TechSpot

Desktop possibly infected (repost)

By jovie81
May 11, 2010
  1. My original post was closed for inactivity. Due to the continued problems with my computer I was unable to respond. This was my original post:

    My computer has been acting strangely, waking up and shutting down out of nowhere and recently it has started to freeze and run slowly. Some times I am unable to start explorer and also when I try to shut down and restart it will freeze during that process which is strange considering it has no problem doing that on its own. Any help is grately appreciated. I have attached the logs as per the 8-step list. However I could not get GMER to run. It would start and then my computer would just shut down. I tried to run it a couple of times even in safe mode, same thing. Thanks in advance for the help.

    I have since been able to run GMER and the Eset NOD32 Online AntiVirus Scanner as previously instructed by Bobbye and I have attached those logs as well as the combofix log.
     

    Attached Files:

  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Jovie, in order not to keep threads open and have others post their problems on them, we are closing threads if there is not activity for 5 days. I would have like for you to rerun the original programs since it's been a week since you posted, but I'll see what I can do with the current logs.

    I have reviewed all of the logs- both the original ones and the ones you leave here. They are basically clean, but they are also 10 days old. The Errors indicate you may have a problem with Service settings, so please run this:

    Please download VEW and save it to your Desktop:

    Setting up the program

    Double-click VEW.exe then under Select log to query, select:
    • Application
      [*] System


      Under Select type to list, select:
    • Critical (Vista only)
    • Error

      Click the radio button for Number of events
    • Type 20 in the 1 to 20 box
    • Then click the Run button.
    • Notepad will open with the output log.

      Load the log
    • In Notepad, click Edit> Select all
    • Then press Edit > Copy
    • Press Ctrl+V on your keyboard to paste the log to your next reply.

    (Courtesy rev-Olie)

    This will give me more current information. If I can't pin anything down with this, I will ask you to run the original programs again.

    One caution: one of the deletions in the Combofix log may indication you have malware on a flash drive. Are you using one? Do you notice the problems when using it?
     
  3. jovie81

    jovie81 TS Rookie Topic Starter

    Flash Drive

    I don't have one,no, but my husband does. He may have used it on my desktop. His external hard drive is probably infected considering he just had his own laptop completely wiped because of that very issue.

    I will run VEW and post that in my next reply. Thanks for all your help!
     
  4. jovie81

    jovie81 TS Rookie Topic Starter

    Vino's Event Viewer v01c run on Windows XP in English
    Report run at 11/05/2010 9:51:59 AM

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 11/05/2010 9:43:08 AM
    Type: error Category: 0
    Event: 20 Source: Google Update
    The event description cannot be found.

    Log: 'Application' Date/Time: 11/05/2010 9:04:14 AM
    Type: error Category: 0
    Event: 20 Source: Google Update
    The event description cannot be found.

    Log: 'Application' Date/Time: 11/05/2010 8:43:08 AM
    Type: error Category: 0
    Event: 20 Source: Google Update
    The event description cannot be found.

    Log: 'Application' Date/Time: 11/05/2010 8:04:14 AM
    Type: error Category: 0
    Event: 20 Source: Google Update
    The event description cannot be found.

    Log: 'Application' Date/Time: 11/05/2010 7:43:08 AM
    Type: error Category: 0
    Event: 20 Source: Google Update
    The event description cannot be found.

    Log: 'Application' Date/Time: 11/05/2010 7:04:14 AM
    Type: error Category: 0
    Event: 20 Source: Google Update
    The event description cannot be found.

    Log: 'Application' Date/Time: 11/05/2010 6:43:08 AM
    Type: error Category: 0
    Event: 20 Source: Google Update
    The event description cannot be found.

    Log: 'Application' Date/Time: 11/05/2010 6:04:14 AM
    Type: error Category: 0
    Event: 20 Source: Google Update
    The event description cannot be found.

    Log: 'Application' Date/Time: 11/05/2010 5:43:08 AM
    Type: error Category: 0
    Event: 20 Source: Google Update
    The event description cannot be found.

    Log: 'Application' Date/Time: 11/05/2010 5:04:14 AM
    Type: error Category: 0
    Event: 20 Source: Google Update
    The event description cannot be found.

    Log: 'Application' Date/Time: 11/05/2010 4:43:08 AM
    Type: error Category: 0
    Event: 20 Source: Google Update
    The event description cannot be found.

    Log: 'Application' Date/Time: 11/05/2010 4:04:14 AM
    Type: error Category: 0
    Event: 20 Source: Google Update
    The event description cannot be found.

    Log: 'Application' Date/Time: 11/05/2010 3:43:08 AM
    Type: error Category: 0
    Event: 20 Source: Google Update
    The event description cannot be found.

    Log: 'Application' Date/Time: 11/05/2010 3:04:14 AM
    Type: error Category: 0
    Event: 20 Source: Google Update
    The event description cannot be found.

    Log: 'Application' Date/Time: 11/05/2010 2:43:08 AM
    Type: error Category: 0
    Event: 20 Source: Google Update
    The event description cannot be found.

    Log: 'Application' Date/Time: 11/05/2010 2:04:14 AM
    Type: error Category: 0
    Event: 20 Source: Google Update
    The event description cannot be found.

    Log: 'Application' Date/Time: 11/05/2010 1:43:08 AM
    Type: error Category: 0
    Event: 20 Source: Google Update
    The event description cannot be found.

    Log: 'Application' Date/Time: 11/05/2010 1:04:14 AM
    Type: error Category: 0
    Event: 20 Source: Google Update
    The event description cannot be found.

    Log: 'Application' Date/Time: 11/05/2010 12:43:08 AM
    Type: error Category: 0
    Event: 20 Source: Google Update
    The event description cannot be found.

