hi

I have found that my computer when booted gets to windows and then is running svchost.exe for quite some time before it comes to rest. When i bring up task manager it says it is at 100 percent. I checked the processes and a svchost.exe is running at 100 percet for about 10 mins and then goes back to normal.
ALso i have something trying to downlaod whenever i go to explorer. Heres a hijack post.
I see some vmlib and cleaner which i dont know what it is andmay be contributing to problem please help

Logfile of HijackThis v1.99.0
Scan saved at 11:42:51 AM, on 31/10/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\OfficeScan NT\ntrtscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\OfficeScan NT\tmlisten.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\UAService7.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\WINDOWS\essspk.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\NetPumper\NetPumperIEProxy.exe
C:\OfficeScan NT\pccntmon.exe
C:\OfficeScan NT\RAUAgent.exe
C:\WINDOWS\System32\ctfmon.exe
C:\OfficeScan NT\ofcdog.exe
C:\OfficeScan NT\pccntupd.exe
C:\Program Files\Common Files\Real\Update_OB\rndal.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\eid.exe
C:\DOCUME~1\one\LOCALS~1\Temp\ICD7.tmp\epl.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\one\My Documents\Navs Stuff\Internet Fixing Material\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optusnet.com.au/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer from OptusNet
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.0002.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [NetPumper] "C:\Program Files\NetPumper\NetPumperIEProxy.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [RemoteAgent] C:\OfficeScan NT\RAUAgent.exe
O4 - HKLM\..\Run: [vmcleaner] gxlib.exe
O4 - HKLM\..\Run: [vmlib] vmlib.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_03\bin\npjpi141_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_03\bin\npjpi141_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.optusnet.com.au/
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\wzgvcmxo.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/public/chat/msnchat42.cab
O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} - http://advnt01.com/dialer/internazionale_ver4.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/M...pDownloader.cab
O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} (IMViewerControl Class) - http://companion.logitech.com/companion/bin/imvid.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yah...ebio5_0_2_7.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://mirror.worldwinner.com//game...ool/h2hpool.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{725BCA7C-410C-4A7F-B507-C4675FAD1E91}: NameServer = 203.2.75.132 198.142.0.51
O23 - Service: InstallDriver Table Manager - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: OfficeScanNT RealTime Scan - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: OfficeScanNT Listener - Unknown - C:\OfficeScan NT\tmlisten.exe
O23 - Service: SecuROM User Access Service (V7) - Unknown - C:\WINDOWS\System32\UAService7.exe

Hang in there. One of our volunteers will get to when he can. :)

anyone there?

Can you please do the following.

===============

When we're done cleaning off your system, I'd recommend that you install all the critical windows updates available from Microsoft, up to service pack 1. This will help to make your system more secure and prevent many 'problems' from reoccurring in the future.

===============

Please visit at least two of the following sites for an online virus scan:

BitDefender Free Online Virus Scan
http://www.bitdefender.com/scan/licence.php
Make sure you tick AutoClean under Scan Options.

Panda ActiveScan
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
Make sure you tick Disinfect automatically under Scan Options.

Housecall at TrendMicro
http://housecall.trendmicro.com/housecall/start_corp.asp
Make sure you tick Auto Clean.
When it completes, post back the full filename of any files that cannot be cleaned or deleted.

eTrust Antivirus Web Scanner
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

===============

Download, then unzip to "C:\HJT", the newest version of HiJackThis (http://www.spywareinfo.com/~merijn/files/hijackthis.zip); version 1.99.1. Then repost your log, either now, or after following the steps in the solution (if provided in this post). This version has features that might be more helpful in 'cleaning' up your system.

===============

Let's look for, and delete, any program segments (prefetches) that might be present, and are associated with the 'problems' we're trying to remove from your PC. To do this, let's:

1) Click "Start | Search", then search for each of these program's base name(s), in all files and folders:

epl.exe*

2) Then if any are found in the 'prefetch' folder, delete them.

Look closely, since the 'base' name will have a bunch of random numbers and letters attached to it.

===============

Run HiJackThis then:

1. Click "Open the Misc Tools Section"
2. Click "Open Process manager"

-

Next, while holding down the CTRL key, locate (if present) and click on (highlight) each of the following:

C:\DOCUME~1\one\LOCALS~1\Temp\ICD7.tmp\epl.exe

Now double-check and make sure that only those item(s) above are highlighted, then click "Kill process". Now, click "Refresh", check again, and repeat this step if any remain.

===============

Still in HiJackThis, click "Scan", then check(tick) the following, if present:


O4 - HKLM\..\Run: [vmcleaner] gxlib.exe
O4 - HKLM\..\Run: [vmlib] vmlib.exe

O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\wzgvcmxo.exe
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} - http://advnt01.com/dialer/internazionale_ver4.CAB


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders: (http://www.xtra.co.nz/help/0,,4155-1916458,00.html)

files...

C:\DOCUME~1\one\LOCALS~1\Temp\ICD7.tmp\epl.exe
C:\Program Files\Internet Explorer\wzgvcmxo.exe

Search for...

gxlib.exe
vmlib.exe

...using "Start | Search...".

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in "Safe Mode (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406?OpenDocument&src=sec_doc_nam)".

-

Reboot.

===============

To help protect your system from hostile ActiveX content, or special 'downloadable' files:

Download, install and keep updated, SpywareBlaster (http://www.javacoolsoftware.com/sbdownload.html). If you've installed it for the first time:

1) Check for any available updates; if present, they'll be automatically downloaded and installed.
2) Next, "Enable all protection".
3) Exit the program.

-

Note: Remember to regularly check for updates.

===============

After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.

ok now i have another problem, when i start my pc, it loads up the desktop except the start toolbar. Its not there.
I place my mouse where the toolbar should be but the mouse turns into the famous hour glass.
I can bring up the task manager and it says that it is running the following processes, explorer.exe, svchost.exe and tslisten.exe. all these processes are running about 25 percent each and the total comes up to bew 100.
It doesnt stop. also svchost.exe has like 3 same processes running. I am replying from a laptop. Please i need help asap.

thasnks

ok now i have another problem, when i start my pc, it loads up the desktop except the start toolbar. Its not there.
I place my mouse where the toolbar should be but the mouse turns into the famous hour glass.
I can bring up the task manager and it says that it is running the following processes, explorer.exe, svchost.exe and tslisten.exe. all these processes are running about 25 percent each and the total comes up to bew 100.
It doesnt stop. also svchost.exe has like 3 same processes running. I am replying from a laptop. Please i need help asap.

thasnks


I can get into DOS if that helps

Hit the button with the Windows logo on your keyboard to open the start menu. Go to Control Panel and then locate Taskbar and Start menu.
Click on that and make sure the box is checked for Keep the taskbar on top of other windows.

Hope that helps.

Hit the button with the Windows logo on your keyboard to open the start menu. Go to Control Panel and then locate Taskbar and Start menu.
Click on that and make sure the box is checked for Keep the taskbar on top of other windows.

Hope that helps.

I tried that already, nothing happens.Its like my PC is frozen. It does not respond.
I checked the task manager and the CPU usage is still 100 percent. The taskbar still is not present. Theres a blank lin eof the bottom where the taskbar should be but its failing to load. When i place the mouse over it, it just turns into the hour glass.

You need to find what is using all the CPU and end process on it and try again. I have to go out, but will check back later. If you manage to get in, try doing a system restore to a couple of days ago.

You need to find what is using all the CPU and end process on it and try again. I have to go out, but will check back later. If you manage to get in, try doing a system restore to a couple of days ago.
crunchie the process that it is running is explorer.exe but when i go to end it the taskbar disappears all toghther and i cant do nothing. I can run explorer again and it brings the taskbar back. But when i go near it it is still loading and stays there. In the processes it says explorer.exe is 100 percent. i killed the svchost.exe processes.
Ive tried to get into safe mode but same thing.

When you boot up your PC, hit the F8 button and when you get the menu up, select the 'last known good configuration.'
See if that works for you.

When you boot up your PC, hit the F8 button and when you get the menu up, select the 'last known good configuration.'
See if that works for you.
damn it that has not worked either..
any ideas getting about going through dos to get it to work, it seems dos is the only thing working.

Unfortunately I know nothing about dos :(. See if I can get help from others. Hang in there.

Unfortunately I know nothing about dos :(. See if I can get help from others. Hang in there.
thanks
ok i await your response...

Can you try the following thanks to one of our other volunteers :).

Go into dos and run this command;

find "tslisten" *.exe

Once found, you need to delete it using this command;

del c:\windows\system32\tslisten.exe

This assumes it is found in the system32 folder. Modify the path to suit.

Let us know how you get on. Can you boot into safe mode?

Can you try the following thanks to one of our other volunteers :).

Go into dos and run this command;

find "tslisten" *.exe

Once found, you need to delete it using this command;

del c:\windows\system32\tslisten.exe

This assumes it is found in the system32 folder. Modify the path to suit.

Let us know how you get on. Can you boot into safe mode?

ok ill try this but tslisten.exe is a file that comes with my officeNT scanning software.

Also what if i boot the PC with XP in the cd drive and do a repair?
shall i try that aswell?

If you can do the CD repair, try that first. Try these commands with the CD in.

sfc /scannow

chkdsk /r

The latter should repair any corrupt or missing files.

If you can do the CD repair, try that first. Try these commands with the CD in.

sfc /scannow

chkdsk /r

The latter should repair any corrupt or missing files.

ok looks like i need more assitance... i booted command prompt in safe mode and typed chkdsk /r but the message i get it
"Checkdisk cant run because the volume is in use by another process. Would you like to schedule when the system restarts, y or n?"

so i type din yes, but when i restart it nothing happens it goes straight to windows...

also with sfc /scannow i get the message "Windows file protection could not make the requested change. The specific error code is 0x000006ba[The RPC server is unavilable]

Can you try it running this command; [b]chkdsk /f

Also, have a look here to see if anything there is of benefit.

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/chkdsk.mspx

Can you try it running this command; [b]chkdsk /f

Also, have a look here to see if anything there is of benefit.

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/chkdsk.mspx
thanks for the link...

i tried the command
[b]chkdsk /f but i get the message that it is not a recognised command

Try it without the [b] I made a blue :(. Forgot to close it.

Try it without the [b] I made a blue :(. Forgot to close it.
tried that get same message..
"Checkdisk cant run because the volume is in use by another process. Would you like to schedule when the system restarts, y or n?"

i dont know what to do now

tried that get same message..
"Checkdisk cant run because the volume is in use by another process. Would you like to schedule when the system restarts, y or n?"

i dont know what to do now

crunchie i finally found some people who had the same issue

http://www.softwaretipsandtricks.com/forum/showthread.php?threadid=25246

Going to have to try the repair option. Follow the instructions here;

http://www.geekstogo.com/forum/index.php?showtopic=138