network usage spikes, odd computer performance

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

obscuredhavoc

Thread Starter
Joined
Nov 7, 2009
Messages
89
I'm running Windows XP SP3. 2gb of RAM, 3.33 GHZ Intel Celeron D CPU (if you want any other specs just ask, i figured you'd just need to know the basics to understand that the performance issues i'm experiencing should not be happening.
idk how to phrase it correctly, usage spikes I guess. I will be browsing, and suddenly google will take 2 minutes to actually load a search result (That's just an example, it will happen with any website I attempt to browse to while this is happening.) I have a cable connection from Time Warner, with a 15mbps down connection, so I know the actual connection speed isn't a problem. Already talked to TimeWarner/Roadrunner about this, and supposedly they ran connection tests on their end, and nothing is wrong with our internet service from their point to mine, so i'm figuring it has to be an issue on this computer.
I'm not getting any unwanted pop-ups, my virus scanner (panda cloud) shows my system is clean after a full scan.
The only real performance issues I have, not network related, usually happens at the same time the internet is having one of its spaz attacks. I'll hear the cpu fan of mine kick on high, my cpu usage will go up, but not show anything it's being dedicated to in the task manager. I haven't noticed an increase in ram usage, but I have noticed as soon as I attempt to start running a virus scan while these things are happening, poof it's gone and it's magically better and won't happen again for a few hours/days even.
It happens maybe 3-4 times a day, but I can hear it when I sleep sometimes, the CPU fan kicking into over-drive while there's literally nothing running on my computer beside the anti-virus program, and it's not scanning...
I know it's really scattered, but I just really don't even know how to explain it, as I've never dealt with something like this.
---hijack this log----
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:01:17 PM, on 11/8/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 SP3 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://op7.netgame.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Rapoo 9200] C:\Program Files\Rapoo\9200\9200_Mouse.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PSUNMain] "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
O4 - HKLM\..\Run: [Svchost] C:\WINDOWS\system32\WinDir\Svchost.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Svchost] C:\WINDOWS\system32\WinDir\Svchost.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10x_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1123561945-790525478-1417001333-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1123561945-790525478-1417001333-1005\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: User Profile Hive Cleanup (UPHClean) - Windows (R) Codename Longhorn DDK provider - C:\Program Files\UPHClean\uphclean.exe

--
End of file - 7346 bytes

---------------------------
DDS(textfilelog)
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Owner at 15:02:15 on 2011-11-08
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1056 [GMT -6:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://op7.netgame.com/
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Svchost] c:\windows\system32\windir\Svchost.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10x_Plugin.exe -update plugin
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
mRun: [TaskTray]
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Rapoo 9200] c:\program files\rapoo\9200\9200_Mouse.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar
mRun: [Svchost] c:\windows\system32\windir\Svchost.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x08af -f video -m logitech -d 12.0.1278.0
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
mPolicies-explorer: MaxRecentDocs = 18 (0x12)
mPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
mPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{68A8E771-3BEA-47EE-B884-54ADA3CB41DB} : DhcpNameServer = 209.18.47.61 209.18.47.62
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SecurityProviders: schannel.dll, credssp.dll, digest.dll
mASetup: &#339; - c:\windows\system32\windir\Svchost.exe Restart
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\azeqs4s3.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\azeqs4s3.default\extensions\[email protected]\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [2011-7-13 13616]
R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [2011-7-13 5632]
R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [2011-7-13 13616]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-11-1 232512]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2011-4-28 129992]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2011-4-28 140608]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-9-29 2253120]
R2 PSINAFLT;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2011-7-5 143752]
R2 PSINFILE;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2011-4-28 97096]
R2 PSINPROC;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2011-4-28 111688]
R2 PSINPROT;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2011-4-28 112456]
R3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
R3 rp24msdrv;2.4g Device;c:\windows\system32\drivers\rp24msdrv.sys [2011-10-17 23296]
S0 3112Rx47;3112Rx47;c:\windows\system32\drivers\3112Rx47.sys [2011-7-13 110128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-9-29 1691480]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-11-06 16:42:31 -------- d-----w- c:\documents and settings\owner\application data\DDMSettings
2011-11-06 16:35:52 -------- d-----w- c:\program files\common files\DivX Shared
2011-11-06 16:35:17 -------- d-----w- c:\program files\DivX
2011-11-06 16:34:37 -------- d-----w- c:\documents and settings\all users\application data\DivX
2011-11-02 01:02:18 72 ----a-w- c:\windows\RAVTC.TMP
2011-11-02 01:02:16 782152 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan363.tmp\setup.exe
2011-11-02 01:02:16 -------- d-----w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\Pan363.tmp
2011-11-02 00:30:24 -------- d-----w- c:\program files\Hero Editor
2011-11-02 00:30:17 249856 ------w- c:\windows\Setup1.exe
2011-11-02 00:30:14 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-11-02 00:23:12 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2011-11-02 00:18:11 21840 ----a-w- c:\windows\system32\SIntfNT.dll
2011-11-02 00:18:11 17212 ----a-w- c:\windows\system32\SIntf32.dll
2011-11-02 00:18:11 12067 ----a-w- c:\windows\system32\SIntf16.dll
2011-11-02 00:16:00 2829 ----a-w- c:\windows\DIIUnin.pif
2011-11-02 00:15:59 94208 ----a-w- c:\windows\DIIUnin.exe
2011-11-02 00:12:56 -------- d-----w- c:\program files\Diablo II
2011-11-02 00:11:17 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-11-01 01:06:55 -------- d-----w- c:\documents and settings\owner\application data\Panda Security
2011-11-01 01:01:12 -------- d-----w- c:\program files\Panda Security
2011-11-01 01:01:12 -------- d-----w- c:\documents and settings\all users\application data\Panda Security
2011-11-01 01:00:56 -------- d-----w- C:\temp
2011-10-26 18:38:06 -------- d-----w- c:\program files\PeerBlock
2011-10-17 09:54:56 -------- d-----w- c:\windows\system32\appmgmt
2011-10-17 09:43:59 -------- d-----w- c:\windows\pss
2011-10-17 09:36:19 23296 ----a-w- c:\windows\system32\drivers\rp24msdrv.sys
2011-10-17 09:36:18 1478609 ----a-w- c:\windows\unins000.exe
2011-10-17 09:36:18 -------- d-----w- c:\program files\Rapoo
2011-10-17 09:36:04 -------- d-----w- c:\windows\system32\ReinstallBackups
2011-10-17 09:16:07 -------- d-----w- c:\program files\Heat
2011-10-15 09:20:58 -------- d-----w- c:\documents and settings\owner\local settings\application data\Criterion Games
2011-10-15 09:15:31 -------- d-----w- C:\ProgramData
2011-10-15 09:15:12 1202 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2011-10-15 09:15:04 -------- d-----w- c:\documents and settings\owner\local settings\application data\Downloaded Installations
2011-10-14 20:29:52 -------- d-----w- c:\documents and settings\owner\local settings\application data\storage
2011-10-13 22:03:47 -------- d-----w- c:\documents and settings\owner\local settings\application data\Activision
2011-10-13 21:21:00 -------- d-----w- c:\program files\Activision
2011-10-13 01:21:41 -------- d-----w- c:\documents and settings\owner\application data\Windows Search
2011-10-13 01:20:04 -------- d-----w- c:\program files\Left4Dead
2011-10-12 23:41:02 -------- d-----w- c:\windows\system32\LogFiles
2011-10-12 23:31:38 -------- d--h--w- c:\windows\msdownld.tmp
2011-10-12 23:31:30 -------- d-----w- c:\windows\system32\directx
2011-10-12 23:31:25 -------- d-----w- c:\windows\Logs
2011-10-12 23:01:22 443448 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-10-12 23:01:14 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-10-12 23:00:55 -------- d-----w- c:\documents and settings\owner\application data\DAEMON Tools Lite
2011-10-12 23:00:53 -------- d-----w- c:\documents and settings\all users\application data\DAEMON Tools Lite
2011-10-12 22:53:37 1867904 ------w- c:\windows\system32\dllcache\win32k.sys
2011-10-12 21:45:53 -------- d-----w- c:\documents and settings\owner\local settings\application data\Google
2011-10-12 21:23:28 138496 ------w- c:\windows\system32\dllcache\afd.sys
2011-10-12 07:33:16 -------- d-----w- c:\program files\SystemRequirementsLab
2011-10-12 02:25:04 -------- d-----w- c:\windows\.jagex_cache_32
.
==================== Find3M ====================
.
2011-10-26 19:41:51 285788 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-10-26 19:41:51 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-10-26 19:41:00 285788 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-10-03 10:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 07:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-29 15:39:32 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:11:14 599552 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:25:11 1867904 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 00:12:00 1698408 ----a-w- c:\windows\RtlExUpd.dll
2011-08-30 22:28:46 6435432 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2011-08-29 21:20:00 1493608 ----a-w- c:\windows\RtlUpd.exe
2011-08-23 17:06:12 63592 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2011-08-22 23:47:42 919552 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:47:42 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:47:42 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:52:07 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 22:09:20 20064872 ----a-w- c:\windows\RTHDCPL.EXE
2011-08-17 13:41:46 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
============= FINISH: 15:03:15.87 ===============

The one labeled attatch.txt is..attatched.