    Log: 'Application' Date/Time: 11/05/2010 12:04:14 AM
    Type: error Category: 0
    Event: 20 Source: Google Update
    The event description cannot be found.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 10/05/2010 5:40:32 PM
    Type: error Category: 0
    Event: 8003 Source: MRxSmb
    The master browser has received a server announcement from the computer SNPG2-VAIO that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B501B8FB-0E49-4E3. The master browser is stopping or an election is being forced.

    Log: 'System' Date/Time: 10/05/2010 5:35:45 PM
    Type: error Category: 0
    Event: 29 Source: W32Time
    The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 15 minutes. NtpClient has no source of accurate time.

    Log: 'System' Date/Time: 10/05/2010 5:35:45 PM
    Type: error Category: 0
    Event: 17 Source: W32Time
    Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

    Log: 'System' Date/Time: 10/05/2010 5:35:45 PM
    Type: error Category: 0
    Event: 29 Source: W32Time
    The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 15 minutes. NtpClient has no source of accurate time.

    Log: 'System' Date/Time: 10/05/2010 5:35:45 PM
    Type: error Category: 0
    Event: 17 Source: W32Time
    Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

    Log: 'System' Date/Time: 10/05/2010 5:35:45 PM
    Type: error Category: 0
    Event: 29 Source: W32Time
    The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time.

    Log: 'System' Date/Time: 10/05/2010 5:35:45 PM
    Type: error Category: 0
    Event: 17 Source: W32Time
    Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

    Log: 'System' Date/Time: 10/05/2010 5:28:53 PM
    Type: error Category: 6
    Event: 16 Source: Windows Update Agent
    Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

    Log: 'System' Date/Time: 10/05/2010 5:27:03 PM
    Type: error Category: 0
    Event: 7000 Source: Service Control Manager
    The lxduCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

    Log: 'System' Date/Time: 10/05/2010 5:27:03 PM
    Type: error Category: 0
    Event: 7009 Source: Service Control Manager
    Timeout (30000 milliseconds) waiting for the lxduCATSCustConnectService service to connect.

    Log: 'System' Date/Time: 10/05/2010 5:27:03 PM
    Type: error Category: 0
    Event: 7000 Source: Service Control Manager
    The adfs service failed to start due to the following error: The system cannot find the file specified.

    Log: 'System' Date/Time: 08/05/2010 10:39:22 AM
    Type: error Category: 6
    Event: 16 Source: Windows Update Agent
    Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

    Log: 'System' Date/Time: 08/05/2010 10:38:13 AM
    Type: error Category: 0
    Event: 7000 Source: Service Control Manager
    The lxduCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

    Log: 'System' Date/Time: 08/05/2010 10:38:13 AM
    Type: error Category: 0
    Event: 7009 Source: Service Control Manager
    Timeout (30000 milliseconds) waiting for the lxduCATSCustConnectService service to connect.

    Log: 'System' Date/Time: 08/05/2010 10:38:13 AM
    Type: error Category: 0
    Event: 7000 Source: Service Control Manager
    The adfs service failed to start due to the following error: The system cannot find the file specified.

    Log: 'System' Date/Time: 01/05/2010 2:55:09 PM
    Type: error Category: 0
    Event: 8003 Source: MRxSmb
    The master browser has received a server announcement from the computer SNPG2-VAIO that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B501B8FB-0E49-4E3. The master browser is stopping or an election is being forced.

    Log: 'System' Date/Time: 01/05/2010 2:15:07 PM
    Type: error Category: 0
    Event: 19 Source: Print
    Sharing printer failed + 1722, Printer Microsoft Office Document Image Writer share name Printer2.

    Log: 'System' Date/Time: 01/05/2010 2:15:06 PM
    Type: error Category: 0
    Event: 7000 Source: Service Control Manager
    The lxduCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

    Log: 'System' Date/Time: 01/05/2010 2:15:06 PM
    Type: error Category: 0
    Event: 7009 Source: Service Control Manager
    Timeout (30000 milliseconds) waiting for the lxduCATSCustConnectService service to connect.

    Log: 'System' Date/Time: 01/05/2010 2:15:06 PM
    Type: error Category: 0
    Event: 7000 Source: Service Control Manager
    The adfs service failed to start due to the following error: The system cannot find the file specified.
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, we can omit all those attempts by Google ro update- although I'd recommend blocking the feature!
    There may be a time issue so check that:
    Right click on the Clock> Adjust Date/Time> Make sure date and time are correct- if they aren't set them right> click on Time Zone tab> make sure your correct Time Zone is set and check 'automatically adjust for daylight savings time> Internet Time tab> Check 'automatically synchronize with the internet time sever> copy the server below and paste it in the server box:

    tick.usno.navy.mil

    Click on Check Now.
    When finished checking> Apply> OK.

    Let me know how that goes.
     
  6. jovie81

    jovie81 TS Rookie Topic Starter

    google updater

    I did update date/time as instructed. Also I did block that program. I noticed that it was running in my task manager Im not sure what it is. Norton keeps giving me security alerts for it everyday.
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Do you mean that Norton is alerting you to the Google Update? The name of the process is gupdate. If you are referring to a different process, let me know exactly what it is. Do this please:

    Click on Start> Run> type in services.msc> find gupdate (Google Update Service) and double click on it> Change the Startup type to Disabled> Stop the Service> Exit Services.

    I can also stop 2 entries with script. But I am puzzled as to why Norton would continue to alert you for this. While it is a nuisance, it's not actually malware. And I will say the it seems to end up back running as I've stopped it numerous times, only to find it back. But I don't get any warning about it and neither should you.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...