OK, hoping someone has a fix I have just overlooked. I have spent two days browsing these forums in order to solve a critical problem with my computer. Sorry for the long post, just assumed it was best to be detailed.
My wife and I were using firefox in order to look up an episode of a tv show we wanted to watch. She inadvertently clicked a nefarious side bar link that immediately opened about a dozen pop up windows. Typically my virus scanner would step in and prevent any serious damage from being done to the OS on the rare occasion that something like this happened. Unfortunately, I had temporarily turned off the active portion of the AV software to improve performance in a game I was playing earlier in the day. Long story short, the pc contracted some sort of awful malware. Here are the computer details, and potential fixes already undertaken.
Last note: I wouldnt consider myself a complete novice when it comes to working with virus and performance issues on my own computers, but I am by no means an expert or someone who troubleshoots pc problems by profession, so I apologize in advance if something below is not clear.
PC
toshiba satellite A505 running windows 7 home premium 64bit... 2.13ghz with 8 gb of ddr3 corsair ram
Problem occuring:
svchost.exe sucks up all available physical memory and cpu, severely lagging OS and any attempts at running programs. At times during av scan, computer shuts down unexpectedly, assuming this has to do with workload hardware is under due to above problem.
Tracing the problematic svchost.exe process to the services related shows that it supports several potentially unwanted services within the netsvcs group: RasMan (Remote Access Connection Manager), Themes, Lanman server, Browser (Computer Browser), and CertPropSvc (Certificate Propogation).
Additionally, I found two low memory usage processes that I dont recall being present on the pc previously:
Steps Taken:
I ran a Hijackthis system scan.. results below:
[HJT log removed by Broni]
To me, this just raised more questions than answers, as there were a ton of unknown owner/file missing, as well as several ms office hijack sounding files that arent familiar to me from previous hijackthis logs.. Additionally, I do not think that Bit Defender, Trend Micro or Spybot have ever been on this computer, so I am not sure if these are bad occurences as well or not.
Any help much much appreciated.
Thanks
A
My wife and I were using firefox in order to look up an episode of a tv show we wanted to watch. She inadvertently clicked a nefarious side bar link that immediately opened about a dozen pop up windows. Typically my virus scanner would step in and prevent any serious damage from being done to the OS on the rare occasion that something like this happened. Unfortunately, I had temporarily turned off the active portion of the AV software to improve performance in a game I was playing earlier in the day. Long story short, the pc contracted some sort of awful malware. Here are the computer details, and potential fixes already undertaken.
Last note: I wouldnt consider myself a complete novice when it comes to working with virus and performance issues on my own computers, but I am by no means an expert or someone who troubleshoots pc problems by profession, so I apologize in advance if something below is not clear.
PC
toshiba satellite A505 running windows 7 home premium 64bit... 2.13ghz with 8 gb of ddr3 corsair ram
Problem occuring:
svchost.exe sucks up all available physical memory and cpu, severely lagging OS and any attempts at running programs. At times during av scan, computer shuts down unexpectedly, assuming this has to do with workload hardware is under due to above problem.
Tracing the problematic svchost.exe process to the services related shows that it supports several potentially unwanted services within the netsvcs group: RasMan (Remote Access Connection Manager), Themes, Lanman server, Browser (Computer Browser), and CertPropSvc (Certificate Propogation).
Additionally, I found two low memory usage processes that I dont recall being present on the pc previously:
- dllhost.exe (COM Surrogate)
- SDWinSec.exe *32 (Spybot - S&D Security Center Integration) - Important to note that I have NEVER installed any spybot av product, and the computer originally came with Kaspersky.. A cloned process or something was my worry..
Steps Taken:
- Immediately ran MS security essentials quick scan. No results found
- Immediately ran avast quick scan. No results found.
- Decided to uninstall the infected browser next. no help
- Decided to run ccleaner and delete all temp files, cookies, etc.
- Decided to run avast boot scan. rebooted and ran scan overnight with no results.
- Ran avast and MS sec ess full scans after reboot. No results found.
- Decided to rerun avast and ms sec ess full scans from safe mode reboot. No results.
- Decided to restore computer to one week previous to incident and then redownload all Windows and software updates. No results after reboot, problem still there.
I ran a Hijackthis system scan.. results below:
[HJT log removed by Broni]
To me, this just raised more questions than answers, as there were a ton of unknown owner/file missing, as well as several ms office hijack sounding files that arent familiar to me from previous hijackthis logs.. Additionally, I do not think that Bit Defender, Trend Micro or Spybot have ever been on this computer, so I am not sure if these are bad occurences as well or not.
Any help much much appreciated.
Thanks
A
