Slow computer, happened suddenly, suspect malware

View previous topic View next topic Go down

Slow computer, happened suddenly, suspect malware

Post by sir galahad on Wed 04 May 2011, 6:54 am

Hi guys, my computer has suddenly slowed down. Multi-tasking is near impossible and startup takes a significantly long time. Programs run very slowly.
I've gone through add/remove programs and run Spybot, Adaware, AVG, Malwarebytes and Hijackthis. The logs of the last two programs are listed below. Any help would be hugely appreciated!!

Malwarebytes
Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 6481

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/05/2011 5:39:23 PM
mbam-log-2011-05-01 (17-39-23).txt

Scan type: Full scan (C:\|)
Objects scanned: 345289
Time elapsed: 3 hour(s), 54 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{3F65ADE2-C30F-468F-8B51-9519D16C947B}\RP77\A0019499.exe (PUP.PSWProductKey) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3F65ADE2-C30F-468F-8B51-9519D16C947B}\RP77\A0020286.exe (PUP.PSWProductKey) -> Quarantined and deleted successfully.


HijackThis
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:48:26 PM, on 3/05/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CoreTemp\Core Temp.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Documents and Settings\Alexander\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\GIGABYTE\GEST\gest.exe
C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Documents and Settings\Alexander\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Alexander\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\GIGABYTE\GEST\GSvr.exe
C:\Documents and Settings\Alexander\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Alexander\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Alexander\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Alexander\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Alexander\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Documents and Settings\Alexander\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Alexander\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Alexander\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Alexander\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Alexander\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Alexander\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Alexander\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O4 - HKLM\..\Run: [GEST] C:\Program Files\GIGABYTE\GEST\RUN.exe
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Core Temp] "C:\Program Files\CoreTemp\Core Temp.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Alexander\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{94836F44-9A17-4DB6-89F4-10EFFA42B4BD}: NameServer = 203.0.178.191,203.215.29.191
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NitroPDFReaderDriverCreatorReadSpool (NitroReaderDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\System32\Mstask.exe (file missing)
O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 8657 bytes



Please advise best course of action.
Regards,
Alex.

sir galahad

Newbie Surfer
Newbie Surfer

Posts : 24
Joined : 2010-09-30
Operating System : Windows XP Professional

View user profile

Back to top Go down

Re: Slow computer, happened suddenly, suspect malware

Post by DragonMaster Jay on Wed 04 May 2011, 4:51 pm

Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Slow computer, happened suddenly, suspect malware

Post by sir galahad on Wed 04 May 2011, 6:38 pm

Fantastic - just got home with the intention of doing just that after doing some digging Here are the results, many many thanks in advance for your time.



ComboFix 11-05-03.03 - Alexander 04/05/2011 17:24:40.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.3326.2906 [GMT 10:00]
Running from: c:\documents and settings\Alexander\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Alexander\Application Data\inst.exe
c:\documents and settings\Alexander\Application Data\pcouffin.sys
c:\documents and settings\Alexander\Application Data\PriceGong
c:\documents and settings\Alexander\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Alexander\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Alexander\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Alexander\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Alexander\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Alexander\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Alexander\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Alexander\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Alexander\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Alexander\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Alexander\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Alexander\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Alexander\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Alexander\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Alexander\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Alexander\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Alexander\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Alexander\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Alexander\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Alexander\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Alexander\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Alexander\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Alexander\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Alexander\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Alexander\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Alexander\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Alexander\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Alexander\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Alexander\Local Settings\Temporary Internet Files\default.temp
c:\documents and settings\Alexander\Local Settings\Temporary Internet Files\firmware.inf
c:\documents and settings\Alexander\Local Settings\Temporary Internet Files\ip3picfile.temp
c:\documents and settings\Alexander\Local Settings\Temporary Internet Files\ip3Wmapic.temp
c:\documents and settings\Alexander\Local Settings\Temporary Internet Files\iPlus3BatchImage.temp
c:\documents and settings\Alexander\WINDOWS
c:\windows\system32\Chip.dll
c:\windows\system32\Pvt.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-04-04 to 2011-05-04 )))))))))))))))))))))))))))))))
.
.
2011-05-03 09:31 . 2011-05-03 09:31 0 ---ha-w- C:\aaw7boot.cmd
2011-05-03 08:28 . 2011-05-03 08:28 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2011-05-03 07:47 . 2011-05-03 07:47 388096 ----a-r- c:\documents and settings\Alexander\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-03 07:47 . 2011-05-03 07:47 -------- d-----w- c:\program files\Trend Micro
2011-05-01 08:53 . 2011-05-01 08:53 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-05-01 07:46 . 2011-05-01 07:46 -------- d-----w- c:\documents and settings\Alexander\Local Settings\Application Data\Sunbelt Software
2011-05-01 07:44 . 2011-05-04 07:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-05-01 02:56 . 2011-05-01 02:56 -------- d-----r- C:\MSOCache
2011-05-01 02:15 . 2011-05-01 02:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-05-01 02:15 . 2011-05-01 02:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-01 02:08 . 2011-05-01 02:08 -------- d-----w- c:\documents and settings\Alexander\Application Data\Malwarebytes
2011-05-01 02:07 . 2010-04-29 05:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-01 02:07 . 2011-05-01 02:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-01 02:07 . 2010-04-29 05:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-01 02:07 . 2011-05-01 02:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-30 01:21 . 2011-04-30 01:21 -------- d-----w- c:\program files\ImgTool Burn
2011-04-29 12:38 . 2005-07-27 22:18 685056 ----a-w- c:\windows\system32\drivers\hardlock.sys
2011-04-29 12:38 . 2011-04-29 12:38 -------- d-----w- c:\program files\Custom Technology
2011-04-29 12:10 . 2011-04-29 12:45 -------- d-----w- c:\program files\DVD-RB PRO
2011-04-29 12:08 . 2011-04-29 12:08 -------- d-----w- c:\program files\AviSynth 2.5
2011-04-29 12:01 . 2011-04-29 12:01 -------- d-----w- c:\documents and settings\Alexander\Local Settings\Application Data\ArcSoft
2011-04-29 12:01 . 2011-04-29 12:03 -------- d--h--w- c:\documents and settings\All Users\Application Data\ArcSoft
2011-04-29 11:59 . 2011-04-29 12:00 -------- d-----w- c:\program files\Common Files\ArcSoft
2011-04-25 02:34 . 2011-04-28 08:02 -------- d-----w- c:\program files\nLite
2011-04-19 10:46 . 2011-04-19 10:46 -------- d-----w- c:\program files\SystemScheduler
2011-04-17 11:49 . 2011-04-17 11:49 -------- d-----w- c:\documents and settings\Alexander\Application Data\Helios
2011-04-17 11:49 . 2011-04-17 11:49 -------- d-----w- c:\program files\TextPad 5
2011-04-16 10:27 . 2011-04-16 10:27 -------- d-----w- c:\program files\MSXML 4.0
2011-04-16 06:11 . 2011-04-16 06:11 -------- d-----w- c:\program files\Microsoft Games
2011-04-16 05:31 . 2011-04-27 13:08 -------- d-----w- c:\documents and settings\Alexander\Application Data\FileZilla
2011-04-16 05:31 . 2011-04-16 05:32 -------- d-----w- c:\program files\FileZilla FTP Client
2011-04-15 11:37 . 2011-04-15 11:37 -------- d-----w- c:\program files\Alcohol Soft
2011-04-15 11:32 . 2011-04-15 11:32 722416 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-04-15 11:31 . 2011-04-15 11:31 -------- d-----w- c:\program files\Franzis
2011-04-13 10:52 . 2011-04-13 10:52 -------- d-----w- c:\documents and settings\Alexander\Local Settings\Application Data\Ahead
2011-04-13 08:05 . 2011-04-13 10:20 -------- d-----w- c:\program files\Free Video Joiner
2011-04-11 14:31 . 2011-04-11 14:31 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk
2011-04-11 13:21 . 2011-04-11 13:21 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2011-04-11 13:21 . 2011-04-13 11:22 -------- d-----w- c:\documents and settings\Alexander\Application Data\Vso
2011-04-11 13:21 . 2010-02-09 06:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2011-04-11 13:21 . 2010-02-09 06:37 217127 ----a-w- c:\windows\system32\drv43260.dll
2011-04-11 13:21 . 2010-02-09 06:37 208935 ----a-w- c:\windows\system32\drv33260.dll
2011-04-11 13:21 . 2010-02-09 06:37 176165 ----a-w- c:\windows\system32\drv23260.dll
2011-04-11 13:21 . 2010-02-09 06:37 102439 ----a-w- c:\windows\system32\sipr3260.dll
2011-04-11 13:21 . 2010-02-09 06:37 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2011-04-11 13:21 . 2010-02-09 06:37 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2011-04-11 13:21 . 2011-04-11 13:21 -------- d-----w- c:\program files\VSO
2011-04-08 06:26 . 2011-04-08 06:26 -------- d-----w- c:\program files\id Software
2011-04-08 06:24 . 2011-04-08 06:24 -------- d-sh--w- c:\windows\ftpcache
2011-04-07 11:09 . 2011-04-07 11:09 -------- d-----w- c:\documents and settings\Alexander\Application Data\InstallShield Installation Information
2011-04-07 10:58 . 2011-04-07 10:58 -------- d-----w- c:\program files\Unreal Tournament 3
2011-04-07 10:58 . 2011-04-07 10:58 -------- d-----w- c:\windows\45235788142C44BE8A4DDDE9A84492E5.TMP
2011-04-07 10:42 . 2011-04-07 10:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2011-04-07 10:41 . 2011-04-07 10:41 252080 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-04-07 10:41 . 2011-04-07 10:41 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-04-07 10:41 . 2011-04-07 10:41 252080 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-04-07 10:41 . 2011-01-08 03:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-04-07 10:41 . 2011-01-08 03:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-04-07 10:41 . 2011-01-08 03:27 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-07 10:41 . 2011-01-08 03:27 2916968 ----a-w- c:\windows\system32\nvcuvid.dll
2011-04-07 10:41 . 2011-01-08 03:27 2292678 ----a-w- c:\windows\system32\nvdata.bin
2011-04-07 10:41 . 2011-01-08 03:27 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-04-07 10:41 . 2011-01-08 03:27 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-04-07 10:41 . 2011-04-07 10:42 -------- d-----w- c:\program files\NVIDIA Corporation
2011-04-07 10:40 . 2011-04-07 10:40 -------- d-----w- C:\NVIDIA
2011-04-07 08:45 . 2007-07-19 08:14 444776 ----a-w- c:\windows\system32\d3dx10_35.dll
2011-04-07 08:45 . 2007-07-19 08:14 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll
2011-04-07 08:45 . 2007-05-16 06:45 443752 ----a-w- c:\windows\system32\d3dx10_34.dll
2011-04-07 08:45 . 2007-05-16 06:45 1124720 ----a-w- c:\windows\system32\D3DCompiler_34.dll
2011-04-07 08:35 . 2011-04-07 08:35 -------- d-----w- c:\program files\Electronic Arts
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-04 07:03 . 2011-02-23 05:48 16608 ----a-w- c:\windows\gdrv.sys
2011-04-07 10:09 . 2011-03-21 10:47 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-03-07 05:33 . 2011-02-22 18:42 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2007-07-27 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2007-07-27 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-25 06:18 . 2011-02-25 06:18 15872 ----a-r- c:\documents and settings\Alexander\Application Data\Microsoft\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C9.exe
2011-02-23 05:52 . 2011-02-23 05:52 315392 ----a-w- c:\windows\HideWin.exe
2011-02-22 23:06 . 2007-07-27 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2007-07-27 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2007-07-27 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2007-07-27 12:00 385024 ------w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2007-07-27 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2007-07-27 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2011-02-24 05:28 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2007-07-27 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2007-07-27 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2007-07-27 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2007-07-27 12:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2007-07-27 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 01:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 01:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Core Temp"="c:\program files\CoreTemp\Core Temp.exe" [2008-08-22 277008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-03 1753192]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
2007-08-29 08:55 1966080 ------r- c:\windows\system32\xRaidSetup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-09-18 15:34 205976 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-03-18 01:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
2004-01-14 01:10 409600 ----a-w- c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2010-11-04 11:09 980368 ----a-w- c:\progra~1\Eraser\Eraser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST]
2007-12-14 00:46 236040 ----a-w- c:\program files\GIGABYTE\GEST\run.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-02-24 05:42 136176 ----atw- c:\documents and settings\Alexander\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 04:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2007-03-20 06:36 36864 ------r- c:\windows\RaidTool\xInsIDE.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-08 23:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 06:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-31 08:42 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Dashboard]
2010-04-30 14:47 79112 ----a-w- c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)
"ACDaemon"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\GIGABYTE\\GEST\\run.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\EA GAMES\\American McGee's Alice\\alice.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"c:\\Documents and Settings\\Alexander\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\portal 2\\portal2.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15/04/2011 9:32 PM 722416]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [14/01/2011 12:35 PM 196912]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [1/05/2010 12:47 AM 14088]
R3 ALSysIO;ALSysIO;\??\c:\docume~1\ALEXAN~1\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\ALEXAN~1\LOCALS~1\Temp\ALSysIO.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 12:16 PM 130384]
S3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\GSvr.exe [23/02/2011 3:50 PM 47624]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 12:16 PM 753504]
S4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ALSYSIO
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1677128483-725345543-1003Core1cc07c690bdf16.job
- c:\documents and settings\Alexander\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-24 05:42]
.
2011-04-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1677128483-725345543-1003UA.job
- c:\documents and settings\Alexander\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-24 05:42]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {94836F44-9A17-4DB6-89F4-10EFFA42B4BD} = 203.0.178.191,203.215.29.191
FF - ProfilePath - c:\documents and settings\Alexander\Application Data\Mozilla\Firefox\Profiles\75bnc4v4.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG10\Firefox4
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-05-04 17:29
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-05-04 17:33:58
ComboFix-quarantined-files.txt 2011-05-04 07:33
.
Pre-Run: 1,284,176,801,792 bytes free
Post-Run: 1,284,600,631,296 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - D9CF1CD0D85C818305FD2F4D3AFE87EA

sir galahad

Newbie Surfer
Newbie Surfer

Posts : 24
Joined : 2010-09-30
Operating System : Windows XP Professional

View user profile

Back to top Go down

Re: Slow computer, happened suddenly, suspect malware

Post by DragonMaster Jay on Fri 06 May 2011, 8:08 pm

1. ComboFix re-run
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the box below into it:
    Code:
    killall::

    filelook::
    c:\windows\system32\drivers\hardlock.sys
    c:\windows\gdrv.sys

    Reboot::
  • Save this as CFScript.txt, in the same location as ComboFix.exe



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.

2. Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

3. Post logs

Make sure to post these logs for my review:
  • ComboFix log
  • ESET Scan log

Also, let me know how your computer is running.

Thanks!


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Slow computer, happened suddenly, suspect malware

Post by sir galahad on Sat 07 May 2011, 1:04 am

Combofix Re-Run
Here's the Combo fix log file, will restart and do the ESET scan and see how she runs, and post that log too!

ComboFix 11-05-03.03 - ... 06/05/2011 23:06:56.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.3326.2907 [GMT 10]
Running from: c:\documents and settings\...\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\...\Desktop\CFscript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\...\Application Data\PriceGong
c:\documents and settings\...\Application Data\PriceGong\Data\mru.xml
.
.
((((((((((((((((((((((((( Files Created from 2011-04-06 to 2011-05-06 )))))))))))))))))))))))))))))))
.
.
2011-05-06 12:35 . 2011-05-06 12:35 0 ---ha-w- C:\aaw7boot.cmd
2011-05-05 10:52 . 2011-05-05 10:58 -------- d-----w- c:\documents and settings\...\Application Data\HandBrake
2011-05-05 10:52 . 2011-05-05 10:52 -------- d-----w- c:\documents and settings\...\Local Settings\Application Data\HandBrake
2011-05-05 10:51 . 2011-05-05 10:51 -------- d-----w- c:\program files\Handbrake
2011-05-05 07:31 . 2011-05-05 07:31 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-05-05 07:26 . 2011-05-06 12:41 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2011-05-03 08:28 . 2011-05-03 08:28 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2011-05-03 07:47 . 2011-05-03 07:47 388096 ----a-r- c:\documents and settings\...\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-03 07:47 . 2011-05-03 07:47 -------- d-----w- c:\program files\Trend Micro
2011-05-01 08:53 . 2011-05-01 08:53 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-05-01 07:46 . 2011-05-01 07:46 -------- d-----w- c:\documents and settings\...\Local Settings\Application Data\Sunbelt Software
2011-05-01 07:44 . 2011-05-06 12:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-05-01 02:56 . 2011-05-01 02:56 -------- d-----r- C:\MSOCache
2011-05-01 02:15 . 2011-05-01 02:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-05-01 02:15 . 2011-05-01 02:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-01 02:08 . 2011-05-01 02:08 -------- d-----w- c:\documents and settings\...\Application Data\Malwarebytes
2011-05-01 02:07 . 2010-04-29 05:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-01 02:07 . 2011-05-01 02:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-01 02:07 . 2010-04-29 05:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-01 02:07 . 2011-05-01 02:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-30 01:21 . 2011-04-30 01:21 -------- d-----w- c:\program files\ImgTool Burn
2011-04-29 12:38 . 2005-07-27 22:18 685056 ----a-w- c:\windows\system32\drivers\hardlock.sys
2011-04-29 12:38 . 2011-04-29 12:38 -------- d-----w- c:\program files\Custom Technology
2011-04-29 12:10 . 2011-04-29 12:45 -------- d-----w- c:\program files\DVD-RB PRO
2011-04-29 12:08 . 2011-04-29 12:08 -------- d-----w- c:\program files\AviSynth 2.5
2011-04-29 12:01 . 2011-04-29 12:01 -------- d-----w- c:\documents and settings\...\Local Settings\Application Data\ArcSoft
2011-04-29 12:01 . 2011-04-29 12:03 -------- d--h--w- c:\documents and settings\All Users\Application Data\ArcSoft
2011-04-29 11:59 . 2011-04-29 12:00 -------- d-----w- c:\program files\Common Files\ArcSoft
2011-04-25 02:34 . 2011-04-28 08:02 -------- d-----w- c:\program files\nLite
2011-04-19 10:46 . 2011-04-19 10:46 -------- d-----w- c:\program files\SystemScheduler
2011-04-17 11:49 . 2011-04-17 11:49 -------- d-----w- c:\documents and settings\...\Application Data\Helios
2011-04-17 11:49 . 2011-04-17 11:49 -------- d-----w- c:\program files\TextPad 5
2011-04-16 10:27 . 2011-04-16 10:27 -------- d-----w- c:\program files\MSXML 4.0
2011-04-16 06:11 . 2011-04-16 06:11 -------- d-----w- c:\program files\Microsoft Games
2011-04-16 05:31 . 2011-04-27 13:08 -------- d-----w- c:\documents and settings\...\Application Data\FileZilla
2011-04-16 05:31 . 2011-04-16 05:32 -------- d-----w- c:\program files\FileZilla FTP Client
2011-04-15 11:37 . 2011-04-15 11:37 -------- d-----w- c:\program files\Alcohol Soft
2011-04-15 11:32 . 2011-04-15 11:32 722416 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-04-15 11:31 . 2011-04-15 11:31 -------- d-----w- c:\program files\Franzis
2011-04-13 10:52 . 2011-04-13 10:52 -------- d-----w- c:\documents and settings\...\Local Settings\Application Data\Ahead
2011-04-13 08:05 . 2011-04-13 10:20 -------- d-----w- c:\program files\Free Video Joiner
2011-04-11 14:31 . 2011-04-11 14:31 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk
2011-04-11 13:21 . 2011-04-11 13:21 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2011-04-11 13:21 . 2011-04-13 11:22 -------- d-----w- c:\documents and settings\...\Application Data\Vso
2011-04-11 13:21 . 2010-02-09 06:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2011-04-11 13:21 . 2010-02-09 06:37 217127 ----a-w- c:\windows\system32\drv43260.dll
2011-04-11 13:21 . 2010-02-09 06:37 208935 ----a-w- c:\windows\system32\drv33260.dll
2011-04-11 13:21 . 2010-02-09 06:37 176165 ----a-w- c:\windows\system32\drv23260.dll
2011-04-11 13:21 . 2010-02-09 06:37 102439 ----a-w- c:\windows\system32\sipr3260.dll
2011-04-11 13:21 . 2010-02-09 06:37 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2011-04-11 13:21 . 2010-02-09 06:37 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2011-04-11 13:21 . 2011-04-11 13:21 -------- d-----w- c:\program files\VSO
2011-04-08 06:26 . 2011-04-08 06:26 -------- d-----w- c:\program files\id Software
2011-04-08 06:24 . 2011-04-08 06:24 -------- d-sh--w- c:\windows\ftpcache
2011-04-07 11:09 . 2011-04-07 11:09 -------- d-----w- c:\documents and settings\...\Application Data\InstallShield Installation Information
2011-04-07 10:58 . 2011-04-07 10:58 -------- d-----w- c:\program files\Unreal Tournament 3
2011-04-07 10:58 . 2011-04-07 10:58 -------- d-----w- c:\windows\45235788142C44BE8A4DDDE9A84492E5.TMP
2011-04-07 10:42 . 2011-04-07 10:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2011-04-07 10:41 . 2011-04-07 10:41 252080 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-04-07 10:41 . 2011-05-05 11:42 252080 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-04-07 10:41 . 2011-05-05 11:42 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-04-07 10:41 . 2011-01-08 03:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-04-07 10:41 . 2011-01-08 03:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-04-07 10:41 . 2011-01-08 03:27 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-07 10:41 . 2011-01-08 03:27 2916968 ----a-w- c:\windows\system32\nvcuvid.dll
2011-04-07 10:41 . 2011-01-08 03:27 2292678 ----a-w- c:\windows\system32\nvdata.bin
2011-04-07 10:41 . 2011-01-08 03:27 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-04-07 10:41 . 2011-01-08 03:27 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-04-07 10:41 . 2011-04-07 10:42 -------- d-----w- c:\program files\NVIDIA Corporation
2011-04-07 10:40 . 2011-04-07 10:40 -------- d-----w- C:\NVIDIA
2011-04-07 08:45 . 2007-07-19 08:14 444776 ----a-w- c:\windows\system32\d3dx10_35.dll
2011-04-07 08:45 . 2007-07-19 08:14 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll
2011-04-07 08:45 . 2007-05-16 06:45 443752 ----a-w- c:\windows\system32\d3dx10_34.dll
2011-04-07 08:45 . 2007-05-16 06:45 1124720 ----a-w- c:\windows\system32\D3DCompiler_34.dll
2011-04-07 08:35 . 2011-04-07 08:35 -------- d-----w- c:\program files\Electronic Arts
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-04 07:03 . 2011-02-23 05:48 16608 ----a-w- c:\windows\gdrv.sys
2011-04-07 10:09 . 2011-03-21 10:47 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-03-07 05:33 . 2011-02-22 18:42 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2007-07-27 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2007-07-27 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-25 06:18 . 2011-02-25 06:18 15872 ----a-r- c:\documents and settings\...\Application Data\Microsoft\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C9.exe
2011-02-23 05:52 . 2011-02-23 05:52 315392 ----a-w- c:\windows\HideWin.exe
2011-02-22 23:06 . 2007-07-27 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2007-07-27 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2007-07-27 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2007-07-27 12:00 385024 ------w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2007-07-27 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2007-07-27 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2011-02-24 05:28 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2007-07-27 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2007-07-27 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2007-07-27 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2007-07-27 12:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2007-07-27 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\gdrv.sys ---
Company: Windows (R) 2000 DDK provider
File Description: GIGABYTE Tools
File Version: 5.00.2195.1620
Product Name: Windows (R) 2000 DDK driver
Copyright: Copyright (C) Microsoft Corp. 1981-1999
Original Filename: gdrv.sys
File size: 16608
Created time: 2011-02-23 05:48
Modified time: 2011-05-04 07:03
MD5: 5C230948DD6652228F88CA7AE6CB276C
SHA1: 65DAF56454ED89F9C5401FD327282DF2B23CF7EB
.
.
--- c:\windows\system32\drivers\hardlock.sys ---
Company: Aladdin Knowledge Systems Ltd.
File Description: Hardlock Device Driver for Windows NT
File Version: 3.40
Product Name: Hardlock Device Driver for Windows NT
Copyright: Aladdin Knowledge Systems Ltd. (c) 1985-2005.
Original Filename: hardlock.sys
File size: 685056
Created time: 2011-04-29 12:38
Modified time: 2005-07-27 22:18
MD5: C1CC0C9742B881C42F1CC628E6F9EBD1
SHA1: A82C77A6964B0B649E2F81F33F52CA1E7DC123FB
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 01:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 01:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Core Temp"="c:\program files\CoreTemp\Core Temp.exe" [2008-08-22 277008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-03 1753192]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
2007-08-29 08:55 1966080 ------r- c:\windows\system32\xRaidSetup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-09-18 15:34 205976 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-03-18 01:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
2004-01-14 01:10 409600 ----a-w- c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2010-11-04 11:09 980368 ----a-w- c:\progra~1\Eraser\Eraser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST]
2007-12-14 00:46 236040 ----a-w- c:\program files\GIGABYTE\GEST\run.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-02-24 05:42 136176 ----atw- c:\documents and settings\...\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 04:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2007-03-20 06:36 36864 ------r- c:\windows\RaidTool\xInsIDE.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-08 23:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 06:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-31 08:42 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Dashboard]
2010-04-30 14:47 79112 ----a-w- c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)
"ACDaemon"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\GIGABYTE\\GEST\\run.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\EA GAMES\\American McGee's Alice\\alice.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"c:\\Documents and Settings\\...\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\portal 2\\portal2.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15/04/2011 9:32 PM 722416]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [14/01/2011 12:35 PM 196912]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [1/05/2010 12:47 AM 14088]
R3 ALSysIO;ALSysIO;\??\c:\docume~1\...~1\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\...~1\LOCALS~1\Temp\ALSysIO.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 12:16 PM 130384]
S3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\GSvr.exe [23/02/2011 3:50 PM 47624]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 12:16 PM 753504]
S4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ALSYSIO
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1677128483-725345543-1003Core1cc07c690bdf16.job
- c:\documents and settings\...\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-24 05:42]
.
2011-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1677128483-725345543-1003UA.job
- c:\documents and settings\...\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-24 05:42]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {94836F44-9A17-4DB6-89F4-10EFFA42B4BD} = 203.0.178.191,203.215.29.191
FF - ProfilePath - c:\documents and settings\...\Application Data\Mozilla\Firefox\Profiles\75bnc4v4.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG10\Firefox4
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-05-06 23:20
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1408)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wdfmgr.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-05-06 23:29:57 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-06 13:29
ComboFix2.txt 2011-05-04 07:33
.
Pre-Run: 1,271,020,888,064 bytes free
Post-Run: 1,271,555,182,592 bytes free
.
- - End Of File - - E488070D5EB31BADD94BE2DF8B2B279E


Last edited by sir galahad on Mon 09 May 2011, 8:33 am; edited 1 time in total

sir galahad

Newbie Surfer
Newbie Surfer

Posts : 24
Joined : 2010-09-30
Operating System : Windows XP Professional

View user profile

Back to top Go down

Re: Slow computer, happened suddenly, suspect malware

Post by sir galahad on Sat 07 May 2011, 8:31 am

Here's the ESET log.
The computer seems to be running faster than before (which was horrifically slow), but still doesn't seem to be as fast as i remember... will keep doing a few tests. Any other suggestions? Thanks for the help to get me this far!



ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=fec1902b0f6eff4085304554e9b4c2fe
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 5306 5306 0 0
# scanned=222987
# found=1
# cleaned=1
# scan_time=12869
C:\Documents and Settings\All Users\Documents\...\Downloads\Nero-9.2.6.0_update.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C


Last edited by sir galahad on Mon 09 May 2011, 8:31 am; edited 1 time in total

sir galahad

Newbie Surfer
Newbie Surfer

Posts : 24
Joined : 2010-09-30
Operating System : Windows XP Professional

View user profile

Back to top Go down

Re: Slow computer, happened suddenly, suspect malware

Post by sir galahad on Sat 07 May 2011, 10:54 am

So some improvements within windows, small programs seem to be starting up quicker. But, boot up still takes longer than usual, and games seem to take a very long time to load (Crysis), or not at all (half life). Media conversions still take too long. Let me know if you have any suggestions!

So long as there are no viruses on my system (which now seems to be clean), perhaps i should backup my data and reformat? What do you think?

Cheers,
Alex.

sir galahad

Newbie Surfer
Newbie Surfer

Posts : 24
Joined : 2010-09-30
Operating System : Windows XP Professional

View user profile

Back to top Go down

Re: Slow computer, happened suddenly, suspect malware

Post by DragonMaster Jay on Sat 07 May 2011, 8:17 pm

Not sure about reformatting. It is usually a last resort. Unless you really want to, then I have no problem with it.

Let's take a look with this tool...

Please download Speccy and save to your Desktop.
  • Double-click on setup file and install Speccy on your computer.
  • Start Speccy and give it 30 seconds to 1 minute to load.
  • Then, click File > Save as Text file...
  • Save the report to your Desktop or other location you can remember.
  • Find the report and attach it to your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Slow computer, happened suddenly, suspect malware

Post by sir galahad on Sun 08 May 2011, 7:53 pm

Wish i could understand more of this, thanks for the ongoing help. Here's the results:

