Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Weird virus issue-I think I'm infected!!  (Read 35070 times)

0 Members and 1 Guest are viewing this topic.

SuperDave

  • Malware Removal Specialist
  • Moderator


  • Genius
  • Thanked: 1020
  • Certifications: List
  • Experience: Expert
  • OS: Windows 10
Re: Weird virus issue-I think I'm infected!!
« Reply #15 on: January 31, 2011, 04:36:50 PM »
Ok. Let's try to get it running this way.

Delete your copy of ComboFix; download a fresh copy, except before you download it, rename it to blackpudding.bat

Navigate to Start --> Run, and enter the following command exactly as shown:

"%userprofile%\desktop\blackpudding.bat" /killall

See if ComboFix will run now
Windows 8 and Windows 10 dual boot with two SSD's

deargodpleasehelp

  • Guest
Re: Weird virus issue-I think I'm infected!!
« Reply #16 on: February 01, 2011, 04:27:40 PM »
Ok. Let's try to get it running this way.

Delete your copy of ComboFix; download a fresh copy, except before you download it, rename it to blackpudding.bat

Navigate to Start --> Run, and enter the following command exactly as shown:

"%userprofile%\desktop\blackpudding.bat" /killall

See if ComboFix will run now

Edit/Update:

Oh yeah, nice job back there, OTL froze solid, ie would not run, task manager got royaly screwed and Explorer got dumped solid. Fortunetly restarting resulted in a blue screen of death, though it froze and gotstuck on the desktop before displaying it it seems, a hard; ACPI reboot purged these issues quickly...

Pentium D 2.52Ghz processor, 4 GB RAM

Windows 7 x64 bit Ultimate

I don't know if there's another virus or something on my PC doing this or Combofix truly is Rogue and nobody has yet found this out yet.

I have just ran combofix and now that I've install Photoshop Pro on my PC now, now IT'S corrupted, and gives the same error message when trying to run. Seriously wt*?

Double edit: And now apparently Opening any window or link in Explorer opens double... Interesting.

@Superdave: I had to restart, apparently, so where would the combofix log be stored at? I checked the temp folder to no avail.
« Last Edit: February 01, 2011, 04:52:46 PM by deargodpleasehelp »

SuperDave

  • Malware Removal Specialist
  • Moderator


  • Genius
  • Thanked: 1020
  • Certifications: List
  • Experience: Expert
  • OS: Windows 10
Re: Weird virus issue-I think I'm infected!!
« Reply #17 on: February 01, 2011, 04:40:32 PM »
I need to see the ComboFix log.
Windows 8 and Windows 10 dual boot with two SSD's

deargodpleasehelp

  • Guest
Re: Weird virus issue-I think I'm infected!!
« Reply #18 on: February 03, 2011, 05:48:35 AM »
Unfortunately Superdave, I was unable to get the Combofix log because Windows failed to boot recently...

Yes, I know, I should've been trying to re-run the scan when I had the time, but my harddrive has been giving me weird clicks and whirs, and attempting to boot Windows 7 today...failed...

It got stuck on the loading screen: 'Starting Windows' But no animation, it just got stuck like that...
Data is still accessible and readable, though who knows for how long... I'm not sure, it also could be a rootkit attempting to run on my system at boot... how would I tell? Please help me, Avast only does scans to 32 bit OSes, so x64 bit I do not think is a possibility yet, and with my luck the rootkit already executed :(

Plus I feel I cannot trust Combofix to run on Windows 7... god forbid it does something to my payed, and loved program Photoshop, I won't be getting a refund, my PC will, except where it'll go is in the parking lot.

I'm not trying to be paranoid or something of this program, but I just cannot trust it because it was the last program I ran before noticing problems... Or.... Maybe Paint.NET is the virus...-D

SuperDave

  • Malware Removal Specialist
  • Moderator


  • Genius
  • Thanked: 1020
  • Certifications: List
  • Experience: Expert
  • OS: Windows 10
Re: Weird virus issue-I think I'm infected!!
« Reply #19 on: February 03, 2011, 12:46:10 PM »
Quote
4. Please DO NOT run any other tools or scans while I am helping you.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Here are two things I quoted you in my original reply. Yet, you went ahead and installed PhotoShop Pro.

To Run the SFC /SCANNOW Command in Windows 7
1. Open an elevated command prompt.

2. To Scan and Repair System Files
NOTE: Scans the integrity of all protected system files and repairs the system files if needed.
A) In the elevated command prompt, type sfc /scannow and press Enter. (see screenshot below)
NOTE: This may take some time to finish.



B) Go to step 4.

3. To Only Verify if the System Files are Corrupted
NOTE: Scans and only verifies the integrity of all proteced system files only.
A) In the elevated command prompt, type sfc /verifyonly and press Enter.

4. When the scan is complete, hopefully you will see all is ok like the screenshot below.
NOTE: If not, then you can attempt to run a System Restore using a restore point dated before the bad file occured to fix it. You may need to repeat doing a System Restore until you find a older restore point that may work.



5. When done, close the elevated command prompt.

The ComboFix log should be here: C:\Combo-Fix folder
Windows 8 and Windows 10 dual boot with two SSD's

deargodpleasehelp

  • Guest
Re: Weird virus issue-I think I'm infected!!
« Reply #20 on: February 03, 2011, 02:58:53 PM »
Here are two things I quoted you in my original reply. Yet, you went ahead and installed PhotoShop Pro.

To Run the SFC /SCANNOW Command in Windows 7
1. Open an elevated command prompt.

2. To Scan and Repair System Files
NOTE: Scans the integrity of all protected system files and repairs the system files if needed.
A) In the elevated command prompt, type sfc /scannow and press Enter. (see screenshot below)
NOTE: This may take some time to finish.



B) Go to step 4.

3. To Only Verify if the System Files are Corrupted
NOTE: Scans and only verifies the integrity of all proteced system files only.
A) In the elevated command prompt, type sfc /verifyonly and press Enter.

4. When the scan is complete, hopefully you will see all is ok like the screenshot below.
NOTE: If not, then you can attempt to run a System Restore using a restore point dated before the bad file occured to fix it. You may need to repeat doing a System Restore until you find a older restore point that may work.



5. When done, close the elevated command prompt.

The ComboFix log should be here: C:\Combo-Fix folder

This was on Windows Xp, my other harddrive, seen as C: whilst my windows 7 drive remains untouched. anyways, The Combofix folder apparently just links to the "My Computer" folder...

Also, just wanted to add this: If I cannot boot from Windows 7, how would I run SFC on it? SFC from Xp on a 7 system will just heavily damage and may corrupt the OS, so I suppose you mean the Windows 7 repair disk correct? Ok.

Will attempt to retrieve the combofix log from the drive anyways...

SuperDave

  • Malware Removal Specialist
  • Moderator


  • Genius
  • Thanked: 1020
  • Certifications: List
  • Experience: Expert
  • OS: Windows 10
Re: Weird virus issue-I think I'm infected!!
« Reply #21 on: February 03, 2011, 07:47:56 PM »
You did not do as I asked in Reply # 3 for the HJT fix. Please do it now and post the new log.
Also, you did not do as I asked in Reply  # 9 for the OTL fix. Unless you do as I ask, I will discontinue my help.
Windows 8 and Windows 10 dual boot with two SSD's

deargodpleasehelp

  • Guest
Re: Weird virus issue-I think I'm infected!!
« Reply #22 on: February 04, 2011, 03:04:40 PM »
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:46:13 PM, on 1/22/2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
G:\Program Files\Alwil Software\Avast5\AvastUI.exe
G:\Program Files (x86)\Mozilla Firefox\firefox.exe
G:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
G:\Program Files (x86)\Internet Explorer\iexplore.exe
G:\Program Files (x86)\Internet Explorer\iexplore.exe
G:\Program Files (x86)\CPUID\PC Wizard 2010\pcwizard.dll
G:\Program Files (x86)\NoVirusThanks\Hijack Hunter\HijackHunter.exe
G:\Program Files (x86)\Internet Explorer\iexplore.exe
G:\Program Files (x86)\Trend Micro\HiJackThis\snipper.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = G:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - G:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - G:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avast5] "G:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "G:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "G:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" boot "G:\Users\Administrator\AppData\Local\NVIDIA Corporation\nTune\Profiles\sysdflt.nsu"
O4 - HKCU\..\Run: [Sidebar] G:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - G:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - G:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: g:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: g:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: http://www.cnet.com
O15 - Trusted Zone: http://www.crymod.com
O15 - Trusted Zone: http://www.youtube.com
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} - http://www.windowsvistatestdrive.com/ActiveX/VMRCActiveXClient1.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - G:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - G:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - G:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - G:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - G:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - G:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - G:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - G:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Media Center Support Service (Jasmio.MediaCenter.Service) - Unknown owner - G:\Program Files\Jasmio\Media Center Support Service\Jasmio.MediaCenter.Service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - G:\Windows\system32\lsass.exe (file missing)
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - G:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - G:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - G:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%windir%\system32\nfsrc.dll,-5001 (NfsClnt) - Unknown owner - G:\Windows\system32\nfsclnt.exe (file missing)
O23 - Service: nTune Service (nTuneService) - NVIDIA - G:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - G:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - G:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - G:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - G:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - G:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - G:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - G:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - g:\program files\idt\wdm\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - G:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - G:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - G:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - G:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - G:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - G:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - G:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - G:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8399 bytes

deargodpleasehelp

  • Guest
Re: Weird virus issue-I think I'm infected!!
« Reply #23 on: February 04, 2011, 03:12:31 PM »
I finished the OTL fix, it rebooted my PC...

Though the desktop was unresponsive for what appeared to be a minute or two, I hit Ctrl+Alt+Delete and got task manager up, Runonce.exe was running and it might have been the OTL still running, so I ignored that, didn't seem too suspicious.

I ran the OTL fix, all there is to it. If I'm correct, this is the OTL log file I found generated today:

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cnet.com\www\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\crymod.com\www\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\documents%20and%20settings\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\driver_g\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\google.com\www\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localsvr\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoft.com\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\users\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\youtube.com\www\ not found.
========== COMMANDS ==========
G:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Administrator
->Temp folder emptied: 48867464 bytes
->Temporary Internet Files folder emptied: 1036711 bytes
->Java cache emptied: 30985 bytes
->FireFox cache emptied: 60868747 bytes
->Flash cache emptied: 814 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 308422 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 106.00 mb
 
 
OTL by OldTimer - Version 3.2.20.6 log created on 02042011_170457


SuperDave

  • Malware Removal Specialist
  • Moderator


  • Genius
  • Thanked: 1020
  • Certifications: List
  • Experience: Expert
  • OS: Windows 10
Re: Weird virus issue-I think I'm infected!!
« Reply #24 on: February 04, 2011, 04:52:01 PM »
No, you did not follow the directions for HJT. I want you to fix the items listed.
Windows 8 and Windows 10 dual boot with two SSD's

deargodpleasehelp

  • Guest
Re: Weird virus issue-I think I'm infected!!
« Reply #25 on: February 04, 2011, 07:11:46 PM »
No, you did not follow the directions for HJT. I want you to fix the items listed.

Yes, but they don't show up in the list to fix...  ??? ??? ???

*** EDIT: Nvm, I just didn't update the log... sorry, my mistake :(

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:15:47 PM, on 2/4/2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
G:\Program Files\Alwil Software\Avast5\AvastUI.exe
G:\Program Files (x86)\Internet Explorer\iexplore.exe
G:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe
G:\Program Files (x86)\Internet Explorer\iexplore.exe
G:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\1_0_0_0\RGSC.exe
G:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
G:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\GTAIV.exe
G:\Program Files (x86)\Trend Micro\HiJackThis\snipper.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = G:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - G:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - G:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - G:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - G:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [avast5] "G:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\RunOnce: [OTL] "G:\Users\Administrator\Downloads\OTL.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "G:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" boot "G:\Users\Administrator\AppData\Local\NVIDIA Corporation\nTune\Profiles\sysdflt.nsu"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - G:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - G:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: g:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: g:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} - http://www.windowsvistatestdrive.com/ActiveX/VMRCActiveXClient1.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - G:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - G:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - G:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - G:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - G:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - G:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - G:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - G:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - G:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - G:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Media Center Support Service (Jasmio.MediaCenter.Service) - Unknown owner - G:\Program Files\Jasmio\Media Center Support Service\Jasmio.MediaCenter.Service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - G:\Windows\system32\lsass.exe (file missing)
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - G:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - G:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - G:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%windir%\system32\nfsrc.dll,-5001 (NfsClnt) - Unknown owner - G:\Windows\system32\nfsclnt.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - G:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - G:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - G:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - G:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - G:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - G:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - G:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - g:\program files\idt\wdm\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - G:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - G:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - G:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - G:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - G:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - G:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - G:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - G:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8331 bytes


Anything else I need to do?

And for some reason, not sure if I mentioned this or not, but running a search on Windows start menu and clicking 'see more resulsts' brings up an explorer window that should automatically search, but promptly disappears. An attempt to try again does nothing...

What now?

deargodpleasehelp

  • Guest
Re: Weird virus issue-I think I'm infected!!
« Reply #26 on: February 05, 2011, 11:26:52 AM »
Alright I've ran SFC and now I'm officially stumped.

What the
« Last Edit: February 05, 2011, 01:04:46 PM by Fed »

Allan

  • Moderator

  • Mastermind
  • Thanked: 1260
  • Experience: Guru
  • OS: Windows 10
Re: Weird virus issue-I think I'm infected!!
« Reply #27 on: February 05, 2011, 12:12:20 PM »
Thread closed and your warning level is being increased to moderated posts.