Unsure if I have malware or not...

Discussion in 'Malware Help (A Specialist Will Reply)' started by insan_art, Dec 6, 2009.

  1. insan_art

    insan_art Private First Class

    Hello Majorgeeks!

    I'll try and keep this short and sweet since it's getting to be a long story!

    I'm on a Toshiba Laptop Running XP SP3.

    - A little over a month ago I decided it was time for a major clean-out. Got an external, moved much of my artwork and photos to it and then went for a defrag (my system was being a little slow but I figured it was just bogged down. I actually ran SAS and MBAM before I started backing up to the external as a precaution). Used Smartdefrag as recommended here on the forum only to find out that it is not that great. System got worse after defrag. I came here and put in a thread about it in another forum and ended up doing some benchmark tests to check my hardware for failure but I didn't come up with anything. Ended up doing another defrag using the Windows utility - things got a bit better.
    - About a week ago I noticed some odd activity on my system (the laptop would be sitting away from me while I was eating or something - just Thunderbird and maybe Firefox running). I kept opening the task manager to see if I could catch the culprit an it turned out to be "helpsvc.exe" - I would kill it and the system would chill out. This has been happening every night now after using the system all day.
    -Two nights ago I was working on some new designs. I saved several to my design folder, went to upload them to my site and noticed that the thumbnail previews were all wacky. Everything was listed in the correct order but the thumbnails appeared to almost be randomized. Checked in the file browser and here the thumbs were messed up as well. A "select all" and "refresh thumbnails" fixed the problem and it hasn't happened again, but the incident left a sour feeling in my stomach!!!

    Other than these things I really haven't had any other issues. Still, to be safe, I decided to come and run the scans just to see. I'm happy to see that a rootkit scanner has been added to the mix! As far as I can tell, the scans seem clean - but, of course, I am not the expert, so that's why I'm here.

    Please check out my logs for me! I'm getting worried about this system - it is my livelihood and I'm just not ready financially to get a replacement...if these scans look clean, then I'll be more certain that this is either hardware failure or the OS is messed up.

    Thank you for your time and expertise!
     

    Attached Files:

    insan_art, Dec 6, 2009
    #1
  2. insan_art

    insan_art Private First Class

    MGtools log is attached.

    Thanks! ;)
     

    Attached Files:

    insan_art, Dec 6, 2009
    #2
  3. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    helpsvc.exe is not malware.

    I am currently reviewing your logs and will get back to you with a set of instructions as soon as possible. Thanks for your patience during this time.

    Kes13!
     
    Kestrel13!, Dec 8, 2009
    #3
  4. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Your logs are indeed clean. So your best bet now is to aim for the software/hardware forum and work out your issues there. Sorry I can't be of more help.

    We can finish up by doing the following:

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    After clicking Fix exit HJT.

    If you do not use Windows Messenger Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

    and finally...

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we used Pocket Killbox during your cleanup, do the below
      • Run Pocket Killbox and select File, Cleanup, Delete All Backups
    3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    9. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:

    Kes13!
     
    Kestrel13!, Dec 8, 2009
    #4
  5. insan_art

    insan_art Private First Class

    Thanks for your reply and for looking at my logs.

    I know that helpsvc is a supposed to be normal process - I was worried about helpsvc because it shouldn't be randomly running on my system when nothing else is going on or no one is even on it. When I researched it, I read that it could possibly be malware hiding. If not, then I'd sure love to know why it tries to cripple my CPU every night.

    About the Messenger disable/remove: I have run this on this system before and I picked REMOVE. So, why is it that Messenger CAME BACK when I put the system in Normal Start-up to run the scans?

    Thanks again. I'm headed out to search for an OS disk to try and repair this. I don't have one so I'm kind of screwed without it in the case of Windows or hard drive failure...

    :)
     
    insan_art, Dec 8, 2009
    #5
  6. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    You're very welcome. :)
    This could be discussion for the software forum.

    I don't know, but it should be gone now ;)

    DO post in the other forums! You'll get very good assistance!

    Safe surfing :wave
     
    Kestrel13!, Dec 8, 2009
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds