Be sure to look this solution over before you begin. There are a some item(s) i'm not familar with. If you recognze any, then just omit them from this fix.
Let's look for, and delete, any program segments(
prefetches) that might be present, and are associated with the '
problems' we're trying to remove from this system. To do this, let's:
1) Click "
Start | Search", then search for each of these program's
base name(s), in all files and folders:
ViewMgr.exe*
2) Then if any are found in the '
prefetch' folder, delete them.
Look closely, since the '
base' name will have a bunch of random numbers and letters attached to it.
Go to
Add/Remove programs and remove(uninstall) the following, if present:
Viewpoint Manager
The above could appear anywhere within the entry. Be careful not to remove any
personal or
system software.
Run
HiJackThis then:
1. Click "
Config..."
2. Click "
Misc Tools"
3. Click "
Open Process manager"
-
Next, while holding down the
CTRL key, locate (
if present) and click on (
highlight) each of the following:
Now double-check and make sure that only those item(s) above are highlighted, then click "
Kill process". Now, click "
Refresh", check again, and repeat this step if any remain.
Run
HiJackThis and click "
Scan", then check(tick) the following, if present:
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O4 - Global Startup: Remote Update Monitor.lnk = C:\Program
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel ...
(Unless you've set these with a anti-spyware program like SpyBot'sImmunize feature, have HiJackThis fix this.)
Now, with all windows closed except
HiJackThis, click "
Fix checked".
Locate and
delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:
folders...
C:\Program Files\Viewpoint
-
Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're '
in use', try deleting them from "
Safe Mode".
Post back a new log, and let me know how everything goes.
Steve
Logfile of HijackThis v1.99.1
Scan saved at 00:48:00, on 03/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Since posting the log yesterday, I did install some additional programs (specifically spywareguard, asquared trojan hunter, Ad-aware se personal edition, ccleaner, script sentry, regprot and start control panel - I don't think any of these programs conflict with each other. Let me know if you think otherwise). So I hope these additions don't distort this new Hijackthis log. I think I have got rid of viewpoint as well as a couple of other things (tinybar, newdotnet) but yet my CPU usage still seems to be quite high, particularly when running any of the scanning tools it hits 100%. Is this normal? As it doesn't appear to be due to an infection, is there some other way to lessen the load on the running of processes?
Many thanks for taking the time to look over my logs,
zbestwun2001
3 Apprentice
•
8.8K Posts
0
June 1st, 2005 19:00
Let's see if this helps?
-
Be sure to look this solution over before you begin. There are a some item(s) i'm not familar with. If you recognze any, then just omit them from this fix.
Let's look for, and delete, any program segments( prefetches) that might be present, and are associated with the ' problems' we're trying to remove from this system. To do this, let's:
1) Click " Start | Search", then search for each of these program's base name(s), in all files and folders:
ViewMgr.exe*
2) Then if any are found in the ' prefetch' folder, delete them.
Look closely, since the ' base' name will have a bunch of random numbers and letters attached to it.
Go to Add/Remove programs and remove(uninstall) the following, if present:
Viewpoint Manager
The above could appear anywhere within the entry. Be careful not to remove any personal or system software.
Run HiJackThis then:
1. Click " Config..."
2. Click " Misc Tools"
3. Click " Open Process manager"
-
Next, while holding down the CTRL key, locate ( if present) and click on ( highlight) each of the following:
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
Now double-check and make sure that only those item(s) above are highlighted, then click " Kill process". Now, click " Refresh", check again, and repeat this step if any remain.
Run HiJackThis and click " Scan", then check(tick) the following, if present:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://start.earthlink.net
R1-HKCU\Software\Microsoft\InternetExplorer\Main,Default_Search_URL=http://www.earthlink.net/partner/more/msie/button/search.html
R1-HKCU\Software\Microsoft\InternetExplorer\Main,SearchBar=http://www.earthlink.net/partner/more/msie/button/search.html
R1-HKCU\Software\Microsoft\InternetExplorer\Main,SearchPage=http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Pa
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Remote Update Monitor.lnk = C:\Program
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
... (Unless you've set these with a anti-spyware program like SpyBot's Immunize feature, have HiJackThis fix this.)
Now, with all windows closed except HiJackThis, click " Fix checked".
Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:
folders...
C:\Program Files\Viewpoint
-
Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're ' in use', try deleting them from " Safe Mode".
Post back a new log, and let me know how everything goes.
Steve
bloatedfish
5 Posts
0
June 2nd, 2005 16:00
Scan saved at 00:48:00, on 03/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Sophos\Remote Update\cachemgr.exe
C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\program files\registry prot\regprot.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
C:\Program Files\Sophos\Remote Update\imonitor.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijack This\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.guardian.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = wwwcache.nottingham.ac.uk:3128
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ChkMail] èn‡
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [ScriptSentry] C:\Program Files\Script Sentry\ScriptSentry.exe /check
O4 - HKLM\..\Run: [RegProt] c:\program files\registry prot\regprot.exe /start
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
O4 - Global Startup: Remote Update Monitor.lnk = C:\Program Files\Sophos\Remote Update\imonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse.one.microsoft.com/oas/ActiveX/FileXfer.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4503/mcfscan.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw8fd.law8.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B99F867-43C1-43DB-AF6B-A4E26526EBEC}: NameServer = 202.107.212.65,202.107.212.66
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Sophos Cache Manager (CacheMgr) - SOPHOS Plc - C:\Program Files\Sophos\Remote Update\cachemgr.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
Since posting the log yesterday, I did install some additional programs (specifically spywareguard, asquared trojan hunter, Ad-aware se personal edition, ccleaner, script sentry, regprot and start control panel - I don't think any of these programs conflict with each other. Let me know if you think otherwise). So I hope these additions don't distort this new Hijackthis log. I think I have got rid of viewpoint as well as a couple of other things (tinybar, newdotnet) but yet my CPU usage still seems to be quite high, particularly when running any of the scanning tools it hits 100%. Is this normal? As it doesn't appear to be due to an infection, is there some other way to lessen the load on the running of processes?
Many thanks for taking the time to look over my logs,
Peter
zbestwun2001
3 Apprentice
•
8.8K Posts
0
June 2nd, 2005 16:00
What processs(s) is using up all the system resourses?
Please look in the task manager and see which one is using them when you slow down and let me know.
The log is not a factor at this point. It's looks ok so I am wondering what is using the resourses?
It is not unusally for a system to use alot of resourses when doing scans. Mine does the same thing.
Get back to me and we will take it form there.
Steve