Is this a virus slowing my HDD?

[treetop]

Hi

I recently noticed my 2nd harddrive was operating incredibly slow. I immediately switched cables out and rebooted and the problem persisted. I reformatted my OS the best I could and noticed the problem was not fixed.

Eventually I replaced the 2nd HDD with a brand new one. I thought for sure this would fix it but apparently its not the HDD or the cable, because the problem was STILL present.

Its basically left me with just 1 HDD. I tested the HDD #2 using a 1GB file which left me impatient and frustrated. Basically all operations took longer than my patience was willing to reveal.

I suppose this is either a motherboard issue or a software issue. I've tried swapping sata ports between both my HDDs and my optical drive and still the 2nd HDD and only the second HDD just will not work right. Therefore I believe its most likely a software issue ie a virus.

I really need this fixed as my personal routine involves a 2nd HDD.

Any advice? suggestions?

 

[KSoD]

Spyware Asylum

Go through the appropriate OS guide and post up all 3 logs. First the Combofix, then the MBAM and then the HiJack This.

 

[treetop]

ComboFix 10-10-30.09 - j 10/31/2010 12:06:36.1.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3070.2107 [GMT -5:00]
Running from: c:\users\j\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\AutoRun.inf

.
((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-31 )))))))))))))))))))))))))))))))
.

2010-10-31 17:11 . 2010-10-31 17:12 -------- d-----w- c:\users\j\AppData\Local\temp
2010-10-31 17:11 . 2010-10-31 17:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-29 06:36 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{755A05D9-096E-402B-B714-2563EF690B01}\mpengine.dll
2010-10-28 05:56 . 2010-10-28 05:56 -------- d-----w- c:\users\j\AppData\Roaming\Perpetuum Planner
2010-10-28 03:38 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-28 03:38 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-28 03:38 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-27 07:52 . 2010-10-29 05:13 -------- d-----w- c:\program files\Perpetuum
2010-10-27 02:08 . 2010-10-27 03:13 -------- d-----w- c:\users\j\AppData\Roaming\Mumble
2010-10-27 02:08 . 2010-10-27 02:08 -------- d-----w- c:\program files\Mumble
2010-10-24 01:27 . 2010-10-29 19:41 -------- d-----w- C:\CAPTURES
2010-10-12 15:10 . 2010-10-12 15:10 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-08 12:35 . 2010-10-08 12:35 -------- d-----w- c:\windows\system32\Adobe
2010-10-03 00:57 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 16:41 . 2010-06-07 06:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-08-26 16:33 . 2010-10-28 03:38 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-28 03:38 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33 . 2010-10-28 03:38 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33 . 2010-10-28 03:38 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-17 14:11 . 2010-09-21 16:22 128000 ----a-w- c:\windows\system32\spoolsv.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Steam"="c:\program files\Steam\Steam.exe" [2010-08-30 1242448]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-02-18 357448]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-02-18 3203144]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1312848]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"VolPanel"="c:\program files\Creative\USB Headsets\Volume Panel\VolPanlu.exe" [2008-08-27 233588]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

c:\users\j\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Trillian.lnk - c:\program files\Trillian\trillian.exe [2010-8-23 2068832]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-06-21 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-06-21 79360]
R3 DFU;DFU;c:\windows\system32\drivers\MassDfu.sys [2010-07-02 12288]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-03 240232]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 14856]
S3 skfiltv;skfiltv;c:\windows\system32\drivers\skfiltv.sys [2008-08-14 17408]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\users\j\AppData\Roaming\Mozilla\Firefox\Profiles\6lagxvjm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.latimes.com/|http://www.newegg.com/|https://mail.google.com/mail/?shva=1#inbox
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-10-31 12:12
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-10-31 12:13:25
ComboFix-quarantined-files.txt 2010-10-31 17:13

Pre-Run: 45,205,295,104 bytes free
Post-Run: 46,922,829,824 bytes free

- - End Of File - - 72D4076E5FD6CD7C23183D211DF1C836



=======================================================================

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 5007

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

10/31/2010 12:20:51 PM
mbam-log-2010-10-31 (12-20-51).txt

Scan type: Quick scan
Objects scanned: 136410
Time elapsed: 4 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

===========================================================================


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:24:41 PM, on 10/31/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\USB Headsets\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 5495 bytes

 

[KSoD]

Well all of your logs are clean. There is no infection on your PC. Have you gotten the chipset drivers for your PC? Those allow your mother board to communicate with the OS. Maybe there is an updated version that will help.

 

[treetop]

MSI Global ? Computer, Laptop, Notebook, Desktop, Mainboard, Graphics and more

i went there and installed the NVIDIA nForce 650 SLI System Drivers. Do I need to install the nVidia C55+MCP51 SATA RAID / AHCI Driver (For floppy driver) as well (i would run it now but i gotta install a floppy drive for it first)?

anyway, no luck. I tried copying/pasting a file thats already on the disk and the estimate it came up with after 5 mins was 2h40mins.

 

[KSoD]

No the System Drivers are what is needed. Maybe it is a bad mobo? There is nothing as far as an infection. How long are the times for a file copy? You have Vista running so it could just be the OS in use. Vista is notorious for long times for large file copies. You said yourself that your patience ran out before the file copy finished.

Fix Problems With Copying Large Files in Windows Vista - How-To Geek

There are instructions that can help as well.