Virus/Spyware, corrupted downloads, bad stuff...need help! :(

[Helgaiden]

So my computer was having some weird spyware/virus/whatever problems, i ran what i could from a special diagnostic and repair disc i have which includes like 7-8 spyware scanners and several different virus scanners. Stuff was caught, lots of stuff, even high risk stuff. But what i didnt understand was why my problems didnt go away. Whatever i had, it would choke out my PC's bandwidth. I would sit in ventrilo, and people would often cut in and out due to lag because my connection kept getting sucked up, with ping jumping from 20 to several thousand for like a half second then going back down, intermittently. Even weirder, is when i try to download files, like i tried to download spybot S&D, it ran at 56k download speeds....stopped halfway...then after a few mins told me the download was done. I ran it and then it gave me the error that the files were corrupted so i tried again, and same thing. So whatever it is, it was choking my bandwidth, corrupting my downloads, and making life unpleasent by not going away. I reformatted, and my system starting acting up again....

...gave up and reformatted again....and it was still acting up so i gave up for the night. Here i am and things seem to be running better now, but not exactly sure. My downloads were still not at normal speeds (300+ kb/s), but it was from 40-100kb/s, but the download didnt get corrupted or anything like it was doing last night. So with that said, im about to run spybot S&D and see whats up.

What could be the issue if its just dormant right now? My PC isnt 100% right now, i can feel it...and it sucks. I cant even play games because it makes me lag so bad. Any help would be appreciated.

 

[dudleycpa]

Run HijackThis! and paste your log file here.

Sounds like you may have a root somewhere.

 

[Fr3@k3r]

First of all sorry to hear about your problem.

2nd of all.. there's a forum right above this one called Internet, Networking and Security where this belongs.

Download and run Hijackthis from this website

http://filehippo.com/download_hijackthis/

and than post the log.

Do not run anything in the background while running this program.

 

[Helgaiden]

sorry about the forum mix up, heres the logfile


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:02:43 PM, on 8/17/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O13 - Gopher Prefix:
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

--
End of file - 3227 bytes



also, i dunno if this is normal, but i have windows update going....and its going very slow for only a 54mb update. So i try to download Burn4free which ive used in the past, 3.88mb and it estimates it to be done in 1hr, so its going at about 97 bytes/sec (not KB/s).
Is windows update choking my connection? I dont remember it doing this before...


can this be moved to the correct forum please? Thanks.

 

[Fr3@k3r]

your Hijack this log is clean and clear.

what problems are you having after your reformat?

 

[Helgaiden]

almost the same as before the reformat...

to clarify, though...

everything seemed to be working fine when i resumed work on the PC this morning, then i tried continuing with the failed windows updates from the night before...and everything went to **** again. The download of burn4free )at the same time the update was downloading) failed because "the connection to the server was reset" and and my download of ventrilo (after the update finished and i rebooted), was going at 14kb/s which is ridiculous. The download wasnt corrupted at the end so i was happy, but im still clueless as to whats going on. Spybot S&D came up with nothing, and apparently HijackThis too.

 

[dudleycpa]

I wonder if trying to do Windows Update while d/l borked your system?

Did you try to update Windows while in safe mode yet?

 

[Helgaiden]

I dont see how windows update and a download could bork my system...

and i havnt tried it while in safe mode yet. Right now im trying to download new Nforce drivers and AIM...

both are going under 10kb/s. This makes no sense. This page itself took over 2mins to load.

 

[El<(')>Maxi]

First I'd check for new NIC drivers, then I'd disable IPV6 - your system is clean.

 

[Helgaiden]

the drivers for my wireless adapter were downloaded from the website last night, so that should be fine...

im gonna try the IPV6 thing right now. Er ive forgotten where to find the settings for that...hmm....

 

[Helgaiden]

Ok updated the wireless adapter driver using the windows built in driver update thing, and disabled ipv6 and things seem to be running better...ill snoop around some more to see if things are fixed.

edit: downloading new graphics driver and its barely doing 30kb/s -_-....now its down to 13kb/s....


ok so ive determined...nothing has changed. My connection is still getting choked out, my ventrilo lags intermittently (spiking to over 65000 sometimes, and disconnection occurs occasionally as well), and my download speeds are horrendously slow still.

I have no clue whats going on.

 

[Helgaiden]

Okay so i restarted and everything seemed good...

but after a while...the connection started getting choked out again. Now its going slow again, wtf.



edit: now out of nowhere, its back up to full speed...

edit: and now its back to doing what it was doing...

another edit: im using a gadget for vista on the sidebar and its intermittently spiking with higher download speeds......weird

 

[johnz]

Okay so i restarted and everything seemed good...

but after a while...the connection started getting choked out again. Now its going slow again, wtf.



edit: now out of nowhere, its back up to full speed...

Your connection issues may just be a coincidence. Keep an eye on your network traffic, and make sure nothing is trying to get out that shouldn't be there. Really, if it were me I'd nuke the installation and start over, especially since you said that some of the packages were particularly nasty. You could be rooted also, and it would be tough to tell.

 

[Helgaiden]

its the second time in two installtions, ive reformatted twice in the last two days...

im watching my traffic, my TX meter isnt showing very much activity at all, but my RX meter (my vista gadget) is showing spiking and dropping, i also have a graph showing me the activity and the TX bar stays rather constant while the RX bar, again, spikes and drops.

 

[johnz]

Are you using a router with firewall on? I'm wondering if you're getting probed, or maybe someone's looking for files on your computer that aren't there anymore.

 

[Helgaiden]

im on a router, its a D-Link DI-604 i beleive and ive blocked any users on it that i dont know (i lost the manual to my edimax accesspoint so i cant put a security key on it, blah)

 

[El<(')>Maxi]

A few troubleshooting ideas:

-Try a straight cabled connection to the modem - ie no wireless/router.

-Turn off Ventrillo, do a few DL's and see if it's any different.

-If your on a wireless connection enable some form of encryption, it's possible someone else is riding your line taking bandwidth so take a few precautions if you have not already.

 

[LuckySevn]

Did you run HiJackThis under Safe Mode?