Jump to content

Thinking I have a virus, but not sure.


kalel

Recommended Posts

I think my laptop may have a virus, but I am unsure. If it is not a virus, let me apologize in advance for wasting your time. Browser is running super slow and so other a few other applications. For example, excel is freezing and locking up when I try to edit and print. Lap top was running great a week ago. Ran Malwarebytes and it returned with no infections found. Here is the log:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5684

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

2/5/2011 12:21:56 PM

mbam-log-2011-02-05 (12-21-56).txt

Scan type: Full scan (C:\|)

Objects scanned: 171399

Time elapsed: 25 minute(s), 39 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Here is the DSS log:

DDS (Ver_10-12-12.02) - NTFSx86

Run by Nate at 13:45:36.37 on Sat 02/05/2011

Internet Explorer: 7.0.5730.13

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1154 [GMT -6:00]

AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\IreIKE.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\SafeCfg.exe

svchost.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\IPSecMon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Documents and Settings\Nate\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Nate\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Nate\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Nate\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Nate\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Nate\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Nate\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [Google Update] "c:\documents and settings\nate\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\netgear prosafe vpn client\SafeCfg.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231948706640

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: avgrsstarter - avgrsstx.dll

Hosts: 192.168.1.4 termserver

Hosts: 192.168.1.3 lawserver

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-14 335240]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-14 27784]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-14 108552]

R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-1-14 908056]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-14 297752]

R2 Crypto;Crypto;c:\windows\system32\drivers\Crypto.sys [2009-1-14 467002]

R2 IPSECDRV;SafeNet IPSec Plugin;c:\windows\system32\drivers\IpSecDrv.sys [2009-1-14 118840]

R3 DniVap;SafeNet WAN Miniport (VA);c:\windows\system32\drivers\vap.sys [2009-1-14 36188]

S0 cerc6;cerc6; [x]

=============== Created Last 30 ================

2011-02-05 18:45:27 -------- d-----w- c:\docume~1\nate\locals~1\applic~1\Temp

2011-02-05 18:45:17 -------- d-----w- c:\docume~1\nate\locals~1\applic~1\Google

==================== Find3M ====================

============= FINISH: 13:45:56.28 ===============

Attach.zip

Link to post
Share on other sites

Hi kalel

:)

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

Next

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: EOLS1.gif
  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:

    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

[*]Now click on: EOLS3.gif

[*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

[*]When completed the Online Scan will begin automatically.

[*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

[*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

[*]Now click on: EOLS4.gif

[*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

[*]Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Link to post
Share on other sites

Sorry it took so long I was sick.

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6419

# api_version=3.0.2

# EOSSerial=391b3aec1b9b4048bf3088ac065159cf

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-02-11 03:24:06

# local_time=2011-02-10 09:24:06 (-0600, Central Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1024 16777191 100 0 64521087 64521087 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=41402

# found=0

# cleaned=0

# scan_time=1561

Link to post
Share on other sites

You may have corrupted files on your disk. Please try running the following.

First close ALL Applications as this routine will automatically restart your computer.

Click on START - RUN and copy / paste the following entry into the box and click OK

CMD /C ECHO Y|CHKDSK C: /F | SHUTDOWN /R /T 30

Download CCleaner from here to clean temp files from your computer.

  • Close all open internet browser windows
  • Double click on the ccsetup file to start the installation of the program.
  • Select your language and click OK, then click Next.
  • Read the license agreement and click I Agree.
  • Click Next to use the default install location. Click Install then click Finish to complete installation.
  • Double click the CCleaner shortcut on the desktop to start the program.
  • On the Windows tab, under Internet Explorer, uncheck Cookies if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit)
  • If you use Firefox or any other Mozilla browsers, the box to uncheck for Cookies is on the Applications tab, under Firefox/Mozilla.
  • Click on the Options icon at the left side of the window, then click on Advanced.
    uncheck Only delete files in Windows Temp folders older than 24 hours.
  • Click on the Cleaner icon on the left side of the window, then click Run Cleaner to run the program.
  • Caution: It is not recommended that you use the Registry feature unless you are very familiar with the registry as it has been known to find legitimate items for removal, which can cause issues with other programs.
  • After CCleaner has completed its process, click Exit.

Let me know how's your PC?

Link to post
Share on other sites

  • 2 weeks later...

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.