Tech Support Forum banner
Status
Not open for further replies.
1 - 2 of 2 Posts

·
Registered
Joined
·
2 Posts
Discussion Starter · #1 ·
Think that this a virus. All of a sudden, nothing can be opened from start menu or from search box or via a double-click (gives false message about internet security). Can only run an exe by using CTRL+SHIFT+ESC to open Task Manager and then run a process from the task manager menu. Can't get to internet, etc. On another machine, downloaded dds.scr & gmer.zip. Executed dds.scr and gmer.exe from thumbdrive and saved results back to thumbdrive. dds.scr executed and files attached below. gmer.exe opens but gives a message that a file (no name given) cannot be found in c:\windows\system32, therefore no ark.txt available.

This Win 7 x64 Prof was created by an in-place upgrade from Vista 64. All disks and keys available.

I hope that you can see a way forward.


DDS (Ver_09-12-01.01) - NTFSX64
Run by Scott at 14:54:47.20 on Thu 10/12/2009
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Professional 6.1.7600.0.1252.61.1033.18.4093.3140 [GMT 10.5:30]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
G:\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wuauclt.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
mLocal Page = c:\windows\syswow64\blank.htm
mWinlogon: Userinit=userinit.exe
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
uRun: [InternodeUsage] c:\progra~2\intern~2\mum.exe
uRun: [DAEMON Tools Lite] "c:\program files (x86)\daemon tools lite\DTLite.exe" -autorun
mRun: [Google Quick Search Box] "c:\program files (x86)\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {9C3DD41C-CD84-4990-A679-5054472966C6} = 192.231.203.132,192.231.203.3
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\scott\appdata\roaming\mozilla\firefox\profiles\10c01esg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-9-27 240232]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-6-11 187392]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]

=============== Created Last 30 ================

2009-12-10 02:10:42 0 d-----w- c:\programdata\AVP 2009
2009-12-10 02:10:42 0 ----a-w- c:\windows\syswow64\MSVolumeAMP.dll
2009-12-10 02:10:37 0 d-----w- c:\program files (x86)\AntiMalware_Pro
2009-12-08 02:25:24 0 d-----w- c:\program files (x86)\Cryptic Comet
2009-12-07 04:34:38 0 d-----w- C:\.jagex_cache_32
2009-12-07 04:34:17 411368 ----a-w- c:\windows\syswow64\deploytk.dll
2009-12-07 04:34:17 149280 ----a-w- c:\windows\syswow64\javaws.exe
2009-12-07 04:34:17 145184 ----a-w- c:\windows\syswow64\javaw.exe
2009-12-07 04:34:17 145184 ----a-w- c:\windows\syswow64\java.exe
2009-12-03 01:19:25 0 d-----w- c:\program files (x86)\S.H.M.U.P Demo
2009-11-25 12:21:31 2048 ----a-w- c:\windows\syswow64\tzres.dll
2009-11-25 12:21:31 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 09:02:36 136577416 ----a-w- c:\windows\MEMORY.DMP
2009-11-21 03:07:49 0 d-----w- c:\windows\syswow64\directx
2009-11-21 03:07:41 0 d-----w- c:\program files (x86)\DTF
2009-11-17 06:53:02 0 d-----w- c:\program files (x86)\HP
2009-11-17 06:53:01 0 d-----w- c:\windows\Downloaded Installations
2009-11-12 10:05:19 834544 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-12 10:05:05 0 d-----w- c:\program files (x86)\DAEMON Tools Lite
2009-11-12 10:04:49 0 d-----w- c:\users\scott\appdata\roaming\DAEMON Tools Lite
2009-11-12 10:04:47 0 d-----w- c:\programdata\DAEMON Tools Lite
2009-11-12 10:01:13 0 d-----w- c:\program files\WinRAR
2009-11-12 08:02:50 0 d-----w- c:\program files (x86)\uTorrent
2009-11-12 08:02:19 0 d-----w- c:\users\scott\appdata\roaming\uTorrent
2009-11-12 07:10:27 0 d-----w- C:\Subvein
2009-11-12 06:35:13 0 d-----w- c:\users\scott\appdata\roaming\ActionSoft
2009-11-12 06:35:12 4096 ----a-w- c:\windows\d3dx.dat
2009-11-12 06:34:49 0 d-----w- c:\program files (x86)\Insectoid 1.0.0
2009-11-11 10:28:59 0 d-----w- c:\program files (x86)\Paradox Interactive
2009-11-11 10:27:07 0 d-----w- c:\program files (x86)\Gratuitous Space Battles Demo
2009-11-11 06:56:13 0 d-----w- c:\users\scott\appdata\roaming\runic games
2009-11-11 06:47:15 0 d-----w- c:\program files (x86)\Runic Games
2009-11-11 06:43:42 0 d-----w- c:\program files (x86)\fraps

