Skip to main content
Start a Conversation

This post is more than 5 years old

Solved!

Go to Solution

L-Tek

3 Posts

25771

February 7th, 2012 18:00

Hardware & Interrupts Virus?

Hi there, I hope you can help me...

Over the past few months my pc has slowed considerably. I have noticed the pc is affected both while running programs and the speed at which my pc connects to the internet. Heres a list of the things I have done to combat this problem (to no avail).

  • Firstly I downloaded 'Malwarebytes' and performed a scan. I found a few malware viruses, which I deleted, rebooted and again run a scan.
  • Secondly I downloaded 'Kaspersky Rescue Disk' which found a number of trojans and malware viruses. Again I ran the scan and it found no further problems. 
  • After doing this I contacted Virgin as I was recieving a extremely slow connection speed to the internet (around 0.5mbs). I wasn't sure if these two problems were seperate. He installed a new modem and other computers around the house are running at 20mbs. My computer when using www.speedtest.net peeks at 20mbs but instantly goes down again. The virgin tech guy showed me on other pc's that the internet connection remains at 20mbs throughout the test (not peeking momentarily).

At this stage had it not been my work pc i would have just reinstalled windows but i can not afford to loose data or programs.

  • I then downloaded sysinternals processes explorer and found my 'hardware and interrupts' running on average at 50%. This is the case even while no programs are running and when they are this shoots up to 100%. 
  • I checked both my primary and secondary drivers are both running on DMA (not POI).
  • I downloaded Hijack this. Here is a copy of my scan:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 02:30:25, on 08/02/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Eraser\Eraser.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ralink\Common\RaUI.exe
C:\WINDOWS\usb-audio.deAAVersaPort\CONTROLVERSAPORT.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html?p=DK
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.facebook.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.co.uk/myway
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: VersaPort Control Panel.lnk = ?
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\Ralink\Common\RaUI.exe
O9 - Extra button: (no name) - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.expresstoolie.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IExplorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.expresstoolie.com/redirect.php (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: *.line6.net
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe

--
End of file - 6975 bytes

**NOTE I WAS USING FIREFOX WHILST RUNNING THIS SCAN.

MY SYSTEM:

DELL MICROSOFT XP HOME EDITION 2002, SERVICE PACK 3, DELL DIMENSION DIM3000, INTEL (R) CELERON (R) CPU 3.06GHZ 512MB RAM

I hope someone can help me with this as I rely on my pc to make a living and its almost become unusable.

Thanks in advance.

Luke.

rdunnill

6 Professor

 • 

8.8K Posts

February 7th, 2012 20:00

You might try the Spyware Hammer site ... http://spywarehammer.com/

It may be possible to disinfect your PC ... maybe.

Bugbatter

3 Apprentice

 • 

20.5K Posts

February 8th, 2012 07:00

Hi Luke,

For the future, don't forget that Windows 7 Pro has an XP Mode. That is what I use for my graphics programs etc. that are not compatible with Win 7.

For the present, I suggest following rdunnill's advice to post at SpywareHammer. That way you can have someone walk you through a fix, cleaning, and addressing vulnerabilities. Depending on the extent of infection, manual cleaning may or may not help, although the analysts have some very good tools available. This Dell forum is not set up for that type of comprehensive work..

Click on the link in my signature, or the one provided above. The volunteers at SpywareHammer are trained and will help you for free.  You will need to register at SpywareHammer and follow the instructions for posting a diagnostic log in their Malware Removal Forum.

If you prefer to use Dell please see the link at the top of this forum to their fee-based support.

Please be aware that with a system that old, there is always some risk involved, so if possible I suggest backing up as much of your music as possible.

Good Luck! :emotion-21:

L-Tek

3 Posts

February 7th, 2012 18:00

Hey,

I produce music.. so the files, folders & programs have to remain in the same place otherwise it can seriously affect projects. I daren't change anything in that respect just incase i loose vital things. If a project becomes corrupted I have no proof that I made that piece of music.

rdunnill

6 Professor

 • 

8.8K Posts

February 7th, 2012 18:00

If you earn a living with your PC, is there any reason you're still using XP? It's much more susceptible to malware than Windows 7.

L-Tek

3 Posts

February 7th, 2012 19:00

Exactly that, some of the the programs which i use only run on XP (these programs are worth thousands of pounds so i have no other option but to remain with XP for now). The system was running fine until this problem arose so I have no issue with XP. I do back my pc up on a daily basis, i was speaking more of files specific to software.

It seems I may have to reinstall which is going to be a nightmare as some of the musical plugins i own dont exsist in the public domain anymore (therefore corrupting my saves). & from what i understand if I image the drive I could just be putting the same problems back onto the pc, so is it really worth the risk?

Nightmare, really i was hoping for a fix that i could perform without affecting the current setup of the pc. Looks like that isnt going to be possible.

Thanks alot for your time. I appreciate it.

rdunnill

6 Professor

 • 

8.8K Posts

February 7th, 2012 19:00

XP is deprecated and in two years Microsoft plans abandon it. I do concede that some expensive and specialized hardware lacks Windows 7 drivers and will never function under anything but XP.

You might consider imaging your current drive to a backup, and reformatting and reinstalling. With all the malware you're reporting, it may well be that you won't get it all even using cleanup tools from multiple vendors. And once reinstalled, don't be using products like Kazaa, which allows malware to efficiently propagate.

Also, you should be backing up your projects regularly and storing the backups off-site.

Bugbatter

3 Apprentice

 • 

20.5K Posts

February 8th, 2012 11:00

This discussion is closed because the original poster has been referred to a dedicated malware removal site.
Everyone else who is having a similar issue, please begin a New Post at the top of the forum.

 

Was this post helpful?

View All

No Events found!

Top