Jump to content

PC Lag, Crash, Loading, virtual memory issues


Recommended Posts

Hey People i've posted before but need help this time. Now i'm pretty good with computers. My PC Lag's, Tells me virtual Memory is too low, Chrome crashes, get blue screen of death here and there. Doesn't load most of the time. I just want it to run faster, load properly, and not crash. What should I do. Now I have Spybot S&D Bit Defender and hijack this. Here's a log for hijackthis on the bottom. 

OS - Windows XP, Version - Home Edition 2002, Service Pack 3, AMD Sempron Processor 3100+ , 1.81 GHz, 640 MB of RAM. No I can't afford to upgrade any hardware.

If there any more logs that I could do to help the situation it would be greatful if you let me know what you need.

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:11:40 PM, on 4/17/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Ralink\Common\RaRegistry.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ralink\Common\RaUI.exe
C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" //mailurl:mailto:hkggs-3718473767@job.craigslist.org?subject=Cook&body=%0A%0Ahttp%3A%2F%2Fyoungstown.craigslist.org%2Ffbh%2F3718473767.html%0A
R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
O4 - HKLM\..\Run: [sDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe"  -osboot
O4 - HKLM\..\RunOnce: [spybotDeletingE6791] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Rae\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [LogMeIn Cubby] "C:\Documents and Settings\Rae\Application Data\cubby\cubby.exe" -hidden
O4 - HKCU\..\RunOnce: [spybotDeletingF6207] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\WINDOWS\SchedLgU.Txt"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\Ralink\Common\RaUI.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1353036725143
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: BlackBerry Device Manager (Blackberry Device Manager) - Research In Motion Limited - C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Bitdefender Antivirus Free Edition (gzserv) - Bitdefender - C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\Ralink\Common\RaRegistry.exe
O23 - Service: RaMediaServer - Unknown owner - C:\Program Files\Ralink\Common\RaMediaServer.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
--
End of file - 9343 bytes
 
Link to post
Share on other sites

Hello tha_king_sp and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and then post your log files in a new reply in this thread:

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 4/22/2014

Scan Time: 6:02:05 PM

Logfile: 

Administrator: Yes

 

Version: 2.00.1.1004

Malware Database: v2014.04.22.05

Rootkit Database: v2014.03.27.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Chameleon: Disabled

 

OS: Windows XP Service Pack 3

CPU: x86

File System: NTFS

User: Rae

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 315890

Time Elapsed: 1 hr, 22 min, 1 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Shuriken: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 9

PUP.Optional.ValueApps.A, HKU\S-1-5-21-288204716-1781562890-680950131-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{93DBF2BB-A2B3-4683-A92E-57E60751F346}, Quarantined, [322b9a933645a096a0b6bb5e000227d9], 

PUP.Optional.ValueApps.A, HKU\S-1-5-21-288204716-1781562890-680950131-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{93DBF2BB-A2B3-4683-A92E-57E60751F346}, Quarantined, [322b9a933645a096a0b6bb5e000227d9], 

PUP.Optional.ValueApps.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{93DBF2BB-A2B3-4683-A92E-57E60751F346}, Quarantined, [322b9a933645a096a0b6bb5e000227d9], 

PUP.Optional.InstallBrain.A, HKLM\SOFTWARE\InstallIQ, Quarantined, [6bf2a8854239f2448d763e3d679b619f], 

PUP.Optional.SweetPacks.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Updater By SweetPacks, Quarantined, [cb92c6678af1e2547175b6e6fc07837d], 

PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT, Quarantined, [1e3f65c8295238fec5ac8e10e32060a0], 

PUP.Optional.ReMarkIt.A, HKU\S-1-5-21-288204716-1781562890-680950131-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Re_markit, Quarantined, [7ae31a1395e677bfe52f6a0b28da23dd], 

PUP.Optional.ValueApps.A, HKU\S-1-5-21-288204716-1781562890-680950131-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CONDUIT\ValueApps, Quarantined, [c4999796bfbcf3430991f9885da5a957], 

PUP.Optional.Softonic.A, HKU\S-1-5-21-288204716-1781562890-680950131-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Quarantined, [2b322607265592a462ec3c338c76b848], 

 

Registry Values: 1

PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT|URL, Quarantined, [1e3f65c8295238fec5ac8e10e32060a0], 

 

Registry Data: 0

(No malicious items detected)

 

Folders: 3

PUP.Optional.ValueApps.A, C:\Documents and Settings\Rae\Application Data\ValueApps\CH, Quarantined, [61fc58d5d3a8d66000dee7930ff3837d], 

PUP.Optional.Conduit.A, C:\Documents and Settings\Rae\Local Settings\Temp\ct3311333, Quarantined, [f568cd605c1f51e55b75a6bac73b8a76], 

PUP.Optional.Conduit.A, C:\Documents and Settings\Rae\Local Settings\Temp\mam-ct3316263, Quarantined, [ca9383aae398da5cc03552148a7830d0], 

 

Files: 7

PUP.Optional.InstallIQ, C:\Documents and Settings\Rae\My Documents\Downloads\trialpay_d2503714.exe, Quarantined, [203dc4691d5e96a013ffe74a1fe2c43c], 

PUP.Optional.OpenCandy, C:\Documents and Settings\Rae\My Documents\Downloads\AIM_Install.exe, Quarantined, [61fc6ac30b707fb7e8fdd6780004c040], 

PUP.Optional.Conduit.A, C:\Documents and Settings\SP\Local Settings\Temporary Internet Files\Content.IE5\WF2ZI92X\wstest[1].exe, Quarantined, [2d3052db82f958def4888599ad5347b9], 

PUP.Optional.ValueApps.A, C:\Documents and Settings\Rae\Application Data\ValueApps\CH\TBVerifier.dll, Quarantined, [61fc58d5d3a8d66000dee7930ff3837d], 

PUP.Optional.Pricegong, C:\Documents and Settings\Rae\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage, Quarantined, [be9fff2e186390a6f6856718f111dd23], 

PUP.Optional.Pricegong, C:\Documents and Settings\Rae\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage-journal, Quarantined, [f16c9c9114670c2adba0f08ff909837d], 

PUP.Optional.SweetPacks.A, C:\Documents and Settings\SP\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (               "homepage_url": "http://www.sweetpacks.com",), Replaced,[4c11da531863bc7ad96a7cdb9272e41c]

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites

  • 1 month later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.