Summary
Operating System
MS Windows XP Professional 32-bit SP3
CPU
Intel Core 2 Quad Q9450 @ 2.66GHz 38 C
Yorkfield 45nm Technology
RAM
4.0GB Dual-Channel DDR2 @ 399MHz (5-5-5-18)
Motherboard
Gigabyte Technology Co., Ltd. X48-DQ6 (Socket 775) 15 C
Graphics
DELL 2005FPW (1680x1050@60Hz)
512MB GeForce 9800 GTX/9800 GTX+ (XFX Pine Group) 53 C
Hard Drives
1954GB Seagate ST2000DL003-9VT166 (SATA) 22 C
Optical Drives
HL-DT-ST DVDRAM GH20NS10
HL-DT-ST DVDRAM GH20NS10
Audio
Realtek High Definition Audio
Operating System
MS Windows XP Professional 32-bit SP3
Installation Date: 23 February 2011, 05:46
Windows Security Center
Firewall Disabled
Antivirus Disabled
Windows Update
AutoUpdate Notify prior to download
TimeZone
TimeZone GMT +10 Hours
Power Profile
Active power scheme Minimal Power Management
Hibernation Disabled
Scheduler
8/05/2011 7:47 PM GoogleUpdateTaskUserS-1-5-21-861567501-1677128483-725345543-1003UA
9/05/2011 4:12 PM GoogleUpdateTaskUserS-1-5-21-861567501-1677128483-725345543-1003Core1cc07c690bdf16
Hotfixes
28/04/2011 Windows Malicious Software Removal Tool - April 2011 (KB890830)
17/04/2011 Security Update for Microsoft XML Core Services 4.0 Service Pack 2 (KB954430)
17/04/2011 Update for Microsoft XML Core Services 4.0 Service Pack 2 (KB973688)
15/04/2011 Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2446704)
15/04/2011 Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2446704)
15/04/2011 Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2446704)
15/04/2011 Security Update for Windows XP (KB2485663)
15/04/2011 Security Update for Windows XP (KB2506223)
15/04/2011 Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2497640)
15/04/2011 Security Update for Windows XP (KB2412687)
15/04/2011 Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2446704)
15/04/2011 Cumulative Security Update for ActiveX Killbits for Windows XP (KB2508272)
15/04/2011 Security Update for Windows XP (KB2503658)
15/04/2011 Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2446708)
15/04/2011 Security Update for Windows XP (KB2507618)
15/04/2011 Security Update for Windows XP (KB2508429)
15/04/2011 Security Update for Windows XP (KB2511455)
15/04/2011 Security Update for Windows XP (KB2506212)
15/04/2011 Windows Malicious Software Removal Tool - April 2011 (KB890830)
15/04/2011 Security Update for Windows XP (KB2509553)
15/04/2011 Security Update for Windows XP (KB2510531)
26/03/2011 Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB983583)
26/03/2011 Security Update for Microsoft .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2418241)
26/03/2011 Microsoft .NET Framework 3.5 SP1 Update for Windows Server 2003 and Windows XP x86 (KB982168)
26/03/2011 Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0 SP2 Security Update for Windows 2000, Windows Server 2003, and Windows XP x86 (KB979909)
26/03/2011 Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB983583)
26/03/2011 Security Update for Microsoft .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2418241)
26/03/2011 Microsoft .NET Framework 3.5 SP1 Update for Windows Server 2003 and Windows XP x86 (KB982168)
26/03/2011 Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0 SP2 Security Update for Windows 2000, Windows Server 2003, and Windows XP x86 (KB979909)
26/03/2011 Security Update for Microsoft .NET Framework 3.5 SP1 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 x86 (KB2416473)
26/03/2011 Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB983583)
26/03/2011 Security Update for Microsoft .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2418241)
26/03/2011 Microsoft .NET Framework 3.5 SP1 Update for Windows Server 2003 and Windows XP x86 (KB982168)
26/03/2011 Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0 SP2 Security Update for Windows 2000, Windows Server 2003, and Windows XP x86 (KB979909)
25/03/2011 Update for Windows XP (KB2524375)
17/03/2011 Update for Windows XP (KB971029)
12/03/2011 Update to .NET Framework 3.5 Service Pack 1 for the .NET Framework Assistant 1.0 x86 (KB963707)
9/03/2011 Security Update for Windows XP (KB2479943)
9/03/2011 Windows Malicious Software Removal Tool - March 2011 (KB890830)
9/03/2011 Security Update for Windows XP (KB2481109)
9/03/2011 Update for Windows XP (KB961118)
9/03/2011 Security Update for Microsoft .NET Framework 3.5 SP1 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 x86 (KB2416473)
9/03/2011 Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0 SP2 Update for Windows Server 2003 and Windows XP x86 (KB982524)
9/03/2011 Security Update for Windows XP with Windows Media Format Runtime 9.5 and 11 (KB941569)
9/03/2011 Microsoft .NET Framework 3.5 SP1 Update for Windows Server 2003 and Windows XP x86 (KB982168)
7/03/2011 Security Update for Windows Media Format Runtime 9, 9.5 & 11 for Windows XP SP 3 (KB954155)
7/03/2011 Security Update for Windows Media Format Runtime 9, 9.5 & 11 for Windows XP SP3 (KB978695)
7/03/2011 Security Update for Windows XP Service Pack 3 (KB952069)
7/03/2011 Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86
3/03/2011 Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB983583)
3/03/2011 Security Update for Microsoft .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2418241)
3/03/2011 Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0 SP2 Update for Windows Server 2003 and Windows XP x86 (KB982167)
3/03/2011 Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0 SP2 Security Update for Windows 2000, Windows Server 2003, and Windows XP x86 (KB979909)
25/02/2011 Update for Windows XP (KB976662)
25/02/2011 Update for Windows XP (KB2345886)
25/02/2011 Update for Windows XP (KB970430)
25/02/2011 Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2416472)
25/02/2011 Security Update for Windows XP (KB981332)
25/02/2011 Update for Windows XP (KB971737)
25/02/2011 Security Update for Jscript 5.8 for Windows XP (KB971961)
25/02/2011 Update for Windows XP (KB2141007)
24/02/2011 Security Update for Windows XP (KB951376)
24/02/2011 Security Update for Windows XP (KB952954)
24/02/2011 Security Update for Windows XP (KB959426)
24/02/2011 Security Update for Windows XP (KB946648)
24/02/2011 Security Update for Windows XP (KB2387149)
24/02/2011 Security Update for Windows XP (KB956803)
24/02/2011 Security Update for Windows XP (KB960859)
24/02/2011 Security Update for Windows XP (KB982214)
24/02/2011 Security Update for Windows XP (KB2478971)
24/02/2011 Security Update for Windows XP (KB958869)
24/02/2011 Security Update for Windows XP (KB2259922)
24/02/2011 Cumulative Security Update for ActiveX Killbits for Windows XP (KB980195)
24/02/2011 Security Update for Windows XP (KB2296011)
24/02/2011 Security Update for Windows XP (KB980232)
24/02/2011 Security Update for Windows XP (KB2115168)
24/02/2011 Security Update for Windows XP (KB2485376)
24/02/2011 Security Update for Windows XP (KB975558)
24/02/2011 Update for Windows XP (KB955759)
24/02/2011 Security Update for Windows XP (KB2378111)
24/02/2011 Security Update for Windows XP (KB974318)
24/02/2011 Update for Windows XP (KB951978)
24/02/2011 Security Update for Windows XP (KB969059)
24/02/2011 Security Update for Windows XP (KB2443105)
24/02/2011 Security Update for Windows XP (KB981349)
24/02/2011 Security Update for Windows XP (KB2229593)
24/02/2011 Internet Explorer 8 for Windows XP
24/02/2011 Security Update for Windows XP (KB950974)
24/02/2011 Security Update for Windows XP (KB975713)
24/02/2011 Security Update for Windows XP (KB2440591)
24/02/2011 Security Update for Windows XP (KB982132)
24/02/2011 Security Update for Windows XP (KB971657)
24/02/2011 Security Update for Windows XP (KB978338)
24/02/2011 Security Update for Windows Media Format Runtime 9, 9.5 & 11 for Windows XP SP 3 (KB954155)
24/02/2011 Security Update for Windows XP (KB2479628)
24/02/2011 Security Update for Windows XP (KB972270)
24/02/2011 Security Update for Windows XP (KB956744)
24/02/2011 Security Update for Windows XP (KB974112)
24/02/2011 Security Update for Windows XP (KB956572)
24/02/2011 Security Update for Windows XP (KB2347290)
24/02/2011 Security Update for Windows XP (KB956844)
24/02/2011 Security Update for Windows XP (KB2483185)
24/02/2011 Security Update for Windows XP (KB961501)
24/02/2011 Update for Windows XP (KB2443685)
24/02/2011 Security Update for Windows XP (KB2079403)
24/02/2011 Security Update for Windows XP (KB979687)
24/02/2011 Security Update for Windows XP (KB2121546)
24/02/2011 Security Update for Windows XP (KB973869)
24/02/2011 Security Update for Windows XP (KB975025)
24/02/2011 Security Update for Windows XP (KB952004)
24/02/2011 Security Update for Windows XP (KB974571)
24/02/2011 Security Update for Windows XP (KB975560)
24/02/2011 Security Update for Windows XP (KB973507)
24/02/2011 Security Update for Windows XP (KB977816)
24/02/2011 Update for Windows XP (KB973687)
24/02/2011 Windows Malicious Software Removal Tool - February 2011 (KB890830)
24/02/2011 Security Update for Windows XP (KB950762)
24/02/2011 Security Update for Windows XP (KB978601)
24/02/2011 Security Update for Windows XP (KB980436)
24/02/2011 Security Update for Windows XP (KB981322)
24/02/2011 Update for Windows XP (KB952287)
24/02/2011 Security Update for Windows Media Format Runtime 9, 9.5 & 11 for Windows XP SP3 (KB978695)
24/02/2011 Security Update for Windows XP (KB2476687)
24/02/2011 Security Update for Windows XP (KB973904)
24/02/2011 Update for Windows XP (KB967715)
24/02/2011 Security Update for Windows XP Service Pack 3 (KB973540)
24/02/2011 Security Update for Windows XP (KB2419632)
24/02/2011 Security Update for Windows XP (KB974392)
24/02/2011 Security Update for Windows XP (KB954459)
24/02/2011 Security Update for Windows XP Service Pack 3 (KB952069)
24/02/2011 Security Update for Windows XP (KB977914)
24/02/2011 Security Update for Windows XP (KB951748)
24/02/2011 Security Update for Windows XP (KB978542)
24/02/2011 Security Update for Windows XP (KB979309)
24/02/2011 Security Update for Windows XP (KB978706)
24/02/2011 Security Update for Windows XP (KB981997)
24/02/2011 Security Update for Windows XP (KB960803)
24/02/2011 Security Update for Windows XP (KB973815)
24/02/2011 Security Update for Windows XP (KB975562)
24/02/2011 Cumulative Security Update for Internet Explorer 6 for Windows XP (KB2482017)
24/02/2011 Security Update for Windows XP (KB958644)
24/02/2011 Security Update for Windows XP (KB956802)
24/02/2011 Security Update for Flash Player (KB923789)
24/02/2011 Security Update for Windows XP (KB982665)
24/02/2011 Security Update for Windows XP (KB2478960)
24/02/2011 Security Update for Windows XP (KB2393802)
24/02/2011 Security Update for Windows XP (KB923561)
24/02/2011 Security Update for Jscript 5.7 for Windows XP (KB971961)
24/02/2011 Update for Windows XP (KB968389)
24/02/2011 Security Update for Windows XP (KB2423089)
24/02/2011 Security Update for Windows XP (KB2360937)
24/02/2011 Security Update for Windows XP (KB979482)
24/02/2011 Security Update for Windows XP (KB955069)
23/02/2011 Update for Windows XP (KB898461)
Services
Running Application Layer Gateway Service
Running Automatic Updates
Running Background Intelligent Transfer Service
Running COM+ Event System
Running Computer Browser
Running CryptSvc
Running DCOM Server Process Launcher
Running DHCP Client
Running Distributed Link Tracking Client
Running DNS Client
Running Error Reporting Service
Running Event Log
Running Fast User Switching Compatibility
Running Help and Support
Running HID Input Service
Running HTTP SSL
Running Logical Disk Manager
Running Network Connections
Running Network Location Awareness (NLA)
Running NitroPDFReaderDriverCreatorReadSpool
Running NVIDIA Display Driver Service
Running Plug and Play
Running Print Spooler
Running Remote Access Connection Manager
Running Remote Procedure Call (RPC)
Running Seagate Dashboard Service
Running Secondary Logon
Running Security Center
Running Server
Running Shell Hardware Detection
Running SSDP Discovery Service
Running StarWind AE Service
Running System Event Notification
Running System Restore Service
Running Task Scheduler
Running TCP/IP NetBIOS Helper
Running Telephony
Running Terminal Services
Running Themes
Running WebClient
Running Windows Audio
Running Windows Firewall/Internet Connection Sharing (ICS)
Running Windows Image Acquisition (WIA)
Running Windows Management Instrumentation
Running Windows User Mode Driver Framework
Running Workstation
Stopped .NET Runtime Optimization Service v2.0.50727_X86
Stopped Alerter
Stopped Apple Mobile Device
Stopped Application Management
Stopped ArcSoft Connect Daemon
Stopped ASP.NET State Service
Stopped Bonjour Service
Stopped ClipBook
Stopped COM+ System Application
Stopped Distributed Transaction Coordinator
Stopped Extensible Authentication Protocol Service
Stopped GEST Service for program management.
Stopped Health Key and Certificate Management Service
Stopped IMAPI CD-Burning COM Service
Stopped Indexing Service
Stopped InstallDriver Table Manager
Stopped iPod Service
Stopped IPSEC Services
Stopped Logical Disk Manager Administrative Service
Stopped Messenger
Stopped Microsoft .NET Framework NGEN v4.0.30319_X86
Stopped MS Software Shadow Copy Provider
Stopped Net Logon
Stopped Net.Tcp Port Sharing Service
Stopped NetMeeting Remote Desktop Sharing
Stopped Network Access Protection Agent
Stopped Network DDE
Stopped Network DDE DSDM
Stopped Network Provisioning Service
Stopped NT LM Security Support Provider
Stopped Office Source Engine
Stopped Performance Logs and Alerts
Stopped Portable Media Serial Number Service
Stopped Protected Storage
Stopped QoS RSVP
Stopped Remote Access Auto Connection Manager
Stopped Remote Desktop Help Session Manager
Stopped Remote Procedure Call (RPC) Locator
Stopped Remote Registry
Stopped Removable Storage
Stopped Routing and Remote Access
Stopped Security Accounts Manager
Stopped Smart Card
Stopped Telnet
Stopped Uninterruptible Power Supply
Stopped Universal Plug and Play Device Host
Stopped Volume Shadow Copy
Stopped Windows CardSpace
Stopped Windows Installer
Stopped Windows Management Instrumentation Driver Extensions
Stopped Windows Presentation Foundation Font Cache 3.0.0.0
Stopped Windows Presentation Foundation Font Cache 4.0.0.0
Stopped Windows Time
Stopped Wired AutoConfig
Stopped Wireless Zero Configuration
Stopped WMI Performance Adapter
Device Tree
ACPI Multiprocessor PC
Microsoft ACPI-Compliant System
Intel(R) Core(TM)2 Quad CPU Q9450 @ 2.66GHz
Intel(R) Core(TM)2 Quad CPU Q9450 @ 2.66GHz
Intel(R) Core(TM)2 Quad CPU Q9450 @ 2.66GHz
Intel(R) Core(TM)2 Quad CPU Q9450 @ 2.66GHz
ACPI Power Button
System board
Intel(R) 82802 Firmware Hub Device
ACPI Fixed Feature Button
PCI bus
Intel(R) X38/X48 Express Chipset Processor to I/O Controller - 29E0
Intel(R) X38/X48 Express Chipset PCI Express Root Port - 29E9
Intel(R) ICH9 Family PCI Express Root Port 1 - 2940
Intel(R) ICH9 Family SMBus Controller - 2930
Motherboard resources
Intel(R) X38/X48 Express Chipset PCI Express Root Port - 29E1
NVIDIA GeForce 9800 GTX/9800 GTX+
Plug and Play Monitor
Intel(R) ICH9 Family USB Universal Host Controller - 2937
USB Root Hub
Intel(R) ICH9 Family USB Universal Host Controller - 2938
USB Root Hub
USB Composite Device
USB Human Interface Device
HID Keyboard Device
USB Human Interface Device
HID-compliant device
HID-compliant mouse
HID-compliant consumer control device
HID-compliant device
HID-compliant device
Intel(R) ICH9 Family USB Universal Host Controller - 2939
USB Root Hub
Intel(R) ICH9 Family USB2 Enhanced Host Controller - 293C
USB Root Hub
Generic USB Hub
USB Composite Device
USB Human Interface Device
HID Keyboard Device
USB Human Interface Device
HID-compliant mouse
HID-compliant device
HID-compliant consumer control device
HID-compliant device
HID-compliant device
Microsoft UAA Bus Driver for High Definition Audio
Realtek High Definition Audio
Intel(R) ICH9 Family PCI Express Root Port 4 - 2946
GIGABYTE GBB36X Controller
Intel(R) ICH9 Family PCI Express Root Port 5 - 2948
Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC
Intel(R) ICH9 Family PCI Express Root Port 6 - 294A
Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC #2
Intel(R) ICH9 Family USB Universal Host Controller - 2934
USB Root Hub
Intel(R) ICH9 Family USB Universal Host Controller - 2935
USB Root Hub
Intel(R) ICH9 Family USB Universal Host Controller - 2936
USB Root Hub
Intel(R) ICH9 Family USB2 Enhanced Host Controller - 293A
USB Root Hub
Intel(R) 82801 PCI Bridge - 244E
Texas Instruments OHCI Compliant IEEE 1394 Host Controller
1394 Net Adapter
Intel(R) ICH9R LPC Interface Controller - 2916
ISAPNP Read Data Port
Motherboard resources
Programmable interrupt controller
Direct memory access controller
System timer
High precision event timer
System CMOS/real time clock
System speaker
Numeric data processor
Communications Port (COM1)
Motherboard resources
Standard floppy disk controller
Floppy disk drive
ECP Printer Port (LPT1)
Printer Port Logical Interface
Intel(R) ICH9R/DO/DH 4 port Serial ATA Storage Controller 1 - 2920
Primary IDE Channel
ST2000DL003-9VT166
HL-DT-ST DVDRAM GH20NS10
Secondary IDE Channel
HL-DT-ST DVDRAM GH20NS10
Intel(R) ICH9 Family 2 port Serial ATA Storage Controller 2 - 2926
Primary IDE Channel
Secondary IDE Channel
Extended IO Bus
A7OHOQDZ IDE Controller
CPU
Intel Core 2 Quad Q9450
Cores 4
Threads 4
Name Intel Core 2 Quad Q9450
Code Name Yorkfield
Package Socket 775 LGA
Technology 45nm
Specification Intel(R) Core(TM)2 Quad CPU Q9450 @ 2.66GHz
Family 6
Extended Family 6
Model 7
Extended Model 17
Stepping 7
Revision C1
Instructions MMX, SSE, SSE2, SSE3, SSSE3, SSE4.1, Intel 64
Virtualization Supported, Enabled
Hyperthreading Not supported
Fan Speed 1430 RPM
Bus Speed 333.3 MHz
Rated Bus Speed 1333.3 MHz
Stock Core Speed 2666 MHz
Stock Bus Speed 333 MHz
Average Temperature 38 C
Caches
L1 Data Cache Size 4 x 32 KBytes
L1 Instructions Cache Size 4 x 32 KBytes
L2 Unified Cache Size 2 x 6144 KBytes
Core 0
Core Speed 1999.9 MHz
Multiplier x 6.0
Bus Speed 333.3 MHz
Rated Bus Speed 1333.3 MHz
Temperature 37 C
Thread 1
APIC ID 0
Core 1
Core Speed 1999.9 MHz
Multiplier x 6.0
Bus Speed 333.3 MHz
Rated Bus Speed 1333.3 MHz
Temperature 27 C
Thread 1
APIC ID 1
Core 2
Core Speed 1999.9 MHz
Multiplier x 6.0
Bus Speed 333.3 MHz
Rated Bus Speed 1333.3 MHz
Temperature 48 C
Thread 1
APIC ID 3
Core 3
Core Speed 1999.9 MHz
Multiplier x 6.0
Bus Speed 333.3 MHz
Rated Bus Speed 1333.3 MHz
Temperature 38 C
Thread 1
APIC ID 2
RAM
Memory slots
Total memory slots 4
Used memory slots 2
Free memory slots 2
Memory
Type DDR2
Size 4096 MBytes
Channels # Dual
DRAM Frequency 400.0 MHz
CAS# Latency (CL) 5 clocks
RAS# to CAS# Delay (tRCD) 5 clocks
RAS# Precharge (tRP) 5 clocks
Cycle Time (tRAS) 18 clocks
Command Rate (CR) 2T
Physical Memory
Memory Usage 15 %
Total Physical 3.24 GB
Available Physical 2.72 GB
Total Virtual 1.99 GB
Available Virtual 1.88 GB
SPD
Number Of SPD Modules 2
Slot #1
Type DDR2
Size 2048 MBytes
Manufacturer Kingston
Max Bandwidth PC2-6400 (400 MHz)
Part Number 2G-UDIMM
Serial Number 6C0AB360
Week/year 24 / 08
SPD Ext. EPP
JEDEC #3
Frequency 400.0 MHz
CAS# Latency 5.0
RAS# To CAS# 5
RAS# Precharge 5
tRAS 18
tRC 23
Voltage 1.800 V
JEDEC #2
Frequency 266.7 MHz
CAS# Latency 4.0
RAS# To CAS# 4
RAS# Precharge 4
tRAS 12
tRC 16
Voltage 1.800 V
JEDEC #1
Frequency 200.0 MHz
CAS# Latency 3.0
RAS# To CAS# 3
RAS# Precharge 3
tRAS 9
tRC 12
Voltage 1.800 V
Slot #2
Type DDR2
Size 2048 MBytes
Manufacturer Kingston
Max Bandwidth PC2-6400 (400 MHz)
Part Number 2G-UDIMM
Serial Number 6A0AB360
Week/year 24 / 08
SPD Ext. EPP
JEDEC #3
Frequency 400.0 MHz
CAS# Latency 5.0
RAS# To CAS# 5
RAS# Precharge 5
tRAS 18
tRC 23
Voltage 1.800 V
JEDEC #2
Frequency 266.7 MHz
CAS# Latency 4.0
RAS# To CAS# 4
RAS# Precharge 4
tRAS 12
tRC 16
Voltage 1.800 V
JEDEC #1
Frequency 200.0 MHz
CAS# Latency 3.0
RAS# To CAS# 3
RAS# Precharge 3
tRAS 9
tRC 12
Voltage 1.800 V
Motherboard
Manufacturer Gigabyte Technology Co., Ltd.
Model X48-DQ6
Chipset Vendor Intel
Chipset Model X48
Chipset Revision 01
Southbridge Vendor Intel
Southbridge Model 82801IR (ICH9R)
Southbridge Revision 02
System Temperature 15 C
BIOS
Brand Award Software International, Inc.
Version F8A
Date 07/30/2008
Voltage
CPU CORE 1.104 V
DDR 1.872 V
+3.3V 3.296 V
+5V 4.946 V
PCI Data
1. PCI Available
2. PCI Available
Graphics
Monitor
Name DELL 2005FPW on NVIDIA GeForce 9800 GTX/9800 GTX+
Current Resolution 1680x1050 pixels
Work Resolution 1680x1020 pixels
State enabled, primary, output devices support
Monitor Width 1680
Monitor Height 1050
Monitor BPP 32 bits per pixel
Monitor Frequency 60 Hz
Device \\.\DISPLAY1\Monitor0
GeForce 9800 GTX/9800 GTX+
GPU G92
Device ID 10DE-0612
Revision A3
Subvendor XFX Pine Group (1682)
Current Performance Level Level 1
Current GPU Clock 740 MHz
Current Memory Clock 1140 MHz
Current Shader Clock 1850 MHz
Voltage 1.150 V
Technology 65 nm
Die Size 330 nm?
Transistors 754 M
Release Date Apr 01, 2008
DirectX Support 10.0
DirectX Shader Model 4.0
OpenGL Support 3.0
Bus Interface PCI Express x16
Temperature 53 C
GPU Clock 740 MHz
Memory Clock 1140 MHz
Driver nv4_disp.dll
Driver version 6.14.12.6658
ForceWare version 266.58
BIOS Version 62.92.3b.00.0b
ROPs 16
Shaders 128 unified
Memory Type GDDR3
Memory 512 MB
Bus Width 256 Bit
Pixel Fillrate 11.8 GPixels/s
Texture Fillrate 47.4 GTexels/s
Bandwidth 73.0 GB/s
Count of performance levels : 1
Level 0
GPU Clock 740 MHz
Memory Clock 1140 MHz
Shader Clock 1850 MHz
Hard Drives
ST2000DL003-9VT166
Manufacturer Seagate
Heads 16
Cylinders 16383
SATA type SATA-II 3.0Gb/s
Device type Fixed
ATA Standard ATA8-ACS
48-bit LBA Supported
Serial Number 5YD1ZZSK
Interface SATA
Capacity 1954GB
Real size 2,000,397,852,160 bytes
S.M.A.R.T
01 Read Error Rate 099 (099 worst) Data 0000003048
03 Spin-Up Time 092 (092) Data 0000000000
04 Start/Stop Count 100 (100) Data 0000000068
05 Reallocated Sectors Count 100 (100) Data 0000000000
07 Seek Error Rate 072 (060) Data 0001205585
09 Power-On Hours (POH) 100 (100) Data 0000000166
0A Spin Retry Count 100 (100) Data 0000000000
0C Device Power Cycle Count 100 (100) Data 0000000068
B7 100 (100) Data 0000000000
B8 100 (100) Data 0000000000
BB 100 (100) Data 0000000000
BC 100 (093) Data 000007002B
BD High Fly Writes (WDC) 100 (100) Data 0000000000
BE Temperature Difference from 100 079 (062) Data 0015100015
BF G-sense error rate 100 (100) Data 0000000000
C0 Power-off Retract Count 100 (100) Data 000000000B
C1 Load/Unload Cycle Count 100 (100) Data 0000000068
C2 Temperature 021 (040) Data 0000000015
C3 Hardware ECC Recovered 030 (015) Data 0000003048
C5 Current Pending Sector Count 100 (100) Data 0000000000
C6 Uncorrectable Sector Count 100 (100) Data 0000000000
C7 UltraDMA CRC Error Count 200 (200) Data 0000000000
F0 Head Flying Hours 100 (253) Data 000000016C
F1 100 (253) Data 0006ECBD93
F2 100 (253) Data 006F0CA090
Temperature 22 C
Temperature Range ok (less than 50 C)
Status Good
Partition 0
Partition ID Disk #0, Partition #0
Disk Letter C:
File System NTFS
Volume Serial Number 7CE7E12D
Size 1863GB
Used Space 678GB (37%)
Free Space 1185GB (63%)
Optical Drives
HL-DT-ST DVDRAM GH20NS10
Media Type CD-ROM
Name HL-DT-ST DVDRAM GH20NS10
Availability Running/Full Power
Capabilities Random Access, Supports Removable Media
Config Manager Error Code Device is working properly
Config Manager User Config FALSE
Drive E:
Media Loaded FALSE
SCSI Bus 0
SCSI Logical Unit 0
SCSI Port 0
SCSI Target Id 1
Status OK
HL-DT-ST DVDRAM GH20NS10
Media Type CD-ROM
Name HL-DT-ST DVDRAM GH20NS10
Availability Running/Full Power
Capabilities Random Access, Supports Removable Media
Config Manager Error Code Device is working properly
Config Manager User Config FALSE
Drive D:
Media Loaded FALSE
SCSI Bus 0
SCSI Logical Unit 0
SCSI Port 3
SCSI Target Id 0
Status OK
Audio
Sound Card
Realtek High Definition Audio
Playback Device
Realtek HD Audio Input
Recording Device
Realtek HD Audio output
Peripherals
HID Keyboard Device
Device Kind Keyboard
Device Name HID Keyboard Device
Vendor Unknown
Location Location 0
Driver
Date 7-1-2001
Version 5.1.2600.5512
File C:\WINDOWS\system32\DRIVERS\kbdhid.sys
File C:\WINDOWS\system32\DRIVERS\kbdclass.sys
HID Keyboard Device
Device Kind Keyboard
Device Name HID Keyboard Device
Vendor Unknown
Location Location 0
Driver
Date 7-1-2001
Version 5.1.2600.5512
File C:\WINDOWS\system32\DRIVERS\kbdhid.sys
File C:\WINDOWS\system32\DRIVERS\kbdclass.sys
HID-compliant mouse
Device Kind Mouse
Device Name HID-compliant mouse
Vendor Unknown
Location Location 0
Driver
Date 7-1-2001
Version 5.1.2600.0
File C:\WINDOWS\system32\DRIVERS\mouclass.sys
File C:\WINDOWS\system32\DRIVERS\mouhid.sys
HID-compliant mouse
Device Kind Mouse
Device Name HID-compliant mouse
Vendor Unknown
Location Location 0
Driver
Date 7-1-2001
Version 5.1.2600.0
File C:\WINDOWS\system32\DRIVERS\mouclass.sys
File C:\WINDOWS\system32\DRIVERS\mouhid.sys
Network
You are connected to the internet
Connected through Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC - Packet Scheduler Miniport