----------------------
I couldn't finish a GMER scan, as after about 20 minutes into it, it locks up somewhere while scanning "C:\System volume information" and I actually have to hard reboot to get back to using the computer.
I Did let it scan until it hit that part of the scan, and just hit stop, and saved a log of it. It informed me that "the scan was stopped." but... here it is anyway
ARK.TXT
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-08 16:08:28
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-9 ST3500418AS rev.CC38
Running: v1buh7dy.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\agliraoc.sys


---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwCreateKey [0xB7ECEFA0]
SSDT sptd.sys ZwEnumerateKey [0xB7F03018]
SSDT sptd.sys ZwEnumerateValueKey [0xB7F033A6]
SSDT sptd.sys ZwOpenKey [0xB7ECEF80]
SSDT sptd.sys ZwQueryKey [0xB7F0347E]
SSDT sptd.sys ZwQueryValueKey [0xB7F032FE]
SSDT sptd.sys ZwSetValueKey [0xB7F03510]
SSDT \SystemRoot\system32\DRIVERS\PSINProc.sys (PSINProc Filter Driver for XP32/Panda Security, S.L.) ZwTerminateProcess [0xA666C416]
SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xB152275C]

INT 0x62 ? 89E20CB8
INT 0x73 ? 89E20CB8
INT 0x82 ? 89E20CB8
INT 0x83 ? 89E20CB8
INT 0xA4 ? 89E4CCB8
INT 0xA4 ? 89E4CCB8
INT 0xA4 ? 89E4CCB8
INT 0xA4 ? 89E4CCB8

---- Kernel code sections - GMER 1.0.15 ----

.text sptd.sys B7E92000 32 Bytes [E0, 36, 6D, 80, 5A, 87, 6D, ...]
.text sptd.sys B7E92024 408 Bytes [72, 1A, 53, 80, 80, 4F, 54, ...]
.text sptd.sys B7E921BD 15 Bytes [70, 53, 80, D2, F7, 5C, 80, ...]
.text sptd.sys B7E921D4 4 Bytes [F3, A5, 6A, 4D] {REP MOVSD ; PUSH 0x4d}
.text sptd.sys B7E921DC 1 Byte [02]
.text ...
.sptd2 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd2" section [0xB7F3C9E3]
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6453380, 0x8D6CD5, 0xE8000020]
.text USBPORT.SYS!DllUnload B6433934 5 Bytes JMP 89E4C1C8
? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys The system cannot find the file specified. !
? C:\WINDOWS\system32\drivers\EagleXNt.sys The system cannot find the file specified. !
? C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[2276] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[7264] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 1069E349 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[7264] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 1069E2DB C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[7264] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 104589A7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[7264] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 10458F65 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[8752] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 011FFAE0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 89E4A1E8
Device \FileSystem\Udfs \UdfsCdRom 89B5D308
Device \FileSystem\Udfs \UdfsDisk 89B5D308
Device \Driver\NetBT \Device\NetBT_Tcpip_{68A8E771-3BEA-47EE-B884-54ADA3CB41DB} 896901E8
Device \Driver\usbohci \Device\USBPDO-0 89AC61E8
Device \Driver\usbohci \Device\USBPDO-1 89AC61E8
Device \Driver\usbehci \Device\USBPDO-2 89AC91E8
Device \Driver\usbstor \Device\00000061 896E91E8
Device \Driver\Cdrom \Device\CdRom0 89AC41E8
Device \Driver\atapi \Device\Ide\IdePort0 [B7DFEB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B7DFEB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B7DFEB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B7DFEB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort4 [B7DFEB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort5 [B7DFEB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP5T0L0-14 [B7DFEB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-9 [B7DFEB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\usbstor \Device\00000067 896E91E8
Device \Driver\usbstor \Device\00000068 896E91E8
Device \Driver\usbstor \Device\00000069 896E91E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 896901E8
Device \Driver\NetBT \Device\NetbiosSmb 896901E8
Device \Driver\usbstor \Device\0000006a 896E91E8
Device \Driver\usbohci \Device\USBFDO-0 89AC61E8
Device \Driver\usbohci \Device\USBFDO-1 89AC61E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8968F1E8
Device \Driver\usbehci \Device\USBFDO-2 89AC91E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8968F1E8
Device \FileSystem\Cdfs \Cdfs 89BA3430

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0x07 0x56 0x0E 0xCF ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0x07 0x56 0x0E 0xCF ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xFC 0xD7 0x15 0xC7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x2B 0xDA 0xEB 0xD2 ...

