Slow computer may be virus?

Hi,
Before you ask, yes, I have read the ‘Slow computer? May not be Malware’ thread. Done all of the stuff and no change. My computer has been running slower for some reason. Haven’t installed new programs or anything, it just started slowing down. Logs as needed, none of the programs spotted anything:

Malwarebytes:

Malwarebytes’ Anti-Malware 1.28
Database version: 1274
Windows 5.1.2600 Service Pack 3

16/10/2008 6:44:49 PM
mbam-log-2008-10-16 (18-44-49).txt

Scan type: Quick Scan
Objects scanned: 59000
Time elapsed: 6 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
_________________________________________

HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:48:30 PM, on 16/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Lexmark 4300 Series\lxcemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes’ Anti-Malware\mbam.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot – Search & Destroy\SpybotSD.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\WINDOWS\system32\notepad.exe
Z:\Runnable programs\Hijack This\HiJackThis.exe

R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo7.com/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://dt-updates.com/activate?query…Pl6aaAwmFIs%3d
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 – BHO: Adobe PDF Reader Link Helper – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 – BHO: Spybot-S&D IE Protection – {53707962-6F74-2D53-2644-206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 – BHO: Groove GFS Browser Helper – {72853161-30C5-4D22-B7F9-0BBC1D38A37E} – C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 – BHO: SSVHelper Class – {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} – C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 – BHO: Windows Live Sign-in Helper – {9030D464-4C02-4ABF-8ECC-5164760863C6} – C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 – BHO: Adobe PDF Conversion Toolbar Helper – {AE7CD045-E861-484f-8273-0445EE161910} – C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 – Toolbar: Adobe PDF – {47833539-D0C5-4125-9FA8-0819E2EAAC93} – C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 – HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 – HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 – HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.10\RivaTuner.exe" /S
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [Lexmark Device Monitor] C:\Program Files\Lexmark 4300 Series\lxcemon.exe
O4 – HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 – HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 – HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O8 – Extra context menu item: Append to existing PDF – res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 – Extra context menu item: Convert link target to Adobe PDF – res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 – Extra context menu item: Convert link target to existing PDF – res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 – Extra context menu item: Convert selected links to Adobe PDF – res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 – Extra context menu item: Convert selected links to existing PDF – res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 – Extra context menu item: Convert selection to Adobe PDF – res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 – Extra context menu item: Convert selection to existing PDF – res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 – Extra context menu item: Convert to Adobe PDF – res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 – Extra ‘Tools’ menuitem: Sun Java Console – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 – Extra button: Send to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 – Extra ‘Tools’ menuitem: S&end to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 – Extra button: (no name) – {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 – Extra ‘Tools’ menuitem: Spybot – Search & Destroy Configuration – {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O10 – Broken Internet access because of LSP provider ‘c:\program files\bonjour\mdnsnsp.dll’ missing
O16 – DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) – http://fpdownload2.macromedia.com/ge…sh/swflash.cab
O18 – Protocol: grooveLocalGWS – {88FED34C-F0CA-4636-A375-3CB6248B04CD} – C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 – AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 – Winlogon Notify: !SASWinLogon – C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 – Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) – Unknown owner – C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 – Service: COMODO Firewall Pro Helper Service (cmdAgent) – Unknown owner – C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 – Service: Eset HTTP Server (EhttpSrv) – ESET – C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 – Service: Eset Service (ekrn) – ESET – C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 – Service: FLEXnet Licensing Service – Macrovision Europe Ltd. – C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 – Service: lxce_device – Lexmark International, Inc. – C:\WINDOWS\system32\lxcecoms.exe
O23 – Service: nTune Service (nTuneService) – NVIDIA – C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
O23 – Service: PnkBstrA – Unknown owner – C:\WINDOWS\system32\PnkBstrA.exe

–
End of file – 8707 bytes
_________________________________________

SuperAntiSpyware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/16/2008 at 07:11 PM

Application Version : 4.21.1004

Core Rules Database Version : 3599
Trace Rules Database Version: 1585

Scan type : Quick Scan
Total Scan Time : 00:32:03

Memory items scanned : 524
Memory threats detected : 0
Registry items scanned : 455
Registry threats detected : 0
File items scanned : 34639
File threats detected : 0

When I check taskmanager for any processes taking up a lot, it is usually ‘System Idle Process’ fluctuating up to 10% max. Around 1.4GB ram free out of 2GB. Anything else you might need, just ask. It might not be virus, but want to know what is making my computer slow .

BTW: My Eset recently popped up a message saying it blocked several viruses attempting to invade.
Here is something listed in the ‘Log’ section of Eset.

16/10/2008 6:14:24 PM HTTP filter file http://208.53.147.32/cgi-bin/fhx.pl?…way_area51.zip probably a variant of Win32/Statik application connection terminated – quarantined KEVIN\Kevin K Threat was detected upon access to web by the application: C:\Program Files\Mozilla Firefox\firefox.exe.

Probably can see I was trying to download something. I wanted to try Area 51, from the link in the legally free games thread. Don’t know what happened, maybe Eset made false call, but thought you might want to know.

Метки: boot, date, default, device, DNS, Don, download, drive, driver, file, FREE, GUI, help, Internet, Licensing, list, lot, May, mess, Microsoft, Name, net, New, Office, page, platform, port, process, RAM, read, reason, rule, running, search, Server, software, something, stuff, system, target, task, thing, time, try, URL, use, user, version, way, Windows, yahoo

This entry was posted on Thursday, October 16th, 2008 at 10:12 am and is filed under Hi-Tech blog. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.

hi-tech blog

Slow computer may be virus?

Calendar

Archives

RSS

Recent Posts

Counter

October 2008
M	T	W	T	F	S	S
« Sep				Nov »
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31