==================== Find3M ====================

2009-11-07 22:49:58 86016 ----a-w- c:\windows\syswow64\frapsvid.dll
2009-11-07 22:49:56 84992 ----a-w- c:\windows\system32\frapsv64.dll
2009-11-03 12:02:42 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-11-02 10:12:06 226688 ------w- c:\windows\system32\MpSigStub.exe
2009-10-31 10:05:05 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-10-19 14:10:10 5958656 ----a-w- c:\windows\syswow64\mshtml.dll
2009-09-27 07:54:22 3778664 ----a-w- c:\windows\system32\nvcplui.exe
2009-09-27 07:53:00 4546152 ----a-w- c:\windows\system32\nvvitvs.dll
2009-09-27 07:53:00 3746920 ----a-w- c:\windows\system32\nvwss.dll
2009-09-27 07:53:00 289896 ----a-w- c:\windows\system32\nvmccss.dll
2009-09-27 07:53:00 1647720 ----a-w- c:\windows\system32\nvmobls.dll
2009-09-27 07:53:00 1646696 ----a-w- c:\windows\system32\nvsvs.dll
2009-09-27 07:52:00 991848 ----a-w- c:\windows\system32\nvsvc64.dll
2009-09-27 07:52:00 82536 ----a-w- c:\windows\system32\nvmctray.dll
2009-09-27 07:52:00 5426792 ----a-w- c:\windows\system32\nvdisps.dll
2009-09-27 07:52:00 5208168 ----a-w- c:\windows\system32\nvgames.dll
2009-09-27 07:52:00 383592 ----a-w- c:\windows\system32\nvvsvc.exe
2009-09-27 07:52:00 244840 ----a-w- c:\windows\system32\nvshext.dll
2009-09-27 07:52:00 16666728 ----a-w- c:\windows\system32\nvcpl.dll
2009-09-23 01:34:37 4513792 ----a-w- c:\windows\system32\vpc.exe
2009-09-23 01:33:36 936448 ----a-w- c:\windows\system32\vmsal.exe
2009-09-23 01:33:34 1209856 ----a-w- c:\windows\system32\VMWindow.exe
2009-09-23 01:33:04 2262016 ----a-w- c:\windows\system32\VPCWizard.exe
2009-09-23 01:32:59 1369600 ----a-w- c:\windows\system32\VPCSettings.exe
2009-09-23 01:32:43 562176 ----a-w- c:\windows\system32\VMCPropertyHandler.dll
2009-09-23 01:32:31 15872 ----a-w- c:\windows\system32\vpchbuspipe.dll
2009-09-23 01:18:23 793600 ----a-w- c:\windows\syswow64\vmsal.exe
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 14:55:11.44 ===============
 

Attachments

·
Registered
Joined
·
2 Posts
Discussion Starter · #2 ·
BUMP - it is now 8 days since this was posted. And no reaction from your experts.

This is a serious problem. I still have no solution. I do not want to have to rebuild the system entirely from scratch as that would loose some vital settings.

RobinRL
 
1 - 2 of 2 Posts
Status
Not open for further replies.
Top