Uncertain If i have a virus

View previous topic View next topic Go down

Uncertain If i have a virus

Post by mcovotery on 23rd March 2009, 11:57 pm

Hi

i just re ghosted my computer

Since doing it however i feel that it running a little slower than it was before

Here is my hijack this log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:41 AM, on 24/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
J:\WINDOWS\System32\smss.exe
J:\WINDOWS\system32\winlogon.exe
J:\WINDOWS\system32\services.exe
J:\WINDOWS\system32\lsass.exe
J:\WINDOWS\system32\Ati2evxx.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\System32\svchost.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\system32\spoolsv.exe
J:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
J:\Program Files\Bonjour\mDNSResponder.exe
J:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
J:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\system32\Ati2evxx.exe
J:\WINDOWS\Explorer.EXE
J:\WINDOWS\System32\DLA\DLACTRLW.EXE
J:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
J:\WINDOWS\SOUNDMAN.EXE
J:\WINDOWS\ALCWZRD.EXE
J:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
J:\Program Files\iTunes\iTunesHelper.exe
J:\WINDOWS\system32\ctfmon.exe
J:\Program Files\iPod\bin\iPodService.exe
J:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
J:\Program Files\NETGEAR\WG111v2\WG111v2.exe
J:\WINDOWS\system32\wuauclt.exe
J:\Program Files\iTunes\iTunes.exe
J:\Program Files\Internet Explorer\iexplore.exe
J:\Documents and Settings\Areeb\Desktop\hijackgpthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - J:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - J:\WINDOWS\System32\DLA\DLASHX_W.DLL
O4 - HKLM\..\Run: [DLA] J:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] J:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "J:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "J:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "J:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "J:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [iTunesHelper] "J:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "J:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = J:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = J:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - J:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - J:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - [You must be registered and logged in to see this link.]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O23 - Service: Apple Mobile Device - Apple Inc. - J:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - J:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - J:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - J:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - J:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - J:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - J:\WINDOWS\system32\HPZipm12.exe

HERE IS MY LIST OF PROGRAMS
Able2Extract Professional v5.0
ACID Pro 7.0
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9
Apple Mobile Device Support
Apple Software Update
ATI Display Driver
Bonjour
CCleaner (remove only)
ESET NOD32 Antivirus
HijackThis 2.0.2
HP Photo and Imaging 2.0 - hp psc 1200 series
iTunes
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office XP Professional
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MSN
MSXML 6.0 Parser (KB925673)
NETGEAR WG111v2 wireless USB 2.0 adapter
PowerDVD
QuickTime
Realtek High Definition Audio Driver
Roxio DLA
Roxio Express Labeler
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Sonic Update Manager
Sony Ericsson Media Manager 1.1
System Requirements Lab
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver

mcovotery
Intermediate
Intermediate

Posts Posts : 128
Joined Joined : 2008-09-23
OS OS : VISTA HOME EDITION
Points Points : 30315
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Uncertain If i have a virus

Post by Belahzur on 24th March 2009, 12:50 am

Hello.
Log looks malware free to me, I think the slowness is probably atrributed to a lot of proccesses running, and it's the startup items causing this.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O4 - HKLM\..\Run: [ISUSScheduler] "J:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "J:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "J:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "J:\Program Files\iTunes\iTunesHelper.exe"
    O4 - Global Startup: Microsoft Office.lnk = J:\Program Files\Microsoft Office\Office10\OSA.EXE
    O23 - Service: Apple Mobile Device - Apple Inc. - J:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: iPod Service - Apple Inc. - J:\Program Files\iPod\bin\iPodService.exe


  • Press "Fix Checked"
  • Close Hijack This.


Clean out temp files.

Download [You must be registered and logged in to see this link.]

  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:

  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:

  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Reboot normally.
Startup should be a little faster, see if the performance is any better now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Uncertain If i have a virus

Post by mcovotery on 26th March 2009, 11:32 am

Thanks i did that and the system Seems to be working a little better

However after i had completed it my Windows would just not load up

Until an hour later where it said there was some sort of error

Im not sure what to do now so please help, but it is working better

mcovotery
Intermediate
Intermediate

Posts Posts : 128
Joined Joined : 2008-09-23
OS OS : VISTA HOME EDITION
Points Points : 30315
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Uncertain If i have a virus

Post by Belahzur on 26th March 2009, 1:46 pm

What did the error say?
I wouldn't say this is malware related; How much RAM does this machine have?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Uncertain If i have a virus

Post by mcovotery on 28th March 2009, 5:04 am

its has 2gb ram and and 3ghz intel pentium 4

The error said nothing but a red sign (sort of like windows protection not enabled) then the windows started loading

It only happened once though

mcovotery
Intermediate
Intermediate

Posts Posts : 128
Joined Joined : 2008-09-23
OS OS : VISTA HOME EDITION
Points Points : 30315
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum