Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slowed Computer, HD Heavy Activity


  • Please log in to reply
3 replies to this topic

#1 Computer Fixin' Wolf

Computer Fixin' Wolf

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 24 October 2009 - 06:21 PM

My system has been booting and launching programs extremely slowly the last month or so. It all started back around the time Microsoft did the last big Windows XP/etc. system update... so I thought that was the cause. But the computer acted as slow as molasses. Steam games took 15-20 minutes to load, Second Life took forever to load, booting took forever (15-20 minutes before I could do any input) .. hard drive light and noise was constant. Once the game programs actually loaded, the 3D graphics ran rather smoothly, but only once they loaded. Connections to servers (Ad-Aware, WorldWar2 Online, etc) became pretty much impossible, while HTTP connections still worked.

I ran HijackThis while the computer was still infected, a few days ago. This morning at 8:40pm I ran ComboFix (a friend pointed me to it) and then had to get some rest.

Before running ComboFix this morning I disabled a couple of the main features of Symantec, and Killed all the AVG-named processes I could, since I couldn't figure out how to get AVG to just disable itself (the control panel was taking forever to appear and once it did I didn't seem to be able to manually disable anything from there... ComboFix reported that AVG was still running, but I had killed most of it's processes so hopefully it did not interfere with ComboFix.) I also removed the Gigabyte Energy Saver program, and some pieces of Ad-Aware which I tried to install earlier but was unsuccessful and it ended up only installing a few pieces of that program because it couldn't connect to it's installation server.

When I came back to the computer around 6 PM tonight, long after the ComboFix scan completed, the computer was running relatively smoothly again (whew!!). The hard drive light still blinks constantly but there is some "black time" between a lot of the times the light is on, and I don't hear the drive running. Non-HTTP server connections seem to work again.

I would like to know what infected my machine, and what may still be on my machine, and maybe get some idea of how my machine was infected and how I can avoid it in the future - Symantec and AVG were quite useless in solving the problem, but I assume they "noticed" some suspicious things here and there. I have the pre-ComboFix HijackThis log, a log from Norton Utilities, and a log from this morning's ComboFix scan. I also will run DDS and RootRepeal soon.

I'll posts the logs once they are ready. They will give post-ComboFix information. I'll post the HijackThis, ComboFix, and Symantec Logs in a second message in this thread. I don;t have time to ask if I should post them or not because I have to head to the hospital, so please, when you have time, see if you can find out what I was infected with before this morning, and what I might be infected with now. It's pretty obvious it was something major, as running Combofix made a big difference in system performance.
---------------------------------
(update) Ok here is the DDS Log. Note this is from 9 hours AFTER I ran ComboFix, and the computer is no longer slow as molasses & can now connect to non-HTTP servers again, but the HD light still flickers all the time, but not as intensely. I will also attach the "Attach.txt" files, and I'll attach the RootRepeal log file.


DDS (Ver_09-10-24.03) - NTFSx86
Run by Miller at 19:25:29.21 on Sat 10/24/2009
Internet Explorer: 6.0.2900.5512

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uURLSearchHooks: DeviceVM Url Search Hook: {0063bf63-bfff-4b8f-9d26-4267df7f17dd} - c:windowssystem32dvmurl.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:program filesnorton internet securityengine16.7.2.11coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:program filesnorton internet securityengine16.7.2.11IPSBHO.DLL
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:program filesnorton internet securityengine16.7.2.11coIEPlg.dll
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [EasyTuneVI] c:program filesgigabyteet6ETcall.exe
mRun: [ISUSPM Startup] c:progra~1common~1instal~1update~1ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:program filescommon filesinstallshieldupdateserviceissch.exe" -start
mRun: [GBTUpd] c:program filesgigabytegbtupdPreRun.exe
mRun: [nwiz] c:program filesnvidia corporationnviewnwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:windowssystem32NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:windowssystem32NvCpl.dll,NvStartup
mRun: [Sunkist2k] c:program filesmultimedia card readershwicon2k.exe
mRun: [RivaTunerStartupDaemon] "c:program filesrivatuner v2.24 msi master overclocking arena 2009 editionRivaTuner.exe" /S
mRun: [boincmgr] "c:program filesboincboincmgr.exe" /a /s
mRun: [boinctray] "c:program filesboincboinctray.exe"
mRun: [AVG9_TRAY] c:progra~1avgavg9avgtray.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:program filesbelarcadvisorsystemBAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:progra~1common~1skypeSKYPE4~1.DLL
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:program filesnorton internet securityengine16.7.2.11CoIEPlg.dll
Notify: avgrsstarter - avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:docume~1millerapplic~1mozillafirefoxprofilesmakwi4pt.default
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:documents and settingsall usersapplication datanorton{0c55c096-0f1d-4f28-aaa2-85ef591126e7}nortoncoffplgncomponentscoFFPlgn.dll
FF - component: c:documents and settingsall usersapplication datanorton{0c55c096-0f1d-4f28-aaa2-85ef591126e7}nortonipsffplgncomponentsIPSFFPl.dll
FF - plugin: c:documents and settingsmillermy documentssparkplay mediasparkplayer (beta)npSparkPlayerNS.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:windowsmicrosoft.netframeworkv3.5windows presentation foundationdotnetassistantextension

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-10-24 12:20:00 0 d-sha-r- C:cmdcons
2009-10-24 12:17:15 98816 ----a-w- c:windowssed.exe
2009-10-24 12:17:15 236544 ----a-w- c:windowsPEV.exe
2009-10-24 12:17:15 161792 ----a-w- c:windowsSWREG.exe
2009-10-22 06:43:06 0 d-----r- c:program filesSkype
2009-10-19 18:25:54 0 d-----w- C:$AVG
2009-10-19 18:24:37 12464 ----a-w- c:windowssystem32avgrsstx.dll
2009-10-19 18:24:25 333192 ----a-w- c:windowssystem32driversavgldx86.sys
2009-10-19 18:23:26 0 d-----w- c:windowssystem32driversAvg
2009-10-19 18:22:12 0 d-----w- c:program filesAVG
2009-10-19 18:21:57 0 d-----w- c:docume~1alluse~1applic~1avg9
2009-10-16 16:11:05 0 d-----w- c:program filesYahoo!
2009-10-14 12:34:15 3851784 ----a-w- c:windowssystem32D3DX9_39.dll
2009-10-14 12:33:30 0 d-----w- c:windowsLogs
2009-10-13 02:00:58 0 d-----w- c:program filesMozilla Sunbird
2009-10-11 15:07:40 3840 ----a-w- c:windowssystem32driversBANTExt.sys
2009-10-11 15:07:40 0 d-----w- c:program filesBelarc
2009-10-11 14:58:27 0 d-----w- c:program filesVideoLAN
2009-10-08 10:08:54 0 d-----w- c:program filesCRS
2009-10-07 07:34:52 0 d-----w- c:program filesBOINC
2009-10-07 07:34:51 0 d-----w- c:docume~1alluse~1applic~1BOINC
2009-10-06 17:33:32 0 d-----w- c:windowsRegisteredPackages
2009-10-04 21:18:11 0 d-----w- c:docume~1millerapplic~1Foxit Software
2009-10-03 19:48:18 0 d-----w- c:program filesSecondLifeReleaseCandidate
2009-10-03 18:36:00 0 d-----w- c:program filesGreenLife Emerald Viewer
2009-10-03 15:54:43 0 d-----w- c:program filesMSXML 4.0
2009-10-03 15:22:43 0 d-----w- c:program filesRivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
2009-10-03 02:24:57 0 d-----w- c:program filesMultimedia Card Reader
2009-10-03 02:21:35 0 d-----w- c:windowsDownloaded Installations
2009-10-02 21:28:55 4767 ----a-w- c:windowsIrremote.ini
2009-10-02 21:15:58 0 d-----w- c:program filesNero
2009-10-02 21:15:31 0 d-----w- c:docume~1alluse~1applic~1Nero
2009-10-01 06:08:56 320 ----a-w- c:windowssystem32tablet.dat
2009-10-01 06:08:54 1830729 ----a-w- c:windowssystem32WacomTablet.znc
2009-10-01 06:08:54 1413120 ----a-w- c:windowssystem32WacomTablet.cpl
2009-10-01 06:08:53 8138 ----a-w- c:windowssystem32driversPenClass.sys
2009-10-01 06:08:53 0 d-----w- c:windowssystem32WTablet
2009-10-01 06:08:52 749568 ----a-w- c:windowssystem32Tablet.exe
2009-10-01 06:08:52 102400 ----a-w- c:windowssystem32Wintab32.dll
2009-10-01 06:08:51 0 d-----w- c:program filesTablet
2009-10-01 03:25:47 17488 ----a-w- c:windowsgdrv.sys
2009-10-01 02:01:29 8 ----a-w- c:windowssystem32nvModes.dat
2009-10-01 01:57:20 0 d-----w- c:windowssystem32AGEIA
2009-10-01 01:57:08 0 d-----w- c:program filescommon filesWise Installation Wizard
2009-10-01 01:56:59 0 d-----w- c:program filesNVIDIA Corporation
2009-10-01 01:56:55 0 d-----w- c:docume~1alluse~1applic~1NVIDIA Corporation
2009-10-01 01:56:33 485920 ----a-w- c:windowssystem32nvudisp.exe
2009-10-01 01:56:33 19495 ----a-w- c:windowssystem32nvdisp.nvu
2009-10-01 01:56:14 485920 ----a-w- c:windowssystem32NVUNINST.EXE
2009-10-01 01:42:09 664 ----a-w- c:windowssystem32d3d9caps.dat
2009-10-01 01:38:36 0 d-----w- c:windowssystem32appmgmt
2009-09-30 23:53:03 0 d-----w- c:program filesDriverCleanerDotNET
2009-09-30 23:49:21 0 d-----w- c:program filesuTorrent
2009-09-30 23:49:00 0 d-----w- c:docume~1millerapplic~1uTorrent
2009-09-30 23:32:37 0 d-----w- c:program filescommon filesBlizzard Entertainment.temp
2009-09-30 14:05:57 0 d-----w- c:docume~1alluse~1applic~1PC Drivers HeadQuarters
2009-09-30 14:05:52 0 d-----w- c:program filesPC Drivers HeadQuarters
2009-09-30 13:37:24 0 d-----w- c:program filesSteam
2009-09-30 05:06:41 0 d-----w- C:NVIDIA
2009-09-30 03:40:02 0 d-s---w- c:documents and settingsmillerUserData
2009-09-30 03:31:34 0 d-----w- c:program filesEVGA Precision
2009-09-30 03:25:35 0 d-----w- c:program filesGeForceTweakUtility
2009-09-30 03:18:43 17488 ----a-w- c:windowsetdrv.sys
2009-09-30 03:13:46 25280 ----a-w- c:windowssystem32drivershamachi.sys
2009-09-30 03:13:46 0 d-----w- c:program filesHamachi
2009-09-30 02:48:26 0 d-----w- c:docume~1millerapplic~1IrfanView
2009-09-29 15:42:15 0 d-----w- c:docume~1alluse~1applic~1Symantec
2009-09-29 12:56:50 15104 -c--a-w- c:windowssystem32dllcacheusbscan.sys
2009-09-29 12:56:50 15104 ----a-w- c:windowssystem32driversusbscan.sys
2009-09-29 12:55:47 73728 ----a-w- c:windowssystem32CNQI77.DLL
2009-09-29 12:55:47 389180 ----a-w- c:windowssystem32UCS32P.DLL
2009-09-29 12:55:47 274432 ----a-w- c:windowssystem32CNQL1208.DLL
2009-09-29 12:55:47 143360 ----a-w- c:windowssystem32CNQW77.DLL
2009-09-29 12:55:47 0 d-----w- C:CanoScan
2009-09-29 12:04:34 0 d-----w- c:program filesSpeedFan
2009-09-29 12:04:32 45 ----a-w- c:windowssystem32initdebug.nfo
2009-09-29 11:03:36 0 d-----w- c:docume~1millerapplic~1CoolViewer
2009-09-29 11:02:06 0 d-----w- c:program filesCoolViewer
2009-09-29 05:39:33 0 d-----w- c:docume~1millerapplic~1Foxit
2009-09-29 05:39:26 0 d-----w- c:program filesFoxit Software
2009-09-28 17:28:43 272128 -c----w- c:windowssystem32dllcachebthport.sys
2009-09-28 17:28:43 272128 ------w- c:windowssystem32driversbthport.sys
2009-09-28 17:14:34 455296 -c----w- c:windowssystem32dllcachemrxsmb.sys
2009-09-28 17:13:58 2145280 -c----w- c:windowssystem32dllcachentkrnlmp.exe
2009-09-28 17:13:57 2189184 -c----w- c:windowssystem32dllcachentoskrnl.exe
2009-09-28 17:13:56 2023936 -c----w- c:windowssystem32dllcachentkrpamp.exe
2009-09-28 17:01:06 2560 ------w- c:windowssystem32xpsp4res.dll
2009-09-28 17:00:12 0 d-----w- c:windowssystem32PreInstall
2009-09-28 17:00:10 0 d--h--w- c:windows$hf_mig$
2009-09-28 04:35:22 0 d-----w- c:program filesIrfanView
2009-09-28 04:14:06 0 d-----w- c:docume~1alluse~1applic~1AIM
