[HJT log] Help please.

[Landesher]

I got a new computer, and i dont really remember downloading anything suspicious. but today out of nowhere 70 e-mail tabs to my gmail address popped up & i found a process called SlowDownCPU :x

 

 

 

I'd appreciate it if someone checked this log.

 

 

 

 

 

 

 

ty.

 

 

 

 

 

 

 

Logfile of HijackThis v1.99.1



Scan saved at 9:47:00, on 22.12.2005



Platform: Windows XP SP2 (WinNT 5.01.2600)



MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)







Running processes:



I:\WINDOWS\System32\smss[Caution: ExecutableFile]



I:\WINDOWS\system32\winlogon[Caution: ExecutableFile]



I:\WINDOWS\system32\services[Caution: ExecutableFile]



I:\WINDOWS\system32\lsass[Caution: ExecutableFile]



I:\WINDOWS\system32\svchost[Caution: ExecutableFile]



I:\WINDOWS\System32\svchost[Caution: ExecutableFile]



I:\WINDOWS\system32\spoolsv[Caution: ExecutableFile]



I:\WINDOWS\Explorer[Caution: ExecutableFile]



I:\Program Files\Analog Devices\SoundMAX\SMax4PNP[Caution: ExecutableFile]



I:\Program Files\Analog Devices\SoundMAX\Smax4[Caution: ExecutableFile]



I:\PROGRA~1\ALWILS~1\Avast4\ashDisp[Caution: ExecutableFile]



I:\Program Files\SlySoft\AnyDVD\AnyDVD[Caution: ExecutableFile]



I:\Program Files\CyberLink\PowerCinema\PCMService[Caution: ExecutableFile]



I:\Program Files\Java\jre1.5.0_06\bin\jusched[Caution: ExecutableFile]



I:\WINDOWS\system32\RUNDLL32[Caution: ExecutableFile]



I:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]



I:\Program Files\MSN Messenger\MsnMsgr[Caution: ExecutableFile]



I:\Program Files\Ares\Ares[Caution: ExecutableFile]



I:\Program Files\Alwil Software\Avast4\aswUpdSv[Caution: ExecutableFile]



I:\Program Files\Alwil Software\Avast4\ashServ[Caution: ExecutableFile]



I:\WINDOWS\system32\nvsvc32[Caution: ExecutableFile]



I:\Program Files\Analog Devices\SoundMAX\SMAgent[Caution: ExecutableFile]



I:\Program Files\Alwil Software\Avast4\ashMaiSv[Caution: ExecutableFile]



I:\Program Files\Alwil Software\Avast4\ashWebSv[Caution: ExecutableFile]



I:\Program Files\Mozilla Firefox\firefox[Caution: ExecutableFile]



I:\Program Files\WinRAR\WinRAR[Caution: ExecutableFile]



I:\DOCUME~1\Herki\LOCALS~1\Temp\Rar$EX00.172\HijackThis[Caution: ExecutableFile]







R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delfi.ee/



O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll



O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll



O4 - HKLM\..\Run: [slowDownCPU] I:\WINDOWS\INF\MSI\SlowDownCPU\SlowDownCPU[Caution: ExecutableFile]



O4 - HKLM\..\Run: [soundMAXPnP] I:\Program Files\Analog Devices\SoundMAX\SMax4PNP[Caution: ExecutableFile]



O4 - HKLM\..\Run: [soundMAX] "I:\Program Files\Analog Devices\SoundMAX\Smax4[Caution: ExecutableFile]" /tray



O4 - HKLM\..\Run: [avast!] I:\PROGRA~1\ALWILS~1\Avast4\ashDisp[Caution: ExecutableFile]



O4 - HKLM\..\Run: [AnyDVD] "I:\Program Files\SlySoft\AnyDVD\AnyDVD[Caution: ExecutableFile]"



O4 - HKLM\..\Run: [NeroFilterCheck] I:\WINDOWS\system32\NeroCheck[Caution: ExecutableFile]



O4 - HKLM\..\Run: [PCMService] "I:\Program Files\CyberLink\PowerCinema\PCMService[Caution: ExecutableFile]"



O4 - HKLM\..\Run: [sunJavaUpdateSched] I:\Program Files\Java\jre1.5.0_06\bin\jusched[Caution: ExecutableFile]



O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32[Caution: ExecutableFile] I:\WINDOWS\system32\NvCpl.dll,NvStartup



O4 - HKLM\..\Run: [nwiz] nwiz[Caution: ExecutableFile] /install



O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32[Caution: ExecutableFile] I:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit



O4 - HKCU\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]" /background



O4 - HKCU\..\Run: [MsnMsgr] "I:\Program Files\MSN Messenger\MsnMsgr[Caution: ExecutableFile]" /background



O4 - HKCU\..\Run: [ares] "I:\Program Files\Ares\Ares[Caution: ExecutableFile]" -h



O4 - Global Startup: Adobe Gamma Loader.lnk = I:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader[Caution: ExecutableFile]



O4 - Global Startup: Adobe Reader Speed Launch.lnk = I:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl[Caution: ExecutableFile]



O4 - Global Startup: Microsoft Office.lnk = I:\Program Files\Microsoft Office\Office10\OSA[Caution: ExecutableFile]



O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~2\Office10\EXCEL[Caution: ExecutableFile]/3000



O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll



O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll



O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]



O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]



O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134995091703



O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "I:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)



O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - I:\Program Files\Alwil Software\Avast4\aswUpdSv[Caution: ExecutableFile]



O23 - Service: avast! Antivirus - Unknown owner - I:\Program Files\Alwil Software\Avast4\ashServ[Caution: ExecutableFile]



O23 - Service: avast! Mail Scanner - Unknown owner - I:\Program Files\Alwil Software\Avast4\ashMaiSv[Caution: ExecutableFile]" /service (file missing)



O23 - Service: avast! Web Scanner - Unknown owner - I:\Program Files\Alwil Software\Avast4\ashWebSv[Caution: ExecutableFile]" /service (file missing)



O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT[Caution: ExecutableFile]



O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32[Caution: ExecutableFile]



O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - I:\Program Files\Analog Devices\SoundMAX\SMAgent[Caution: ExecutableFile]

[coltm4carbine]

what's your motherboard manufacturer (msi?)?

 

 

 

 

 

 

 

The SlowDownCpu[Caution: ExecutableFile] is meant to fix some bugs with various motherboards.

 

 

 

 

 

 

 

move hjt out of the temp.

[Landesher]

what's your motherboard manufacturer (msi?)?

 

 

 

 

 

 

 

The SlowDownCpu.e3e (CAUTION - executable file) is meant to fix some bugs with various motherboards.

 

 

 

 

 

 

 

move hjt out of the temp.

 

 

 

i fixed it ._.

 

 

 

erm, guess that wasn't a smart thing to do :P

 

 

 

Anyways, it wasn't too important, was it? And why the hell is it called like a spyware or smth...

 

 

 

 

 

 

 

and, i opened hjt from the zip file so i could just save the log.

 

 

 

and, i have no idea what motherboard i have :/

 

 

 

 

 

 

 

//EDIT

 

 

 

 

 

 

 

I read your sig.

 

 

 

Guess I'm 1 of those 99% of people.. :(

[coltm4carbine]

i fixed it ._.

 

 

 

erm, guess that wasn't a smart thing to do

 

 

 

Anyways, it wasn't too important, was it?

lol, i don't know what would happen if you fixed that...anyways there won't be any back-ups so it's kinda late to do anything now...

 

 

 

 

 

 

 

and why the hell is it called like a spyware or smth...

It's called slowdowncpu because i think (before this fix) loads of motherboards got fried due to the speed of something in the computer running to fast...not sure (lol i am not familiar with the insides of computers so i can't go into detail). p.s if this is wrong tell me because someone told me about this "fix".

 

 

 

 

 

 

 

I'll have a look around for more info.

[Sharky009]

Is there a way I could recover it? Download from somewhere maby?

 

 

 

Or maby you could add me to your msn list if you have time to talk.

 

 

 

[email protected]

 

 

 

 

 

 

 

 

 

 

 

Oh, can you see something that could have caused the e-mail problem? (70 blank e-mail messages to my msn popped up out of nowhere)

 

 

 

 

 

 

 

/EDIT

 

 

 

 

 

 

 

It's landesher, I'm at a friends place.

[coltm4carbine]

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delfi.ee/ <- did you set that? If not fix it.

 

 

 

 

 

 

 

Apart from that log looks clean. Might be your email settings (not to show pics- i have that on).

 

 

 

 

 

 

 

You can see if you have a back-up (doubt it).

 

 

 

 

 

 

 

start HJT ->config->Back-ups.

 

 

 

 

 

 

 

now place a check mark next to:-

 

 

 

 

 

 

 

O4 - HKLM\..\Run: [slowDownCPU] I:\WINDOWS\INF\MSI\SlowDownCPU\SlowDownCPU.e3e (CAUTION - executable file)

 

 

 

 

 

 

 

select restore.

[Landesher]

yes, the ie homepage is supposed to be http://www.delfi.ee. But.... since i had hjt in the temp folder - no backups made :(.

[Albosky]

SlowdownCPU is part of your chipset driver package

 

 

 

 

 

 

 

theres no harm in getting rid of it , its a quick fix for certain processors

 

 

 

 

 

 

 

disabled/deleting it would have made your computer constantly reboot which hasnt happened obviously :)

[Landesher]

SlowdownCPU is part of your chipset driver package

 

 

 

 

 

 

 

theres no harm in getting rid of it , its a quick fix for certain processors

 

 

 

 

 

 

 

disabled/deleting it would have made your computer constantly reboot which hasnt happened obviously :)

 

 

 

not yet it hasn't :/... seems to me it makes a bit more noise then usually, i ca n hear it with my headset on :S.

 

 

 

 

 

 

 

Erm, and am having a new problem :P.

 

 

 

I got a new monitor for christmas & after installing it... the contrast is 80/100 and i can't lower it, it looks ugly & it's too bright, feels bad to look at it for a long time. I think it might be because of the drivers. It told me to choose the model I have, it's 730 BF which had 2 choices: 730 bf analog & 730 bf digital.

 

 

 

Now, i have no idea if i have analog or digital, but i choose digital. Don't know if that made any difference.

 

 

 

 

 

 

 

In games, like helbreath, the screen keeps going slow every few seconds.. like, the screen can't catch my character or smth, the char runs out of center.

 

 

 

Help please? :oops:

[Landesher]

bump :cry:

[Landesher]

oh, + the screen doesn't fit here. the mouse and the text on startup goes about 5 cm's off screen ._.

 

 

 

It's really annoying. Any help PLEASE?