PDA

View Full Version : Excessive hard drive access while browsing need help.



lordkor
2011-11-26, 00:41
About a week ago this started. Whenever I browse the internet whether with Firefox or IE, my hard drive will start thrashing endlessly and it will do this for about 3-5 minutes before it actually connects to the page. Once the activity stops the page loads. I tried running a full scan with Bitdefender, Spybot, Hijackthis and it came up clean. Also tried defragging and disk checks, nothing. Nothing is set to auto update as I know this causes excess activity at times. It makes surfing impossible. It doesn't matter what page I visit either. If I go to Google it thrashes, if I click a link it thrashes. I haven't added anything to the system. I even tried to wipe out and reinstall firefox but it still does it. I'll attach a DDS log hopefully someone can give some assistance with this. Thanks in advance!

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by lordkor at 17:32:57 on 2011-11-25
.
============== Running Processes ===============
.
C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hpnra.exe
C:\WINDOWS\system32\hpstatus.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Bitdefender\Bitdefender 2012\pchooklaunch32.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\HPBSPSVR.EXE
C:\WINDOWS\system32\HPBJDSNT.EXE
C:\WINDOWS\system32\hpb2ksrv.exe
C:\WINDOWS\system32\hpbhksrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Logitech\SetPoint\LU\LULnchr.exe
C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\lordkor.LORDKOR\My Documents\Downloads\dds.com
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {F3DF2532-A2CC-48D8-8643-A033AE4FC313} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [<NO NAME>] c:\program files\internet explorer\iexplore.exe http://www.symantec.com/techsupp/servlet/ProductMessages?module=2007&error=0&language=en&product=SymNRT&version=2008.0.2.17&build=Symantec&a=00000082.0000001f.0000004b&b=00000082.00000025.00000083&c=00000082.00000025.00000084
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [HP Network Registry Agent] c:\windows\system32\hpnra.exe
mRun: [HP Status] c:\windows\system32\hpstatus.exe
mRun: [Launch LGDCore] "c:\program files\logitech\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [Launch LCDMon] "c:\program files\logitech\g-series software\LCDMon.exe"
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2012\bdagent.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1203723742578
TCP: DhcpNameServer = 68.87.64.150 68.87.75.198
TCP: Interfaces\{B6957812-8091-4F35-856A-03E7AD542279} : DhcpNameServer = 68.87.64.150 68.87.75.198
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\lordkor.lordkor\application data\mozilla\firefox\profiles\6j5hk3yn.default\
.
============= SERVICES / DRIVERS ===============
.
R? bdsandbox;bdsandbox
R? rcp_service;ReaConverter scheduler service
R? Update Server;BitDefender Update Server v2
S? avc3;avc3
S? avchv;avchv Function Driver
S? avckf;avckf
S? Bdfndisf;BitDefender Firewall NDIS Filter Service
S? BDVEDISK;BDVEDISK
S? ctgame;Game Port
S? SafeBox;SafeBox
S? UPDATESRV;BitDefender Desktop Update Service
.
=============== Created Last 30 ================
.
2011-11-23 19:43:20 301656 ----a-w- c:\windows\system32\BtCoreIf.dll
2011-11-23 19:41:17 -------- d-----w- c:\documents and settings\lordkor.lordkor\application data\(null)
2011-11-04 00:48:43 -------- d-----w- c:\documents and settings\lordkor.lordkor\local settings\application data\bdch
.
==================== Find3M ====================
.
2011-11-23 19:11:47 113616 ----a-w- c:\windows\system32\drivers\bdfndisf.sys
2011-11-19 04:54:23 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-15 18:10:43 597112 ----a-w- c:\windows\system32\drivers\avc3.sys
2011-11-02 23:03:15 340624 ----a-w- c:\windows\system32\drivers\trufos.sys
2011-10-20 18:08:11 63056 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2011-10-02 00:31:55 21840 ----atw- c:\windows\system32\SIntfNT.dll
2011-10-02 00:31:55 17212 ----atw- c:\windows\system32\SIntf32.dll
2011-10-02 00:31:55 12067 ----atw- c:\windows\system32\SIntf16.dll
2011-09-24 02:36:49 454960 ----a-w- c:\windows\system32\drivers\avckf.sys
2010-07-08 14:37:14 101544 ----a-w- c:\program files\common files\LinkInstaller.exe
.
============= FINISH: 17:34:22.67 ===============

jeffce
2011-11-28, 14:46
Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

The fixes are specific to your problem and should only be used for the issues on this machine.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Having said that....Let's get going!! :thumbup:
----------

Sorry about the delay in response. As you can see we are very busy here.

Since it has been a couple of days please run DDS once more and post both of the newly created logs.
--------------

GMER

Download GMER Rootkit Scanner from here (http://www.gmer.net/gmer.zip) or here (http://www.majorgeeks.com/download.php?det=5198).

Extract the contents of the zipped file to desktop.
Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

http://www.geekstogo.com/misc/guide_icons/GMER_thumb.jpg (http://www.geekstogo.com/misc/guide_icons/GMER_instructions.jpg)
Click the image to enlarge it

In the right panel, you will see several boxes that have been checked. Uncheck the following ...
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.

Save it where you can easily find it, such as your desktop, and attach it in your reply.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries.
----------

In your next reply please post the logs created by DDS and GMER. :)

jeffce
2011-12-01, 16:49
Hi,

Do you still need help? :)

jeffce
2011-12-02, 14:59
Due to lack of feedback, this topic will now be closed.
If you are the original poster and you still require help, please start a new thread.