Undetectable Virus

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by mister, Apr 4, 2007.

  1. mister

    mister Private E-2

    Hello!

    I hope this is the space to post saved scan logs! I was redirected to Major Geeks (and particularily the Hijack This program) from Doug at allexperts.com to help me ail my laptop woes!

    I went through the READ & RUN ME FIRST guide before running HJT and have attached the scan logs for BitDefender, PandaActiveScan and GetRunKey in this thread. I'll attach the logs for ShowNew and HJT in a thread below.

    I ran CounterSpy, but couldn't exactly find the save log prompt, so I opted to delete the spyware files instead (I hope this isn't going to put points against me!). The questioning files were from Messenger Live Plus. I removed the program earlier after reading your site!

    Anyway, I hope you can give me some advice of what to do with my poor, diseased laptop! It's less than a year old :(

    Thanks in advance,
    Marina
     

    Attached Files:

    mister, Apr 4, 2007
    #1
  2. mister

    mister Private E-2

    The scan logs for ShowNew and HJT.
     

    Attached Files:

    Last edited: Apr 4, 2007
    mister, Apr 4, 2007
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Please attach a HijackThis log from Normal boot mode. We always want HJT logs from normal boot mode unless specified otherwise.

    What exactly are your malware problems?
     
    chaslang, Apr 4, 2007
    #3
  4. mister

    mister Private E-2

    My bad. I've attached the HJT scan in Normal boot mode.

    As for what's wrong with my laptop, I'll add below what I wrote to Doug at allexperts.com initially about my problems:

    Hi Doug,

    I've been experiencing a lot of issues with my beloved laptop lately! Not only has my computer been excruciatingly slow as of late, but also a lot of programs aren't functioning they way they should or not at all.

    In major cases of computer slowness, I will get pop-ups from my hard drive telling me my virtual memory has reached capacity. Furthermore, I have almost 40GB of free space on my hard drive. I’m really worried that maybe I have a virus that has infiltrated my memory and is using it up.

    The most major issue I've had is with my Internet connection. If I leave my laptop to stand long enough for it to hibernate, then "rivive" it and try to log onto the Internet, I keep getting an error page as if my Internet is not connected. I've tried to 'repair' the connection, but nothing seems to work. I use Firefox, so I don't know what could be the problem :( Before, I used to leave my computer on without allowing it to hibernate for days on end and when I would start it up again, it would be fast and perfect! Now, this has become quite an issue as I've had to reboot my computer multiple times a day just to use the net.

    Also, I've found that in certain Internet programs (like my email) the quotation key acts as an ALT F or also as the find function. It's become very frustrating trying to send even the simplest of emails to people!

    Other programs, like Photoshop and Adobe Reader freeze up all the time, making me lose hours of work (even saved!). The same happens for Notepad - if I reopen a saved file it will act as if it was an earlier, less complete version; I want to take a baseball bat to my computer!

    I love my laptop, I really do, but lately I've become a ball of stress with even the thought of having to deal with it!

    I use Windows XP and have tried different Anti Virus programs, and yet none of them tell me that there is a virus on my computer. I have no idea what to do! I am currently using Norton Anti-Virus, NOD 32, SpySweeper and Zone Alarm Pro. I must admit that I do download quite a bit and use both BitTorrent and LimeWire fairly frequently (however I am diligent at scanning all files first!). I'm pretty sure I picked up the virus somewhere along the way and am worried that it may force me to wipe my poor laptop's hard drive clean - something I really don't want to have to do.

    If I do have to resort to reformatting, I’m worried that when I reload my essentials (pictures, music, documents) from back up discs, the virus will be passed onto my newly cleaned laptop.

    Can you help me? I'm really at my wit’s end!

    Much appreciation in advance!
    Marina

    Thanks!
     

    Attached Files:

    mister, Apr 4, 2007
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Well reading the description of your problems, my immediate comments would have been that your problems do not sound like malware. And after seeing both your logs and your problems description, I would still say the same thing. You do not have malware problems! I will give you some things you need to do anyway and also some performance tips at the end of this message but we are really not talking about malware.

    Problems like this are typically more related to what you are running and less frequently related to malware. This is true for you.

    Not malware! You should post this in the Software Forum. You may just need to increase your Virtual Memory size.

    Also more than likely not malware. This is either a hardware or software issue or both. Why don't you just disable hibernation mode?

    Not malware. Sounds like a software configuration/conflict issue from things you installed and run.

    Not malware. Software configuration/conflict or hardware issues. Even virual memory is a possibility.

    This may have added to your problems espcially if any of them were installed at the same time as another. Each one you installed (even though uninstalled) left a pile of garbage around on your PC's files system and in the registry which will only serve to make is slower.

    It appears that you uninstalled NOD32 now, but you need to delete the C:\Program Files\Eset folder from it.

    Is Spy Sweeper a paid program or free trial program? If free, uninstall it now. However if it is the paid version and you wish to keep it, you will need to uninstall Windows Defender. Also note that many people have issues with Spy Sweeper slowing their PCs down. It is a great program, but it does cause problems like this for some people.

    Your problems are not malware, so if you formatted and then reinstalled all the same software and set it all up the same way, you would still have problems.


    Things To Do!
    1. Uninstall the Sunbelt CounterSpy trial since we are finished with it now! Then delete the below two folders which may be left behind by the uninstall:
      • C:\Documents and Settings\All Users\Application Data\Sunbelt Software
      • C:\Program Files\Sunbelt Software
    2. Per the READ ME step 6 you should have already uninstall all old Sun Java versions and updated to the current version. Do the below now.
      • Uninstall the below old versions of software:
        • J2SE Runtime Environment 5.0 Update 10
        • J2SE Runtime Environment 5.0 Update 11
        • J2SE Runtime Environment 5.0 Update 6
        • J2SE Runtime Environment 5.0 Update 9
        • Mozilla Firefox (1.5.0.11)
      • Make sure you reboot after uninstalling the above!
      • After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment
      • Then install the current version of FireFox from: Mozilla Firefox
    3. Now delete the C:\Program Files\Eset folder if you did not delete it as I said above.
    4. Need to know what the answer for Spy Sweeper being free or paid is to decide what to do with it vs Windows Defender but you must not have both.
    5. Now below I'm going to post two lists of startup items from your HJT log. The first will be things that you should just have HJT fix since they are not required to load at startup. The second list, you have to research if you really need the features.
    First List - Things to have HJT fix!

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" <-- after installing the new Sun Java the jre1.5.0_11 will be different.
    O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized <-- why do you always need Skype running. Load it when needed.
    O4 - HKLM\..\Run: [Cpqset] "C:\Program Files\HPQ\Default Settings\cpqset.exe"

    After clicking Fix, exit HJT.

    Second List - Things you need to Research and Decide if needed!

    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup <-- not needed unless you over clock your card
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe


    After you do all of the above! Answer my questions and attach new logs from HJT and ShowNew and tell me if your PC is running any better.
     
    chaslang, Apr 4, 2007
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds