TechSpot

Possibly infected?

By plasma dragon00
Jan 18, 2008
  1. well, as of a few days ago, my computer has been going slooooow. ive had visual lag, and my internet speed in firefox has slowed to a crawl. on games like world of warcraft though, everything is a little bit better. ive done an avg antivirus and an spybot sd scan, all show up clean. im gonna do avg as and adaware 07 in a few minutes, along with a defrag and ccleaner.

    included is a hjt log, if someone could please review it for me.
     
  2. plasma dragon00

    plasma dragon00 TS Rookie Topic Starter Posts: 172

    anyone?

    ~plasma
     
  3. Ferris68

    Ferris68 TS Rookie

    If you are sure you have no current Virus infection, and you're not loading masses of start-up items on boot, then a slow boot and performance is often attributed to the fact that your IDE has switched from DMA to PIO (as a result of a problem), I come across this all the time.

    Take a look in Device Manager, Advanced Settings.
    If you see "PIO MODE" under "Current Transfer Mode" then that will be why you're PC is running slow on boot, and performance.

    IF it's PIO then let me know and I'll give you instructions for putting it right.

    Ferris
     
  4. plasma dragon00

    plasma dragon00 TS Rookie Topic Starter Posts: 172

    thank you. im not sure how to get to the advance settings you're talking about. i got into device manager but thats as far as i can figure out where to go.

    EDIT: i think i may have found what you mean - IDE ATA/ATAPI controllers > nVidia Nforce4 Parallel ATA controller (its the only one that shows devices connected to it) right click, properties. under Primary channel (where my hard drives are connected) both show as the transfer mode as Ultra DMA 5 - Ultra100

    im not sure if that helps any
     
  5. Ferris68

    Ferris68 TS Rookie

    To load the Device Manager (3 different ways to try; one or all paths may be restricted depending on your access level):

    (1) Click Start > Control Panel > Performance and Maintenance > System > Hardware tab > Device Manager button
    (Note: The “Performance and Maintenance” step is only applicable if the Control Panel’s Category View is enabled)

    or

    (2) Click Start > right-click My Computer > Properties > Hardware tab > Device Manager button

    or

    (3) Click Start > right-click My Computer > Manage > System Tools folder > Device Manager console

    From there you should be able to click on the "Advanced Settings" Tab at the top, and then check for PIO

    Ferris
     
  6. plasma dragon00

    plasma dragon00 TS Rookie Topic Starter Posts: 172

    i tried all 3 ways, but none of the device manager windows they bring up have an advanced settings tab. they just have file, action, view, and help

    also, i forgot to mention, if it would make a difference, im using windows xp home sp 2
     
  7. Ferris68

    Ferris68 TS Rookie

    EDIT: i think i may have found what you mean - IDE ATA/ATAPI controllers > nVidia Nforce4 Parallel ATA controller (its the only one that shows devices connected to it) right click, properties. under Primary channel (where my hard drives are connected) both show as the transfer mode as Ultra DMA 5 - Ultra100

    im not sure if that helps any[/QUOTE]

    Sorry just read this.

    Ok if you look under Properties for you Primary Channel.

    Notes: If you don’t have the Advanced Settings tab, check if you’re on an Intel chipset using a background app usually visible in the System Tray called Intel Accelerator, if that's the case then you're unlikely to be having a PIO issue.

    If they read DMA and not PIO then we can rule out a switch to PIO as a result of a failure during the boot process.

    Ferris
     
  8. plasma dragon00

    plasma dragon00 TS Rookie Topic Starter Posts: 172

    it says Ultra DMA 5 - Ultra100 under the primary channel properties

    no i do not have an intel chipset background app in the system tray, or running in the processes list for that matter.

    EDIT: just to add, im not even sure if there is anything wrong with my computer. it just seems that its been going a bit slower than normal lately.
     
  9. Ferris68

    Ferris68 TS Rookie

    That's good news, no messing with Windows Registry required then.

    Something is hogging your memory.

    Ok check for Virus, bearing in mind that not all programs will capture everything, so run two or three.

    Run Hijack this and stick a post on this site.

    Check for Windows Start Programs, try switching some off and reboot to see if that makes a difference.

    Check HDD space, and do Defrag.

    Ferris
     
  10. plasma dragon00

    plasma dragon00 TS Rookie Topic Starter Posts: 172

    did an avg antivirus scan, all clean

    adaware 2007, spybot s&d, avg AS all found some tracking cookies, removed

    the only 2 new startup items that i have are NeroCheck.exe and InCD.exe, both there from installing nero. InCD.exe barely uses any memory, nerocheck.exe doesnt show up in processes list.

    did a ccleaner and defrag 2 days ago

    hijackthis log is in my first post, but heres a new one attached at the bottom

    just so you know, i am running dvd decrypter in the background, ripping dvds to my ipod
     
  11. momok

    momok TS Rookie Posts: 2,265

    Have HijackThis fix these entries:

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} -
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_02) -
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
    O16 - DPF: {D4F3F795-7712-4D92-91DF-AEB055D8AC73} (Invoke Solutions Compatibility Test Control) - http://rms2.invokesolutions.com/events/bin/comptest/4.1.0.34000/MILiveCompTest.ocx
    O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://rms2.invokesolutions.com/events/bin/5.5.0.1437/MILive.cab

    I would run a ComboFix scan and post the log to be sure.

    Regards,
    momok
     
  12. plasma dragon00

    plasma dragon00 TS Rookie Topic Starter Posts: 172

    thanks for the reply momok.

    i also think i may know another reason why mt computer is going slow. every few minutes, i hear some fizzling (?) inside my computer. like kinda the sound my parents old hard drive used to make (im not using it though, and you dont even know what it sounds like though lol) and then a relay will switch and ill lag for a few seconds. seems like its either my mobo or psu, but im meeting with my uncle for lunch tomorrow and hes the one who built my pc, so ill ask him if he has any ideas.

    hjt log attached

    EDIT: momok the combofix link in the prelim instructions seems to be broken. it comes up with a pink background page (i think its pink, im somewhat colorblind) giving me the error:

    404 Not Found
    The requested URL '/sUBs/Beta/ComboFix.exe' was not found on this server.

    if you could refer me to another safe download of the file please?

    thanks,

    ~plasma
     
  13. momok

    momok TS Rookie Posts: 2,265

  14. plasma dragon00

    plasma dragon00 TS Rookie Topic Starter Posts: 172

    :(

    "C:\...Desktop\ComboFix.exe is not a valid Win32 application"

    ill retry the one in the prelim instructions to see if thats changed yet

    EDIT: nope

    anyway, the fizzling/crackling/popping whatever sound sounds like what my old parents hard drive sounded like when it would spin up, like i already said. the hard drive was a 13 gig IBM model # DPTA-371360. then once thats done it switches a relay, which it should only do at startup. the last time i had this happen was probably almost a month ago, or even later, when i started my pc in safe mode.

    EDIT 2: and here we go again... relays, but a different weird wound this time.
     
  15. momok

    momok TS Rookie Posts: 2,265

    Are you able to run it in safemode?
     
  16. plasma dragon00

    plasma dragon00 TS Rookie Topic Starter Posts: 172

    sadly, no.

    a new discovery - it is now taking forever for windows to start, during which i hear the relay and fizzle constantly. then something will check my floppy drive and windows loads. it now takes a good one or 2 minutes for windows to load, whereas before it took from 30 seconds to a minute. i might use my seagate hd diagnostic program and check my main hard drive. ill probably wait a while though because id like to continue using my computer and im goin out for lunch today so its a good time to have it do nothing lol

    EDIT: momok i just noticed that you have a download to it in your profile too. this one works :)
     
  17. plasma dragon00

    plasma dragon00 TS Rookie Topic Starter Posts: 172

    heres the combofix log momok

    thanks for the help :)

    ~plasma
     
  18. plasma dragon00

    plasma dragon00 TS Rookie Topic Starter Posts: 172

    momok, i think i MAY have found the source of the problem, if only you could clarify what it means. i have a LOT of these in my event viewer.

    Source: Disk

    Event ID: 7

    The device, \Device\Harddisk0\D, has a bad block.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Data:
    (bytes)
    0000: 03 00 68 00 01 00 b6 00 ..h...¶.
    0008: 00 00 00 00 07 00 04 c0 .......À
    0010: 00 01 00 00 9c 00 00 c0 ....œ..À
    0018: 00 00 00 00 00 00 00 00 ........
    0020: 00 6e 1f 4d 1b 00 00 00 .n.M....
    0028: f7 d3 04 00 00 00 00 00 ÷Ó......
    0030: ff ff ff ff 01 00 00 00 ÿÿÿÿ....
    0038: 40 00 00 84 02 00 00 00 @..„....
    0040: 00 20 0a 12 40 03 20 40 . ..@. @
    0048: 00 00 00 00 0a 00 00 00 ........
    0050: 00 50 2b 02 d0 d5 f2 85 .P+.ÐÕò…
    0058: 00 00 00 00 08 80 ac 85 .....€¬…
    0060: 02 00 00 00 b7 8f a6 0d ....·¦.
    0068: 28 00 0d a6 8f b7 00 00 (..¦·..
    0070: 08 00 00 00 00 00 00 00 ........
    0078: f0 00 03 00 00 00 00 0b ð.......
    0080: 00 00 00 00 00 00 00 00 ........
    0088: 00 00 00 00 00 00 00 00 ........

    (words)
    0000: 00680003 00b60001 00000000 c0040007
    0010: 00000100 c000009c 00000000 00000000
    0020: 4d1f6e00 0000001b 0004d3f7 00000000
    0030: ffffffff 00000001 84000040 00000002
    0040: 120a2000 40200340 00000000 0000000a
    0050: 022b5000 85f2d5d0 00000000 85ac8008
    0060: 00000002 0da68fb7 a60d0028 0000b78f
    0070: 00000008 00000000 000300f0 0b000000
    0080: 00000000 00000000 00000000 00000000

    if you could tell me whether thats my C:\ hard drive or my F:\ hard drive. also, pretty much what it means too lol.

    EDIT: bad block, help and support center says that if you get this error regularly, you should replace the hard drive. instead of replacing the hard drive (i really dont have the money to do it right now, but i can if i have to) could it be fixed by doing a chkdsk, zero-fill format, or some other way to tell windows to avoid that "area"?
     
  19. momok

    momok TS Rookie Posts: 2,265

    This looks more like a problem destined for the Windows OS section. Hopefully you'll find the solution to your problems there. Thread moved.
     
  20. plasma dragon00

    plasma dragon00 TS Rookie Topic Starter Posts: 172

    thanks momok

    so, does anyone have any ideas on how to fix a bad block, and what exactly it is?
     
  21. plasma dragon00

    plasma dragon00 TS Rookie Topic Starter Posts: 172

    well, Seagate Disc-Tools Hard drive diagnostic software has detected that both hard drives "Failed with critical errors" on all the tests. i saved a log of each scan, i can post them if anyone wishes. so pretty much theyre just takin a crap. i wonder why both failed at the same time, or at least began to. anyway, i guess im gonna have to buy 2 new hard drives soon. plus, the old 13.6 gig ibm hard drive mentioned a few posts up, im gonna use that as an OS drive, with only ubuntu linux and windows xp on it.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...