Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

computer very slow low disk space ie doesnt work


  • This topic is locked This topic is locked
35 replies to this topic

#1 mefrank

mefrank

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 01 November 2011 - 12:38 PM

thanks you in advance
my computer was infected with zenton
after alot of work i was able to get rid of it i ran all virus scans that i could but they will shut down right away so th eonly thing that ran was combofix which i know i wasnt suppose to run without permission but that the only thing that worked and after that i ran chkdsk that cleaned up alot of stuff i now could now use my computer but my computer is running real slow it keeps on telling me that the memory is low and the ie hasn't work since i got infected and flash doesnt work when i am online i try running scans but they don't pick up anything
thank you very much attached are files as requested

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Run by menachem frankel at 14:14:11 on 2011-10-28
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1013.257 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\Program Files\Cobian Backup 10\cbService.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: {4E7BD74F-2B8D-469E-D0EA-FD61A78FAC7D} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {d5233fcd-d258-4903-89b8-fb1568e7413d} - mscoree.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {4E7BD74F-2B8D-469E-D0EA-FD61A78FAC7D} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNjk1NjA3OTgzLUZQOSs2LVRCOSsyLUZMKzktRjEwTSs1LVFJWDErNC1YMjAxMCsyLUYxME0xMEQrMi1GTDEwKzEtRERUKzE4ODk0LVRVRyszLVNVUCsxLUREMTBGKzEtU1QxMEZBUFArMS1GMTBNMTJBVCsxLUYxME0xMkErMS1GMTBNMTJBQisxLVUxMCsxLUYxME0xMkFUQisx"&"prod=90"&"ver=10.0.1410
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.cric7.com/vjocx-en-black.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.11.1
TCP: Interfaces\{C4970A61-5FB5-45ED-87D7-9D91697E6426} : DhcpNameServer = 192.168.11.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\menachem frankel\application data\mozilla\firefox\profiles\e2ae0irw.default\
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\menachem frankel\application data\move networks\plugins\npqmp071500000347.dll
FF - plugin: c:\documents and settings\menachem frankel\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrl.1.0.21115.0.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-5-12 207280]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 229840]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2010-6-29 114416]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-9-12 5265248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\cobian backup 10\cbVSCService.exe [2011-9-20 67584]
R2 CobianBackup10;Cobian Backup 10;c:\program files\cobian backup 10\cbService.exe [2011-9-20 1125376]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]
S3 isaxbox;isaxbox;\??\c:\windows\system32\isaxbox.sys --> c:\windows\system32\isaxbox.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-19 22216]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-19 366152]
S4 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-11-24 29263712]
.
=============== Created Last 30 ================
.
2011-10-12 18:05:27 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2011-10-11 14:32:59 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-10-10 19:10:22 -------- d-----w- c:\windows\IE8
2011-10-10 18:52:43 -------- d-----w- c:\documents and settings\menachem frankel\application data\ElevatedDiagnostics
2011-10-10 16:05:43 -------- d-----w- c:\documents and settings\menachem frankel\application data\AVG2012
2011-10-10 16:01:54 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
2011-10-07 13:09:27 -------- d-----w- c:\program files\ESET
2011-10-06 20:25:08 388096 ----a-r- c:\documents and settings\menachem frankel\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-10-06 20:25:05 -------- d-----w- c:\program files\Trend Micro
2011-10-06 20:00:11 -------- d-----w- c:\program files\CCleaner
2011-10-04 15:03:59 -------- d-----w- C:\found.000
2011-10-03 21:19:29 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-10-03 21:19:13 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-10-03 20:02:33 42112 ----a-w- c:\windows\system32\drivers\imapi.sys
2011-10-03 20:02:33 42112 ----a-w- c:\windows\system32\dllcache\imapi.sys
2011-10-03 19:53:55 -------- d-sha-r- C:\cmdcons
2011-10-03 19:50:37 98816 ----a-w- c:\windows\sed.exe
2011-10-03 19:50:37 518144 ----a-w- c:\windows\SWREG.exe
2011-10-03 19:50:37 256000 ----a-w- c:\windows\PEV.exe
2011-10-03 19:50:37 208896 ----a-w- c:\windows\MBR.exe
2011-10-03 18:58:09 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2011-10-03 18:56:37 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2011-10-03 18:20:13 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2011-10-03 18:19:28 -------- d-----w- C:\064883358a6662bfa7681bfa4ecb86
2011-10-03 15:20:07 45568 ------w- c:\windows\system32\dllcache\wab.exe
2011-10-03 15:13:40 -------- d-----w- C:\fac7d3f08c3980aceac184
.
==================== Find3M ====================
.
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-20 17:40:15 36352 ----a-w- c:\windows\system32\drivers\intelppm.sys
2011-09-13 10:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 16:06:51 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-09-06 16:06:51 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-18 19:51:19 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-16 18:16:15 404640 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 14:16:24.76 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 AM

Posted 06 November 2011 - 12:40 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/425883 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:44 AM

Posted 07 November 2011 - 11:22 AM

From the Extra.txt file

==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 0.122 GiB free.
D: is CDROM ()


This is the main reason for your problems.