Adapter Type Ethernet
NetBIOS over TCP/IP Enabled via DHCP
NETBIOS Node Type Unknown node type
Link Speed 0 kbps

Remote Desktop
Console
State Active
WinInet Info
LAN Connection
Local system uses a local area network to connect to the Internet
Local system has RAS to connect to the Internet
Wi-Fi Info

WinHTTPInfo
WinHTTPSessionProxyType No proxy
Session Proxy
Session Proxy Bypass
Connect Retries 5
Connect Timeout 60000
HTTP Version HTTP 1.1
Max Connects Per 1.0 Servers INFINITE
Max Connects Per Servers INFINITE
Max HTTP automatic redirects 10
Max HTTP status continue 10
Send Timeout 30000
IEProxy Auto Detect No
IEProxy Auto Config
IEProxy
IEProxy Bypass
Default Proxy Config Access Type No proxy
Default Config Proxy
Default Config Proxy Bypass
Adapters List
Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC - Packet Scheduler Miniport

Network Shares

sir galahad

Newbie Surfer
Newbie Surfer

Posts : 24
Joined : 2010-09-30
Operating System : Windows XP Professional

View user profile

Back to top Go down

Re: Slow computer, happened suddenly, suspect malware

Post by DragonMaster Jay on Tue 10 May 2011, 1:05 pm

I don't seem to quite understand why the system would be running slowly, except for a RAM issue.

All of the temperatures are below average, which is excellent. The status is marked as good on everything.

Let's do a memory test and see what the results will be...

1. Download - Pre-Compiled Bootable ISO (.zip)
2. Unzip downloaded memtest86 -....iso.zip file.
3. Inside, you'll find memtest86 -....iso file.
4. Download, and install ImgBurn: [You must be registered and logged in to see this link.]
5. Insert blank CD into your CD drive.
6. Open ImgBurn, and click on Write image file to disc
7. Click on Browse for a file... icon:



8. Locate memtest86 -....iso file, and click Open button.
9. Click on ImgBurn green arrow to start burning bootable memtest86 CD:



10. Once the CD is created, boot from it, and memtest will automatically start to run.

The running program will look something like this depending on the size and number of ram modules installed:



It's recommended to run 5-6 passes. Each pass contains very same

8 tests.

This will show the progress of the test. It can take a while. Be patient, or leave it running overnight.



The following image is the test results area:



The most important item here is the errors line. If you see ANY errors, even one, most likely, you have bad RAM.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Slow computer, happened suddenly, suspect malware

Post by sir galahad on Wed 11 May 2011, 3:16 am

6 passes and no errors. I can't find the source of the problem either. I'm thinking i'll have to reformat, i've noticed the following:

-Still significantly slow
-Youtube no longer working
-Needed to update internet settings (i.e. TCP/IP properties previously automatic, not explicitly stated)
-Some game dll's suddenly corrupted

I'm sure i've left something out, but the computer is just not what it used to be. Currently backing everything up for a reformat unless you have any other suggestions?

Cheers,
Alex.

sir galahad

Newbie Surfer
Newbie Surfer

Posts : 24
Joined : 2010-09-30
Operating System : Windows XP Professional

View user profile

Back to top Go down

Re: Slow computer, happened suddenly, suspect malware

Post by DragonMaster Jay on Wed 11 May 2011, 5:04 am

If you can save all of your data, like documents, pics, videos, etc...then we can help do that.

Guides for format and reinstall: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Slow computer, happened suddenly, suspect malware

Post by sir galahad on Wed 11 May 2011, 9:40 am

I'll let you know how i go. Unfortunately trying to back up data is taking FOREVER! the data transfer rates are ridiculously low/slow...
Many thanks for the reformat links and all of your help.

sir galahad

Newbie Surfer
Newbie Surfer

Posts : 24
Joined : 2010-09-30
Operating System : Windows XP Professional

View user profile

Back to top Go down

Re: Slow computer, happened suddenly, suspect malware

Post by DragonMaster Jay on Wed 11 May 2011, 4:43 pm

Let me know progress on the process of doing so. I'll be here for support still.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Slow computer, happened suddenly, suspect malware

Post by sir galahad on Mon 16 May 2011, 7:53 pm

DMJ,

Thanks again for all your help, I've reformatted and the computer is back to normal. There were just too many errors cropping up, and although backing up was a little painful, it was more time-effective to reformat. However I could not have done this early, so thanks for your help.

Regards,
Alex.

sir galahad

Newbie Surfer
Newbie Surfer

Posts : 24
Joined : 2010-09-30
Operating System : Windows XP Professional

View user profile

Back to top Go down

Re: Slow computer, happened suddenly, suspect malware

Post by DragonMaster Jay on Mon 16 May 2011, 8:00 pm

You're welcome. We are certainly glad to be here for assistance.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Slow computer, happened suddenly, suspect malware

Post by Sponsored content Today at 1:05 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum