computer suddently lags HARD

[xsphera]

Im not sure why but it just decided this morning 2 be slow, even my itunes was choopy
i ran malware scan and that turnout with no infections

i have a combo fix and hijack this log
COMBO FIX
ComboFix 09-03-29.04 - JQ 2009-03-31 13:00:03.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2378 [GMT 10:00]
Running from: c:\documents and settings\JQ\My Documents\Downloads\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-31 )))))))))))))))))))))))))))))))
.

2009-03-29 15:17 . 2009-03-29 15:17 <DIR> d-------- c:\documents and settings\JQ\Application Data\Locktime
2009-03-29 15:17 . 2009-03-29 15:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Locktime
2009-03-28 21:03 . 2009-03-28 21:03 <DIR> d-------- c:\documents and settings\JQ\Application Data\MathWorks
2009-03-28 21:00 . 2004-07-29 22:35 1,077,344 --a------ c:\windows\system32\mscomctl.ocx
2009-03-28 21:00 . 2009-03-28 21:00 645,120 --a------ c:\windows\system32\config.gms
2009-03-28 21:00 . 2004-03-01 21:05 407,104 --a------ c:\windows\system32\MSHFLXGD.OCX
2009-03-28 21:00 . 2004-02-11 13:37 203,976 --a------ c:\windows\system32\RICHTX32.OCX
2009-03-28 21:00 . 2002-02-13 09:20 2,364 --a------ c:\windows\system32\mscomctl.dep
2009-03-24 11:45 . 2009-03-24 11:45 <DIR> d-------- c:\documents and settings\JQ\Application Data\DiskAid
2009-03-24 11:00 . 2009-03-24 11:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2009-03-24 10:53 . 2009-03-24 10:53 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2009-02-25 21:43 . 2009-02-25 21:43 <DIR> d-------- c:\program files\Hamachi
2009-02-25 21:43 . 2009-02-25 21:43 25,280 --a------ c:\windows\system32\drivers\hamachi.sys
2009-02-25 21:41 . 2009-02-26 00:30 <DIR> d-------- c:\documents and settings\JQ\Application Data\Hamachi
2009-02-10 12:50 . 2009-02-10 12:50 <DIR> d-------- c:\documents and settings\JQ\Application Data\Radmin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-31 02:58 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-31 01:54 --------- d-----w c:\documents and settings\JQ\Application Data\uTorrent
2009-03-31 00:51 22,528 ----a-w c:\windows\system32\drivers\nhcDriver.sys
2009-03-29 16:32 --------- d-----w c:\documents and settings\JQ\Application Data\mIRC
2009-03-24 00:58 --------- d-----w c:\program files\Common Files\Adobe
2009-03-08 00:56 --------- d-----w c:\documents and settings\JQ\Application Data\LimeWire
2009-02-25 06:19 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-26 00:47 120,320 ----a-w c:\windows\system32\LAGARITH.DLL
.

((((((((((((((((((((((((((((( snapshot@2009-01-11_16.00.39.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-28 11:00:09 73,728 ----a-w c:\windows\assembly\GAC_32\MWArray\2.0.0.0__e1d84a0da19db86f\MWArray.dll
+ 2009-01-26 00:20:41 53,248 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\AjaVideoProperties\8a84c4744e34b6918cdc7da972e08461\AjaVideoProperties.ni.dll
+ 2009-01-26 00:20:48 74,752 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ControlLibrary\591d1bc77dce0e2c5da89868d00cdb93\ControlLibrary.ni.dll
+ 2009-01-26 00:20:46 1,165,824 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\CoreGraphics.XmlSer#\c13abcc3ca79068385a67277f9774bb1\CoreGraphics.XmlSerializers.ni.dll
+ 2009-01-26 00:20:44 1,523,712 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\CoreGraphics\e4360641cb4784e758bcb29c628a0735\CoreGraphics.ni.dll
+ 2009-01-26 00:20:41 120,320 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\CorePrimitives\42638bf168d4cba4b302b438285a076c\CorePrimitives.ni.dll
+ 2009-01-26 00:20:48 809,984 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\CoreUI.XmlSerialize#\6b0ce91b1cc2fbd6100d967959a42c7a\CoreUI.XmlSerializers.ni.dll
+ 2009-01-26 00:20:46 324,608 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\CoreUI\482402185e1fad730cfca4ef3e59bd4a\CoreUI.ni.dll
+ 2009-01-26 00:20:50 44,544 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Interop\d53d051c57c688a5e9c61e027addd086\Interop.ni.dll
+ 2009-01-26 00:20:40 643,584 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Sony.Capture\1b5144364ed26275c1e0afba51fc3428\Sony.Capture.ni.dll
+ 2009-01-26 00:20:39 278,016 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Sony.MediaSoftware.#\fb1398494fe61a2fe910a7480c7e1155\Sony.MediaSoftware.ExternalVideoDevice.ni.dll
+ 2009-01-26 00:20:40 222,208 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Sony.Vegas.NetRender\fbe35570e844f12423434f6534f49560\Sony.Vegas.NetRender.ni.dll
+ 2009-01-26 00:20:38 868,864 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Sony.Vegas\7899c329bf3a25c31273a74f7bc85767\Sony.Vegas.ni.dll
+ 2009-01-26 00:20:49 1,363,456 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WidgetLibrary\655575a6e1ab3455160bda48dbb14c70\WidgetLibrary.ni.dll
- 2005-10-20 09:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-20 10:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
- 2000-08-30 21:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-30 22:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
- 2000-08-30 21:00:00 161,792 ----a-w c:\windows\SWREG.exe
+ 2000-08-30 22:00:00 161,792 ----a-w c:\windows\SWREG.exe
+ 2006-09-28 09:52:18 655,360 ----a-w c:\windows\system32\CDDBControl.dll
+ 2006-09-28 09:52:18 98,304 ----a-w c:\windows\system32\CddbLangDE.dll
+ 2006-09-28 09:52:18 98,304 ----a-w c:\windows\system32\CddbLangES.dll
+ 2006-09-28 09:52:18 98,304 ----a-w c:\windows\system32\CddbLangFR.dll
+ 2006-09-28 09:52:18 102,400 ----a-w c:\windows\system32\CddbLangIT.dll
+ 2006-09-28 09:52:18 77,824 ----a-w c:\windows\system32\CddbLangJA.dll
+ 2006-09-28 09:52:18 98,304 ----a-w c:\windows\system32\CddbLangNL.dll
+ 2006-09-28 09:52:18 765,952 ----a-w c:\windows\system32\CDDBUI.dll
+ 2007-04-23 16:08:52 81,688 ----a-w c:\windows\system32\drivers\nltdi.sys
- 2009-01-06 07:53:31 95,072 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-03-24 09:46:30 1,975,928 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2004-05-04 09:53:40 1,645,320 ----a-w c:\windows\system32\GDIPLUS.DLL
+ 2007-12-13 13:57:22 135,168 ----a-w c:\windows\system32\java.exe
+ 2007-12-13 13:57:24 135,168 ----a-w c:\windows\system32\javaw.exe
+ 2007-12-13 14:59:16 139,264 ----a-w c:\windows\system32\javaws.exe
+ 2006-09-28 09:53:16 499,712 ----a-w c:\windows\system32\msvcp71.dll
+ 2006-09-28 09:53:16 344,064 ----a-w c:\windows\system32\msvcr70.dll
- 2009-01-06 01:26:35 67,818 ----a-w c:\windows\system32\perfc009.dat
+ 2009-03-28 23:23:07 68,508 ----a-w c:\windows\system32\perfc009.dat
- 2009-01-06 01:26:35 433,042 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-28 23:23:07 434,270 ----a-w c:\windows\system32\perfh009.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Steam"="d:\program files\steam\steam.exe" [2008-10-08 1410296]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"d:\program files\NetMeter\NetMeter.exe"="d:\program files\NetMeter\NetMeter.exe" [2007-08-11 331264]
"Fraps"="d:\fraps\FRAPS.EXE" [2008-01-14 3182248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-07-28 110592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-26 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-26 86016]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000]
"DirectMessenger"="c:\program files\ASUS\ASUS Direct Console\LCMP.EXE" [2006-10-24 986624]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"ATKHOTKEY"="c:\program files\ATK Hotkey\Hcontrol.exe" [2007-10-16 229376]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]
"Copperhead"="d:\program files\Razer\Copperhead\razerhid.exe" [2005-11-25 155648]
"CTAPR2"="c:\program files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe" [2007-02-15 57344]
"NotebookHardwareControl"="c:\program files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
"Hronos"="d:\program files\Hronos.exe" [2007-08-04 380928]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"RTHDCPL"="RTHDCPL.EXE" [2008-06-13 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-04-26 c:\windows\system32\nwiz.exe]
"SPIRun"="SPIRun.dll" [2006-11-29 c:\windows\system32\SPIRun.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\JQ\Start Menu\Programs\Startup\
Creative Console Launcher.lnk - c:\program files\Creative\Sound Blaster X-Fi\Console Launcher\ConsoLCu.exe [11/25/2008 9:12:09 PM 217088]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [8/2/2007 6:41:52 PM 2760704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.LAGS"= lagarith.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\Program Files\\Steam\\SteamApps\\iguessnoonehasthisname\\team fortress 2\\hl2.exe"=
"d:\\Program Files\\Steam\\SteamApps\\iguessnoonehasthisname\\source 2007 dedicated server\\srcds.exe"=
"d:\\Program Files\\Steam\\SteamApps\\iguessnoonehasthisname\\diprip warm up\\hl2.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"d:\\Seperate\\ZZ\\dls\\Condition Zero\\hl.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\Steam\\SteamApps\\iguessnoonehasthisname\\half-life 2 deathmatch\\hl2.exe"=
"d:\\Program Files\\Steam\\SteamApps\\aishiteru00\\counter-strike source\\hl2.exe"=
"d:\\Program Files\\mIRC\\mirc.exe"=
"d:\\Program Files\\Steam\\steam.exe"=
"d:\\Program Files\\Steam\\SteamApps\\iguessnoonehasthisname\\synergy\\hl2.exe"=
"d:\\Program Files\\Steam\\SteamApps\\iguessnoonehasthisname\\synergy dedicated server\\srcds.exe"=
"c:\\Program Files\\ASUS\\Power4 Gear\\BatteryLife.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
"d:\\Program Files\\iTunes\\iTunesHelper.exe"=
"c:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\TosBtMng.exe"=
"c:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\TosBtHSP.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\S24EvMon.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\EvtEng.exe"=
"c:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\TosBtSrv.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\iFrmewrk.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\Dot1XCfg.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\RegSrvc.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"d:\\Program Files\\Hronos.exe"=
"d:\\Program Files\\Razer\\Copperhead\\razerhid.exe"=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"=
"d:\\Program Files\\NetMeter\\NetMeter.exe"=
"c:\\WINDOWS\\RTHDCPL.exe"=
"c:\\Program Files\\Notebook Hardware Control\\nhc.exe"=
"c:\\Program Files\\Creative\\Sound Blaster X-Fi\\Console Launcher\\ConsoLCu.exe"=
"d:\\Program Files\\Razer\\Copperhead\\razertra.exe"=
"d:\\Program Files\\Razer\\Copperhead\\razerofa.exe"=
"d:\\Fraps\\fraps.exe"=
"c:\\Program Files\\ASUS\\ATK Media\\DMedia.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"d:\\Program Files\\Steam\\SteamApps\\iguessnoonehasthisname\\zombie panic! source\\hl2.exe"=
"d:\\Program Files\\Steam\\SteamApps\\iguessnoonehasthisname\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [4/24/2007 2:08:52 AM 81688]
R3 t3;SB Xtreme Audio Notebook;c:\windows\system32\drivers\t3.sys [11/25/2008 9:13:01 PM 735744]
R3 t3filt;t3filt;c:\windows\system32\drivers\t3filt.sys [11/25/2008 9:13:02 PM 1656960]
R3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [6/29/2008 10:36:16 PM 11596]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\JQ\Application Data\Mozilla\Firefox\Profiles\pjedk1f1.default\
FF - prefs.js: browser.startup.homepage - hxxps://sso.portal.unimelb.edu.au/UnimelbSSO/login.jsp?site2pstoretoken=v1.2~AD64F60A~537231D0B104C8661296CC1C12FDD6EF5D7B12644615036B135799B6337DDC9D7CA68C6A8C0363156D3D841E10C65F7CAFC6D3FC3F02998643B94EE65C8589F4564D40D15B76656B1874583784266713AE85B315F0E1413A93EBD642E80E3DCD1FE43A40204AD2490FAF9A95FDEABC4BC89864FD71EFA6001A9542036CD46F1098A18E75470230D5D14427ED4643773F6DE46AC6D1BEBE333AE31B7B446203898276C3FA2E2F48C387BAE00FD447C701474AF3D58F4EDC516262110AC4C3B1B4066A8A623317A4A65D7E0CA49B87643A26AD7044E6CE4B6C2D15AD10829CBA0633A0C7A70788F2BA&p_error_code=&p_submit_url=https%3A%2F%2Fsso.portal.unimelb.edu.au%2Fsso%2Fauth&p_cancel_url=https%3A%2F%2Fapp.portal.unimelb.edu.au%2Fportal%2Fpls%2Fportal%2FPORTAL.home&ssousername=
FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-31 13:01:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SPIRun = Rundll32 SPIRun.dll,RunDLLEntry?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1024)
c:\windows\system32\netprovcredman.dll
.
Completion time: 2009-03-31 13:01:47
ComboFix-quarantined-files.txt 2009-03-31 03:01:45
ComboFix2.txt 2009-01-15 23:26:42
ComboFix3.txt 2009-01-15 05:19:09
ComboFix4.txt 2009-01-15 00:53:13
ComboFix5.txt 2009-03-31 02:59:35

Pre-Run: 7,178,686,464 bytes free
Post-Run: 7,284,629,504 bytes free

215

 

[xsphera]

HIJACK THIS
vLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:10:45 PM, on 31/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ASUS Direct Console\LCMP.EXE
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
D:\Program Files\Razer\Copperhead\razerhid.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Notebook Hardware Control\nhc.exe
D:\Program Files\Hronos.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\NetMeter\NetMeter.exe
D:\FRAPS\FRAPS.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\ConsoLCu.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
D:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
D:\Program Files\Razer\Copperhead\razertra.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
D:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Steam\steam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DirectMessenger] "C:\Program Files\ASUS\ASUS Direct Console\LCMP.EXE"
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Program Files\ATK Hotkey\Hcontrol.exe"
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [Copperhead] D:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [CTAPR2] "C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe" /r
O4 - HKLM\..\Run: [SPIRun] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [Hronos] D:\Program Files\Hronos.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "d:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [D:\Program Files\NetMeter\NetMeter.exe] D:\Program Files\NetMeter\NetMeter.exe
O4 - HKCU\..\Run: [Fraps] D:\FRAPS\FRAPS.EXE
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Creative Console Launcher.lnk = C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\ConsoLCu.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - D:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 7718 bytes

 

[xsphera]

those were the 2 logs, all help will be greatly apprieciated. (malware had nothing)

feel free 2 ask me for any other info regarding this prob.
Thank you

 

[jakejake11tye]

How slow?

Open task manger, check performance. If it is above 50 percent and you are not running any programs, then you either have a memory leak or you have a prgram running in the background that is using it all.

Tell me what you see

Good Luck

 

[xsphera]

i wasnt running anything, but it lags when i open windows or play music

do any of you notice anything wrong with the 2 log files i've posted?
or does it seem to be alright

 

[TFT]

I'm no expert but do you know the program "HRONIS.EXE" you have installed in "Program Files". Google doesn't say much on it and it could be suspect.

 

[tlarkin]

I love how people think a hijack this log is going to fix all their problems.

What is your current hardware set up, what is your software and OS setup and what are all you running in the background?

Did it not lag hard as you put it at one time, or has it always lagged hard?

 

[xsphera]

tlarkin i did not expect hijack to FIX anything.
from previous experience i was told 2 post hijack logs etc, so this time in doing it in advance.

also, hronos is a program i use, its safe =D

also, currently the lag issue has disapeared, but i would still like to know if theres anything suspicous with my logs

and yes, that lag was a really random incident ( a one of)

 

[tlarkin]

If it is vista look at the performance monitor and if you have any java based apps get rid of them. Java stuff equals resource hog city

 

[Zatharus]

...also, currently the lag issue has disapeared, but i would still like to know if theres anything suspicous with my logs

and yes, that lag was a really random incident ( a one of)

Do you have any antivirus software set to scan about that time you noticed it?

 

[xsphera]

there wasnt any antivirus or big hoggin program on at the time..

if no one picks up on anything strange in the logs i might just let it slide then

anyone?

 

[xsphera]

bump... new discovery

This only happens when utorrent is/has been running

it lags so much when utorrent is downloading stuff as well as after utorrent has been closed

 

[Zatharus]

What kind of network hardware/drivers do you have? And, are you running any form of network filter? Using any kind of torrent downloading software will open up quite a few network connections and can stress network filters and poor network management software.

 

[xsphera]

i dont believe theres any network filters.. this was never an issue a month or 2 ago.
Even if somehow a network filter was installed, how does that affect my processor?? causing the massive lag.

noting this only happens when utorrent has been running

 

[Zatharus]

Well, since downloading torrents can open a massive amount of network connections, any network filter will have to process all those connections. This can cause some slowdown or sluggishness of your computer. Since you don't think you have any network filters you could try a few other things.

First, try enabling diskio.flush_files in the advanced tab of the uTorrent preferences.

Second, start from a fresh boot, load the Task Manager and watch what processes use most of your CPU power. Then, launch uTorrent, grab a simple file (like an Ubuntu image) all while keeping an eye on the Task Manager. After you shut down uTorrent, do you have something else that is left running? Make sure that you actually quit uTorrent...not just closing the uTorrent window. If you just close the window uTorrent will just shrink to the tray.

I have a feeling that uTorrent is still running in the background when you think it is quit.

 

[tlarkin]

bump... new discovery

This only happens when utorrent is/has been running

it lags so much when utorrent is downloading stuff as well as after utorrent has been closed

Vista + uTorrent + over 5 seeds = memory leak! Yeah I have this happen all the time, and my uTorrent client will take up 2gigs of Memory. You would think uTorrent is written in Java for how much memory it eats up but it is not. Kill the process completely and relaunch it, or kill it while gaming.

 

[Zatharus]

Vista + uTorrent + over 5 seeds = memory leak! Yeah I have this happen all the time, and my uTorrent client will take up 2gigs of Memory. You would think uTorrent is written in Java for how much memory it eats up but it is not. Kill the process completely and relaunch it, or kill it while gaming.

AH! Yeah... Good catch. Haven't they fixed it yet? I thought the latest version was supposed to address that.

I think you've hit it.

 

[xsphera]

um thanks for the replies,
however, i am running windows XP

and i am also certain that when i exit utorrent, it actually quits =)

this is such a pain in the butt

 

[Zatharus]

Check your memory usage/availability after running uTorrent for a while. The memory leak may still be at fault.

 

[xsphera]

THIS IS WHAT IT IS WHEN UTORRENT IS RUNNING

--------

This is JUST as utorrent has closed(quit)

------------

This is 10 minutes after utorrent has been closed


My music started becoming choppy just as utorrent ends or just slightly before