Sign in with
Sign up | Sign in
Your question

Strange Virus, many programs won't open

Last response: in Windows 7
Share
September 16, 2010 2:26:44 AM

I've got a very odd virus that won't let me open various programs, ex. iTunes, CCleaner. AVG I can't even install anymore. Oddly enough, I can open some programs like Google Chrome, Winamp, etc. Anyone ever heard of this virus or have a way of solving it? I've already done a factory restore, but no luck. Thanks!
a b $ Windows 7
September 17, 2010 12:02:39 AM

Have you tried running the AV in SAFE mode? What processes are running? Have you downloaded and installed hijackthis? Does it show any strange processes, keys, etc. Caution: Do not use hijackthis to delete registry entries unless you are certain they are problems.
m
0
l
September 17, 2010 1:36:10 AM

Thanks for replying. After running hijackthis in Safe mode, I've got a log, and i'm not quite sure if there's anything out of place in it. -

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:54:06 PM, on 16/09/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Safe mode

Running processes:
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\TristanGateway\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [3RVX] C:\Program Files (x86)\3RVX\3RVX.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\Partner.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8403 bytes


As for processes running, at the moment i've got nothing out of the ordinary (as far as i know), and i've checked most of it online. A bit more info on the virus, I can see the program in the Processes tab of Task manager, but not in the applications tab, strange. Cheers.
m
0
l
Related resources
a b 8 Security
a b $ Windows 7
September 17, 2010 6:36:26 AM

battery9000 said:
Thanks for replying. After running hijackthis in Safe mode, I've got a log, and i'm not quite sure if there's anything out of place in it. -

Logfile of Trend Micro HijackThis v2.0.4


As for processes running, at the moment i've got nothing out of the ordinary (as far as i know), and i've checked most of it online. A bit more info on the virus, I can see the program in the Processes tab of Task manager, but not in the applications tab, strange. Cheers.


[#0005ff]A log made from a Safe Mode scan isn't tremendously illuminating. Go to http://www.malwarebytes.com and download MalwareBytes. Rename the main executable installation file - call it fred.exe or similar - and install it on to the infected machine in Normal Mode then find the file mbam.exe and rename that joe.exe to fool the threat into allowing it to run. When it's fully updated run the QuickScan, let it fix anything it shows in the Show results list then restart the computer. Run the Full Scan and do the same again. After that restart, go back in and click the logs tab and post both logs back here, along with the log of another HJT scan. [/#000ff]
m
0
l
September 17, 2010 10:04:53 AM

battery9000 said:
I've got a very odd virus that won't let me open various programs, ex. iTunes, CCleaner. AVG I can't even install anymore. Oddly enough, I can open some programs like Google Chrome, Winamp, etc. Anyone ever heard of this virus or have a way of solving it? I've already done a factory restore, but no luck. Thanks!


On Windows computers there is what is called a "SAFE MODE," which sometimes allows us to fix things that we can not fix is all other programs are loaded. But unless you are very skilled at working with virus removal and also computers, I would simply call an experienced technician and have themn fix it for you or you could end up corrupting your entire hard drive and possibly ruining your computer.
m
0
l
a b $ Windows 7
September 17, 2010 11:52:36 AM

It looks to me as from your logs as if you have had a virus but your anti-virus program (Avast) has removed it and in the process of removing infected files has stopped various programs from working. You will need to reinstall the programs that are no longer working. I would also suggest that you download the free version of Malwarebytes antivirus and perform a system scan. You said that AVG was not working, from your logs you do not have AVG installed but you do have Avast installed, it is not a good idea to have more than one antivirus program installed at a time. (the free Malwarebytes program is ok to have installed as a second antivirus program as it is not resident.)
m
0
l
a b 8 Security
a b $ Windows 7
September 17, 2010 1:09:09 PM

pjmelect said:
It looks to me as from your logs as if you have had a virus but your anti-virus program (Avast) has removed it and in the process of removing infected files has stopped various programs from working. You will need to reinstall the programs that are no longer working. I would also suggest that you download the free version of Malwarebytes antivirus and perform a system scan. You said that AVG was not working, from your logs you do not have AVG installed but you do have Avast installed, it is not a good idea to have more than one antivirus program installed at a time. (the free Malwarebytes program is ok to have installed as a second antivirus program as it is not resident.)


I hope you're right but I'd still like to see his Normal Mode scan results if only to see why so many File Missing messages show in the Services.

I doubt any programmes have been removed but possibly they've been partially disabled and one way to prove that would be Doug Knox's EXE File Fix from the XP Fixes part of his website at http://www.dougknox.com.

m
0
l
a b $ Windows 7
September 17, 2010 6:54:07 PM

As others posted, those (file missing) messages are an indication of why some of your programs are not working. The only other questionable line I saw was:
"O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe"

WildTangent has been a prime source of malware for years.

Many of the missing files are windows files/services. I think I would do a repair install of the OS, reinstall Avast, update it, and perform a full scan.

m
0
l
September 18, 2010 4:08:14 AM

I've already done a factory settings restore, the problem persisted, as for WildTangent, it comes with the computer. I've got the Hijackthis results here (ran in normal mode).

  1. Logfile of Trend Micro HijackThis v2.0.4
  2. Scan saved at 1:35:06 AM, on 18/09/2010
  3. Platform: Windows 7 (WinNT 6.00.3504)
  4. MSIE: Internet Explorer v8.00 (8.00.7600.16385)
  5. Boot mode: Normal
  6.  
  7. Running processes:
  8. C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
  9. C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
  10. C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
  11. C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
  12. C:\Program Files\Alwil Software\Avast5\AvastUI.exe
  13. C:\Users\TristanGateway\AppData\Local\Google\Chrome\Application\chrome.exe
  14. C:\Users\TristanGateway\AppData\Local\Google\Chrome\Application\chrome.exe
  15. C:\Users\TristanGateway\AppData\Local\Google\Chrome\Application\chrome.exe
  16. C:\Users\TristanGateway\AppData\Local\Google\Chrome\Application\chrome.exe
  17. C:\Users\TristanGateway\AppData\Local\Google\Chrome\Application\chrome.exe
  18. C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
  19. C:\Windows\SysWOW64\DllHost.exe
  20.  
  21. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = <a href="http://go.microsoft.com/fwlink/?LinkId=54896" rel="nofollow" target="_blank">http://go.microsoft.com/fwlink/?LinkId=54896</a>
  22. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://go.microsoft.com/fwlink/?LinkId=69157" rel="nofollow" target="_blank">http://go.microsoft.com/fwlink/?LinkId=69157</a>
  23. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <a href="http://go.microsoft.com/fwlink/?LinkId=69157" rel="nofollow" target="_blank">http://go.microsoft.com/fwlink/?LinkId=69157</a>
  24. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = <a href="http://go.microsoft.com/fwlink/?LinkId=54896" rel="nofollow" target="_blank">http://go.microsoft.com/fwlink/?LinkId=54896</a>
  25. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = <a href="http://go.microsoft.com/fwlink/?LinkId=54896" rel="nofollow" target="_blank">http://go.microsoft.com/fwlink/?LinkId=54896</a>
  26. R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://go.microsoft.com/fwlink/?LinkId=69157" rel="nofollow" target="_blank">http://go.microsoft.com/fwlink/?LinkId=69157</a>
  27. R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
  28. R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
  29. R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
  30. R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
  31. F2 - REG:system.ini: UserInit=userinit.exe
  32. O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
  33. O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
  34. O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll
  35. O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
  36. O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
  37. O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
  38. O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
  39. O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
  40. O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
  41. O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
  42. O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
  43. O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
  44. O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
  45. O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
  46. O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
  47. O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
  48. O4 - HKCU\..\Run: [Google Update] "C:\Users\TristanGateway\AppData\Local\Google\Update\GoogleUpdate.exe" /c
  49. O4 - HKCU\..\Run: [3RVX] C:\Program Files (x86)\3RVX\3RVX.exe
  50. O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
  51. O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
  52. O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
  53. O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
  54. O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
  55. O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
  56. O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
  57. O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
  58. O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
  59. O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
  60. O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
  61. O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
  62. O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
  63. O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
  64. O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
  65. O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
  66. O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
  67. O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
  68. O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
  69. O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
  70. O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  71. O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
  72. O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
  73. O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
  74. O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
  75. O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
  76. O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
  77. O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
  78. O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\Partner.exe
  79. O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
  80. O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
  81. O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
  82. O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
  83. O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
  84. O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
  85. O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
  86. O23 - Service: Updater Service - Acer - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
  87. O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
  88. O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
  89. O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
  90. O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
  91. O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
  92. O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
  93.  
  94. --
  95. End of file - 9469 bytes
m
0
l
a b 8 Security
a b $ Windows 7
September 18, 2010 5:58:28 AM

battery9000 said:
I've already done a factory settings restore, the problem persisted, as for WildTangent, it comes with the computer. I've got the Hijackthis results here (ran in normal mode).

Logfile of Trend Micro HijackThis v2.0.4




[#0005ff]This after a factory reset? The log still shows a number of anomalies but nothing dangerous, and apart from agreeing with TreeFrog on Wild Tangent, I'm not seeing anything that prevents programmes running. Did you try the Doug Knox fix? I wonder why you have so many 04 entries yet so few running processes when you take out the surplus Google Chrome lines.

I'd like you to restore back to factory settings again, saving only the safest of personal files but not putting them back in until you've run an HJT scan as soon as the system is up and running. First, though, in the existing system, run ComboFix to see if there ar eany deep Rootkits that might carry over to the new system.

Go to http://www.bleepingcomputer.com and read and understand the instructions on ComboFix then download and run it. Let it take as long as it wants - cutting it short leads to disaster.
[/#000ff]
m
0
l
a b 8 Security
a b $ Windows 7
September 18, 2010 7:20:47 AM

Run through the malware guide in my signature.
m
0
l
!