think ive got a virus but cant find

Computing.Net > Forums > Security and Virus > think ive got a virus but cant find

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

think ive got a virus but cant find

Name: ian79
Date: May 10, 2007 at 15:00:30 Pacific
OS: xp home/32
CPU/Ram: 1gig/ddr400
Product: amd/dfi/nforce

Comment:

I think ive got a virus yet virus scans come up clean and so do spyware programs. I use avast av and adaware spyware.
The reason for this is that even though my router tells me my connection is around what it should be (2.8 meg) software such as ispmonitor and online bandwidth testers tell me ive only got about 150 kilobits. Tests have been run several times over a couple of days.
Connection is laggy and slow as well and stops sending information for periods until continuing.
Also, from the moment i turn system on and get into windows ive got 10 connections already on the go according to netstat in the command prompt.
I dont know what to do, i will reply next with a hijackthis log file in case it needed. Thanks

Sponsored Link

Ads by Google

Response Number 1

Name: ian79
Date: May 10, 2007 at 15:02:29 Pacific

Reply:

housecall also comes up clean.

Response Number 2

Name: ian79
Date: May 10, 2007 at 15:15:25 Pacific

Reply:

I just run netstat again with browser open and ive got connections to things like
gu-in-f99.google.com
newslb14.thdo.bbc.co.uk
im-in-f99.google.com
next to all these it says TIME_WAIT
ive got no idea what this but thought it might help.
Im havent connected to them myself that's for sure

Response Number 3

Name: jabuck
Date: May 10, 2007 at 15:45:53 Pacific

Reply:

Nothing in the Hijack This log.
It looks like google calling out from you computer.
This may show if it is calling throught the host file.
Please download SmitFraudFix from this link http://siri.urz.free.fr/Fix/Smitfra... Then extract the contents to your desktop.
!!!! Only run option #1 as runing the other options on an uninfected computer will damage the desktop.!!!!

Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd"
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

Response Number 4

Name: ian79
Date: May 10, 2007 at 16:40:45 Pacific

Reply:

SmitFraudFix v2.179
Scan done at 0:39:38.14, 11/05/2007
Run from C:\Documents and Settings\ozi\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
D:\Internet\Security\Avast\aswUpdSv.exe
D:\Internet\Security\Avast\ashServ.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.exe
C:\WINDOWS\system32\CTHELPER.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
D:\Internet\Security\Avast\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
D:\Media\Quicktime\qttask.exe
C:\WINDOWS\system32\LEXBCES.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.exe
D:\Media\Creative\Media Source Player\RemoteControl\RCMan.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Internet\Browsers & readers\ISP Monitor\ISP Monitor 5.3.5\isp.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
D:\Internet\Security\Avast\ashMaiSv.exe
D:\Internet\Security\Avast\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\ozi

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\ozi\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ozi\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller - Packet Scheduler Miniport
DNS Server Search Order: 192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{48166D66-0D27-475C-8701-87B36483D720}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{48166D66-0D27-475C-8701-87B36483D720}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{48166D66-0D27-475C-8701-87B36483D720}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Response Number 5

Name: jabuck
Date: May 10, 2007 at 17:07:32 Pacific

Reply:

Still don't see anything.
See if the info at these links will help.
http://www.google.com/help/features.html#prefetch
http://www.mozilla.org/projects/netlib/Link_Prefetching_FAQ.html

creative media source 5 ive got a virus macbook netstat a virus	got a virus now cant get on net marvel yukon ive got a virus on my computer but cant find it
See More

Response Number 6

Name: ian79
Date: May 10, 2007 at 17:31:52 Pacific

Reply:

Ok ill change that prefetching to false see if that works. Ill do it tomoorow too late now. Thanks for your replies jabuck.
By the way, is 10 connections a lot to have on startup? Dont think i used to have that many although cant be sure.
cheers

Response Number 7

Name: ian79
Date: May 10, 2007 at 17:36:41 Pacific

Reply:

12 connections, 2 more have appeared, weird machine, think i might just reinstal

Response Number 8

Name: jabuck
Date: May 10, 2007 at 17:38:56 Pacific

Reply:

To those addresses it would be to many to me, to updates and other programs that must access the net maybe not.

Sponsored Link

Ads by Google

HELP Smithfraud core

can't remouve bar888 from...

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: think ive got a virus but cant find

i think i have a virus

Summary

www.computing.net/answers/security/i-think-i-have-a-virus/20651.html

I've got a virus!!!

Summary

www.computing.net/answers/security/ive-got-a-virus/14332.html

I think I have a Virus

Summary

www.computing.net/answers/security/i-think-i-have-a-virus/4354.html

From the Geek Dictionary
Kernel panic - It is the BSOD of Linux. It is an action taken by an OS upon detecting an i...

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes In 2 Days.
Discuss in The Lounge
Poll History

Recent Posts
No internet ability and cant copy files at al

Cannot access a site

Win7 Splash gone after monitor upgrade

What apps?

Multiple Printers - different margins

All Awaiting Reply

Tom's News
New Final Fantasy XIII Trailer is 5 Minutes Long

TV Market to Launch Cross-Platform App Store

Used ATM Machines for Sale on Craigslist

Rival Publishers Collaborate on iTunes-type Store

Guy Quits Job With Error Message

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE