1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

network usage spikes, odd computer performance

Discussion in 'Virus & Other Malware Removal' started by obscuredhavoc, Nov 8, 2011.

Thread Status:
Not open for further replies.
  1. obscuredhavoc

    obscuredhavoc Thread Starter

    Joined:
    Nov 7, 2009
    Messages:
    89
    I'm running Windows XP SP3. 2gb of RAM, 3.33 GHZ Intel Celeron D CPU (if you want any other specs just ask, i figured you'd just need to know the basics to understand that the performance issues i'm experiencing should not be happening.
    idk how to phrase it correctly, usage spikes I guess. I will be browsing, and suddenly google will take 2 minutes to actually load a search result (That's just an example, it will happen with any website I attempt to browse to while this is happening.) I have a cable connection from Time Warner, with a 15mbps down connection, so I know the actual connection speed isn't a problem. Already talked to TimeWarner/Roadrunner about this, and supposedly they ran connection tests on their end, and nothing is wrong with our internet service from their point to mine, so i'm figuring it has to be an issue on this computer.
    I'm not getting any unwanted pop-ups, my virus scanner (panda cloud) shows my system is clean after a full scan.
    The only real performance issues I have, not network related, usually happens at the same time the internet is having one of its spaz attacks. I'll hear the cpu fan of mine kick on high, my cpu usage will go up, but not show anything it's being dedicated to in the task manager. I haven't noticed an increase in ram usage, but I have noticed as soon as I attempt to start running a virus scan while these things are happening, poof it's gone and it's magically better and won't happen again for a few hours/days even.
    It happens maybe 3-4 times a day, but I can hear it when I sleep sometimes, the CPU fan kicking into over-drive while there's literally nothing running on my computer beside the anti-virus program, and it's not scanning...
    I know it's really scattered, but I just really don't even know how to explain it, as I've never dealt with something like this.
    ---hijack this log----
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 3:01:17 PM, on 11/8/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 SP3 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\taskswitch.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
    C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Documents and Settings\Owner\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://op7.netgame.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Rapoo 9200] C:\Program Files\Rapoo\9200\9200_Mouse.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [PSUNMain] "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
    O4 - HKLM\..\Run: [Svchost] C:\WINDOWS\system32\WinDir\Svchost.exe
    O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Svchost] C:\WINDOWS\system32\WinDir\Svchost.exe
    O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10x_Plugin.exe -update plugin
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-1123561945-790525478-1417001333-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-1123561945-790525478-1417001333-1005\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'UpdatusUser')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    O23 - Service: User Profile Hive Cleanup (UPHClean) - Windows (R) Codename Longhorn DDK provider - C:\Program Files\UPHClean\uphclean.exe

    --
    End of file - 7346 bytes

    ---------------------------
    DDS(textfilelog)
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
    Run by Owner at 15:02:15 on 2011-11-08
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1056 [GMT -6:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\taskswitch.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\UPHClean\uphclean.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
    C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://op7.netgame.com/
    mWinlogon: SfcDisable=-99 (0xffffff9d)
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Svchost] c:\windows\system32\windir\Svchost.exe
    uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10x_Plugin.exe -update plugin
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
    mRun: [TaskTray]
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Rapoo 9200] c:\program files\rapoo\9200\9200_Mouse.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar
    mRun: [Svchost] c:\windows\system32\windir\Svchost.exe
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
    dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x08af -f video -m logitech -d 12.0.1278.0
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
    mPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
    mPolicies-explorer: MaxRecentDocs = 18 (0x12)
    mPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
    mPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
    mPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{68A8E771-3BEA-47EE-B884-54ADA3CB41DB} : DhcpNameServer = 209.18.47.61 209.18.47.62
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    SecurityProviders: schannel.dll, credssp.dll, digest.dll
    mASetup: &#339; - c:\windows\system32\windir\Svchost.exe Restart
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\azeqs4s3.default\
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
    FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\azeqs4s3.default\extensions\[email protected]\plugins\npLogitechDeviceDetection.dll
    FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [2011-7-13 13616]
    R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [2011-7-13 5632]
    R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [2011-7-13 13616]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-11-1 232512]
    R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2011-4-28 129992]
    R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2011-4-28 140608]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-9-29 2253120]
    R2 PSINAFLT;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2011-7-5 143752]
    R2 PSINFILE;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2011-4-28 97096]
    R2 PSINPROC;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2011-4-28 111688]
    R2 PSINPROT;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2011-4-28 112456]
    R3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
    R3 rp24msdrv;2.4g Device;c:\windows\system32\drivers\rp24msdrv.sys [2011-10-17 23296]
    S0 3112Rx47;3112Rx47;c:\windows\system32\drivers\3112Rx47.sys [2011-7-13 110128]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-9-29 1691480]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2011-11-06 16:42:31 -------- d-----w- c:\documents and settings\owner\application data\DDMSettings
    2011-11-06 16:35:52 -------- d-----w- c:\program files\common files\DivX Shared
    2011-11-06 16:35:17 -------- d-----w- c:\program files\DivX
    2011-11-06 16:34:37 -------- d-----w- c:\documents and settings\all users\application data\DivX
    2011-11-02 01:02:18 72 ----a-w- c:\windows\RAVTC.TMP
    2011-11-02 01:02:16 782152 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan363.tmp\setup.exe
    2011-11-02 01:02:16 -------- d-----w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\Pan363.tmp
    2011-11-02 00:30:24 -------- d-----w- c:\program files\Hero Editor
    2011-11-02 00:30:17 249856 ------w- c:\windows\Setup1.exe
    2011-11-02 00:30:14 73216 ----a-w- c:\windows\ST6UNST.EXE
    2011-11-02 00:23:12 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
    2011-11-02 00:18:11 21840 ----a-w- c:\windows\system32\SIntfNT.dll
    2011-11-02 00:18:11 17212 ----a-w- c:\windows\system32\SIntf32.dll
    2011-11-02 00:18:11 12067 ----a-w- c:\windows\system32\SIntf16.dll
    2011-11-02 00:16:00 2829 ----a-w- c:\windows\DIIUnin.pif
    2011-11-02 00:15:59 94208 ----a-w- c:\windows\DIIUnin.exe
    2011-11-02 00:12:56 -------- d-----w- c:\program files\Diablo II
    2011-11-02 00:11:17 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2011-11-01 01:06:55 -------- d-----w- c:\documents and settings\owner\application data\Panda Security
    2011-11-01 01:01:12 -------- d-----w- c:\program files\Panda Security
    2011-11-01 01:01:12 -------- d-----w- c:\documents and settings\all users\application data\Panda Security
    2011-11-01 01:00:56 -------- d-----w- C:\temp
    2011-10-26 18:38:06 -------- d-----w- c:\program files\PeerBlock
    2011-10-17 09:54:56 -------- d-----w- c:\windows\system32\appmgmt
    2011-10-17 09:43:59 -------- d-----w- c:\windows\pss
    2011-10-17 09:36:19 23296 ----a-w- c:\windows\system32\drivers\rp24msdrv.sys
    2011-10-17 09:36:18 1478609 ----a-w- c:\windows\unins000.exe
    2011-10-17 09:36:18 -------- d-----w- c:\program files\Rapoo
    2011-10-17 09:36:04 -------- d-----w- c:\windows\system32\ReinstallBackups
    2011-10-17 09:16:07 -------- d-----w- c:\program files\Heat
    2011-10-15 09:20:58 -------- d-----w- c:\documents and settings\owner\local settings\application data\Criterion Games
    2011-10-15 09:15:31 -------- d-----w- C:\ProgramData
    2011-10-15 09:15:12 1202 ----a-w- c:\windows\system32\ealregsnapshot1.reg
    2011-10-15 09:15:04 -------- d-----w- c:\documents and settings\owner\local settings\application data\Downloaded Installations
    2011-10-14 20:29:52 -------- d-----w- c:\documents and settings\owner\local settings\application data\storage
    2011-10-13 22:03:47 -------- d-----w- c:\documents and settings\owner\local settings\application data\Activision
    2011-10-13 21:21:00 -------- d-----w- c:\program files\Activision
    2011-10-13 01:21:41 -------- d-----w- c:\documents and settings\owner\application data\Windows Search
    2011-10-13 01:20:04 -------- d-----w- c:\program files\Left4Dead
    2011-10-12 23:41:02 -------- d-----w- c:\windows\system32\LogFiles
    2011-10-12 23:31:38 -------- d--h--w- c:\windows\msdownld.tmp
    2011-10-12 23:31:30 -------- d-----w- c:\windows\system32\directx
    2011-10-12 23:31:25 -------- d-----w- c:\windows\Logs
    2011-10-12 23:01:22 443448 ----a-w- c:\windows\system32\drivers\sptd.sys
    2011-10-12 23:01:14 -------- d-----w- c:\program files\DAEMON Tools Lite
    2011-10-12 23:00:55 -------- d-----w- c:\documents and settings\owner\application data\DAEMON Tools Lite
    2011-10-12 23:00:53 -------- d-----w- c:\documents and settings\all users\application data\DAEMON Tools Lite
    2011-10-12 22:53:37 1867904 ------w- c:\windows\system32\dllcache\win32k.sys
    2011-10-12 21:45:53 -------- d-----w- c:\documents and settings\owner\local settings\application data\Google
    2011-10-12 21:23:28 138496 ------w- c:\windows\system32\dllcache\afd.sys
    2011-10-12 07:33:16 -------- d-----w- c:\program files\SystemRequirementsLab
    2011-10-12 02:25:04 -------- d-----w- c:\windows\.jagex_cache_32
    .
    ==================== Find3M ====================
    .
    2011-10-26 19:41:51 285788 ----a-w- c:\windows\system32\nvdrsdb0.bin
    2011-10-26 19:41:51 1 ----a-w- c:\windows\system32\nvdrssel.bin
    2011-10-26 19:41:00 285788 ----a-w- c:\windows\system32\nvdrsdb1.bin
    2011-10-03 10:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-10-03 07:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-09-29 15:39:32 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-09 09:11:14 599552 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-06 13:25:11 1867904 ----a-w- c:\windows\system32\win32k.sys
    2011-09-01 00:12:00 1698408 ----a-w- c:\windows\RtlExUpd.dll
    2011-08-30 22:28:46 6435432 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
    2011-08-29 21:20:00 1493608 ----a-w- c:\windows\RtlUpd.exe
    2011-08-23 17:06:12 63592 ----a-w- c:\windows\system32\RtkCoInstXP.dll
    2011-08-22 23:47:42 919552 ----a-w- c:\windows\system32\wininet.dll
    2011-08-22 23:47:42 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-08-22 23:47:42 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-08-22 11:52:07 385024 ----a-w- c:\windows\system32\html.iec
    2011-08-17 22:09:20 20064872 ----a-w- c:\windows\RTHDCPL.EXE
    2011-08-17 13:41:46 138496 ----a-w- c:\windows\system32\drivers\afd.sys
    .
    ============= FINISH: 15:03:15.87 ===============

    The one labeled attatch.txt is..attatched.

    ----------------------
    I couldn't finish a GMER scan, as after about 20 minutes into it, it locks up somewhere while scanning "C:\System volume information" and I actually have to hard reboot to get back to using the computer.
    I Did let it scan until it hit that part of the scan, and just hit stop, and saved a log of it. It informed me that "the scan was stopped." but... here it is anyway
    ARK.TXT
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-11-08 16:08:28
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-9 ST3500418AS rev.CC38
    Running: v1buh7dy.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\agliraoc.sys


    ---- System - GMER 1.0.15 ----

    SSDT sptd.sys ZwCreateKey [0xB7ECEFA0]
    SSDT sptd.sys ZwEnumerateKey [0xB7F03018]
    SSDT sptd.sys ZwEnumerateValueKey [0xB7F033A6]
    SSDT sptd.sys ZwOpenKey [0xB7ECEF80]
    SSDT sptd.sys ZwQueryKey [0xB7F0347E]
    SSDT sptd.sys ZwQueryValueKey [0xB7F032FE]
    SSDT sptd.sys ZwSetValueKey [0xB7F03510]
    SSDT \SystemRoot\system32\DRIVERS\PSINProc.sys (PSINProc Filter Driver for XP32/Panda Security, S.L.) ZwTerminateProcess [0xA666C416]
    SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xB152275C]

    INT 0x62 ? 89E20CB8
    INT 0x73 ? 89E20CB8
    INT 0x82 ? 89E20CB8
    INT 0x83 ? 89E20CB8
    INT 0xA4 ? 89E4CCB8
    INT 0xA4 ? 89E4CCB8
    INT 0xA4 ? 89E4CCB8
    INT 0xA4 ? 89E4CCB8

    ---- Kernel code sections - GMER 1.0.15 ----

    .text sptd.sys B7E92000 32 Bytes [E0, 36, 6D, 80, 5A, 87, 6D, ...]
    .text sptd.sys B7E92024 408 Bytes [72, 1A, 53, 80, 80, 4F, 54, ...]
    .text sptd.sys B7E921BD 15 Bytes [70, 53, 80, D2, F7, 5C, 80, ...]
    .text sptd.sys B7E921D4 4 Bytes [F3, A5, 6A, 4D] {REP MOVSD ; PUSH 0x4d}
    .text sptd.sys B7E921DC 1 Byte [02]
    .text ...
    .sptd2 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd2" section [0xB7F3C9E3]
    ? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6453380, 0x8D6CD5, 0xE8000020]
    .text USBPORT.SYS!DllUnload B6433934 5 Bytes JMP 89E4C1C8
    ? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys The system cannot find the file specified. !
    ? C:\WINDOWS\system32\drivers\EagleXNt.sys The system cannot find the file specified. !
    ? C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\SearchIndexer.exe[2276] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7264] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 1069E349 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7264] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 1069E2DB C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7264] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 104589A7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7264] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 10458F65 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[8752] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 011FFAE0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 89E4A1E8
    Device \FileSystem\Udfs \UdfsCdRom 89B5D308
    Device \FileSystem\Udfs \UdfsDisk 89B5D308
    Device \Driver\NetBT \Device\NetBT_Tcpip_{68A8E771-3BEA-47EE-B884-54ADA3CB41DB} 896901E8
    Device \Driver\usbohci \Device\USBPDO-0 89AC61E8
    Device \Driver\usbohci \Device\USBPDO-1 89AC61E8
    Device \Driver\usbehci \Device\USBPDO-2 89AC91E8
    Device \Driver\usbstor \Device\00000061 896E91E8
    Device \Driver\Cdrom \Device\CdRom0 89AC41E8
    Device \Driver\atapi \Device\Ide\IdePort0 [B7DFEB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort1 [B7DFEB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort2 [B7DFEB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort3 [B7DFEB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort4 [B7DFEB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort5 [B7DFEB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP5T0L0-14 [B7DFEB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-9 [B7DFEB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\usbstor \Device\00000067 896E91E8
    Device \Driver\usbstor \Device\00000068 896E91E8
    Device \Driver\usbstor \Device\00000069 896E91E8
    Device \Driver\NetBT \Device\NetBt_Wins_Export 896901E8
    Device \Driver\NetBT \Device\NetbiosSmb 896901E8
    Device \Driver\usbstor \Device\0000006a 896E91E8
    Device \Driver\usbohci \Device\USBFDO-0 89AC61E8
    Device \Driver\usbohci \Device\USBFDO-1 89AC61E8
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8968F1E8
    Device \Driver\usbehci \Device\USBFDO-2 89AC91E8
    Device \FileSystem\MRxSmb \Device\LanmanRedirector 8968F1E8
    Device \FileSystem\Cdfs \Cdfs 89BA3430

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0x07 0x56 0x0E 0xCF ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE[email protected] 0
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0x07 0x56 0x0E 0xCF ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xA0 0x02 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xFC 0xD7 0x15 0xC7 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x2B 0xDA 0xEB 0xD2 ...

    ---- EOF - GMER 1.0.15 ----

    Doesn't look as complete as it should be? Buuut... idk.
    ----------------
    What i've tried so far.. (not much)


    The only step I could figure to try to see what was using my network, I attempted a "netstat -a " command via command prompt, to see if I could spot anything suspicious... then I realised I have no clue wth i'm looking for. I've copy and pasted what was returned below.
    I was thinking of trying a netstat -a -(idr what the letter is, but it shows all the proccess's attatched to the outgoing/incoming connections...but i couldn't remember the letter for it.)

    Microsoft Windows XP [Version 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corp.

    C:\Documents and Settings\Owner>netstat -a

    Active Connections

    Proto Local Address Foreign Address State
    TCP Computer-2073:epmap Computer-2073:0 LISTENING
    TCP Computer-2073:microsoft-ds Computer-2073:0 LISTENING
    TCP Computer-2073:1068 Computer-2073:0 LISTENING
    TCP Computer-2073:2559 Computer-2073:0 LISTENING
    TCP Computer-2073:4286 localhost:4287 ESTABLISHED
    TCP Computer-2073:4287 localhost:4286 ESTABLISHED
    TCP Computer-2073:4288 localhost:4289 ESTABLISHED
    TCP Computer-2073:4289 localhost:4288 ESTABLISHED
    TCP Computer-2073:4682 Computer-2073:0 LISTENING
    TCP Computer-2073:4682 localhost:4683 ESTABLISHED
    TCP Computer-2073:4683 localhost:4682 ESTABLISHED
    TCP Computer-2073:5152 Computer-2073:0 LISTENING
    TCP Computer-2073:5152 localhost:2014 CLOSE_WAIT
    TCP Computer-2073:10000 Computer-2073:0 LISTENING
    TCP Computer-2073:netbios-ssn Computer-2073:0 LISTENING
    TCP Computer-2073:1398 dfw06s03-in-f27.1e100.net:http TIME_WAIT
    TCP Computer-2073:1399 dfw06s07-in-f4.1e100.net:http TIME_WAIT
    TCP Computer-2073:1401 dfw06s03-in-f27.1e100.net:http TIME_WAIT
    TCP Computer-2073:1408 dfw06s06-in-f26.1e100.net:http TIME_WAIT
    TCP Computer-2073:1409 24.143.198.35:http TIME_WAIT
    TCP Computer-2073:1412 a184-85-253-129.deploy.akamaitechnologies.com:ht
    tp TIME_WAIT
    TCP Computer-2073:1413 a184-85-253-129.deploy.akamaitechnologies.com:ht
    tp TIME_WAIT
    TCP Computer-2073:1423 dfw06s03-in-f23.1e100.net:https ESTABLISHED
    TCP Computer-2073:1425 24.143.192.75:http TIME_WAIT
    TCP Computer-2073:1442 24.143.192.75:http TIME_WAIT
    TCP Computer-2073:1447 dfw06s03-in-f23.1e100.net:https ESTABLISHED
    TCP Computer-2073:1449 24.143.192.75:http ESTABLISHED
    TCP Computer-2073:1453 a184-85-253-136.deploy.akamaitechnologies.com:ht
    tp ESTABLISHED
    TCP Computer-2073:1454 a184-85-253-170.deploy.akamaitechnologies.com:ht
    tp ESTABLISHED
    TCP Computer-2073:1571 64.208.241.58:http CLOSE_WAIT
    UDP Computer-2073:microsoft-ds *:*
    UDP Computer-2073:isakmp *:*
    UDP Computer-2073:4500 *:*
    UDP Computer-2073:6771 *:*
    UDP Computer-2073:35993 *:*
    UDP Computer-2073:ntp *:*
    UDP Computer-2073:1699 *:*
    UDP Computer-2073:1900 *:*
    UDP Computer-2073:3291 *:*
    UDP Computer-2073:48000 *:*
    UDP Computer-2073:48001 *:*
    UDP Computer-2073:ntp *:*
    UDP Computer-2073:netbios-ns *:*
    UDP Computer-2073:netbios-dgm *:*
    UDP Computer-2073:1900 *:*
    UDP Computer-2073:3631 *:*

    C:\Documents and Settings\Owner>


    ^
    When I ran that, the only things I had open was firefox, this webpage, the sticky in the front page of the malware/virus removal forum of this website, and my GMAIL account, and Panda Antivirus (The only things that should possibly need a network connection)

    Sorry for the super long post. Thank you for any assistance. :)
     

    Attached Files:

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - network usage spikes
  1. joycie81
    Replies:
    0
    Views:
    505
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1026032

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice