1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Cannot run ANY virus scans including online ones

Discussion in 'Windows - Virus and spyware problems' started by jandv46, Jul 20, 2011.

  1. jandv46

    jandv46 Member

    Joined:
    Jun 27, 2004
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    11
    I guess my computer is infected since i can't really do anything at this point as far as trying to to remove this infection...
    Originally i used Nod32 but 2 days ago i started getting these window security popups for all these trusted programs asking if i want to unblock them. then Nod32 real-time protection tells me there are over 200 threats and that only 1 was successfully cleaned...but it seemed like the the files being reported are legitimate files such as Apple mobile devices, adobe acrobat, google chrome etc...all these files failed to be cleaned according to nod32...
    Assuming that nod32 had been compromised i tried to repair and then uninstall nod32 to no avail...then i tried to d/l and install various other AV products...stopzilla, avg, malwarebytes, bitdefender, etc....could not even complete installation for most...malwarebytes and stopzilla seemed to install but they could not launch any scanners... i have tried the above steps in normal and safemode...can't scan in safemode either

    I went over the steps in the Read Me First post...
    1-ATF cleaner seemed to work since it said it deleted like 100m+ in files.
    2-Kaspersky online scanner does not seem to work...idk if it's down at the site or my browser is blocking it...i would assume the latter since i can't seem to run other scanners online as well....scans would start in the browser but then browser would close after a few seconds...
    3-still rebooted and downloaded HijackThis...installed...when program is run i see it start to scan but then it will shut down after 5 or so seconds every time i try it

    I don't know what to do at this point but i am assuming htis is an ugly iunfection >.<;;
    HELP!!!!!!!!!
     
  2. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,167
    Likes Received:
    136
    Trophy Points:
    143
    what windows are you using?
     
  3. jandv46

    jandv46 Member

    Joined:
    Jun 27, 2004
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    11
    windows xp home edition sp3
    and thank you^^
     
  4. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,167
    Likes Received:
    136
    Trophy Points:
    143
    restart the computer & press f8 to get safemode menu. select safemode, let it load to where you have the option of administrator or your account. select administrator & press cancel when it comes up about safemode reasons so that you can do a system restore to before the problem showed up.
     
  5. jandv46

    jandv46 Member

    Joined:
    Jun 27, 2004
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    11
    I have already tried restoring to previous points and every single one failed (in normal as well as safe mode)...so i currently have turned restore off to flush possible infections in the restore points...
    i forgot to mention that sorry...also my IE8 is inaccessible while chrome still seems to work minus the random redirects...
    Thank you
     
  6. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,167
    Likes Received:
    136
    Trophy Points:
    143
    save your data & do a fresh install of windows.
     
  7. jandv46

    jandv46 Member

    Joined:
    Jun 27, 2004
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    11
    is that really my only option?...
     
  8. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,167
    Likes Received:
    136
    Trophy Points:
    143
    i would say yes as you can't install programs to correct the problems or that they shut down before they are supposed to. your system restore does not work besides being turned off.
     
  9. jandv46

    jandv46 Member

    Joined:
    Jun 27, 2004
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    11
    isn't there another prog i can use if i can't use hijackthis? just something, anything i could use to get a scan and log i could post...i'm desperate since i wouldn't even begin to know where to find my orig windows cd......
     
  10. Igmutaka

    Igmutaka Member

    Joined:
    Jan 20, 2007
    Messages:
    71
    Likes Received:
    0
    Trophy Points:
    16
  11. jandv46

    jandv46 Member

    Joined:
    Jun 27, 2004
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    11
    was that link for spybot s&d? anyways that didn't work either...

    HOWEVER i was able to run combofix and here is the log:


    ComboFix 11-07-21.02 - Compaq_Owner 07/21/2011 16:34:40.3.1 - x86
    Running from: c:\documents and settings\Compaq_Owner\Desktop\Combo-Fix.exe
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\assembly\GAC_MSIL\desktop.ini
    .
    ---- Previous Run -------
    .
    c:\documents and settings\Administrator.FAMILY\WINDOWS
    c:\documents and settings\Administrator\WINDOWS
    c:\documents and settings\Compaq_Owner\Application Data\FFSJ
    c:\documents and settings\Compaq_Owner\Application Data\FFSJ\FFSJ.cfg
    c:\documents and settings\Compaq_Owner\WINDOWS
    c:\documents and settings\Default User\WINDOWS
    c:\documents and settings\JP\WINDOWS
    c:\program files\Mozilla Firefox\extensions\{1CE11043-9A15-4207-A565-0C94C42D590D}
    c:\program files\Mozilla Firefox\extensions\{1CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{1CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf
    c:\windows\assembly\GAC_MSIL\desktop.ini
    c:\windows\Downloaded Program Files\ODCTOOLS
    c:\windows\system32\config\systemprofile\WINDOWS
    c:\windows\system32\ps2.bat
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-06-21 to 2011-07-21 )))))))))))))))))))))))))))))))
    .
    .
    2011-07-21 13:40 . 2011-07-21 20:28 -------- d-----w- C:\Combo-Fix
    2011-07-21 13:04 . 2011-07-21 13:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2011-07-21 05:36 . 2011-07-21 05:36 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
    2011-07-21 05:36 . 2011-07-21 05:36 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2011-07-21 05:36 . 2011-07-21 05:36 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-07-21 04:50 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-07-21 04:49 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-07-21 02:54 . 2011-07-21 02:54 -------- d-----w- c:\program files\ACW
    2011-07-21 02:28 . 2011-07-21 14:01 -------- d-----w- c:\documents and settings\JP
    2011-07-20 14:35 . 2011-07-20 14:35 388096 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-07-20 14:35 . 2011-07-20 14:35 -------- d-----w- c:\program files\Trend Micro
    2011-07-19 23:53 . 2011-07-19 23:53 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\QuickScan
    2011-07-19 22:13 . 2011-07-19 22:13 -------- d-----w- c:\program files\ESET
    2011-07-19 16:18 . 2011-07-19 16:18 1152 ----a-w- c:\windows\system32\windrv.sys
    2011-07-19 16:17 . 2011-07-20 20:28 -------- d-----w- c:\program files\SpyNoMore
    2011-07-19 16:17 . 2011-07-19 16:17 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\GetRightToGo
    2011-07-19 14:50 . 2011-07-19 14:50 -------- d-----w- c:\program files\Common Files\iS3
    2011-07-19 14:50 . 2011-07-20 17:10 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
    2011-07-18 17:41 . 2011-07-18 17:41 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\ESET
    2011-07-18 16:45 . 2011-07-18 16:45 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\RoboForm
    2011-07-08 14:57 . 2011-07-08 14:57 532480 ----a-w- c:\windows\system32\WPB1003_ŽÑˆ»3.scr
    2011-07-08 14:57 . 2011-07-08 14:57 -------- d-----w- c:\windows\system32\WPB1003_ŽÑˆ»3 dir
    2011-07-08 14:57 . 2011-07-08 14:57 532480 ----a-w- c:\windows\system32\WPB1003_ŽÑˆ»2.scr
    2011-07-08 14:57 . 2011-07-08 14:57 -------- d-----w- c:\windows\system32\WPB1003_ŽÑˆ»2 dir
    2011-07-08 14:57 . 2011-07-08 14:57 532480 ----a-w- c:\windows\system32\WPB1003_ŽÑˆ»1.scr
    2011-07-08 14:57 . 2011-07-08 14:57 -------- d-----w- c:\windows\system32\WPB1003_ŽÑˆ»1 dir
    2011-07-08 14:51 . 2011-07-08 14:51 -------- d-----w- c:\windows\system32\v_269_ss2 dir
    2011-07-08 14:51 . 2011-07-08 14:51 203264 ----a-w- c:\windows\system32\v_269_ss2.scr
    2011-07-08 14:51 . 2011-07-08 14:52 -------- d-----w- c:\windows\system32\v_269_ss1 dir
    2011-07-08 14:51 . 2011-07-08 14:51 203264 ----a-w- c:\windows\system32\v_269_ss1.scr
    2011-07-08 14:44 . 2011-07-08 14:44 503892 ----a-w- c:\windows\v_322_ss2Uninst.exe
    2011-07-08 14:44 . 2011-07-08 14:44 1308501 ----a-w- c:\windows\v_322_ss2.scr
    2011-07-08 14:43 . 2011-07-08 14:43 503892 ----a-w- c:\windows\v_322_ss1Uninst.exe
    2011-07-08 14:43 . 2011-07-08 14:43 1118130 ----a-w- c:\windows\v_322_ss1.scr
    2011-07-08 14:43 . 2011-07-08 14:43 503892 ----a-w- c:\windows\v_360_ss2Uninst.exe
    2011-07-08 14:43 . 2011-07-08 14:43 1422643 ----a-w- c:\windows\v_360_ss2.scr
    2011-07-08 14:42 . 2011-07-08 14:42 503892 ----a-w- c:\windows\v_360_ss1Uninst.exe
    2011-07-08 14:42 . 2011-07-08 14:42 1199595 ----a-w- c:\windows\v_360_ss1.scr
    2011-07-08 14:36 . 2011-07-08 14:44 -------- d-----w- c:\windows\system32\WPB810_3 dir
    2011-07-08 14:36 . 2011-07-08 14:36 532480 ----a-w- c:\windows\system32\WPB810_3.scr
    2011-07-08 14:36 . 2011-07-08 14:54 -------- d-----w- c:\windows\system32\WPB810_ŽÑˆ»2 dir
    2011-07-08 14:36 . 2011-07-08 14:36 532480 ----a-w- c:\windows\system32\WPB810_ŽÑˆ»2.scr
    2011-07-08 14:35 . 2011-07-08 14:47 -------- d-----w- c:\windows\system32\WPB810_ŽÑˆ»1 dir
    2011-07-08 14:35 . 2011-07-08 14:35 532480 ----a-w- c:\windows\system32\WPB810_ŽÑˆ»1.scr
    2011-07-08 14:33 . 2011-07-08 14:33 503892 ----a-w- c:\windows\v_310_ss2Uninst.exe
    2011-07-08 14:33 . 2011-07-08 14:33 1521079 ----a-w- c:\windows\v_310_ss2.scr
    2011-07-08 14:32 . 2011-07-08 14:32 503892 ----a-w- c:\windows\v_310_ss1Uninst.exe
    2011-07-08 14:32 . 2011-07-08 14:32 1217107 ----a-w- c:\windows\v_310_ss1.scr
    2011-07-08 14:31 . 2011-07-08 14:31 503892 ----a-w- c:\windows\v_294_ss2Uninst.exe
    2011-07-08 14:31 . 2011-07-08 14:31 1381093 ----a-w- c:\windows\v_294_ss2.scr
    2011-07-08 14:31 . 2011-07-08 14:31 503892 ----a-w- c:\windows\v_294_ss1Uninst.exe
    2011-07-08 14:31 . 2011-07-08 14:31 1136767 ----a-w- c:\windows\v_294_ss1.scr
    2011-07-08 14:30 . 2011-07-08 14:30 503891 ----a-w- c:\windows\v_287_ss2Uninst.exe
    2011-07-08 14:30 . 2011-07-08 14:30 1714122 ----a-w- c:\windows\v_287_ss2.scr
    2011-07-08 14:29 . 2011-07-08 14:29 503892 ----a-w- c:\windows\v_287_ss1Uninst.exe
    2011-07-08 14:29 . 2011-07-08 14:29 1170379 ----a-w- c:\windows\v_287_ss1.scr
    2011-07-08 14:26 . 2011-07-08 14:26 -------- d-----w- c:\windows\system32\v_273_ss2 dir
    2011-07-08 14:23 . 2011-07-08 14:26 203264 ----a-w- c:\windows\system32\v_273_ss2.scr
    2011-07-08 14:22 . 2011-07-08 14:23 -------- d-----w- c:\windows\system32\v_273_ss1 dir
    2011-07-08 14:22 . 2011-07-08 14:22 203264 ----a-w- c:\windows\system32\v_273_ss1.scr
    2011-07-08 14:19 . 2011-07-08 14:19 -------- d-----w- c:\windows\system32\v_239_ss1 dir
    2011-07-08 14:19 . 2011-07-08 14:19 201728 ----a-w- c:\windows\system32\v_239_ss1.scr
    2011-07-08 14:17 . 2011-07-08 14:18 4727391 ----a-w- c:\windows\WPB603_ŽÑˆ»3.exe
    2011-07-08 14:17 . 2011-07-08 14:18 467536 ----a-w- c:\windows\WPB603_ŽÑˆ»3.scr
    2011-07-08 14:17 . 2011-07-08 14:18 5338153 ----a-w- c:\windows\WPB603_ŽÑˆ»2.exe
    2011-07-08 14:17 . 2011-07-08 14:18 467536 ----a-w- c:\windows\WPB603_ŽÑˆ»2.scr
    2011-07-08 14:15 . 2011-07-08 14:17 4788965 ----a-w- c:\windows\WPB603_ŽÑˆ»1.exe
    2011-07-08 14:15 . 2011-07-08 14:18 29696 ----a-w- c:\windows\mickey32.dll
    2011-07-08 14:15 . 2011-07-08 14:17 467536 ----a-w- c:\windows\WPB603_ŽÑˆ»1.scr
    2011-06-25 14:52 . 2011-07-21 02:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-07-08 14:57 . 2011-07-08 14:57 532480 ----a-w- c:\windows\system32\WPB1003_ŽÑˆ»3.scr
    2011-07-08 14:57 . 2011-07-08 14:57 532480 ----a-w- c:\windows\system32\WPB1003_ŽÑˆ»2.scr
    2011-07-08 14:57 . 2011-07-08 14:57 532480 ----a-w- c:\windows\system32\WPB1003_ŽÑˆ»1.scr
    2011-07-08 14:36 . 2011-07-08 14:36 532480 ----a-w- c:\windows\system32\WPB810_ŽÑˆ»2.scr
    2011-07-08 14:35 . 2011-07-08 14:35 532480 ----a-w- c:\windows\system32\WPB810_ŽÑˆ»1.scr
    2011-07-08 14:18 . 2011-07-08 14:17 4727391 ----a-w- c:\windows\WPB603_ŽÑˆ»3.exe
    2011-07-08 14:18 . 2011-07-08 14:17 467536 ----a-w- c:\windows\WPB603_ŽÑˆ»3.scr
    2011-07-08 14:18 . 2011-07-08 14:17 5338153 ----a-w- c:\windows\WPB603_ŽÑˆ»2.exe
    2011-07-08 14:18 . 2011-07-08 14:17 467536 ----a-w- c:\windows\WPB603_ŽÑˆ»2.scr
    2011-07-08 14:17 . 2011-07-08 14:15 4788965 ----a-w- c:\windows\WPB603_ŽÑˆ»1.exe
    2011-07-08 14:17 . 2011-07-08 14:15 467536 ----a-w- c:\windows\WPB603_ŽÑˆ»1.scr
    2011-06-06 19:55 . 2011-06-06 19:55 47512 ----a-w- c:\windows\system32\AdobePDF.dll
    2011-06-06 19:55 . 2011-06-06 19:55 22936 ----a-w- c:\windows\system32\AdobePDFUI.dll
    2011-06-06 00:58 . 2011-06-06 00:58 53248 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
    2011-06-06 00:57 . 2011-06-06 00:57 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
    2011-06-02 14:02 . 2004-08-04 05:00 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-05-04 08:52 . 2010-09-23 01:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-05-04 06:25 . 2009-08-21 22:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-05-02 15:31 . 2004-08-04 05:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-04-29 17:25 . 2004-08-04 05:00 151552 ----a-w- c:\windows\system32\schannel.dll
    2011-04-29 16:19 . 2004-08-04 05:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-26 11:07 . 2004-08-04 05:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-04-26 11:07 . 2004-08-04 05:00 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-04-25 16:11 . 2004-08-04 05:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-04-25 16:11 . 2004-08-04 05:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-04-25 16:11 . 2004-08-04 05:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-04-25 12:01 . 2004-08-04 05:00 385024 ----a-w- c:\windows\system32\html.iec
    2006-05-03 16:06 163328 --sha-r- c:\windows\system32\flvDX.dll
    2007-02-21 17:47 31232 --sha-r- c:\windows\system32\msfDX.dll
    2008-03-16 19:30 216064 --sha-r- c:\windows\system32\nbDX.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [7] 2009-06-29 . 02E2754D3E566C11A4934825920C47DD . 634632 . . [7.00.6000.21073] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\iexplore.exe
    [7] 2009-04-25 . 092A7F2B49A19ECCE5369D3CB2276148 . 636088 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB972260-IE7\iexplore.exe
    [7] 2009-04-25 . C0503FD8D163652735C1EE900672A75C . 636088 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\iexplore.exe
    [7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe
    [7] 2009-02-28 . BCD8E48709BE4A79606F0B6E8E9A6162 . 636088 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\iexplore.exe
    [7] 2009-02-28 . A251068640DDB69FD7805B57D89D7FF7 . 636072 . . [7.00.6000.16827] . . c:\windows\ie7updates\KB969897-IE7\iexplore.exe
    [7] 2008-12-19 . 15E8A89499741D5CF59A9CF6463A4339 . 634024 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\iexplore.exe
    [7] 2008-12-19 . 030D78FE84A086ED376EFCBD2D72C522 . 634024 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB963027-IE7\iexplore.exe
    [7] 2008-10-15 . 9D3DB9ADFABD2F0BC778EC03250A3ABB . 633632 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\iexplore.exe
    [7] 2008-10-15 . 056C927CF7207857E8B34F7A8FFD9B9E . 633632 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iexplore.exe
    [7] 2008-08-23 . E8305C30D35E85D6657ED3E9934CB302 . 635848 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe
    [7] 2008-08-23 . 1F03216084447F990AE797317D0A6E70 . 635848 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\iexplore.exe
    [7] 2008-06-23 . 64E376A47763DAEABCDA14BD5B6EA286 . 625664 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\iexplore.exe
    [7] 2008-06-23 . 64E376A47763DAEABCDA14BD5B6EA286 . 625664 . . [7.00.6000.16705] . . c:\windows\SoftwareDistribution\Download\13d5d266d7681d26b42f8dff88cadc20\SP2GDR\iexplore.exe
    [7] 2008-06-23 . C52A9EF571E91535EB78DB4B8B95EA07 . 625664 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\iexplore.exe
    [7] 2008-06-23 . C52A9EF571E91535EB78DB4B8B95EA07 . 625664 . . [7.00.6000.20861] . . c:\windows\SoftwareDistribution\Download\13d5d266d7681d26b42f8dff88cadc20\SP2QFE\iexplore.exe
    [7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe
    [7] 2007-08-13 . DE49B348A18369B4626FBA1D49B07FB4 . 622080 . . [7.00.5730.13] . . c:\windows\ie7updates\KB953838-IE7\iexplore.exe
    [7] 2004-08-04 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\ie7\iexplore.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]
    "Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-05-28 412560]
    "SmartRAM"="c:\program files\IObit\Advanced SystemCare 4\Suo10_SmartRAM.exe" [2011-05-28 512400]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-30 2424192]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 245760]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
    "PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112]
    "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-03-12 119152]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-06-06 36760]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-06-06 2903448]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440]
    "EvtMgr6"="c:\program files\Logi\SetPointP\SetPoint.exe" [2010-10-28 1352272]
    "TkBellExe1"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-19 202256]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-19 202256]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "SNM"="c:\program files\SpyNoMore\SNM.exe" [2010-07-12 1067984]
    .
    c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\
    Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-18 4742184]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Wireless Configuration Utility HW.51.lnk - c:\program files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe [2004-12-14 454656]
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoRealMode"= 0 (0x0)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
    backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
    path=c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
    backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^setup_9.0.0.722_20.08.2010_21-52.lnk]
    backup=c:\windows\pss\setup_9.0.0.722_20.08.2010_21-52.lnkStartup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUpKiller
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShredAgent
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
    2005-05-10 17:50 253952 -c--a-w- c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
    2005-01-24 02:56 544768 -c--a-w- c:\windows\sm56hlpr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2011-04-08 16:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2010-08-19 07:06 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "TapiSrv"=3 (0x3)
    "MDM"=3 (0x3)
    "Ati HotKey Poller"=2 (0x2)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Yahoo!\\Widgets\\YahooWidgets.exe"=
    "c:\\Program Files\\DNA\\btdna.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Program Files\\Trillian\\trillian.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
    "c:\\Documents and Settings\\Compaq_Owner\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
    "c:\\Program Files\\real\\RealUpgrade\\realupgrade.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe"=
    "c:\\Program Files\\IObit\\Advanced SystemCare 4\\AutoUpdate.exe"=
    "c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\IObit\\Password Folder\\PasswordFolder.exe"=
    "c:\\Program Files\\VideoStream\\VideoStream.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5010:UDP"= 5010:UDP:emule udp
    "110:TCP"= 110:TCP:BT
    "110:UDP"= 110:UDP:BT1
    "5000:TCP"= 5000:TCP:emule tcp
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
    .
    R0 54343852;54343852 Boot Guard Driver;c:\windows\system32\DRIVERS\54343852.sys [x]
    R0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [x]
    R1 54343851;54343851;c:\windows\system32\DRIVERS\54343851.sys [x]
    R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-05-28 351232]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24576]
    R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 16512]
    R3 jumi;%Jumi%;c:\windows\system32\DRIVERS\jumi.sys [2010-06-03 13112]
    R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
    R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
    R3 RegGuard;RegGuard;c:\windows\system32\Drivers\regguard.sys [2010-01-29 24416]
    R3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe [2008-04-14 14336]
    R3 WipeFile;WipeFile;c:\windows\system32\DRIVERS\WipeFile.sys [2007-03-03 57472]
    S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 13496]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-12-19 717296]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-12 12880]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
    S2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\Drivers\LBeepKE.sys [2010-08-24 10448]
    S2 PfFilter;PfFilter;c:\program files\IObit\Password Folder\pffilter.sys [2011-01-12 163648]
    S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-03-12 30576]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bdx REG_MULTI_SZ scan
    WINRM REG_MULTI_SZ WINRM
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-07-09 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
    .
    2011-07-20 c:\windows\Tasks\ASC4_AutoUpdate.job
    - c:\program files\IObit\Advanced SystemCare 4\AutoUpdate.exe [2011-05-11 18:46]
    .
    2011-07-21 c:\windows\Tasks\ASC4_PerformanceMonitor.job
    - c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-05-11 18:46]
    .
    2011-07-18 c:\windows\Tasks\Game_Booster_AutoUpdate.job
    - c:\program files\IObit\Game Booster\AutoUpdate.exe [2011-03-31 23:07]
    .
    2011-07-21 c:\windows\Tasks\Game_Booster_Startup.job
    - c:\program files\IObit\Game Booster\GameBox.exe [2011-07-15 23:08]
    .
    2011-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2637110039-1654121908-4178984955-1009Core.job
    - c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-27 05:30]
    .
    2011-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2637110039-1654121908-4178984955-1009UA.job
    - c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-27 05:30]
    .
    2011-07-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
    .
    2011-07-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2637110039-1654121908-4178984955-1009.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
    .
    2011-07-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
    .
    2011-07-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2637110039-1654121908-4178984955-1009.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
    .
    2011-07-18 c:\windows\Tasks\SmartDefrag_Schedule.job
    - c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-03-31 22:19]
    .
    2011-07-21 c:\windows\Tasks\SmartDefrag_Startup.job
    - c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-03-31 22:19]
    .
    2011-07-21 c:\windows\Tasks\User_Feed_Synchronization-{D4801835-F956-4975-AEF8-0E5592BA2263}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
    uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
    uInternet Settings,ProxyOverride = *.local;<local>
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0gma2n4r.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
    FF - prefs.js: keyword.URL - hxxp://search.search-star.net/?sid=10101045100&s=
    FF - prefs.js: network.proxy.type - 4
    FF - user.js: browser.search.selectedEngine - Google
    FF - user.js: browser.search.order.1 - Google
    FF - user.js: keyword.URL - hxxp://search.search-star.net/?sid=10101045100&s=);user_pref(network.protocol-handler.warn-external.dnupdate, false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKU-Default-Run-RoboForm - c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    ShellExecuteHooks-{F552DDE6-2090-4bf4-B924-6141E87789A5} - (no file)
    Notify-TPSvc - TPSvc.dll
    SafeBoot-Wdf01000.sys
    SafeBoot-WudfPf
    SafeBoot-WudfRd
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-07-21 16:41
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    .
    c:\windows\$NtUninstallKB3255$:SummaryInformation 0 bytes hidden from API
    .
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,93,b8,13,18,95,fa,b5,43,8a,e8,b5,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,93,b8,13,18,95,fa,b5,43,8a,e8,b5,\
    .
    [HKEY_USERS\S-1-5-21-2637110039-1654121908-4178984955-1009\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{97D1B5A3-39C5-C0D4-0C0C-0066D4EBC639}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\SUPER *]
    "DisplayName"="SUPER ?Version 2009.bld.36 (June 10, 2009)"
    "UninstallString"="c:\\PROGRA~1\\ERIGHT~1\\SUPER\\Setup.exe /remove /q0"
    "InstallDate"="2009-06-22 20:22"
    "InstallLocation"="c:\\Program Files\\eRightSoft\\SUPER"
    "InstallSource"="c:\\Documents and Settings\\Compaq_Owner\\Desktop"
    "DisplayIcon"="c:\\Program Files\\eRightSoft\\SUPER\\SUPER.exe"
    "DisplayVersion"="Version 2009.bld.36 (June 10, 2009)"
    "VersionMajor"=dword:00000000
    "VersionMinor"=dword:00000000
    "Publisher"="eRightSoft"
    "HelpLink"="http://www.eRightSoft.com"
    "URLInfoAbout"="http://www.eRightSoft.com"
    "URLUpdateInfo"="http://www.eRightSoft.com"
    "Contact"="support@eRightSoft.com"
    .
    Completion time: 2011-07-21 16:44:26
    ComboFix-quarantined-files.txt 2011-07-21 20:44
    ComboFix2.txt 2010-08-21 07:51
    .
    Pre-Run: 6,291,963,904 bytes free
    Post-Run: 6,249,820,160 bytes free
    .
    Current=18 Default=18 Failed=17 LastKnownGood=19 Sets=,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19
    - - End Of File - - A9AB07EDEDD5F3CE4B823230AFC984CA
     
  12. jandv46

    jandv46 Member

    Joined:
    Jun 27, 2004
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    11
    can someone PLEASE HELP?
    Please!
     
  13. aldan

    aldan Active member

    Joined:
    Mar 24, 2007
    Messages:
    1,725
    Likes Received:
    46
    Trophy Points:
    78
    run combofix and select fix problems.you have nothing to lose at this point.
     
  14. JST1946

    JST1946 Regular member

    Joined:
    Jul 15, 2011
    Messages:
    879
    Likes Received:
    2
    Trophy Points:
    26
    You can try and remove your hard drive and put it in an external USB enclosure and scan it on another computer. Most of the time it works.I had the same problem with mine.I tried all the same things you did and I couldn't get rid of it.Hope this helps.
     
  15. jandv46

    jandv46 Member

    Joined:
    Jun 27, 2004
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    11
    Thank you! I am hoping for more assistance and trying other forums as well, but i guess if i can't find another solution that one may be a good option. Better than reformatting -_-
     

Share This Page