After two years with this PC, I finally got a virus of some sort. I’ve put this thing through a lot during that time, but either through avast!'s hard work or some combination of luck and my common sense, I’ve managed to avoid infection. Until these last few days…
Three of the main, possibly unrelated symptoms I’m experiencing are:
PC Freezing
Some specs: Win7, Athlon II X4 3.10GHz, 6GB RAM, only on-board graphics.
Over the last…couple weeks or so my computer has been lagging more and more. I just figured it was from age, having installed various games and programs and moved many files with infrequent defrags (and very few full virus scans). HD videos on Youtube would skip more often (buffering was never an issue though, great network speeds), archiving and unzipping would take longer, etc. I haven’t been getting on my computer very often now though…if I open more than a few tabs or watch videos I risk locking up. It may be worth noting that I recently updated Java, and the freezing is occurring slightly less often. Performance is still very poor though.
Password Theft
The scariest part for me. At this point, I’m pretty sure my three primary passwords have been compromised. Paypal, Gmail and Facebook have all warned me of random logins from far-away countries.
Slow Network
Either a virus is causing unnecessary traffic, or maybe my router’s just getting old and dying.
MBAM hasn’t found anything, neither has avast. What should I do?
MBAM hasn't found anything,
and it was updated when You run it?
follow the guide here and attach (not copy and paste) the requested logs http://forum.avast.com/index.php?topic=53253.0
AdwCleaner
Malwarebytes
OTL
aswMBR
when done a removal expert will be notified and help you
AdwCleaner log attached.
MBAM had no results.
Both OTL logs attached.
aswMBR log will be provided later, the program stopped responding after a few minutes of scanning. Windows killed the process eventually.
Not a great deal there that would affect the system as described, but lets run this small fix and see if that makes an improvement
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
https://dl.dropbox.com/u/73555776/OTL_Fix.GIF
:OTL
FF - prefs.js..extensions.enabledAddons: extension21804%40extension21804.com:0.88.44
[2013/03/08 03:32:43 | 000,000,000 | ---D | M] ("Coupon Companion Plugin") -- C:\Users\Atani\AppData\Roaming\Mozilla\Firefox\Profiles\538fj75v.default\extensions\extension21804@extension21804.com
[2013/03/08 03:32:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Atani\AppData\Roaming\Mozilla\Firefox\Profiles\538fj75v.default\extensions\extension21804@extension21804.com\chrome
[2013/03/08 03:32:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Atani\AppData\Roaming\Mozilla\Firefox\Profiles\538fj75v.default\extensions\extension21804@extension21804.com\defaults
[2013/03/08 03:32:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Atani\AppData\Roaming\Mozilla\Firefox\Profiles\538fj75v.default\extensions\extension21804@extension21804.com\locale
[2013/03/08 03:32:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Atani\AppData\Roaming\Mozilla\Firefox\Profiles\538fj75v.default\extensions\extension21804@extension21804.com\skin
[2013/03/08 03:32:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Atani\AppData\Roaming\Mozilla\Firefox\Profiles\538fj75v.default\extensions\extension21804@extension21804.com\chrome\content\extensionCode
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
O3 - HKU\S-1-5-21-1694034403-1723051848-4256940874-1003\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
I’ll run that fix as soon as aswMBR finishes. Turns out it cant handle abnormally long file names, so I deleted the folder it kept hanging on.
I can’t say if that plugin is the cause, but I do know that it’s automatically disabled by Firefox for “. . . bypassing our third party install opt-in screen.”