Please help something wrong with Comp

[wireddj]

Hi there people i'm not sure if i have posted this in the right place as i have run numerous scans & got rid of viruses & malware. My problem started about a week ago. My comp was running fine then the next day i switched it on like normal but ever since then everything has been running slow & Hard Drive space is vanishing into thin air. I have read things about shadow storage taking up space but i reduced my limit ages ago & have now turned off system restore so that's not it. Its weird if i click on start them computer on the computer page i will right click then refresh & 100mb will go or if i leave it a couple of minutes then do the same thing 500 mb could be gone. I really dont understand what is going on & really need help to fix it as i cannot do anything in normal mode i have to do everything in safe mode including all scans. Up to now i have run various virus scans including Norton, Avira & Bit defender (only one software was on my comp at any one time) & removed some viruses, i've also ran Super Anti Spyware & Malwarebytes AntiMalware & removed stuff. But still i have this problem. By the way my operating system is Windows Vista Home Premium 32 bit service pack 2. Thanx in advance & hope someone can help me.

[Starbuck]

Hi wireddj

 

i've also ran Super Anti Spyware & Malwarebytes AntiMalware & removed stuff.

Could you let me have the scan reports for these programs, so that i can take a look at what was removed.

 

SuperAntiSpyware:

• To retrieve the removal information after reboot, launch SUPERAntispyware again.
  • Click Preferences, then click the Statistics/Logs tab.
    
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    
  • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    
  • Please copy and paste the Scan Log results in your next reply.

  [*]Click Close to exit the program.

 

MalwareBytes:

start MBAM.

click on the 'Logs' tab.

The reports are date stamped.... double click on the one that removed items.

It will open in Notepad, just copy and paste the results in your next reply.

 

Thanks.

[wireddj]

Hi there yeah here are the logs...

 

SUPERAntiSpyware Scan Log

SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

 

Generated 05/02/2010 at 06:15 PM

 

Application Version : 4.36.1006

 

Core Rules Database Version : 4868

Trace Rules Database Version: 2680

 

Scan type : Complete Scan

Total Scan Time : 04:35:36

 

Memory items scanned : 448

Memory threats detected : 0

Registry items scanned : 8578

Registry threats detected : 0

File items scanned : 80659

File threats detected : 13

 

Adware.Tracking Cookie

C:\Users\Demented Blaster\AppData\Roaming\Microsoft\Windows\Cookies\demented_blaster@insightexpressai[1].txt

C:\Users\Demented Blaster\AppData\Roaming\Microsoft\Windows\Cookies\demented_blaster@doubleclick[1].txt

C:\Users\Demented Blaster\AppData\Roaming\Microsoft\Windows\Cookies\demented_blaster@atdmt[2].txt

C:\Users\Demented Blaster\AppData\Roaming\Microsoft\Windows\Cookies\demented_blaster@atdmt[3].txt

C:\Users\Demented Blaster\AppData\Roaming\Microsoft\Windows\Cookies\demented_blaster@atdmt[4].txt

 

Rogue.Agent/Gen-Nullo[DLL]

C:\WINDOWS\SYSTEM32\SLIBJYE.DLL

C:\WINDOWS\SYSTEM32\SLIBRH.DLL

C:\WINDOWS\SYSTEM32\SOLEJTTD.DLL

C:\WINDOWS\SYSTEM32\SSLHPT.DLL

C:\WINDOWS\SYSTEM32\SSLIBJTD.DLL

C:\WINDOWS\SYSTEM32\SSLIBPOP.DLL

C:\WINDOWS\SYSTEM32\SSOLEMN.DLL

C:\WINDOWS\SYSTEM32\SSOLETH.DLL

 

 

Malwarebytes' Anti-Malware 1.46

Malwarebytes

 

Database version: 4060

 

Windows 6.0.6002 Service Pack 2 (Safe Mode)

Internet Explorer 8.0.6001.18904

 

5/3/2010 3:15:09 PM

mbam-log-2010-05-03 (15-15-09).txt

 

Scan type: Full scan (C:\|)

Objects scanned: 836261

Time elapsed: 4 hour(s), 12 minute(s), 36 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

C:\Program Files\Waves\DiamondUninstall\UNWISE.EXE (Malware.Packer.Morphine) -> Not selected for removal.

[Starbuck]

Thanks for that.

I'll move this thread to the 'Malware Removal' forum, it'll be easier to deal with there.

[wireddj]

Ok thank you

[Starbuck]

Let's have a better look at your system.

If you can run these programs in normal mode it will give us a much better report.

 

Hi

 

Step 1

Download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

 

Step 2

• Download OTL to your desktop.
  if you have problems, try this download link:
  OTL
  
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Check the boxes beside LOP Check and Purity Check

.

 

.

http://img.photobucket.com/albums/v708/starbuck50/new/newOtl2.png

Now copy the lines in the codebox below.


netsvcs
msconfig
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

• right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
   
  http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
  .
  
• Click the Run Scan button.
   
  http://img.photobucket.com/albums/v708/starbuck50/runscan.png
   
  
• Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

 

In your next reply, please submit:

Both reports from OTL

 

 

Thanks.

[wireddj]

Hey will these programs take long to run it's just that when i have run the comp in normal mode the har drive space dissapears thats why i've been running it in safe mode.

[Starbuck]

The first program will actually stop everything from running when i does the scan.

So if there's anything bad going on... it'll stop it.

It will then reboot your system to ensure that all temp files have been removed.

 

The second will run in safe mode, but like i say it will give us a better report if run in normal mode.

Typical scan should take no longer than about 3 - 4 mins.

[wireddj]

Hi again Starbuck, i ran the 1st scan without any probs but when it came to the second i ran in both normal & safe mode & gave up as i think the program must of hung as it got stuck on a process that said Manual File - Getting folder structure...

[wireddj]

oh no it's carried on again but in safe mode only, will post the logs when finished

[wireddj]

hey i will do again in the morning in safe mode & will post the logs

[Starbuck]

Hi wireddj,

 

If the scan seems to get stuck, try leaving it for awhile.

This program doesn't work like Windows' wants it to.... so sometimes it seems to get stuck, but isn't.

If it doesn't complete..... just run it again, only this time don't add the extra scans.

You shouldn't have a problem then.

[wireddj]

Hey Starbuck will be running those programs but probably wont be until tomorrow now or even the day after as i've woken up to a new problem this morn! I switched on the comp & there is some kind of virus scanning software virus. It wont even let me get into safe mode but have managed to get into safe mode with prompt & am now running malwarebytes. Am gonna run it on both my c drive & e drive but both are big (30+ gig each) so will take some time. Am also gonna run a virus scan on both afterwards & then super anti spyware after that so could be a few days so please keep this topic open. thanx. By the way could a virus jump from my c drive to my e drive?

[wireddj]

1 more thing could it be a rootkit problem?

[Starbuck]

Hi wireddj

 

Depending on the malware, anything is possible.

Especially If the drives are using the same operating system.

This is why most anti virus/anti malware programs will scan all your drives.

 

1 more thing could it be a rootkit problem?

A lot of malware nowadays is root-kitted, this means that the malware is hidden from a lot of scanners.

SAS and MBAM should be able to detect a lot of rootkits.

Once you have run the OTL program, i'll take a look, then maybe we'll run a dedicated rootkit scan.

But let's see the results first.

If SAS and MBAM remove anything, let me have those results as well.

Thanks.

[wireddj]

Hi again i ran the 2 programs but there was only 1 report generated from the OTL scan. It was too long to post so have attatched it with this post.

OTL.Txt

Edited May 10, 2010 by wireddj

[RandyL]

Hi, maybe I can help.

 

Click on the blue button that says "add new post".

 

On the message body toolbar click on the paper clip icon to upload and add attachments.

[wireddj]

Thanks Randyl, yeah i managed to upload the log. lol. Thankyou.

[wireddj]

Hey can someone give me some help please?

[Starbuck]

Hey can someone give me some help please?

please try and calm down.

All of us 'helpers' have full time jobs and help here in our spare time.

 

I'm currently working away from home, but have taken a look at your report.

The reason you only had the main.txt was that you have run OTL twice.

OTL only gives the 2 reports on a 1st run (by default) unless run differently.

 

As you have run OTL previously you will have to run it again using these instructions:

 

Double click on OTL.exe to run it.

• Under Extra Registry section, select Use SafeList.
  
• Don't check the boxes beside 'LOP Check' and 'Purity Check' this time.
  
• Click on Run Scan at the top left hand corner.
  
• When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply.

 

Add them both as attachments if they are too large.

There are problems showing in the main.txt that we need to address, but i need both reports to make a full diagnosis.

 

Thanks

[wireddj]

Hi Starbuck sorry about that i didn't mean to come over as a prat i do realise that all helpers are volunteers & that you have full time jobs & i do appreciate you taking time to help me so for that i'm sorry. I just want to get my comp back to normal so i can get on with my own stuff....Anyway I've attatched the logs as they seem quite long to me.

OTL.Txt

Extras.Txt

[RandyL]

I can vouch for Starbuck. He meant no disrespect. He himself will not tolerate any such thing.

 

He only wants you to be patient and wait so that he can continue to fully help you resolve this issue until the very end. He never gives up on anyone.

 

Trust me. You are in good hands here. And I too am like you. We want our stuff to work right all the time and as soon as we can.

 

No worries friend.

[wireddj]

Once again sorry people & your help is much appreciated.

[wireddj]

Hey sorry to be a pain Starbuck but the second time i ran the OTL Scan was i supposed to paste in that command...? As i didnt.

 

netsvcs

msconfig

%SYSTEMDRIVE%\*.exe

/md5start

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

sceclt.dll

ntelogon.dll

logevent.dll

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

nvrd32.sys

symmpi.sys

adp3132.sys

/md5stop

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

[RandyL]

No need to be sorry. You did nothing wrong. We are here to help you. I just hope we can.