spyware/trojan/virus help

[StylinRed]

so i dont know what happened because i dont download things onto my work computer but it somehow got a bug in it that does a few things

1) whenever i click a link it'll redirect to another page with a download link

2) music/voices will start to play out of nowhere and i have to turn off some service called PING.exe for the sounds to stop

3) i'll keep getting an official looking Adobe pop-up requesting to install Adobe Flash to the latest version (ive updated to the latest through the adobe site manually as i read that was a possible solution but nope)


I've run multiple spyware/adware apps and virus scanners in safe mode too but they're not finding it

i've ran superantispyware, malwarebytes, spybotS&D, kaspersky, hijackthis, stinger (which actually found some Artemis trojan/virus removed it but problem remains), adaware

and nothing works/finds an issue except where noted


-_- im about to just format the bloody thing


any suggestions?

[TOS'd]

post hijackthis log

[StylinRed]

thanks here it is

Spoiler!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:59:37 AM, on 2/6/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
CProgram Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
CProgram Files (x86)\Sony\ISB Utility\ISBMgr.exe
CWindows\SysWOW64\RunDll32.exe
CProgram Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
CProgram Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
CProgram Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
CProgram Files (x86)\Mozilla Firefox\firefox.exe
CProgram Files (x86)\Mozilla Firefox\plugin-container.exe
CUsers\stylinred\Downloads\HijackThis.exe
CWindows\SysWOW64\DllHost.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - CProgram Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - CProgram Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [IAStorIcon] CProgram Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [Dolby Home Theater v4] "CProgram Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
O4 - HKLM\..\Run: [ISBMgr.exe] "CProgram Files (x86)\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Adobe ARM] "CProgram Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SwitchBoard] CProgram Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] CProgram Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] CProgram Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] CWindows\System32\StikyNot.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] CProgram Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] CWindows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] CWindows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - CProgram Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - CProgram Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - CProgram Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - CWindows\System32\alg.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - CProgram Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: DCDhcpService - Atheros Communication Inc. - CProgram Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - CWindows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - CProgram Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IviRegMgr - InterVideo - CProgram Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - CWindows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - CProgram Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - CProgram Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - CWindows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - CWindows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - CWindows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - CProgram Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - CWindows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - CWindows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - CWindows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - CProgram Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia - CProgram Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - CWindows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - CWindows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - CWindows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - CProgram Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - CProgram Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - CWindows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - CProgram Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: VAIO Event Service - Sony Corporation - CProgram Files (x86)\Sony\VAIO Control Center\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - CProgram Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - CWindows\system32\lsass.exe (file missing)
O23 - Service: VCService - Sony Corporation - CProgram Files\Sony\VAIO Care\VCService.exe
O23 - Service: VSNService - Sony Corporation - CProgram Files\Sony\VAIO Smart Network\VSNService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - CWindows\system32\vssvc.exe (file missing)
O23 - Service: VUAgent - Sony Corporation - CProgram Files\Sony\VAIO Update Common\VUAgent.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - CWindows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - CWindows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - CWindows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - CProgram Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

lol @ all the smileys

[chin3se604]

dl malwarebytes and spyware doctor and scan with those

if it doesn't work... try system restoring to a point when your computer was fine

goodluck

[ddr]

have you tried combofix or a linux live cd to scan?

[StylinRed]

yeah combofix found something too removed em
tdds or whatever its called was tried as well but nada


the problem still remains :/ think im gonna have to format

[fs604]

Have you tried system restoring yet ?
Posted via RS Mobile

[TOS'd]

Nothing in the log really stands out.

Have you successfully removed ping.exe? Or does it keep coming back?

[StylinRed]

I tried multiple system restore points but it fails, and i tried to go into safe mode again to try all the different scans again but now the computer wont boot up and a system repair doesnt work either -_- i guess ive got no choice but to reinstall now

[TOS'd]

Remove hdd and plug it into another machine. From there you can run scans again, and just select that hd to scan.

[StylinRed]

Ah i didnt think about that, thanks!

[gars]

You're probably going to need to run the scans in safe mode, if you haven't already.

Boot into safemode with networking by hammering the F8 key when you're first booting up.

Download Malwarebytes - and let it update via the internet - then run the full scan.


I found quite a few malware types won't clean up properly if you don't enter safe mode.

[jeedee]

Quote:

Originally Posted by gars

You're probably going to need to run the scans in safe mode, if you haven't already.

Boot into safemode with networking by hammering the F8 key when you're first booting up.

Download Malwarebytes - and let it update via the internet - then run the full scan.


I found quite a few malware types won't clean up properly if you don't enter safe mode.

Did you not read his post? He did boot into safe mode and scanned it with Malwarebytes.

[StylinRed]

Quote:

Originally Posted by TOS'd

Remove hdd and plug it into another machine. From there you can run scans again, and just select that hd to scan.

So i did this and was pable to find and clean up quitea few things unfortunately my computer still wont boot up, nor is it repairablewith the windows tools

So im stuck having to reinstall anyhow ;(

[gars]

Quote:

Originally Posted by jeedee

Did you not read his post? He did boot into safe mode and scanned it with Malwarebytes.

oops, i thought i read it properly.

I think Avast does a boot-time scan. I'd maybe give that a try.

[StylinRed]

Ah, i gave up whatever it was however it got in there it won, lol, i backed up important files and am installing windows again

[StylinRed]

odd.... installed windows 7 again but it can't detect any network adapters.... how does that make sense?

last time i installed win7pro on this laptop it had most of the drivers and i just connected to the net to download the remaining

this time around i cant connect to anything at all wires or wireless -_-



such a pita

[ddr]

strange.. is this a streamlined or downloaded version with apps bundled? is there an exclamation mark beside the item in device manager?

having drivers =/ connection, can possibly be loose antenna wire or faulty device. not very likely, since you were fine before you formatted.

[StylinRed]

My windows is a download from that company that msdt uses to sell windows, ive used it before on the same laptop and the drivers were already available from the install

Anyhow i downloaded all the drivers onto an external and moved them over to this laptop and everythings working right again -_- yay finally

Thanks for the help guys