The free space should not be less then 8 to 10% of your Hard disk.

==== System Restore Points ===================
.
No restore point in system.


Because of this low space you do not have a Restore point.

===

You can start by removing these programs using the Add/Remove programs list.

HiJackThis
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Spybot - Search & Destroy

===

Run the CCleaner tool and remove old temp files.

Then please click Posted Image and choose Posted Image

Please uncheck Posted Image

Then go back to Posted Image and click Posted Image to run it.
===

You must delete or move your old personal files, movies, pictures to a CD, flash drive or removable Hard Driver.

Let me know what problem persists when you have cleaned this computer of old files.

#4 mefrank

mefrank
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 07 November 2011 - 04:33 PM

thank you nasdaq for your reply
i did what you told me to do i am still having a problem that the memory is low
and the computer is still slow
the avg can't update
the ie still doesn't work
thank you

#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:44 AM

Posted 07 November 2011 - 07:27 PM

Please run the DDS tool and submit the Attach.txt only for my review.

#6 mefrank

mefrank
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 08 November 2011 - 04:38 PM

thank you
here it is

Attached Files



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:44 AM

Posted 09 November 2011 - 08:26 AM

C: is FIXED (NTFS) - 74 GiB total, 0.284 GiB free.


You only have .284 Gib free space. This is only .3% . Until your get this free space to more than 5 Gib you will have problems.

Move some files as I requested to a CD, Flash drive or a Removable drive.

Do not copy them you must move them. The Copy function does not remove the files from your Computer Hard drive.

If you need help moving the file please ask.

#8 mefrank

mefrank
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 11 November 2011 - 12:33 PM

thanks
i removed as much stuff as possible
i never had a memory problem i use my computer just for work related things i dont have that much files that will take up alot of room like videos or music if i have its like 10 disk worth of music nothing big
this problem started after that virus i had
also once when i ran the spybot search and desroy when i was cleaning out that last virus it said i had something called i think virtumode virus but it cleaned it out
which when i googled it said that this thing fill up your memory so maybe it was that but it was removed
and now everything that i scan with says there is nothing wrong
when i opened my c drive under my computer there are like 25 files that end in .7z i have no idea what they are one is like 18,738,032 kb maybe this is taking up all the room
also how can i get my internet explorer working again when i click on it it says file not found or just nothing happens
thanks again

#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:44 AM

Posted 12 November 2011 - 08:40 AM

Files with .7Zextension are compresses files from 7-Zip software.

http://en.wikipedia.org/wiki/7-Zip

Do you use this program?

What are the dates of the .7z files?

#10 mefrank

mefrank
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 14 November 2011 - 03:04 PM

i have 28 of these files taking up 46.4 gb dating from 9/20/11 - 11/13/11
the only thing i understand from Wikipedia is that its a zip file
i dont know of any file i would have that is that big that i need
so i have no idea were it is from
thanks

#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:44 AM

Posted 15 November 2011 - 09:49 AM

Do you use 7-zip on occasions?

#12 mefrank

mefrank
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 15 November 2011 - 01:21 PM

i dont know how to open them even
i usually use winzip
one was created yesterday
can i just delete them

#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:44 AM

Posted 15 November 2011 - 02:39 PM

i dont know how to open them even
i usually use winzip
one was created yesterday
can i just delete them



If they are zip files Winzip should be able to open them.

What I would do is move them to a CD.

My concern is why are these 7-zip files being created.

What I would do when the files are no longer on my computer is remove WinZip using the Add/Remove programs.

Restart the computer.

Make sure everything is close and reinstall Winzip.

Keep me posted.

#14 mefrank

mefrank
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 16 November 2011 - 09:33 PM

nasdaq
i think i found what is creating them i think it is the cobian backup that i set up when i started the virus removal
when i looked into setting up a new task it showed that it compressed the files into a .7z file
the question is if i could delete all the backups
i tried to change it so it doesnt keep on running maybe i should just delete the program
i cant put this stuff on a cd its 50gb that is to big
thanks alot tell me what you think i should do

#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:44 AM

Posted 17 November 2011 - 09:44 AM

I think you need to check your settings on this tool.
Are you making an incremental or a full backup every day.

On you have familiarized yourself with this using the FAQ below I would be incline to delete everything, even the progam via the Add/Remove Programs list if available and start the re-installation using the incremental function.

As you can see the backup can be directed to a CD or a flash drive. Which is a better way to save your files in case your computer fails completely.


Frequently asked questions (FAQ)
http://www.cobiansoft.com/cobianbackup_faq.htm#7

http://en.wikipedia.org/wiki/Cobian_Backup

==

You can peruse or start a topic on the subject here.
http://www.cobiansoft.com/forum/yaf_topics2_Cobian-Backup-10--Boletus.aspx




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users