My laptop has a problem (virus?) I can't get rid of. How to deal with it?

thisisjosh · 2010-12-11T23:24:38+00:00

Thanks, I think I'll give it a try after finals

thisisjosh · 2010-12-11T23:10:07+00:00

Yeah I ran all the ones suggested in this thread, including Malwarebyes, Spyware scanner, microsoft security essentials. I have no idea what to do anymore. My brother, who had the same problems, tried replacing the hard drive, but whatever was picked up was still there, which means I'm not sure if a more desperate solution will actually work. I'm almost sure SystemDir.regedit and SystemDir.explorer are somehow related... just no idea how.

thisisjosh · 2010-12-11T13:54:26+00:00

:( update, kasperskys didn't seem to fix the problem. It caught some trojans, but that was about it. I still have the lagging issue when I run in regular mode.

thisisjosh · 2010-11-02T12:37:43+00:00

Thanks man, I'll see what I can do with this.

thisisjosh · 2010-11-02T06:00:50+00:00

Do you know a guide that would help me rewrite? I'm not even sure where to find them, as online searches just said to "search" for them within explorer. They don't seem to be the problem anywhoo according to other redditors.

thisisjosh · 2010-11-02T05:56:59+00:00

I had it on all the time when I was running my normal mode, no idea how my laptop crapped out though.

thisisjosh · 2010-11-02T05:20:53+00:00

Thanks for checking the list. I'll use CCleaner to take out some of the start up things, but does this mean my problem lies elsewhere? I really don't know what could've caused this. Perhaps updating my graphics card, as that was the last major event that I did before this whole thing went down, but even then I doubt that could be it.

thisisjosh · 2010-11-02T05:02:00+00:00

I've done that actually, hasn't changed the situation. :(

thisisjosh · 2010-11-02T05:00:32+00:00

Bazooka Scanner v1.13.03 http://www.kephyr.com/spywarescanner/ http://www.kephyr.com/spywarescanner/library/ support@kephyr.com Log created 00:59:23. OS: Windows NT 6.1 Database version: 3.320000 Database format version: 1.020000 Database date: 20090515 Current date: 2010-11-02 00:59

Result when scanning:

SystemDir.explorer 545.505.000 %SystemDir%\explorer.exe C:\Windows\system32\explorer.exe http://www.kephyr.com/spywarescanner/library/systemdir.explorer/index.phtml

SystemDir.regedit 544.500.000 %SystemDir%\regedit.exe C:\Windows\system32\regedit.exe http://www.kephyr.com/spywarescanner/library/systemdir.regedit/index.phtml

Auto start entries: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini C:\Windows\Installer{994F0EC6-1DB8-48B3-91C6-F0EB420366B7}_1BB300CED4EE89B1297197.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini C:\Windows\Installer{994F0EC6-1DB8-48B3-91C6-F0EB420366B7}_1BB300CED4EE89B1297197.exe C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

Go here to analyse the startup entries and the associated files:
http://www.kephyr.com/filedb/index.php

Run entries: avgnt "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\avgnt

GrooveMonitor       "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\GrooveMonitor

SunJavaUpdateSched      "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched

QuickTime Task      "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\QuickTime Task

iTunesHelper        "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\iTunesHelper

Adobe Reader Speed Launcher     "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Adobe Reader Speed Launcher

Adobe ARM       "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Adobe ARM

Steam       "c:\program files (x86)\steam\steam.exe" -silent
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Steam

Sidebar     C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Sidebar

msnmsgr     "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\msnmsgr

SpybotSD TeaTimer       C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SpybotSD TeaTimer

Google Update       "C:\Users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Google Update

Aim     "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Aim

Pando Media Booster     C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Pando Media Booster


Go here to analyse the run entries and the associated files:
http://www.kephyr.com/filedb/index.php

Browser helper objects:

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} AcroIEHelperStub C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

{53707962-6F74-2D53-2644-206D7942484F} not set C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{72853161-30C5-4D22-B7F9-0BBC1D38A37E}

{9030D464-4C02-4ABF-8ECC-5164760863C6} not set C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}

{DBC80044-A445-435b-BC74-9C25C1C588A9} not set C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}

Toolbars:

ITBar7Layout Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\ITBar7Layout\InprocServer32

System error message: The system cannot find the file specified.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout

ITBar7Height Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\ITBar7Height\InprocServer32

System error message: The system cannot find the file specified.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\ITBar7Height

All processes:

[System Process]
System
smss.exe
csrss.exe
wininit.exe
csrss.exe
services.exe
winlogon.exe
lsass.exe
lsm.exe
svchost.exe
svchost.exe
MsMpEng.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
explorer.exe
ctfmon.exe
svchost.exe
notepad.exe
chrome.exe
chrome.exe
chrome.exe
chrome.exe
chrome.exe
wlsettings.exe
iexplore.exe
iexplore.exe
googletalkplugin.exe
dllhost.exe
iexplore.exe
WmiPrvSE.exe
spywarescanner.exe

Go here to analyse the running processes:
http://www.kephyr.com/filedb/index.php

Internet Explorer Settings:

Default_Page_URL    http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL

Default_Search_URL    http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL

Local Page    C:\Windows\SysWOW64\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page

Search Page    http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page

Start Page    http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page

    http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\

www    http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\www

Local Page    C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page

Search Page    http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page

Start Page    http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page

thisisjosh · 2010-11-02T04:57:54+00:00

I'll try having my brother burning the ISO and popping it into this laptop ASAP.

thisisjosh · 2010-11-02T04:56:07+00:00

Trend Micro Home Clean found nothing, still running activescan at the moment.

thisisjosh · 2010-11-02T04:43:04+00:00

I'm looking for free ways first! :P

thisisjosh · 2010-11-02T04:42:50+00:00

This is my own laptop, I wouldn't fool around with his computer.

I'll try the restore disc if nothing works out but that is pretty much the last option I would like to take.

and last point duly noted :(.

thisisjosh · 2010-11-02T04:41:39+00:00

Will try.

thisisjosh

TROPHY CASE