Inactive C\windows\system32\svchost virus-computer coming on at night

[lauyr1]

At night, I close my laptop and my computer goes into sleep mode. For the past several nights, when I get up in the mornings, my computer is on,I.e., fans running, etc and getting hot from being on.

I also had a few instances where AVG (free version) had found a threat and removed it. I ran Malware bytes and deleted some files through that and also super anti spyware. This morning, AVG had discovered a threat in c\windows\system32\svchost.exe. It looks like it was a dll file that had "illinate" in the file name. I tried to go back to AVG to find it and there is nothing in the virus vault. I ran 'hijack this' this morning and have attached the log file. I am still thinking there is a virus lurking in the background, but I am no expert at reading the log files. I feel sure my computer will be "running" again in the morning even though I am leaving it off at night. Any help/insight would be greatly appreciated!

I am running windows xp, sp3, AVG free virus software.

 

[Bobbye]

We don't 'screen' for malware with HijackThis.

If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

When you have finished, leave the logs for review in your next reply .

Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

Edit: Please remove the HijackThis program. It is an outdated version. I will have you run HJT again, later in the cleaning, but will give a link for the current version.

 

[lauyr1]

Hey there:

Took my awhile to run everything. I was not able to run GMER in normal mode (tried both ways). I ran it in safe mode but was not able to save the log file. I could not get to the save button as I could in normal mode. Would it be automatically saved anywhere else? The other files are attached below: Again, thanks so much for your help!

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4366

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/29/2010 10:28:07 AM
mbam-log-2010-07-29 (10-28-07).txt

Scan type: Quick scan
Objects scanned: 166220
Time elapsed: 9 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

DDS (Ver_10-03-17.01) - NTFSx86
Run by xxxxxxxxx at 21:17:00.53 on Thu 07/29/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.215 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: PC-cillin Internet Security - Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
svchost.exe
C:\WINDOWS\system32\stacsv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 12/27/2006 8:37:45 PM
System Uptime: 7/29/2010 9:09:00 PM (0 hours ago)

Motherboard: Dell Inc. | | 0RT486
Processor: Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz | Microprocessor | 1830/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 105 GiB total, 72.545 GiB free.
D: is CDROM ()
F: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Trend Micro Common Firewall Miniport
Device ID: ROOT\TM_CFWMP\0001
Manufacturer: Trend Micro
Name: Trend Micro Common Firewall Miniport #2
PNP Device ID: ROOT\TM_CFWMP\0001
Service: tmcfw

==== System Restore Points ===================

RP78: 5/2/2010 6:09:32 PM - System Checkpoint
RP79: 5/5/2010 6:26:50 PM - System Checkpoint
RP80: 5/6/2010 8:44:25 AM - Avg Update
RP81: 5/7/2010 3:20:17 PM - System Checkpoint

Edit: Member name deleted from log by request.

 

[Bobbye]

You have only give us part of each of the 2 DDS logs. Both DDS.ext and Attach.txt have more information.

For the GMER log:
When scan is completed, click Save button, and save the results as gmer.log<-- search your system

DDS.txt <-- search your system
Attach.txt <-- search your system

 

[Bobbye]

Member requests name be remove from log. Done.

Do you plan on continuing?