Possible Virus, Need Help

Hi, I'm having some problems with my computer and I'm not sure what is going on. This is on my PC, I'm running Window 7 Home Premium 64bit. The problem is that programs on my computer as a little slow to open and my internet is insanely slow. It takes almost 7 minutes to load yahoo.com and it's getting worse. I have a DSL connection. I know it's not a network issue, because my laptop sitting a foot away has great connecting and speed loading pages. I've gone through the READ & RUN ME FIRST Malware Removal Guide and the problem still persists. I'm not sure what else to do. Any help would be greatly appreciated.

 

Hi and welcome to Major Geeks, qam_jah!

I found some traces of a ZeroAccess rootkit, although it looks like most of the automatic scanners did not detect them.

http://img196.imageshack.us/img196/3557/tdsskiller.gif Update TDSSKiller to version 2.7.24.0 and follow these instructions: TDSSKiller - How to run

http://img805.imageshack.us/img805/9659/rktigzy.gif Please download RogueKiller to your desktop.

Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
When it opens, press the Scan button
When it is finished, there will be a log on your desktop called: RKreport[1].txt
Attach RKreport[1].txt to your next message. (How to attach)

__

http://img205.imageshack.us/img205/1894/otl.gif Please download OTL by OldTimer.

• Save it to your desktop.
• Right mouse click on the OTL icon on your desktop and select Run as Administrator
• Check the "Scan All Users" checkbox.
• Check the "Standard Output".
• Change the setting of "Drivers" and "Services" to "All"
• Copy the text in the code box below and paste it into the http://img14.imageshack.us/img14/66/otlcustomfix.png text-field.
  
  Code:

  activex
  netsvcs
  /md5start
  afd.sys
  i8042prt.sys
  netbt.sys
  nsiproxy.sys
  svchost.exe
  tcpip.sys
  tdx.sys
  /md5stop
  %windir%\$ntuninstallkb*. /120
  %windir%\system32\drivers\*.sys /lockedfiles
  %windir%\*.* /mp
  %windir%\*.* /rp
  %windir%\*.* /sl
  %systemdrive%\mgtools\*.*
  

• Now click the http://img171.imageshack.us/img171/2405/runscanotl.png button.
• One report will be created:
  • OTL.txt <-- Will be opened
• Attach OTL.txt to your next message. (How to attach)

 

Thank you for the quick response. I ran those and here are the log files.

 

http://img850.imageshack.us/img850/4746/programsandfeatureswin7.gif From Programs and Features (via Control Panel), please uninstall the below (you can reinstall them after malware removal):

• DAEMON Tools Lite
• DAEMON Tools Toolbar

http://img205.imageshack.us/img205/1894/otl.gif Fix items using OTL by OldTimer

Double-click OTL.exe to run. (Vista/7 right-click and select Run as Administrator)
Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
Copy the text in the code box below and paste it into the http://img14.imageshack.us/img14/66/otlcustomfix.png text-field.

Code:

[COLOR="DarkRed"]:otl[/COLOR]
IE - HKU\S-1-5-21-595127719-3556365098-1443669506-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A3 3F A4 C8 E5 DF CB 01  [binary data]
IE - HKU\S-1-5-21-595127719-3556365098-1443669506-1003\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
[COLOR="DarkRed"]:files[/COLOR]
C:\ProgramData\AVG10 /d
C:\found.000 /d
C:\Windows\assembly\temp\U
C:\Users\Paul_2\AppData\Local\Temp\div76E3.tmp
[COLOR="DarkRed"]:reg[/COLOR]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"=-
[COLOR="DarkRed"]:commands[/COLOR]
[purity]
[emptytemp]

Now click the http://img3.imageshack.us/img3/407/otlrunfix.png button.
If the fix needed a reboot please do it.
Click the OK button (upon reboot).
When OTL is finished, Notepad will open. Close Notepad.
A log file will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
Attach this log to your next message. (How to attach)

http://img196.imageshack.us/img196/3557/tdsskiller.gif Now run TDSSKiller once more.

http://img17.imageshack.us/img17/3214/baticonvista7.gif Now run C:\MGtools\GetLogs.bat by right-mouse clicking it and then selecting Run as Administrator
This updates all of the logs inside MGlogs.zip.
When it is finished, attach C:\MGlogs.zip to your next message. (How to attach)

Let me know how the system is running after you have performed these steps.

 

I ran those like you asked. I could not find the log file at C:\_OTL\MovedFiles\ because that location didn't exsist, so I attached the OTL.txt file that was created on the desktop.

Everything on my computer seems to be working fine except for my internet still. It still takes an insanely long time to load anything.

 

Re-read the instructions I provided you for OTL. They request that you press the Run Fix button - not Scan.

 

Sorry about that, I must have read that wrong. Here are the log files. Internet is still really slow.

 

I can see that your ping is really high - in the 900ms range.
Do you have this same problem on other computers in your area?
Have you tried resetting your modem and router? You may also want to uninstall and reinstall the LAN driver from Device Manager.
Also have you tried turning off Hamachi, at least temporarily, to see if that helps?

 

I am not finding any other malware in your logs.
Can you tell me if the below scanner finds anything? Don't choose to remove anything yet, just let me know what it detects. HitmanPro
Be sure to download the 64-bit version

 

Every other computer works fine, even my laptop that is less then 2 feet from this one. I've tried resetting the modem and router, uninstalling and reinstalling drivers, and I keep Hamachi off unless I'm actually using it.

 

I see.
Well reread my post and give HitmanPro a try.
Let me know if it finds anything other than tracking cookies.

 

It found 1 suspicious file called pbsvc.exe in C:\Windows\SysWOW64

 

It found 1 file in C:\Windows\SysWOW64 called pbsvc.exe.

 

This is related to Punkbuster - it is not malware.

Your latest logs are clean. Further assistance should be sought in the Software or Networking forum(s).

__

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis if it present
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 7 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work through the below link:
    • How to Protect yourself from malware!

Be safe

 

Alright, thanks for all the help.

 

You're welcome