[kjeffiE]

Hello!

Since tuesday, when I got a virus(Rogue or rouge/security tool virus), it's been much slower. I removed the virus through tips from google, with help from taskmanager - malwarebytes and NOD 32 and hijackthis. I've been googling like a madman to solve the problem, without getting rid of this. I do not have a HP pc which I found out has a typical 50% cpu usage problem. I have my own selfbuilt PC which I've had for 1,5 years, and this has never happened before.

I've used CCleaner + the other programs I already told you about.

Now to the problems.

Taskmanager does not work anymore, it shows up as the cmdwindow(which disappears after like 1 second), after this nothing happens. I tried Start->Run->cmd->taskmgr and got the message:
"The program is too big for the memory(translated from norwegian)
C:\docume~1\kjeffiE(my nick)>

Because of this, I downloaded process explorer and it looks like SVChost is using 50% of my CPU.

Here's a screenshot from process explorer with the svchost highlighted + services it's running:

http://bildr.no/view/607594

I'm DESPERATE for help, it's getting really annoying how slow the pc is at the moment. I'll do what you'll ask me to do, please .

Thanks!

[Phantom010]

Please click here to download and install version 2.0.2 of the HijackThis Installer.

Run it and select Do a system scan and save a logfile.

The log will be saved in Notepad. Copy and paste the log in your next post.

Do not fix anything

[kjeffiE]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:32:46, on 14.03.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Java\jre6\bin\jqs.exe
C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe
C:\Programfiler\Fellesfiler\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programfiler\Eset\nod32krn.exe
C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe
C:\Programfiler\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Eset\nod32kui.exe
C:\WINDOWS\CTHELPER.EXE
C:\Programfiler\Razer\DeathAdder\razerhid.exe
C:\WINDOWS\system32\ctfmon.exe
C:\programfiler\steam\steam.exe
C:\Programfiler\Windows Live\Messenger\msnmsgr.exe
C:\Programfiler\Razer\DeathAdder\razerofa.exe
C:\Programfiler\Spotify\spotify.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\Documents and Settings\kjeffiE\Skrivebord\procexp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programfiler\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [nod32upd] rundll32 "C:\Programfiler\Eset\fc_upd.dll",NOD32Ioctl
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [DeathAdder] C:\Programfiler\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\programfiler\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - Startup: winesm32.exe
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programfiler\Fellesfiler\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 3821 bytes

[Phantom010]

Your computer is still infected with a rootkit. Please click on Report and kindly ask to be moved to the Malware Removal & HijackThis Logs forum. From there, be patient. You should get an answer within the next 48 hours. These guys are really busy!

[TerryNet]

Closing because you already opened another thread here.