Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Unknown problem, extreme slowdowns when connected

  • This topic is locked This topic is locked
2 replies to this topic

#1 Azael


  • Members
  • 8 posts
  • Local time:07:46 PM

Posted 12 January 2010 - 10:32 AM

Hi and thanks in advance for any help I can get. A quick summary of my problems would be that the computer slows down to a slow, slow crawl and becomes virtually totally unresponsive moments after I've established an Internet connection while using the computer in normal mode. My OS is Windows XP Professional SP3. I've tried a number of things already and isolated the problem down to when I go on-line. In off-line mode, my computer works perfectly fine even when running resource intensive computer game. It also works perfectly fine in safe mode, even when I go on-line. I've tried scanning it with various anti-malware programs to no avail and I'm quickly running out ideas. I'm just as annoyed by not knowing what causes the problems as by the problems themselves. Last year or so I got infected by Virtumonde on my old computer and it was a bleep to get rid of, but at least I knew what the problem was. Hopefully, the good people on this forum who knows a lot more than me about these sort of things can bring light to the matter.

Symptoms: When on-line, but only in a regular start-up, the computer slows down and becomes so unresponsive that finally only a forced reboot works. Works perfectly fine off-line and in safe mode.

What I've tried so far: Defragged the harddrive, ran ChkDsk, used the following anti-malware products: Malwarebytes, Spybot SD, SUPERAntiSpyWare, Windows Defender, F-Secure AV, Kaspersky online scan and Dr. Web CureIt. Cleared temporary files using TFC. Used StartupCPL to control what programs start automatically.

Results: None. Anti-malware programs have found some tracking cookies and each other basically, as far as I can tell.

Here are the results after following the steps required before posting a thread in this forum. Both scans done in regular mode, with DSL modem switched off. Greatly thankful for any and all assistance:

DDS (Ver_09-12-01.01) - NTFSx86
Run by Admin at 15:54:04,20 on 2010-01-12
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.2047.943 [GMT 1:00]

AV: F-Secure Client Security 7.12 *On-access scanning enabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: F-Secure Client Security 7.12 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program\Windows Defender\MSASCui.exe
C:\Program\Spybot - Search & Destroy\TeaTimer.exe
C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program\DAEMON Tools Lite\DTLite.exe
C:\Documents and Settings\Administratör\Mina dokument\Hämtade filer\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
BHO: Länkhjälp till Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program\spybot~1\SDHelper.dll
BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Bredbandsbolaget Servicecenter Plugin: {db87cde1-ef9c-44eb-a42f-6d0b3c72c516} - c:\program\bredbandsbolaget\servicecenter\IEFixItNowPlugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program\daemon tools toolbar\DTToolbar.dll
uRun: [SpybotSD TeaTimer] c:\program\spybot - search & destroy\TeaTimer.exe
uRun: [DAEMON Tools Lite] "c:\program\daemon tools lite\DTLite.exe" -autorun
uRun: [SUPERAntiSpyware] c:\program\superantispyware\SUPERAntiSpyware.exe
mRun: [HDAudDeck] c:\program\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [NeroFilterCheck] c:\program\delade filer\nero\lib\NeroCheck.exe
mRun: [F-Secure Manager] "c:\program\f-secure\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "c:\program\f-secure\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [Acrobat Assistant 8.0] "c:\program\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [Bredbandsbolaget Servicecenter] "c:\program\bredbandsbolaget\servicecenter\Bredbandsbolaget.exe"
mRun: [WinampAgent] c:\program\winamp\winampa.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [VoddlerNet Manager] c:\program\voddler\service\VNetManager.exe
mRun: [SunJavaUpdateSched] "c:\program\java\jre6\bin\jusched.exe"
mRun: [Windows Defender] "c:\program\windows defender\MSASCui.exe" -hide
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\bankid~1.lnk - c:\program\personal\bin\Personal.exe
IE: Bifoga till befintlig PDF - c:\program\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xportera till Microsoft Excel - c:\program\micros~2\office11\EXCEL.EXE/3000
IE: Konvertera länkmål till Adobe PDF - c:\program\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Konvertera länkmål till befintlig PDF - c:\program\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Konvertera markering till Adobe PDF - c:\program\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Konvertera markering till befintlig PDF - c:\program\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Konvertera till Adobe PDF - c:\program\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Konvertera valda länkar till Adobe PDF - c:\program\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Konvertera valda länkar till befintlig PDF - c:\program\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program\spybot~1\SDHelper.dll
Trusted Zone: microsoft.com
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236940720859
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1236940714218
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Notify: !SASWinLogon - c:\program\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\program\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\fjqvznje.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.superstart.se/
FF - component: c:\documents and settings\administratör\application data\mozilla\firefox\profiles\fjqvznje.default\extensions\dttoolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program\personal\bin\np_prsnl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

c:\program\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");
c:\program\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");
c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

============= SERVICES / DRIVERS ===============

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-3-13 59808]
R1 F-Secure HIPS;F-Secure HIPS;c:\program\f-secure\hips\fshs.sys [2009-3-13 70752]
R1 SASDIFSV;SASDIFSV;c:\program\superantispyware\sasdifsv.sys [2010-1-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program\superantispyware\SASKUTIL.SYS [2010-1-5 74480]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program\f-secure\anti-virus\fsgk32st.exe [2009-3-13 47800]
R2 WinDefend;Windows Defender;c:\program\windows defender\MsMpEng.exe [2006-11-3 13592]
R2 VoddlerNet;VoddlerNet;c:\program\voddler\service\voddler.exe [2009-12-17 1241296]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program\f-secure\anti-virus\minifilter\fsgk.sys [2009-3-13 72288]
R3 F-Secure Network Request Broker;F-Secure Network Request Broker;c:\program\f-secure\common\FNRB32.exe [2009-3-13 162456]
R3 SASENUM;SASENUM;c:\program\superantispyware\SASENUM.SYS [2010-1-5 7408]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-3-13 845184]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program\spel\dragon age\bin_ship\daupdatersvc.service.exe [2009-11-17 25832]
S3 mdxgthkn;mdxgthkn;\??\c:\docume~1\admini~1\lokala~1\temp\mdxgthkn.sys --> c:\docume~1\admini~1\lokala~1\temp\mdxgthkn.sys [?]
S4 F-Secure Filter;F-Secure File System Filter;c:\program\f-secure\anti-virus\win2k\fsfilter.sys [2009-3-13 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program\f-secure\anti-virus\win2k\fsrec.sys [2009-3-13 25184]

=============== Created Last 30 ================

2010-01-12 01:20:57 0 d-----w- c:\docume~1\admini~1\applic~1\Office Genuine Advantage
2010-01-11 22:37:32 0 d-----w- c:\documents and settings\administratör\DoctorWeb
2010-01-11 14:00:55 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-11 13:33:14 81920 ----a-w- c:\windows\system32\Startup.cpl
2010-01-11 13:27:50 2914 ----a-w- c:\windows\system32\tmp.reg
2010-01-11 11:44:43 0 d-----w- c:\program\TrendMicro
2010-01-11 11:28:18 0 d-sha-r- C:\cmdcons
2010-01-11 11:27:28 98816 ----a-w- c:\windows\sed.exe
2010-01-11 11:27:28 77312 ----a-w- c:\windows\MBR.exe
2010-01-11 11:27:28 261632 ----a-w- c:\windows\PEV.exe
2010-01-11 11:27:28 161792 ----a-w- c:\windows\SWREG.exe
2010-01-10 19:59:36 0 d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
2010-01-10 19:59:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-10 19:59:31 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-10 19:59:30 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-10 19:59:29 0 d-----w- c:\program\Malwarebytes' Anti-Malware
2010-01-10 17:58:26 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-01-10 17:58:15 0 d-----w- c:\program\SUPERAntiSpyware
2010-01-10 17:58:15 0 d-----w- c:\docume~1\admini~1\applic~1\SUPERAntiSpyware.com
2010-01-09 14:30:36 4096 ----a-w- c:\windows\d3dx.dat
2010-01-09 14:29:03 0 d-----w- c:\program\AoD demo R2

==================== Find3M ====================

2010-01-12 14:54:35 85966 ----a-w- c:\windows\system32\perfc01D.dat
2010-01-12 14:54:35 449490 ----a-w- c:\windows\system32\perfh01D.dat
2009-10-29 07:46:58 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:46:50 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46:48 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 05:40:44 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40:44 25088 ----a-w- c:\windows\system32\httpapi.dll

============= FINISH: 15:54:55,95 ===============

EDIT: Forgot to include link to my original topic which might contain additional info

Attached Files

Edited by Azael, 12 January 2010 - 11:20 AM.

BC AdBot (Login to Remove)


#2 Azael

  • Topic Starter

  • Members
  • 8 posts
  • Local time:07:46 PM

Posted 15 January 2010 - 06:32 AM

An update.

My computer now seems to be working just fine. My latest chkdsk scan found a bunch of corrupted files and fixed them, from what I can tell they were connected to my F-Secure AV program which might have caused the slowdown/freezes when the program tried to update. It's of course possible that it was malware causing the problems in the first place, but since I no longer can find any traces of malware with any of the various scans I've done and the computer seems to be working just fine I have to conclude that it's safe and clean. Now I'm off to installing a good firewall and create a new system restore point. Thanks for all the assistance I received on this forum, it will be of great help in the future as well since I now have more knowledge of various utilities that can help fix my computer.

#3 Elise


    Bleepin' Blonde

  • Malware Study Hall Admin
  • 61,252 posts
  • Gender:Female
  • Location:Romania
  • Local time:09:46 PM

Posted 16 January 2010 - 01:59 PM

Since this issue seems to be resolved, this topic will be closed.

regards, Elise

"Now faith is the substance of things hoped for, the evidence of things not seen."


Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome


Malware analyst @ Emsisoft

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users