Jump to content

Certain computer functions slowed....Possible bad file or malware?


xyphr3

Recommended Posts

My annual greeting to THE PIT. I have actually kept up on reading the posts this year which has helped out a lot, but now it seems like I am having a problem. I create HIDDEN folders as my backup, just in case I (or the family) gets delete happy, if they can't see it, they can't delete it (assuming they aren't deleting entire folders...ex. my documents) But recently...my main concern/complaint...is it takes forever to hide 10+GB of music/videos/ppt/docx/etc. In the past, it would take maybe 10-15 seconds and now we are talking 10+minutes. Is that normal? I feel like I have plenty of free space available still. Also, I have noticed that I have 13+ svchost processes running at a time, so I just wanted some expert help in this area. Thanks!

 

Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.11.26.13Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16428Bryan :: BRYAN-COMP [administrator]12/1/2013 9:33:32 AMmbam-log-2013-12-01 (09-33-32).txt

 

# AdwCleaner v3.013 - Report created 01/12/2013 at 10:22:55# Updated 24/11/2013 by Xplode# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)# Username : Bryan - BRYAN-COMP# Running from : C:UsersBryanDesktopAdwCleaner.exe# Option : Scan***** [ Services ] ********** [ Files / Folders ] ********** [ Shortcuts ] ********** [ Registry ] ********** [ Browsers ] *****- Internet Explorer v11.0.9600.16428- Mozilla Firefox v25.0.1 (en-US)[ File : C:UsersBryanAppDataRoamingMozillaFirefoxProfilesjw9gsylx.default-1379287745939prefs.js ]*************************AdwCleaner[R0].txt - [647 octets] - [01/12/2013 10:22:55]########## EOF - C:AdwCleanerAdwCleaner[R0].txt - [706 octets] ##########Scan type: Full scan (C:|D:|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 382845Time elapsed: 44 minute(s), 5 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)

Link to post
Share on other sites

let's try to run an additional tool.

 

-Junkware-Removal-Tool-

 

Please download Junkware Removal Tool to your desktop.

 

Vista / 7 / 8 users:

You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

[*]Shut down your protection software now to avoid potential conflicts.

[*]Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

[*]The tool will open and start scanning your system.

[*]Please be patient as this can take a while to complete depending on your system's specifications.

At times will appear to be stalled, please be extra patient.

[*]On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

[*]Post the contents of JRT.txt into your next message.

Link to post
Share on other sites

Hi Juiliet!

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.0.8 (11.05.2013:1)OS: Windows 7 Ultimate x64Ran by Bryan on Mon 12/02/2013 at 11:25:41.26~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Services~~~ Registry Values~~~ Registry KeysSuccessfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchScopes{B63E8C83-1849-4E59-AB72-3AC724F73BB2}~~~ Files~~~ Folders~~~ FireFoxEmptied folder: C:UsersBryanAppDataRoamingmozillafirefoxprofilesjw9gsylx.default-1379287745939minidumps [66 files]~~~ Event Viewer Logs were cleared~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Mon 12/02/2013 at 11:31:22.68End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

I run my MBAM weekly, last time is picked up anything, it was here....and I would say the problem started around this time. But MBAM cleared it out, the scan after was clear and Super Anti Spyware was clean too. The problems are still present though. But on the other hand, maybe I should ask...if I am selecting 20gb of files (mainly pictures) right click and click the hidden box and click okay...Should it take 10 minutes to hide the files?

 

Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.11.11.11Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16721Bryan :: BRYAN-COMP [administrator]11/11/2013 5:34:46 PMmbam-log-2013-11-11 (17-34-46).txtScan type: Full scan (C:|D:|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 384785Time elapsed: 45 minute(s), 6 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 2HKCRCLSID{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.HKCUSoftwareConduitFF (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 6C:UsersBryanAppDataLocalTempct3306061 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:UsersBryanAppDataLocalTempct3306061xpi (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:UsersBryanAppDataLocalTempct3306061xpidefaults (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:UsersBryanAppDataLocalTempct3306061xpidefaultspreferences (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:ProgramDataConduitIE (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:ProgramDataConduitIECT3306061 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.Files Detected: 24C:UsersBryanAppDataLocalTempmconduitinstaller.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:UsersBryanAppDataLocalTempnsa511B.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:UsersBryanAppDataLocalTempnsa8AC1.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:UsersBryanAppDataLocalTempnsa939A.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:UsersBryanAppDataLocalTempnsk69CC.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:UsersBryanAppDataLocalTempnsu4835.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:UsersBryanAppDataLocalTempQuickShare1.exe (PUP.Optional.QuickShare.A) -> Quarantined and deleted successfully.C:UsersBryanAppDataLocalTempSPStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:UsersBryanAppDataLocalTempUpdateCheckerSetup.exe (PUP.Optional.Somoto) -> Quarantined and deleted successfully.C:UsersBryanAppDataLocalTempct3306061ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:UsersBryanAppDataLocalTempct3306061ffLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:UsersBryanAppDataLocalTempct3306061ieLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:UsersBryanAppDataLocalTempct3306061spff.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:UsersBryanAppDataLocalTempct3306061statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:UsersBryanAppDataLocalTempct3306061stub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:UsersBryanAppDataLocalTempdlm7AD6.tmpmconduitinstaller.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:UsersBryanAppDataLocalTempct3306061chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:UsersBryanAppDataLocalTempct3306061conduit.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:UsersBryanAppDataLocalTempct3306061CT3306061.xpi (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:UsersBryanAppDataLocalTempct3306061setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:UsersBryanAppDataLocalTempct3306061version.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:UsersBryanAppDataLocalTempct3306061xpiinstall.rdf (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:UsersBryanAppDataLocalTempct3306061xpidefaultspreferencesdefaults.js (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:ProgramDataConduitIECT3306061UninstallerUI.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.(end)

Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.11.11.11Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16721Bryan :: BRYAN-COMP [administrator]11/12/2013 7:36:34 AMmbam-log-2013-11-12 (07-36-34).txtScan type: Full scan (C:|D:|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 384750Time elapsed: 43 minute(s), 21 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)

Link to post
Share on other sites

Hiding files to an existing folder....got me cause I don't know but, if you have done this before, including the amount is the same then it could be a different can of worms.

 

I want you to start a new topic here

http://forums.pcpitstop.com/index.php?/forum/25-have-i-been-hijacked/

then use the scanner below and post the logs please.

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

[*]Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will produce a log called FRST.txt in the same directory the tool is run from.

[*]Please copy and paste log back here.

[*]The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...