SVGHost Virus?

Welcome to Major Geeks! ​

Your logs are clean. Your performance issues are more likely due to this being an older slower PC type with too little memory. And drive C is getting too low on free disk space. The is quoted from your logs.

Code:

Processor x86 Family 15 Model 4 Stepping 1 GenuineIntel ~2527 Mhz 

Code:

[LEFT]BIOS Version/Date Dell Computer Corporation A00, 15/08/2005
[LEFT]Total Physical Memory 1,024.00 MB 
Available Physical Memory 447.64 MB[/LEFT]
 
[LEFT]Drive C: 
Description Local Fixed Disk
Size 34.19 GB (36,709,421,056 bytes) 
Free Space 6.45 GB (6,926,036,992 bytes)[/LEFT]
[/LEFT]

​

 

Ah! This is important information. After looking further in relationship to this info, I see a partition on your hard disk the could potentially be a fake partition for an infection. Do you have all important data on your C drive backed up before we attempt to fix this?

You have the below partitions on this drive and the one in read may be an infection.

Code:

Partition Disk #0, Partition #0 
Partition Size 47.03 MB (49,319,424 bytes) 
Partition Starting Offset 32,256 bytes 
Partition Disk #0, Partition #1 
Partition Size 34.19 GB (36,709,424,640 bytes) 
Partition Starting Offset 49,351,680 bytes 
[B][COLOR=red]Partition Disk #0, Partition #2 
Partition Size 3.00 GB (3,224,309,760 bytes) 
Partition Starting Offset 36,767,001,600 bytes[/COLOR][/B] 

 

Okay before we attempt to delete that unknown partition ( which I'm still not convinced is even an infected partition ) I want to run two more scans to check status after what you have just run with chkdsk. So please do the below.


Please download OTL by OldTimer.

• Save it to your desktop.
• Double click on the OTL icon on your desktop. (If running Vista, Win7, or Win8 right-click and select Run as Administrator)
• Check the "Scan All Users" checkbox.
• Check the "Standard Output".
• Change the setting of "Drivers" and "Services" to "All"
• Copy the text in the code box below and paste it into the Customs Scans/Fixes text-field.
  
  Code:

  activex
  netsvcs
  drives
  /md5start
  afd.sys
  atapi.sys
  csrss.exe
  dhcpcsvc.dll
  explorer.exe
  lsass.exe
  nsiproxy.sys
  regedit.exe
  services.exe
  svchost.exe
  tcpip.sys
  tdx.sys
  userinit.exe
  winlogon.exe
  /md5stop
  %systemroot%\system32\*.exe /lockedfiles
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %allusersprofile%\application data\*.exe
  

• Now click the Run Scan button.
• Two reports will be created:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
• Attach both OTL.txt and Extras.txt to your next message. (See how to attach)

Also please run another scan with RogueKiller and attach the new log.


Also Click Start, Run, and enter sfc /scannow and click OK. There is a space after the sfc. This runs System File Checker which looks for missing or corrupted system files and attempts to replace/repair them from files on your hard disk or from the CD if necessary. So it will ask for the Windows CD if it needs it. Let me know if this asks for the CD.

 

Everything looks fine there too. The more I look at it, the less I think that partition is an issue. I think it is just a factory recovery partition. So I would leave it alone.

So that brings us back to your performance issues, which I still think is due to your lack of memory, old PC/processor type, limited hard disk space. And also what you are running. Try uninstalling ALL of the below and then reboot:

AVG 2012
J2SE Runtime Environment 5.0 Update 3
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 39
Malwarebytes Anti-Malware version 1.75.0.1300
Viewpoint Media Player

After reboot, tell me how things are working. Minimize your surfing since not protection is installed now.

 

If you still have any left overs, the below may help:

Revo Uninstaller 1.94

Avast or Avira. See the link in my final instructions below.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
3. Go back to step 4 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
5. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
6. Goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
8. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!