Solved Unknown source causing slow computer, and Java problems

[exmatt]

First off, I'm going to do my best to answer your questions but this is a friends laptop and he said if I couldn't fix it that we were just going to go back to factory settings and clean it out completely but I dont think thats necessary.
Second, Thank you for you time.
Third, the problems. It started when trying to play Runescape and he got kicked off, then when he tried to reenter it was just a white screen. I'm guessing this is a java problem. However he said that when he tried to update java it wouldn't go. So I told him to bring it over. I clean it the best I could but there is still some problems.
I KNOW there has to be more virus's and or trojens in his computer but I dont know how to find/ delete them. Also his computer was horribly slow and running at 100% all the time when I got it and I found this to be caused by windows media player network sharing or something like that. And I found the only way to function on his computer was to disable that. I dont know if he uses that but it was the only way.
I have not tried to reload java as I wanted to make sure everything else was fixed first so..please if you can give me a little guidance I would be very thankful.

NOTE: I don't know how to disable AVG so I had it running the whole time I was doing the logs. I dislike AVG so I dont normally use it and have no clue how to.

GMER: Uh this wouldn't work for me... I saved it to my desktop and started it and it comes up with an error about c:\windows\system32\config\system: the system cannot find the file specified then I run the scan still and the log is completely empty... I tried downloading it twice and still the same thing.

 

[crunchie]

Hi and welcome to the Techspot forums .

You may want to get rid of (uninstall) AVG and install either comodo or avast.

==

Please download ComboFix by sUBs from HERE or HERE

• You must download it to and run it from your Desktop
• Physically disconnect from the internet.
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When finished, it will produce a log. Please save that log to post in your next reply.
• Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

 

[exmatt]

How do I stop AVG from running so I can run combofix? I dont want to delete it yet until I get a chance to talk to him about it since he paid for it I guess.

 

[crunchie]

You may want to get rid of (uninstall) AVG and install either comodo or avast.

==

Thats the reason I wrote the above. AVG is a pain to stop. You did say you didn't like it. But then it's somebody else's, so other than that you might try to stop the service and then the processes before running.

 

[exmatt]

You got that right I see no way to stop anything but the firewall. Oh well, he was going to erase it all anyways so as long as its fixed I will do that. Onto running combofix.

 

[exmatt]

Uh it comes up with an error - win32 only, incompatible os. and it goes on and on. I thought I installed it correctly? It might be because I'm on windows 7...so what do I do now? Did I mention I dislike windows 7? lol at least at first...

 

[crunchie]

I missed that. It's a 64bit platform.

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT


* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[exmatt]

It says the text I entered is too long do you want me to just attach them?

 

[exmatt]

Sorry didn't want to make you think I wasn't following instructions but even one by one they were too big.

 

[crunchie]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :File
  C:\32788R22FWJFW
  :OTL
  IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
  O2:[b]64bit:[/b] - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll File not found
  O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
  O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll File not found
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
  O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
  O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
  O4 - HKLM..\Run: []  File not found
  O4 - HKCU..\Run: [RegistryBooster] C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe File not found
  
  :Commands
  [emptyflash]
  [emptytemp]
  [resethosts]
  [Reboot]

• Then click the Run Fix button at the top.
• Let the program run unhindered, reboot the PC when it is done.
• Post the log from this run.
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

 

[exmatt]

All processes killed
Error: Unable to interpret <:File> in the current context!
Error: Unable to interpret <C:\32788R22FWJFW> in the current context!
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\RegistryBooster deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: matt
->Flash cache emptied: 687 bytes

User: Mcx1-MATT-PC

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: matt
->Temp folder emptied: 16052709 bytes
->Temporary Internet Files folder emptied: 62082785 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mcx1-MATT-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 31490 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 4027990 bytes

Total Files Cleaned = 78.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.9.1 log created on 08102010_142120

Files\Folders moved on Reboot...
C:\Users\matt\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

 

[crunchie]

It looks like I have not included the s when doing the fix.

Please run again as before and paste in the following;

:Files
C:\32788R22FWJFW

Post the fix log please.

How are things now?

 

[exmatt]

So paste in
:Files
C:\32788R22FWJFW
:OTL ...
on and on, or just
:Files
C:\32788R22FWJFW?

Things seem to be good. I had to take his optical drive out yesterday to retrieve a CD that somehow had managed to get Outside the drive...I'll never understand how he managed that one either. However the fan is still running loud as ever, but from what I've read this is quite common with windows 7...I have no clue how to help that though, except hearing something about changing it from running constantly, but I dont know how to do that.

 

[crunchie]

Fan speeds may be changed from within the BIOS, unless you get a program such as speedfan to adjust them.

Just enter into OTL exactly what I put in my last post in bold.

 

[exmatt]

========== FILES ==========
C:\32788R22FWJFW\N_ folder moved successfully.
C:\32788R22FWJFW\License folder moved successfully.
C:\32788R22FWJFW\EN-US folder moved successfully.
C:\32788R22FWJFW folder moved successfully.

OTL by OldTimer - Version 3.2.9.1 log created on 08112010_174325


I changed it to not run constantly but i dont know how to change the speed. And I tried speedfan, it didn't work for windows 7.

 

[crunchie]

Ok. Just do an online scan for me now please to check for any hangers-on.

Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.

• You will need to use Internet Explorer to complete this scan.
• You will need to temporarily Disable your current Anti-virus program.
• Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
• When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

NOTE: If you are unable to complete the ESET scan, please try another from the list below:

• Kaspersky Online Scanner ​

• Panda Active Scan​

• Trend Micro HouseCall​

• F-Secure Online Virus Scanner​

==========

Is there another motherboard header that you can connect to? I take it there are no settings in bios that allow for different speeds at different temps?

 

[exmatt]

I do not believe there is another header. And I'll check again but I dont remember seeing any other settings but enabling fan on constantly or disableing.

All the Log says is this--
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

But it found this as a threat--

C:\Users\matt\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\components\gvtlf.dll Win32/Adware.Gamevance.AG application

 

[crunchie]

You could upload that file for a scan to Jotti or virustotal to confirm ESET's findings.

Cannot help anymore with the fan, other than getting a dedicated fan controller.

 

[exmatt]

3 out of the 19 on Jotti called it malware..11 out of 33 on virustotal which i noticed microsoft listed on there called it adware.

One other thing, do you know how to stop Indexing? Its making his computer slower and its unneeded as he doesn't use it.

 

[crunchie]

Best remove that file .

For the indexer, go to the start button bottom left of screen and then go to the RUN command. Type in services.msc and hit ok.

Scroll down until you see the Indexing Service and stop it, then disable it.

 

[exmatt]

How do I remove it? if I just delete it it would probably come back right?

And crap, I knew how to do that! Oh well, thanks.

 

[crunchie]

So, you're all good?

 

[exmatt]

Should be. Thanks so much for your time. He'll be glad to get his laptop back now.

 

[crunchie]

No worries .

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC by OldTimer:
Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes.

 

[exmatt]

kk done that too