2009-09-28 04:14:01 0 d-----w- c:program filesAIM
2009-09-28 04:13:55 0 d-----w- c:program filescommon filesAOL
2009-09-28 04:13:41 383 ---ha-w- C:IPH.PH
2009-09-28 04:07:04 0 d--h--r- c:docume~1alluse~1applic~1Atheros
2009-09-28 04:07:01 0 d-----w- c:windowsWlanGINA
2009-09-28 04:04:22 0 d-----w- c:program filesD-Link
2009-09-28 03:51:51 0 d-----w- c:windowssystem32SoftwareDistribution
2009-09-28 03:49:09 81920 ----a-w- c:windowssystem32ZDPN50.DLL
2009-09-28 03:49:09 330240 ----a-w- c:windowssystem32driversZD1211BU.sys
2009-09-28 03:49:09 31744 ----a-w- c:windowssystem32driversZDPSp50a64.sys
2009-09-28 03:49:09 20608 ----a-w- c:windowssystem32driversBRGSp50.sys
2009-09-28 03:49:09 17664 ----a-w- c:windowssystem32driversZDPSp50.sys
2009-09-28 03:49:09 17151 ----a-w- c:windowssystem32ZDPNDIS5.SYS
2009-09-28 03:49:08 29184 ----a-w- c:windowssystem32driversBRGSp50a64.sys
2009-09-28 03:49:08 24576 ----a-w- c:windowssystem32ZyDelReg.exe
2009-09-28 03:49:06 28672 ----a-w- c:windowssystem32InsDrvZD.dll
2009-09-28 03:49:06 15872 ----a-w- c:windowssystem32InsDrvZD64.DLL
2009-09-27 15:29:03 26368 -c--a-w- c:windowssystem32dllcacheusbstor.sys
2009-09-27 03:11:54 57398 -c--a-w- c:windowssystem32dllcacheimjpdadm.exe
2009-09-27 03:10:42 8704 -c--a-w- c:windowssystem32dllcachekbdjpn.dll
2009-09-27 03:10:42 8704 ----a-w- c:windowssystem32kbdjpn.dll
2009-09-27 03:10:42 8192 -c--a-w- c:windowssystem32dllcachekbdkor.dll
2009-09-27 03:10:42 8192 ----a-w- c:windowssystem32kbdkor.dll
2009-09-27 03:10:42 6144 -c--a-w- c:windowssystem32dllcachekbd101c.dll
2009-09-27 03:10:42 6144 ----a-w- c:windowssystem32kbd101c.dll
2009-09-27 03:10:42 5632 -c--a-w- c:windowssystem32dllcachekbd103.dll
2009-09-27 03:10:42 5632 ----a-w- c:windowssystem32kbd103.dll
2009-09-27 03:10:41 6144 -c--a-w- c:windowssystem32dllcachekbd101b.dll
2009-09-27 03:10:41 6144 ----a-w- c:windowssystem32kbd101b.dll
2009-09-27 03:10:40 6144 -c--a-w- c:windowssystem32dllcachekbd106.dll
2009-09-27 03:10:40 6144 ----a-w- c:windowssystem32kbd106.dll
2009-09-27 03:09:23 0 d-----w- c:windowsnview
2009-09-27 02:34:59 12160 -c--a-w- c:windowssystem32dllcachemouhid.sys
2009-09-27 02:34:59 12160 ----a-w- c:windowssystem32driversmouhid.sys
2009-09-27 02:34:56 10368 -c--a-w- c:windowssystem32dllcachehidusb.sys
2009-09-27 02:34:56 10368 ----a-w- c:windowssystem32drivershidusb.sys
2009-09-27 02:30:44 24944 ----a-w- c:windowssystem32driversGVTDrv.sys
2009-09-27 02:30:41 36400 ----a-r- c:windowssystem32driversSymIM.sys
2009-09-27 02:30:37 806 ----a-w- c:windowssystem32driversSYMEVENT.INF
2009-09-27 02:30:37 7456 ----a-w- c:windowssystem32driversSYMEVENT.CAT
2009-09-27 02:30:37 60808 ----a-w- c:windowssystem32S32EVNT1.DLL
2009-09-27 02:30:37 124976 ----a-w- c:windowssystem32driversSYMEVENT.SYS
2009-09-27 02:30:36 0 d-----w- c:program filesSymantec
2009-09-27 02:30:36 0 d-----w- c:program filescommon filesSymantec Shared
2009-09-27 02:24:30 0 d-----w- c:windowssystem32XPSViewer
2009-09-27 02:23:54 26488 ----a-w- c:windowssystem32spupdsvc.exe
2009-09-27 02:23:49 89088 -c----w- c:windowssystem32dllcachefilterpipelineprintproc.dll
2009-09-27 02:23:49 597504 -c----w- c:windowssystem32dllcacheprintfilterpipelinesvc.exe
2009-09-27 02:23:49 575488 -c----w- c:windowssystem32dllcachexpsshhdr.dll
2009-09-27 02:23:49 575488 ------w- c:windowssystem32xpsshhdr.dll
2009-09-27 02:23:49 1676288 -c----w- c:windowssystem32dllcachexpssvcs.dll
2009-09-27 02:23:49 1676288 ------w- c:windowssystem32xpssvcs.dll
2009-09-27 02:23:49 117760 ------w- c:windowssystem32prntvpt.dll
2009-09-27 02:23:49 0 d-----w- C:b2a8e7cf409fa7e5e636c7
2009-09-27 02:20:24 60416 ----a-r- c:windowssystem32RTLTEAMING_NB.DLL
2009-09-27 02:20:24 28544 ----a-r- c:windowssystem32driversRTLTEAMING.SYS
2009-09-27 02:20:22 17536 ----a-r- c:windowssystem32driversRTLVLAN.SYS
2009-09-27 02:20:19 22016 ----a-r- c:windowssystem32driversRtNdPt5x.sys
2009-09-27 02:17:30 73728 ----a-w- c:windowssystem32ISUSPM.cpl
2009-09-27 02:16:58 0 d-----w- c:program filesAMD
2009-09-27 02:14:59 327168 ----a-w- c:windowsIsUninst.exe
2009-09-27 02:10:42 0 d-----w- c:windowssystem32driversNIS
2009-09-27 02:10:41 0 d-----w- c:program filesNorton Internet Security
2009-09-27 02:10:41 0 d-----w- c:docume~1alluse~1applic~1Norton
2009-09-27 02:10:10 0 d-----w- c:program filesNortonInstaller
2009-09-27 02:10:10 0 d-----w- c:docume~1alluse~1applic~1NortonInstaller
2009-09-27 02:09:54 940794 ----a-w- c:windowssystem32LoopyMusic.wav
2009-09-27 02:09:54 146650 ----a-w- c:windowssystem32BuzzingBee.wav
2009-09-27 02:09:53 0 d-----w- c:windowssystem32Lang
2009-09-27 02:08:10 0 d-----w- c:program filesRealtek
2009-09-27 02:05:58 0 d-----w- c:windowssystem32ReinstallBackups
2009-09-27 02:05:56 53248 ----a-r- c:windowssystem32CSVer.dll
2009-09-27 02:05:47 0 d-----w- C:Intel
2009-09-27 02:05:30 146528 ----a-w- c:windowssystem32dvmurl.dll
2009-09-27 02:05:30 0 d-----w- c:program filesBrowser Configuration Utility
2009-09-27 02:05:09 0 d-----w- c:program filesGIGABYTE
2009-09-27 02:01:29 0 d-s---w- c:windowssystem32Microsoft
2009-09-27 02:01:11 8192 ----a-w- c:windowsREGLOCS.OLD
2009-09-27 01:56:59 0 d-sh--w- c:documents and settingsall usersDRM
2009-09-27 01:56:39 0 d--h--w- c:program filesWindowsUpdate
2009-09-27 01:56:00 0 d-----w- c:program filescommon filesMSSoap
2009-09-27 01:54:23 0 d-----w- c:program filesOnline Services
2009-09-27 01:54:16 0 d-----w- c:program filesMessenger
2009-09-27 01:54:13 0 d-----w- c:program filesMSN Gaming Zone
2009-09-27 01:53:33 0 d-----w- c:program filesWindows NT
2009-09-26 21:47:16 0 d-----w- c:program filescommon filesODBC
2009-09-26 21:47:13 0 d-----w- c:program filescommon filesSpeechEngines
2009-09-26 21:46:47 0 d-----r- c:documents and settingsall usersDocuments

==================== Find3M ====================

2009-09-27 01:54:48 21640 ----a-w- c:windowssystem32emptyregdb.dat
2009-09-25 05:37:11 667136 ------w- c:windowssystem32wininet.dll
2009-09-25 05:37:09 81920 ----a-w- c:windowssystem32ieencode.dll
2009-09-11 14:18:39 136192 ----a-w- c:windowssystem32msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:windowssystem32msasn1.dll
2009-08-26 08:00:21 247326 ----a-w- c:windowssystem32strmdll.dll
2009-08-17 07:04:24 2173472 ----a-w- c:windowssystem32nvcplui.exe
2009-08-17 07:04:08 81920 ----a-w- c:windowssystem32nvwddi.dll
2009-08-17 07:03:44 3170304 ----a-w- c:windowssystem32nvwss.dll
2009-08-17 07:03:38 4026368 ----a-w- c:windowssystem32nvvitvs.dll
2009-08-17 07:03:28 188416 ----a-w- c:windowssystem32nvmccss.dll
2009-08-17 07:03:28 1286144 ----a-w- c:windowssystem32nvmobls.dll
2009-08-17 07:03:22 3547136 ----a-w- c:windowssystem32nvgames.dll
2009-08-17 07:03:02 4923392 ----a-w- c:windowssystem32nvdisps.dll
2009-08-17 07:03:00 86016 ----a-w- c:windowssystem32nvmctray.dll
2009-08-17 07:03:00 168004 ----a-w- c:windowssystem32nvsvc32.exe
2009-08-17 07:03:00 143360 ----a-w- c:windowssystem32nvcolor.exe
2009-08-17 07:03:00 13877248 ----a-w- c:windowssystem32nvcpl.dll
2009-08-17 07:02:52 229376 ----a-w- c:windowssystem32nvmccs.dll
2009-08-17 04:57:00 868352 ----a-w- c:windowssystem32nvapi.dll
2009-08-17 04:57:00 5845760 ----a-w- c:windowssystem32nv4_disp.dll
2009-08-17 04:57:00 2189856 ----a-w- c:windowssystem32nvcuvid.dll
2009-08-17 04:57:00 2002944 ----a-w- c:windowssystem32nvcuda.dll
2009-08-17 04:57:00 1706528 ----a-w- c:windowssystem32nvcuvenc.dll
2009-08-17 04:57:00 1597690 ----a-w- c:windowssystem32nvdata.bin
2009-08-17 04:57:00 155648 ----a-w- c:windowssystem32nvcodins.dll
2009-08-17 04:57:00 155648 ----a-w- c:windowssystem32nvcod.dll
2009-08-17 04:57:00 10457088 ----a-w- c:windowssystem32nvoglnt.dll
2009-08-14 17:36:18 70936 ----a-w- c:windowssystem32PhysXLoader.dll
2009-08-05 09:01:48 204800 ----a-w- c:windowssystem32mswebdvd.dll
2009-08-04 15:13:08 2145280 ------w- c:windowssystem32ntoskrnl.exe
2009-08-04 14:20:09 2023936 ------w- c:windowssystem32ntkrnlpa.exe
2009-07-29 04:37:01 81920 ----a-w- c:windowssystem32fontsub.dll
2009-07-29 04:37:01 119808 ----a-w- c:windowssystem32t2embed.dll

============= FINISH: 19:26:23.64 ===============

OK. I am going to attach my HijackThis log file from 10/22, my recent Symantec Log file, and my ComboFix log file to this message. (I don't know how to export all of AVG's recent activity to a text file.) I hope that is OK. If not you can always delete this message. I don't have time to wait until a volunteer replies to this thread as I have to head to the hospital soon and may not be back for a few days.

So basically, there's two parts to all this. The pre-ComboFix scan and removal info is attached to this message. The previous message should have my current system profile info. So if you could please find out what I was infected with before this morning, and then tell me what might be still lurking on my computer now, and perhaps find out where this infection came from, I would be grateful. Thank you.

Attached Files


Edited by The weatherman, 29 October 2009 - 04:16 PM.
Merged posts to keep the member on "0" replies.~Tw


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:50 PM

Posted 01 November 2009 - 11:14 AM

Hello Computer Fixin' Wolf

Welcome to BleepingComputer :(
==========================
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download This file. Note its name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 Computer Fixin' Wolf

Computer Fixin' Wolf
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 05 November 2009 - 01:27 AM

OK, here are the 3 log files... I will attach them to this reply.

Sorry this is late.. for some reason I wasn't notified of your reply!!

Attached Files



#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:50 PM

Posted 05 November 2009 - 05:55 AM

Hi it appears that you have Norton and Avast running.
Please remove one of those.
It will make a big difference.

After that reboot and let me know if that helps the speed.
Also let me know of any issues you are having as your logs are clean of malware.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users