won't have THIS screwed up computer with me but maybe I will at least know what I am facing when I return unless my computer has blown up.
The other complication..this is OEM AOL on a GATEWAY Windows XP also OEM.
Here is my first hijackthis file which I'm sure is a mess but right now I am trying ot first address the TOOLS/AOL CPU use issue. All virus/spyware scans are clean right now. And yes the TV MEDIA did just pop up yesterday too. I did open one file that opened AOL's media program which I NEVER use yesterday..wonder if that was tied to it?
I don't see many responding here lately...I tried to register on another site called computer cops I think it was but they never sent me a password and I've run out of time. My email address is my user name here @aol.com.
I know my registry is a mess as I've been so scared to mess with it. If everything works why fix it and as I said, I've always been one to have as much protection going as possible but this Gateway OEM Windows XP has been a total nightmare. Some of the critical patches in general don't work on this computer but screw it up more!
With all of the protection I really have had only minor problems always easily fixable. Not this time. So weird that it is tied to AOL browser NOT IE, NOT Yahoo, etc. It's driving me nuts..I knew it was slow but the CURSOR THING every few seconds is what made me check processes not just appications. I know there was something else in my MAIN AOL account because when Spybot ran and "fixed" I can no longer use that account without deleting all user info yet no file in the list said AOL in it!
I have some problems like TV MEDIA, etc. but I am so insecure as this computer is "my life" right now LOL..really just want to fix the use/cursor/AOL issue first then tackle the rest.
Also I did notice another SVCHOST.EXE-08EA1B75.pf in WINNT/Prefetch directory which looked odd as I also have one in WINNT/SYSTEM32 so wondered if that had anything to do with it. Please know I do NOT know what I am doing as far as fixing registry entries and am a bit hesitant so would like step by step help. The timing of this is AWFUL..ruining my week long trip as my entire business may be gone when I get home. AOL was NOT open when I did THIS scan..I will open it and do another in case that makes a difference. Thanks in advance for any help.
Logfile of HijackThis v1.97.7
Scan saved at 2:27:31 AM, on 5/20/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\WINNT\System32\PROMon.exe
C:\WINNT\System32\CTHELPER.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\SBC\Connection Manager\CManager.exe
C:\Program Files\Palm\hotsync.exe
C:\PROGRA~1\BROADJ~1\CORREC~1\CCD.exe
C:\WINNT\System32\drivers\CDAC11BA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\Common files\WinTools\WSup.exe
C:\Program Files\Common files\WinTools\WToolsA.exe
C:\Program Files\Common files\WinTools\WToolsS.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch...px?tb_id=%tb_id
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aeroforce...orums/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/...hoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rd.yahoo.com/...hoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch...px?tb_id=%tb_id
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch...px?tb_id=%tb_id
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_3_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1D870C86-AA3C-4451-81E4-71D480A1A652} - C:\WINNT\System32\SbSrch_V22.dll (file missing)
O2 - BHO: (no name) - {31995C64-CB4D-483E-82C2-CCFFE2F66CAB} - C:\WINNT\System32\msvcn.dll
O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\PROGRA~1\COMMON~1\WinTools\btiein.dll
O2 - BHO: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\btlink.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_3_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [tgcmdprovidersbc] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [system] dcomx.exe
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKLM\..\RunServices: [system] dcomx.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OWMngr] C:\WINNT\System32\OWMngr.exe
O4 - HKCU\..\Run: [ZILLAFTP] C:\Program Files\ZillaFtp\zillaftp.exe /STARTUP
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\VISION~1\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - Startup: Connection Manager.lnk = C:\Program Files\SBC\Connection Manager\CManager.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\hotsync.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: Yahoo! Login (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ChatSpace Full Java Client 4.0.0.300 - http://63.102.226.24...va/cfs40300.cab
O16 - DPF: symsupportutil - http://www.symantec....supportutil.CAB
O16 - DPF: Yahoo! Chat - http://cs5.chat.sc5....m/c381/chat.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://support.gatew...r/PCPitStop.CAB
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsy...0006/btiein.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs5.chat.sc5....v43/yacscom.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gatew...rvest/gwCID.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7882.1843287037
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yaho...mail/ymmapi.dll
O16 - DPF: {A8B9F08F-2FC4-4ADE-9049-CFBA586971BA} (BHO.clsUrlSearch) - http://64.246.24.68/...Installer_4.exe
O16 - DPF: {AFDBB6D0-6B96-419C-8BC6-FF0B99368C0B} - http://www.memorymet...moryMeterbb.cab
O16 - DPF: {CE37E095-ACFF-4380-A856-A560D389E5E1} (XPLControlProject.XPLControl) - hcp://system/XPLControl.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {D6E66235-7AA6-44ED-A06C-6F2033B1D993} - http://distribution.....com/msiein.cab
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} (CTAdjust Class) - http://download.micr...04/clearadj.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.c...ebio5_1_3_0.cab
O16 - DPF: {FC327B3F-377B-4CB7-8B61-27CD69816BC3} - http://www.getweathe...utoCAST0014.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A20D74B0-F750-477D-A2DC-26FAE3131200}: NameServer = 206.13.29.12 206.13.30.12
This post has been edited by Aeroluvr: 20 May 2004 - 05:21 AM
MultiQuote