Thread: Major problem!

    #1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2010
    Posts
    4
    Rep Power
    0

    Major problem!


    Hello there,

    It's been 2 days since my computer has gone crazy. I am not totally sure if it is a virus but from my computer experience I guess it is. The problem is that it is slow. I mean REALLY slow. It like I have Pentium 1 processor. 1 hour to open Firefox (lol). I tried to scan for viruses and I did it but neither Microsoft Security Essentials nor COMODO found something to change the situation. Also, I found out that Windows Defender is off and I can't turn it on (I use Win 7 64 bit). MSE also turned off alone in some point. Oh and something else: It seems the virus is adding virtual space or something in the disk. I had normally like 4 giga of free space but sometimes it says less, like 160 mb or even 11 mb!!

    Please help the pc is working on like 1/1000 of it's normal speed!

    Thanks in advance!!


    ---------

    Malware Bytes:

    Malwarebytes' Anti-Malware 1.46


    Database version: 4055

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    1/5/2010 0:22:06
    mbam-log-2010-05-01 (00-22-06).txt

    Scan type: Quick scan
    Objects scanned: 22174
    Time elapsed: 1 hour(s), 37 minute(s), 24 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    -----------------------------

    SUPERAntispyware:

    SUPERAntiSpyware Scan Log


    Generated 05/01/2010 at 07:29 PM

    Application Version : 4.36.1006

    Core Rules Database Version : 4874
    Trace Rules Database Version: 2686

    Scan type : Complete Scan
    Total Scan Time : 04:56:40

    Memory items scanned : 526
    Memory threats detected : 0
    Registry items scanned : 8660
    Registry threats detected : 3
    File items scanned : 108283
    File threats detected : 6

    System.BrokenFileAssociation
    HKCR\.exe
    HKCR\.com
    HKCR\exefile\shell\open\command

    Adware.Tracking Cookie
    .microsoftwga.112.2o7.net [ C:\Users\Skypower\AppData\Roaming\Mozilla\Firefox\Profiles\rx7oes9a.default\cookies.txt ]
    C:\Windows.old\Users\Chris\AppData\Roaming\Microsoft\Windows\Cookies\Low\chris@atdmt[1].txt
    C:\Windows.old\Users\Chris\AppData\Roaming\Microsoft\Windows\Cookies\Low\chris@doubleclick[1].txt
    C:\Windows.old\Users\Chris\AppData\Roaming\Microsoft\Windows\Cookies\Low\chris@msnportal.112.2o7[1].txt

    Trojan.Dropper/Win-NV
    C:\WINDOWS.OLD\PROGRAM FILES (X86)\DELL DATASAFE LOCAL BACKUP\COMPONENTS\DSUPDATE\UPDATE.EXE
    C:\WINDOWS.OLD\PROGRAM FILES (X86)\DELL SUPPORT CENTER\HWDIAG\BIN\HTTP.DLL

    ------------------

    Hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:27:02, on 2/5/2010
    Platform: Unknown Windows (WinNT 6.01.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16385)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\backup\AccuracyTool.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    C:\Program Files (x86)\Razer\Lachesis\razerhid.exe
    C:\Program Files (x86)\Nike+ Utility\Nike+ Utility.exe
    C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Razer\Lachesis\OSD.exe
    C:\Program Files (x86)\Razer\Lachesis\razertra.exe
    C:\Program Files (x86)\Razer\Lachesis\razerofa.exe
    C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
    C:\Program Files (x86)\CodeBlocks\codeblocks.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = 54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ( address blocked: See forum rules)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_ = (address blocked: See forum rules)=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_= ( address blocked: See forum rules)=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ( address blocked: See forum rules)=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = (address blocked: See forum rules)=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
    O3 - Toolbar: Digsby Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    O4 - HKLM\..\Run: [Lachesis] C:\Program Files (x86)\Razer\Lachesis\razerhid.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Skypower\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background
    O4 - HKCU\..\Run: [WirelessManager] C:\Program Files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: Digsby.lnk = C:\Program Files (x86)\Digsby\digsby.exe
    O4 - Startup: Απόσπασμα οθόνης και Εκκίνηση για το OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: AccuracyTool - Shortcut.lnk = C:\backup\AccuracyTool.exe
    O4 - Global Startup: Nike+ Utility.lnk = C:\Program Files (x86)\Nike+ Utility\Nike+ Utility.exe
    O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
    O8 - Extra context menu item: E&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Αποστολή στο OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Α&ποστολή στο OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O13 - Gopher Prefix:
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.e xe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
    O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files (x86)\COMODO\COMODO livePCsupport\CLPSLS.exe
    O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.e xe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Virtual CD v10 Management Service (VC10SecS) - H+H Software GmbH - C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 12456 bytes


    -----------

    I couldn't make a BitDefender scan. Ok so that's all. I beg you for help. I have only 50 mb free ram without nothing open.

    Btw: when I said 12 mb I ment Hard Disk space.
  2. #2
  3. Transforming Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    14,113
    Rep Power
    9398
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2010
    Posts
    4
    Rep Power
    0
    Ok I will try those and post results as soon as I can but I would appreciate any other help.

    By the way, to give you an example of how slow is the computer, MABM scaned only... 800 objects in 1 hour! Sometimes the pc goes to normal speeds for few minutes and within 1 min it scaned about 16000 objects...
  6. #4
  7. They're coming to take me away

    Join Date
    Jan 2005
    Location
    Florida
    Posts
    5,105
    Rep Power
    5049
    Originally Posted by skypower
    Ok I will try those and post results as soon as I can but I would appreciate any other help.
    First post back the results and we can go from there... Can't really offer much other help without knowing whether this is an infection problem or not... if it's not, we can explore other options at that point.. but as requinix suggested, start with those steps first.
    "I don't need to get a life. I'm a gamer. I have lots of lives!"
  8. #5
  9. Providing fuel for space ships
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2004
    Location
    nr Edinburgh, Scotland
    Posts
    14,382
    Rep Power
    3848
    Also, open up your task manager and see what process is eating the cpu.
    The No Ma'am commandments:

    1.) It is O.K. to call hooters 'knockers' and sometimes snack trays
    2.) It is wrong to be French
    3.) It is O.K. to put all bad people in a giant meat grinder
    4.) Lawyers, see rule 3
    5.) It is O.K. to drive a gas guzzler if it helps you get babes
    6.) Everyone should car pool but me
    7.) Bring back the word 'stewardesses'
    8.) Synchronized swimming is not a sport
    9.) Mud wrestling is a sport
  10. #6
  11. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2010
    Posts
    4
    Rep Power
    0
    Updated!
  12. #7
  13. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2010
    Posts
    4
    Rep Power
    0
    Ok guys found the problem! It wasn't a virus. My DELL laptop always had problem with the 10 sec countdown before windows start to fix problems so I canceled because the pc would freeze. Today I forgot to cancel it but it worked ok so my pc finally works good! Lock plx
  14. #8
  15. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2010
    Posts
    12
    Rep Power
    0

    free space


    Got to its window task manager and delete some unimportant files out of system. Some times I get such problem to get my pc slow; I just remove five or eight .exe files and get it speeded up. Anothereily I would like to assist you for free space in your memory.

IMN logo majestic logo threadwatch logo seochat tools logo