Super Nasty Virus

[frank89419]

I downloaded a fake program from a torrent site. Ended up installing 40+ programs. Had to use Iobit uninstaller to get rid of them all. I then ran malwarebytes full system scan. Then I ran avast full system scan and avast boot time scan. I thought I would have got rid of it all, but no.

Now when I boot my pc, cmd pops up I forget what it said but I googled it and was informed to download HiJackThis, I ran hijackthis and saved a log file, I have not deleted anything yet. Below is a post of what is in the log. What do I do next?

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 5:43:34 PM, on 10/29/2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0000)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\internee\rise.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Users\Spanky\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http/go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http/go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http/go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http/go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http/hp.myway.com/mytransitguide/ttab02/index.html?n=782B49A2&p2=^BNH^xdm648^TTAB02^us&ptb=ECBBA3C9-958C-4AB0-8A78-07BB36511AEB&si=539528_17&coid=d9375dcf49ce4b4bb4ede1d35a790510
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 107.178.255.88 www.google-analytics.com
O1 - Hosts: 107.178.255.88 www.statcounter.com
O1 - Hosts: 107.178.255.88 statcounter.com
O1 - Hosts: 107.178.255.88 ssl.google-analytics.com
O1 - Hosts: 107.178.255.88 partner.googleadservices.com
O1 - Hosts: 107.178.255.88 google-analytics.com
O1 - Hosts: 107.178.248.130 static.doubleclick.net
O1 - Hosts: 107.178.247.130 connect.facebook.net
O1 - Hosts: 107.178.255.88 www.google-analytics.com
O1 - Hosts: 107.178.255.88 www.statcounter.com
O1 - Hosts: 107.178.255.88 statcounter.com
O1 - Hosts: 107.178.255.88 ssl.google-analytics.com
O1 - Hosts: 107.178.255.88 partner.googleadservices.com
O1 - Hosts: 107.178.255.88 google-analytics.com
O1 - Hosts: 107.178.248.130 static.doubleclick.net
O1 - Hosts: 107.178.247.130 connect.facebook.net
O1 - Hosts: 162.222.194.13 cocomo.tremorhub.com
O1 - Hosts: 162.222.194.13 www.virustotal.com
O1 - Hosts: 162.222.194.13 virustotal.com
O2 - BHO: Wondershare Video Converter Ultimate 7.1.0 - {451C804F-C205-4F03-B48E-537EC94937BF} - C:\PROGRA~3\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll
O4 - HKLM\..\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [alternatives] "C:\Program Files (x86)\mungo\kopper.exe"
O4 - HKCU\..\Run: [rise] "C:\Program Files (x86)\internee\rise.exe"
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: WSWSVCUchrome - {1CA93FF0-A218-44F1 - (no file)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Corsair Link 4 (CLink4Service) - Corsair Components, Inc. - C:\Program Files (x86)\CorsairLink4\CorsairLink4.Service.exe
O23 - Service: Windows cSysSecure Service (cSysSecure) - Unknown owner - C:\WINDOWS\cSysSecure\16.9.17.5\SysSecure.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: Windows Disc Cleaner (DiscCleaner) - Unknown owner - C:\WINDOWS\system32\DiscCleaner/161081\DiscCleaner.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: FreemakeVideoCapture - Ellora Assets Corp. - C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wondershare Application Framework Service (WsAppService) - Wondershare - C:\Program Files (x86)\Wondershare\WAF\2.2.0.5\WsAppService.exe
O23 - Service: Windows xBooster (xBooster) - Unknown owner - C:\WINDOWS\xBooster\161081\xBooster.exe

--
End of file - 8600 bytes

 

[Dark Lord of Tech]

Both are FREE.

Run ADW Cleaner
http/www.bleepingcomputer.com/download/adwcleaner/

and

HerdProtect (Uses 68 Antivirus scanning engines)
https/www.herdprotect.com/installers/herdProtectScan_Portable.exe

Normally after a serious infection like this , it's best to backup and clean install.

A lot of torrents come piggybacked with serious malware.

 

[soundguruman]

Pretty silly...
because you should never use "free" downloads to fix a virus problem.

Also: You should never load multiple security programs into a computer:
because they will conflict w/ each other.

There is 2 things you can try
delete ALL the free programs
Install a professional antivirus (NOT a "free" download.)
Activate, update antivirus, and scan entire computer.

2.
Back up all your files.
Reformat the drive...re-install the OS.
Then replace all your files from a back up.

Then (from now on)
DO NOT use "free" programs downloaded from the internet.
ONLY use an all-in-one professional antivirus. THAT'S ALL.

DO NOT install programs such as: "CC Cleaner," or any of that "free" garbage.

But
if you continue to download "free" programs...you will continue to have nothing but problems.

And then I can say: "I told you so."

FREE programs from the internet:
more than 80% of these are MALWARE.
They are designed for gullible people...and the gullible FALL for it, every time.
Stop being gullible.

And that is the best advice you will ever receive - about computer security.

 

[soundguruman]

Both are FREE.

Run ADW Cleaner
http/www.bleepingcomputer.com/download/adwcleaner/

and

HerdProtect (Uses 68 Antivirus scanning engines)
https/www.herdprotect.com/installers/herdProtectScan_Portable.exe

Normally after a serious infection like this , it's best to backup and clean install.

A lot of torrents come piggybacked with serious malware.

I think that is the worst possible advice, ever.

 

[hang-the-9]

Both are FREE.

Run ADW Cleaner
http/www.bleepingcomputer.com/download/adwcleaner/

and

HerdProtect (Uses 68 Antivirus scanning engines)
https/www.herdprotect.com/installers/herdProtectScan_Portable.exe

Normally after a serious infection like this , it's best to backup and clean install.

A lot of torrents come piggybacked with serious malware.

I think that is the worst possible advice, ever.

There are tons of very good free anti-virus programs out there, don't know why you think it's bad advice to use one. It's not like they are random web searches and we select anything with a flashy logo. Malwarebytes is a free scanner for home use, and it's very good. Same thing for AVG, Avira and a number of other free anti-virus products. CCleaner has some issues but that is not because it's free, it can be a bit too aggressive in removing registry entries and files, causing boot or application issues.

3/4 of the paid anti-virus programs are worse than 3/4 of the free ones, the best of each type is equal enough to use.

 

[maxwellmelon]

agree with the mods. most paid services don't offer anything more then updates released to them first or extra bells and whistles. most free and paid programs use the exact same virus database.

 

[frank89419]

Pretty silly...
because you should never use "free" downloads to fix a virus problem.

Also: You should never load multiple security programs into a computer:
because they will conflict w/ each other.

There is 2 things you can try
delete ALL the free programs
Install a professional antivirus (NOT a "free" download.)
Activate, update antivirus, and scan entire computer.

2.
Back up all your files.
Reformat the drive...re-install the OS.
Then replace all your files from a back up.

Then (from now on)
DO NOT use "free" programs downloaded from the internet.
ONLY use an all-in-one professional antivirus. THAT'S ALL.

DO NOT install programs such as: "CC Cleaner," or any of that "free" garbage.

But
if you continue to download "free" programs...you will continue to have nothing but problems.

And then I can say: "I told you so."

FREE programs from the internet:
more than 80% of these are MALWARE.
They are designed for gullible people...and the gullible FALL for it, every time.
Stop being gullible.

And that is the best advice you will ever receive - about computer security.

...............................................

A lot of what you said is wrong and the evidence of this goes as follows... I fixed it myself a while ago with exactly what you said would not fix it. Lets start with a list shall we...

1. "because you should never use "free" downloads to fix a virus problem." ... The free programs I used are the free versions to the top rated anti virus programs out there, they still get rid of viruses on scan / delete but do not actively protect you in the first place.

2. "Also: You should never load multiple security programs into a computer:
because they will conflict w/ each other." ... This is true for two anti virus programs that do the exact same thing, this can even happen with an anti virus program and malwarebytes LINK SCANNER which is only available in the full version, not my free version so there is no conflict there. Unlike you, I actually have an understanding with what conflicts with what.

3. ~~~When I asked for help, I was asking for help from someone more intelligent than me, not less intelligent and ignorant about it.

4. You wanted me to reformat my stuff? This is laughable, I fixed everything and got to keep everything except the virus's of course.

5. "FREE programs from the internet:
more than 80% of these are MALWARE.
They are designed for gullible people...and the gullible FALL for it, every time.
Stop being gullible."
... Possibly true, I didn't install 80% of the free anti virus programs though so that doesn't apply to me. AVAST as I said I had installed isn't malware... Neither is Malwarebytes, neither is Hitman Pro (which I also ended up using), neither is HiJack This which is the other one I mentioned. So stop trying to give me false statistics on things that never even applied to me in the first place.

6. You are dead wrong about everything you said, seriously don't ever go into the computer repair industry, unless it is for Geek Squad, you'd fit in there no problem.

 

[Paul NZ]

Forget Mcafee if it wasnt screwed before you installed it will be if you do lol

Just disable system restore. Then run adwcleaner. Enough said.

If you think you have a Trojan use trojan remover. If it finds nasties, it'll also remove it from the registry

And yes it is safe. I'm a registered user of it

It'll also reset everything