Landesher Posted December 22, 2005 Share Posted December 22, 2005 I got a new computer, and i dont really remember downloading anything suspicious. but today out of nowhere 70 e-mail tabs to my gmail address popped up & i found a process called SlowDownCPU :x I'd appreciate it if someone checked this log. ty. Logfile of HijackThis v1.99.1 Scan saved at 9:47:00, on 22.12.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: I:\WINDOWS\System32\smss[Caution: ExecutableFile] I:\WINDOWS\system32\winlogon[Caution: ExecutableFile] I:\WINDOWS\system32\services[Caution: ExecutableFile] I:\WINDOWS\system32\lsass[Caution: ExecutableFile] I:\WINDOWS\system32\svchost[Caution: ExecutableFile] I:\WINDOWS\System32\svchost[Caution: ExecutableFile] I:\WINDOWS\system32\spoolsv[Caution: ExecutableFile] I:\WINDOWS\Explorer[Caution: ExecutableFile] I:\Program Files\Analog Devices\SoundMAX\SMax4PNP[Caution: ExecutableFile] I:\Program Files\Analog Devices\SoundMAX\Smax4[Caution: ExecutableFile] I:\PROGRA~1\ALWILS~1\Avast4\ashDisp[Caution: ExecutableFile] I:\Program Files\SlySoft\AnyDVD\AnyDVD[Caution: ExecutableFile] I:\Program Files\CyberLink\PowerCinema\PCMService[Caution: ExecutableFile] I:\Program Files\Java\jre1.5.0_06\bin\jusched[Caution: ExecutableFile] I:\WINDOWS\system32\RUNDLL32[Caution: ExecutableFile] I:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] I:\Program Files\MSN Messenger\MsnMsgr[Caution: ExecutableFile] I:\Program Files\Ares\Ares[Caution: ExecutableFile] I:\Program Files\Alwil Software\Avast4\aswUpdSv[Caution: ExecutableFile] I:\Program Files\Alwil Software\Avast4\ashServ[Caution: ExecutableFile] I:\WINDOWS\system32\nvsvc32[Caution: ExecutableFile] I:\Program Files\Analog Devices\SoundMAX\SMAgent[Caution: ExecutableFile] I:\Program Files\Alwil Software\Avast4\ashMaiSv[Caution: ExecutableFile] I:\Program Files\Alwil Software\Avast4\ashWebSv[Caution: ExecutableFile] I:\Program Files\Mozilla Firefox\firefox[Caution: ExecutableFile] I:\Program Files\WinRAR\WinRAR[Caution: ExecutableFile] I:\DOCUME~1\Herki\LOCALS~1\Temp\Rar$EX00.172\HijackThis[Caution: ExecutableFile] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delfi.ee/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [slowDownCPU] I:\WINDOWS\INF\MSI\SlowDownCPU\SlowDownCPU[Caution: ExecutableFile] O4 - HKLM\..\Run: [soundMAXPnP] I:\Program Files\Analog Devices\SoundMAX\SMax4PNP[Caution: ExecutableFile] O4 - HKLM\..\Run: [soundMAX] "I:\Program Files\Analog Devices\SoundMAX\Smax4[Caution: ExecutableFile]" /tray O4 - HKLM\..\Run: [avast!] I:\PROGRA~1\ALWILS~1\Avast4\ashDisp[Caution: ExecutableFile] O4 - HKLM\..\Run: [AnyDVD] "I:\Program Files\SlySoft\AnyDVD\AnyDVD[Caution: ExecutableFile]" O4 - HKLM\..\Run: [NeroFilterCheck] I:\WINDOWS\system32\NeroCheck[Caution: ExecutableFile] O4 - HKLM\..\Run: [PCMService] "I:\Program Files\CyberLink\PowerCinema\PCMService[Caution: ExecutableFile]" O4 - HKLM\..\Run: [sunJavaUpdateSched] I:\Program Files\Java\jre1.5.0_06\bin\jusched[Caution: ExecutableFile] O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32[Caution: ExecutableFile] I:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz[Caution: ExecutableFile] /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32[Caution: ExecutableFile] I:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]" /background O4 - HKCU\..\Run: [MsnMsgr] "I:\Program Files\MSN Messenger\MsnMsgr[Caution: ExecutableFile]" /background O4 - HKCU\..\Run: [ares] "I:\Program Files\Ares\Ares[Caution: ExecutableFile]" -h O4 - Global Startup: Adobe Gamma Loader.lnk = I:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader[Caution: ExecutableFile] O4 - Global Startup: Adobe Reader Speed Launch.lnk = I:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl[Caution: ExecutableFile] O4 - Global Startup: Microsoft Office.lnk = I:\Program Files\Microsoft Office\Office10\OSA[Caution: ExecutableFile] O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~2\Office10\EXCEL[Caution: ExecutableFile]/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134995091703 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "I:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - I:\Program Files\Alwil Software\Avast4\aswUpdSv[Caution: ExecutableFile] O23 - Service: avast! Antivirus - Unknown owner - I:\Program Files\Alwil Software\Avast4\ashServ[Caution: ExecutableFile] O23 - Service: avast! Mail Scanner - Unknown owner - I:\Program Files\Alwil Software\Avast4\ashMaiSv[Caution: ExecutableFile]" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - I:\Program Files\Alwil Software\Avast4\ashWebSv[Caution: ExecutableFile]" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT[Caution: ExecutableFile] O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32[Caution: ExecutableFile] O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - I:\Program Files\Analog Devices\SoundMAX\SMAgent[Caution: ExecutableFile] Link to comment Share on other sites More sharing options...
coltm4carbine Posted December 22, 2005 Share Posted December 22, 2005 what's your motherboard manufacturer (msi?)? The SlowDownCpu[Caution: ExecutableFile] is meant to fix some bugs with various motherboards. move hjt out of the temp. Link to comment Share on other sites More sharing options...
Landesher Posted December 22, 2005 Author Share Posted December 22, 2005 what's your motherboard manufacturer (msi?)? The SlowDownCpu.e3e (CAUTION - executable file) is meant to fix some bugs with various motherboards. move hjt out of the temp. i fixed it ._. erm, guess that wasn't a smart thing to do :P Anyways, it wasn't too important, was it? And why the hell is it called like a spyware or smth... and, i opened hjt from the zip file so i could just save the log. and, i have no idea what motherboard i have :/ //EDIT I read your sig. Guess I'm 1 of those 99% of people.. :( Link to comment Share on other sites More sharing options...
coltm4carbine Posted December 22, 2005 Share Posted December 22, 2005 i fixed it ._. erm, guess that wasn't a smart thing to do Anyways, it wasn't too important, was it?lol, i don't know what would happen if you fixed that...anyways there won't be any back-ups so it's kinda late to do anything now... and why the hell is it called like a spyware or smth... It's called slowdowncpu because i think (before this fix) loads of motherboards got fried due to the speed of something in the computer running to fast...not sure (lol i am not familiar with the insides of computers so i can't go into detail). p.s if this is wrong tell me because someone told me about this "fix". I'll have a look around for more info. Link to comment Share on other sites More sharing options...
Sharky009 Posted December 22, 2005 Share Posted December 22, 2005 Is there a way I could recover it? Download from somewhere maby? Or maby you could add me to your msn list if you have time to talk. [email protected] Oh, can you see something that could have caused the e-mail problem? (70 blank e-mail messages to my msn popped up out of nowhere) /EDIT It's landesher, I'm at a friends place. Link to comment Share on other sites More sharing options...
coltm4carbine Posted December 23, 2005 Share Posted December 23, 2005 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delfi.ee/ <- did you set that? If not fix it. Apart from that log looks clean. Might be your email settings (not to show pics- i have that on). You can see if you have a back-up (doubt it). start HJT ->config->Back-ups. now place a check mark next to:- O4 - HKLM\..\Run: [slowDownCPU] I:\WINDOWS\INF\MSI\SlowDownCPU\SlowDownCPU.e3e (CAUTION - executable file) select restore. Link to comment Share on other sites More sharing options...
Landesher Posted December 23, 2005 Author Share Posted December 23, 2005 yes, the ie homepage is supposed to be http://www.delfi.ee. But.... since i had hjt in the temp folder - no backups made :(. Link to comment Share on other sites More sharing options...
Albosky Posted December 23, 2005 Share Posted December 23, 2005 SlowdownCPU is part of your chipset driver package theres no harm in getting rid of it , its a quick fix for certain processors disabled/deleting it would have made your computer constantly reboot which hasnt happened obviously :) I like to fart silently but deadly in movie theatersArd Choille says (11:41 PM):I wouldn't dare tell you what to do m'dear Link to comment Share on other sites More sharing options...
Landesher Posted December 23, 2005 Author Share Posted December 23, 2005 SlowdownCPU is part of your chipset driver package theres no harm in getting rid of it , its a quick fix for certain processors disabled/deleting it would have made your computer constantly reboot which hasnt happened obviously :) not yet it hasn't :/... seems to me it makes a bit more noise then usually, i ca n hear it with my headset on :S. Erm, and am having a new problem :P. I got a new monitor for christmas & after installing it... the contrast is 80/100 and i can't lower it, it looks ugly & it's too bright, feels bad to look at it for a long time. I think it might be because of the drivers. It told me to choose the model I have, it's 730 BF which had 2 choices: 730 bf analog & 730 bf digital. Now, i have no idea if i have analog or digital, but i choose digital. Don't know if that made any difference. In games, like helbreath, the screen keeps going slow every few seconds.. like, the screen can't catch my character or smth, the char runs out of center. Help please? :oops: Link to comment Share on other sites More sharing options...
Landesher Posted December 24, 2005 Author Share Posted December 24, 2005 bump :cry: Link to comment Share on other sites More sharing options...
Landesher Posted December 26, 2005 Author Share Posted December 26, 2005 oh, + the screen doesn't fit here. the mouse and the text on startup goes about 5 cm's off screen ._. It's really annoying. Any help PLEASE? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now