wireddj Posted May 3, 2010 Posted May 3, 2010 Hi there people i'm not sure if i have posted this in the right place as i have run numerous scans & got rid of viruses & malware. My problem started about a week ago. My comp was running fine then the next day i switched it on like normal but ever since then everything has been running slow & Hard Drive space is vanishing into thin air. I have read things about shadow storage taking up space but i reduced my limit ages ago & have now turned off system restore so that's not it. Its weird if i click on start them computer on the computer page i will right click then refresh & 100mb will go or if i leave it a couple of minutes then do the same thing 500 mb could be gone. I really dont understand what is going on & really need help to fix it as i cannot do anything in normal mode i have to do everything in safe mode including all scans. Up to now i have run various virus scans including Norton, Avira & Bit defender (only one software was on my comp at any one time) & removed some viruses, i've also ran Super Anti Spyware & Malwarebytes AntiMalware & removed stuff. But still i have this problem. By the way my operating system is Windows Vista Home Premium 32 bit service pack 2. Thanx in advance & hope someone can help me. Quote
Starbuck Posted May 3, 2010 Posted May 3, 2010 Hi wireddj i've also ran Super Anti Spyware & Malwarebytes AntiMalware & removed stuff. Could you let me have the scan reports for these programs, so that i can take a look at what was removed. SuperAntiSpyware: To retrieve the removal information after reboot, launch SUPERAntispyware again.Click Preferences, then click the Statistics/Logs tab. Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. If there are several logs, click the current dated log and press View log. A text file will open in your default text editor. Please copy and paste the Scan Log results in your next reply.[*]Click Close to exit the program. MalwareBytes: start MBAM. click on the 'Logs' tab. The reports are date stamped.... double click on the one that removed items. It will open in Notepad, just copy and paste the results in your next reply. Thanks. Quote Member of:UNITE
wireddj Posted May 3, 2010 Author Posted May 3, 2010 Hi there yeah here are the logs... SUPERAntiSpyware Scan Log SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware! Generated 05/02/2010 at 06:15 PM Application Version : 4.36.1006 Core Rules Database Version : 4868 Trace Rules Database Version: 2680 Scan type : Complete Scan Total Scan Time : 04:35:36 Memory items scanned : 448 Memory threats detected : 0 Registry items scanned : 8578 Registry threats detected : 0 File items scanned : 80659 File threats detected : 13 Adware.Tracking Cookie C:\Users\Demented Blaster\AppData\Roaming\Microsoft\Windows\Cookies\demented_blaster@insightexpressai[1].txt C:\Users\Demented Blaster\AppData\Roaming\Microsoft\Windows\Cookies\demented_blaster@doubleclick[1].txt C:\Users\Demented Blaster\AppData\Roaming\Microsoft\Windows\Cookies\demented_blaster@atdmt[2].txt C:\Users\Demented Blaster\AppData\Roaming\Microsoft\Windows\Cookies\demented_blaster@atdmt[3].txt C:\Users\Demented Blaster\AppData\Roaming\Microsoft\Windows\Cookies\demented_blaster@atdmt[4].txt Rogue.Agent/Gen-Nullo[DLL] C:\WINDOWS\SYSTEM32\SLIBJYE.DLL C:\WINDOWS\SYSTEM32\SLIBRH.DLL C:\WINDOWS\SYSTEM32\SOLEJTTD.DLL C:\WINDOWS\SYSTEM32\SSLHPT.DLL C:\WINDOWS\SYSTEM32\SSLIBJTD.DLL C:\WINDOWS\SYSTEM32\SSLIBPOP.DLL C:\WINDOWS\SYSTEM32\SSOLEMN.DLL C:\WINDOWS\SYSTEM32\SSOLETH.DLL Malwarebytes' Anti-Malware 1.46 Malwarebytes Database version: 4060 Windows 6.0.6002 Service Pack 2 (Safe Mode) Internet Explorer 8.0.6001.18904 5/3/2010 3:15:09 PM mbam-log-2010-05-03 (15-15-09).txt Scan type: Full scan (C:\|) Objects scanned: 836261 Time elapsed: 4 hour(s), 12 minute(s), 36 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Program Files\Waves\DiamondUninstall\UNWISE.EXE (Malware.Packer.Morphine) -> Not selected for removal. Quote
Starbuck Posted May 3, 2010 Posted May 3, 2010 Thanks for that. I'll move this thread to the 'Malware Removal' forum, it'll be easier to deal with there. Quote Member of:UNITE
Starbuck Posted May 3, 2010 Posted May 3, 2010 Let's have a better look at your system. If you can run these programs in normal mode it will give us a much better report. Hi Step 1 Download TFC by OldTimer to your desktop Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). It will close all programs when run, so make sure you have saved all your work before you begin. Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion. Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean. Step 2 Download OTL to your desktop. if you have problems, try this download link: OTL Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. . http://img.photobucket.com/albums/v708/starbuck50/new/newOtl2.png Now copy the lines in the codebox below. netsvcs msconfig %SYSTEMDRIVE%\*.exe /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys nvrd32.sys symmpi.sys adp3132.sys /md5stop %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles CREATERESTOREPOINT right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png . Click the Run Scan button. http://img.photobucket.com/albums/v708/starbuck50/runscan.png Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply. In your next reply, please submit: Both reports from OTL Thanks. Quote Member of:UNITE
wireddj Posted May 3, 2010 Author Posted May 3, 2010 Hey will these programs take long to run it's just that when i have run the comp in normal mode the har drive space dissapears thats why i've been running it in safe mode. Quote
Starbuck Posted May 3, 2010 Posted May 3, 2010 The first program will actually stop everything from running when i does the scan. So if there's anything bad going on... it'll stop it. It will then reboot your system to ensure that all temp files have been removed. The second will run in safe mode, but like i say it will give us a better report if run in normal mode. Typical scan should take no longer than about 3 - 4 mins. Quote Member of:UNITE
wireddj Posted May 3, 2010 Author Posted May 3, 2010 Hi again Starbuck, i ran the 1st scan without any probs but when it came to the second i ran in both normal & safe mode & gave up as i think the program must of hung as it got stuck on a process that said Manual File - Getting folder structure... Quote
wireddj Posted May 3, 2010 Author Posted May 3, 2010 oh no it's carried on again but in safe mode only, will post the logs when finished Quote
wireddj Posted May 3, 2010 Author Posted May 3, 2010 hey i will do again in the morning in safe mode & will post the logs Quote
Starbuck Posted May 3, 2010 Posted May 3, 2010 Hi wireddj, If the scan seems to get stuck, try leaving it for awhile. This program doesn't work like Windows' wants it to.... so sometimes it seems to get stuck, but isn't. If it doesn't complete..... just run it again, only this time don't add the extra scans. You shouldn't have a problem then. Quote Member of:UNITE
wireddj Posted May 4, 2010 Author Posted May 4, 2010 Hey Starbuck will be running those programs but probably wont be until tomorrow now or even the day after as i've woken up to a new problem this morn! I switched on the comp & there is some kind of virus scanning software virus. It wont even let me get into safe mode but have managed to get into safe mode with prompt & am now running malwarebytes. Am gonna run it on both my c drive & e drive but both are big (30+ gig each) so will take some time. Am also gonna run a virus scan on both afterwards & then super anti spyware after that so could be a few days so please keep this topic open. thanx. By the way could a virus jump from my c drive to my e drive? Quote
wireddj Posted May 4, 2010 Author Posted May 4, 2010 1 more thing could it be a rootkit problem? Quote
Starbuck Posted May 4, 2010 Posted May 4, 2010 Hi wireddj Depending on the malware, anything is possible. Especially If the drives are using the same operating system. This is why most anti virus/anti malware programs will scan all your drives. 1 more thing could it be a rootkit problem? A lot of malware nowadays is root-kitted, this means that the malware is hidden from a lot of scanners. SAS and MBAM should be able to detect a lot of rootkits. Once you have run the OTL program, i'll take a look, then maybe we'll run a dedicated rootkit scan. But let's see the results first. If SAS and MBAM remove anything, let me have those results as well. Thanks. Quote Member of:UNITE
wireddj Posted May 10, 2010 Author Posted May 10, 2010 (edited) Hi again i ran the 2 programs but there was only 1 report generated from the OTL scan. It was too long to post so have attatched it with this post.OTL.Txt Edited May 10, 2010 by wireddj Quote
RandyL Posted May 10, 2010 Posted May 10, 2010 Hi, maybe I can help. Click on the blue button that says "add new post". On the message body toolbar click on the paper clip icon to upload and add attachments. Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
wireddj Posted May 10, 2010 Author Posted May 10, 2010 Thanks Randyl, yeah i managed to upload the log. lol. Thankyou. Quote
wireddj Posted May 10, 2010 Author Posted May 10, 2010 Hey can someone give me some help please? Quote
Starbuck Posted May 10, 2010 Posted May 10, 2010 Hey can someone give me some help please? please try and calm down. All of us 'helpers' have full time jobs and help here in our spare time. I'm currently working away from home, but have taken a look at your report. The reason you only had the main.txt was that you have run OTL twice. OTL only gives the 2 reports on a 1st run (by default) unless run differently. As you have run OTL previously you will have to run it again using these instructions: Double click on OTL.exe to run it. Under Extra Registry section, select Use SafeList. Don't check the boxes beside 'LOP Check' and 'Purity Check' this time. Click on Run Scan at the top left hand corner. When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply. Add them both as attachments if they are too large. There are problems showing in the main.txt that we need to address, but i need both reports to make a full diagnosis. Thanks Quote Member of:UNITE
wireddj Posted May 11, 2010 Author Posted May 11, 2010 Hi Starbuck sorry about that i didn't mean to come over as a prat i do realise that all helpers are volunteers & that you have full time jobs & i do appreciate you taking time to help me so for that i'm sorry. I just want to get my comp back to normal so i can get on with my own stuff....Anyway I've attatched the logs as they seem quite long to me.OTL.TxtExtras.Txt Quote
RandyL Posted May 11, 2010 Posted May 11, 2010 I can vouch for Starbuck. He meant no disrespect. He himself will not tolerate any such thing. He only wants you to be patient and wait so that he can continue to fully help you resolve this issue until the very end. He never gives up on anyone. Trust me. You are in good hands here. And I too am like you. We want our stuff to work right all the time and as soon as we can. No worries friend. Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
wireddj Posted May 11, 2010 Author Posted May 11, 2010 Once again sorry people & your help is much appreciated. Quote
wireddj Posted May 11, 2010 Author Posted May 11, 2010 Hey sorry to be a pain Starbuck but the second time i ran the OTL Scan was i supposed to paste in that command...? As i didnt. netsvcs msconfig %SYSTEMDRIVE%\*.exe /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys nvrd32.sys symmpi.sys adp3132.sys /md5stop %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles Quote
RandyL Posted May 11, 2010 Posted May 11, 2010 No need to be sorry. You did nothing wrong. We are here to help you. I just hope we can. Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.