Weird virus, doesn't let me open Control Pane

July 28, 2009 at 19:08:47
Specs: Windows Vista, E6550/2GB 800mhz
Hey guys, I recently got a virus and I don't
know how. I haven't gotten one for a year or so
now, I usually have common sense and avoid
threatening sites and don't download anything
suspicious. I was just playing a game and was
browsing a site for the game which looked legit
and some fake anti-virus program came up
called AV Care. I removed it though but now it
seems more annoying, my CPU usage spikes
high sometimes and the computer just doesn't
feel normal. I've tried using avast and nod32 to
scan and clean and they removed some
threats. However, I still can't open Control
Panel at all, it just flashes quick and closes. I
tried using Trojan Remover and VirtumondeFix
and they weren't successful. Here's my
HijackThis log. Thanks for any help. I use
Vista by the way. Also, every few moments I get a window that pops up saying I could be a victim of counterfeit software but it's obviously fake and the icon in the taskbar for it seems third-party. I'm using a legit, bought copy of Vista. I get some "stopped working" windows too. So how should I fix this, and what programs should I use?

Logfile of HijackThis v1.99.1
Scan saved at 10:04:24 PM, on 7/28/2009
Platform: Unknown Windows (WinNT
6.00.1905 SP1)
MSIE: Internet Explorer v7.00
(7.00.6001.18000)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program
Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\Folder Guard
Pro\FGKey.exe
C:\Program Files\Common
Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Razer\Lycosa\razerhid.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\CmUCReye.exe
L:\Program Files\DNA\btdna.exe
C:\Program Files\Steam\Steam.exe
C:\Program
Files\Razer\DeathAdder\razertra.exe
C:\Program
Files\Razer\DeathAdder\razerofa.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Razer\Lycosa\razertra.exe
C:\Users\Administrator\AppData\Local\Google\
Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\
Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\
Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\
Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\
Chrome\Application\chrome.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Users\Administrator\AppData\Local\Google\
Chrome\Application\chrome.exe
C:\Windows\explorer.exe
L:\Program Files\Pidgin\pidgin.exe
C:\Users\Administrator\AppData\Local\Google\
Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\
Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Administrator\Desktop\hj\HijackThis.
exe

R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?Lin...
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://www.meebo.com/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,CustomizeSearch =
R1 -
HKCU\Software\Microsoft\Windows\CurrentVer
sion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-
4900-B3F7-F4B073EFC214} - L:\Program
Files\Orbitdownloader\orbitcth.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper -
{761497BB-D6F0-462C-B6EB-
D4DAF1D92D43} - C:\Program
Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper -
{DBC80044-A445-435b-BC74-9C25C1C588A9}
- C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender]
%ProgramFiles%\Windows
Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched]
"C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [VolPanel] "C:\Program
Files\Creative\SBAudigy\Volume
Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [P17RunE] RunDll32
P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [UpdReg]
C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [DeathAdder] C:\Program
Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [Cmiboot]
C:\Windows\cmiboot.exe
O4 - HKLM\..\Run: [FG_Monitor] C:\Program
Files\Folder Guard Pro\FGKey.exe /Start
O4 - HKLM\..\Run: [ISUSScheduler]
"C:\Program Files\Common
Files\InstallShield\UpdateService\issch.exe" -
start
O4 - HKLM\..\Run: [QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -
atboottime
O4 - HKLM\..\Run: [Lycosa] "C:\Program
Files\Razer\Lycosa\razerhid.exe"
O4 - HKLM\..\Run: [NvCplDaemon]
RUNDLL32.EXE
C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter]
RUNDLL32.EXE
C:\Windows\system32\NvMcTray.dll,NvTaskba
rInit
O4 - HKLM\..\Run: [TrojanScanner]
L:\Program Files\Trojan Remover\Trjscan.exe
/boot
O4 - HKCU\..\Run: [ehTray.exe]
C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update]
"C:\Users\Administrator\AppData\Local\Googl
e\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDA
TE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [BitTorrent DNA]
"L:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program
Files\Windows Media
Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AlcoholAutomount]
"L:\Program Files\Alcohol Soft\Alcohol
120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Steam] "c:\program
files\steam\steam.exe" -silent
O4 - Global Startup: Microsoft Office.lnk =
C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download by
Orbit - res://L:\Program
Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by
Orbit - res://L:\Program
Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload
selected by Orbit - res://L:\Program
Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all
by Orbit - res://L:\Program
Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button:
@C:\Windows\WindowsMobile\INetRepl.dll,-
222 - {2EAF5BB1-070F-11D3-9307-
00C04FAE2D4F} -
C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-
070F-11D3-9307-00C04FAE2D4F} -
C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem:
@C:\Windows\WindowsMobile\INetRepl.dll,-
223 - {2EAF5BB2-070F-11D3-9307-
00C04FAE2D4F} -
C:\Windows\WindowsMobile\INetRepl.dll
O10 - Unknown file in Winsock LSP:
c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP:
c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP:
c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL]
International
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-
5D17D200EE10} (Windows Live OneCare
safety scanner control) -
http://cdn.scan.onecare.live.com/re...
nload/scanner/en-us/wlscctrl2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-
CC0F21721616} -
http://download.divx.com/player/Div...
ugin.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{E6C567
F6-F1A7-42AA-A9C6-2895F5F2DE39}:
NameServer = 192.168.2.1
O18 - Protocol: skype4com - {FFC8B962-
9B40-4DFF-9458-1830C7DD7F5D} -
C:\PROGRA~1\COMMON~1\Skype\SKYPE4
~1.DLL
O20 - Winlogon Notify: fsp_lmwl -
C:\Windows\SYSTEM32\fsp_lmwl.dll
O23 - Service: Adobe LM Service - Adobe
Systems - C:\Program Files\Common
Files\Adobe Systems
Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple
Inc. - C:\Program Files\Common
Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. -
C:\Program
Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative ALchemy AL1
Licensing Service - Creative Labs - C:\Program
Files\Common Files\Creative Labs
Shared\Service\AL1Licensing.exe
O23 - Service: Creative Audio Engine
Licensing Service - Creative Labs - C:\Program
Files\Common Files\Creative Labs
Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service
(CTAudSvcService) - Creative Technology Ltd -
C:\Program Files\Creative\Shared
Files\CTAudSvc.exe
O23 - Service:
@%SystemRoot%\ehome\ehstart.dll,-101
(ehstart) - Unknown owner -
%windir%\system32\svchost.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) -
ESET - L:\Program Files\ESET\ESET NOD32
Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET -
L:\Program Files\ESET\ESET NOD32
Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service -
Acresso Software Inc. - C:\Program
Files\Common Files\Macrovision
Shared\FLEXnet
Publisher\FNPLicensingService.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) -
Unknown owner -
%windir%\system32\svchost.exe (file missing)
O23 - Service: InstallDriver Table Manager
(IDriverT) - Macrovision Corporation -
C:\Program Files\Common
Files\InstallShield\Driver\11\Intel
32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. -
C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lock My PC Service
(LmpcService) - Unknown owner - L:\Program
Files\Lock My PC 4\LmpcServ.exe
O23 - Service: NVIDIA Display Driver Service
(nvsvc) - NVIDIA Corporation -
C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner -
C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner -
C:\Windows\system32\PnkBstrB.exe
O23 - Service:
@%SystemRoot%\system32\qwave.dll,-1
(QWAVE) - Unknown owner -
%windir%\system32\svchost.exe (file missing)
O23 - Service:
@%SystemRoot%\system32\seclogon.dll,-
7001 (seclogon) - Unknown owner -
%windir%\system32\svchost.exe (file missing)
O23 - Service: StarWind AE Service
(StarWindServiceAE) - Rocket Division
Software - L:\Program Files\Alcohol
Soft\Alcohol
120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve
Corporation - C:\Program Files\Common
Files\Steam\SteamService.exe
O23 - Service: TVersityMediaServer - Unknown
owner - L:\Program Files\TVersity\Media
Server\MediaServer.exe
O23 - Service: @%ProgramFiles%\Windows
Media Player\wmpnetwk.exe,-101
(WMPNetworkSvc) - Unknown owner -
%ProgramFiles%\Windows Media
Player\wmpnetwk.exe (file missing)


See More: Weird virus, doesnt let me open Control Pane

Report •


#1
July 28, 2009 at 23:03:01
by the way, the software counterfeit bug says "windows
activation client has stopped responding" when i obviously own a
purchased copy of windows vista.
I also can't open Google Chrome and get an error of 0xc0000005 when I try to open it.

Report •

#2
July 29, 2009 at 11:15:23
Any help? I woke up today with more fake anti-virus programs, I
don't know how they're installing themselves. They keep trying to
remove Malwarebytes which I installed but didn't remove
anything. I get a pop-up from Security Center Alert that wants
me to block Trojan-Downloader.JS.Multi.ca but I can only click
cancel.

Report •

#3
July 29, 2009 at 14:21:15
This is ridiculous, I'm getting pop-ups literally every second of
either Internet Explorer has stopped working, Internet Explorer
has been infected with a virus, system alert: Virus Chin09.Win,
there's plenty more ridiculously annoying popups. I've scanned with Trojan Remover and it detected that a virus removed the necessary windows file userinit.exe. Someone
please help. It seems I have this too
http://www.bleepingcomputer.com/vir...

Report •

Related Solutions


Ask Question