---- EOF - GMER 1.0.15 ----

Doesn't look as complete as it should be? Buuut... idk.
----------------
What i've tried so far.. (not much)


The only step I could figure to try to see what was using my network, I attempted a "netstat -a " command via command prompt, to see if I could spot anything suspicious... then I realised I have no clue wth i'm looking for. I've copy and pasted what was returned below.
I was thinking of trying a netstat -a -(idr what the letter is, but it shows all the proccess's attatched to the outgoing/incoming connections...but i couldn't remember the letter for it.)

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Owner>netstat -a

Active Connections

Proto Local Address Foreign Address State
TCP Computer-2073:epmap Computer-2073:0 LISTENING
TCP Computer-2073:microsoft-ds Computer-2073:0 LISTENING
TCP Computer-2073:1068 Computer-2073:0 LISTENING
TCP Computer-2073:2559 Computer-2073:0 LISTENING
TCP Computer-2073:4286 localhost:4287 ESTABLISHED
TCP Computer-2073:4287 localhost:4286 ESTABLISHED
TCP Computer-2073:4288 localhost:4289 ESTABLISHED
TCP Computer-2073:4289 localhost:4288 ESTABLISHED
TCP Computer-2073:4682 Computer-2073:0 LISTENING
TCP Computer-2073:4682 localhost:4683 ESTABLISHED
TCP Computer-2073:4683 localhost:4682 ESTABLISHED
TCP Computer-2073:5152 Computer-2073:0 LISTENING
TCP Computer-2073:5152 localhost:2014 CLOSE_WAIT
TCP Computer-2073:10000 Computer-2073:0 LISTENING
TCP Computer-2073:netbios-ssn Computer-2073:0 LISTENING
TCP Computer-2073:1398 dfw06s03-in-f27.1e100.net:http TIME_WAIT
TCP Computer-2073:1399 dfw06s07-in-f4.1e100.net:http TIME_WAIT
TCP Computer-2073:1401 dfw06s03-in-f27.1e100.net:http TIME_WAIT
TCP Computer-2073:1408 dfw06s06-in-f26.1e100.net:http TIME_WAIT
TCP Computer-2073:1409 24.143.198.35:http TIME_WAIT
TCP Computer-2073:1412 a184-85-253-129.deploy.akamaitechnologies.com:ht
tp TIME_WAIT
TCP Computer-2073:1413 a184-85-253-129.deploy.akamaitechnologies.com:ht
tp TIME_WAIT
TCP Computer-2073:1423 dfw06s03-in-f23.1e100.net:https ESTABLISHED
TCP Computer-2073:1425 24.143.192.75:http TIME_WAIT
TCP Computer-2073:1442 24.143.192.75:http TIME_WAIT
TCP Computer-2073:1447 dfw06s03-in-f23.1e100.net:https ESTABLISHED
TCP Computer-2073:1449 24.143.192.75:http ESTABLISHED
TCP Computer-2073:1453 a184-85-253-136.deploy.akamaitechnologies.com:ht
tp ESTABLISHED
TCP Computer-2073:1454 a184-85-253-170.deploy.akamaitechnologies.com:ht
tp ESTABLISHED
TCP Computer-2073:1571 64.208.241.58:http CLOSE_WAIT
UDP Computer-2073:microsoft-ds *:*
UDP Computer-2073:isakmp *:*
UDP Computer-2073:4500 *:*
UDP Computer-2073:6771 *:*
UDP Computer-2073:35993 *:*
UDP Computer-2073:ntp *:*
UDP Computer-2073:1699 *:*
UDP Computer-2073:1900 *:*
UDP Computer-2073:3291 *:*
UDP Computer-2073:48000 *:*
UDP Computer-2073:48001 *:*
UDP Computer-2073:ntp *:*
UDP Computer-2073:netbios-ns *:*
UDP Computer-2073:netbios-dgm *:*
UDP Computer-2073:1900 *:*
UDP Computer-2073:3631 *:*

C:\Documents and Settings\Owner>


^
When I ran that, the only things I had open was firefox, this webpage, the sticky in the front page of the malware/virus removal forum of this website, and my GMAIL account, and Panda Antivirus (The only things that should possibly need a network connection)

Sorry for the super long post. Thank you for any assistance. :)
 

Attachments

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top