|
Cannot run ANY virus scans including online ones
|
|
jandv46
Newbie
|
20. July 2011 @ 11:36 |
Link to this message
|
I guess my computer is infected since i can't really do anything at this point as far as trying to to remove this infection...
Originally i used Nod32 but 2 days ago i started getting these window security popups for all these trusted programs asking if i want to unblock them. then Nod32 real-time protection tells me there are over 200 threats and that only 1 was successfully cleaned...but it seemed like the the files being reported are legitimate files such as Apple mobile devices, adobe acrobat, google chrome etc...all these files failed to be cleaned according to nod32...
Assuming that nod32 had been compromised i tried to repair and then uninstall nod32 to no avail...then i tried to d/l and install various other AV products...stopzilla, avg, malwarebytes, bitdefender, etc....could not even complete installation for most...malwarebytes and stopzilla seemed to install but they could not launch any scanners... i have tried the above steps in normal and safemode...can't scan in safemode either
I went over the steps in the Read Me First post...
1-ATF cleaner seemed to work since it said it deleted like 100m+ in files.
2-Kaspersky online scanner does not seem to work...idk if it's down at the site or my browser is blocking it...i would assume the latter since i can't seem to run other scanners online as well....scans would start in the browser but then browser would close after a few seconds...
3-still rebooted and downloaded HijackThis...installed...when program is run i see it start to scan but then it will shut down after 5 or so seconds every time i try it
I don't know what to do at this point but i am assuming htis is an ugly iunfection >.<;;
HELP!!!!!!!!!
you'd think a name like SONY would be more reliable...
|
Advertisement
|
|
|
ddp
Moderator
|
20. July 2011 @ 18:07 |
Link to this message
|
what windows are you using?
|
jandv46
Newbie
|
20. July 2011 @ 22:04 |
Link to this message
|
Originally posted by ddp: what windows are you using?
windows xp home edition sp3
and thank you^^
you'd think a name like SONY would be more reliable...
|
ddp
Moderator
|
20. July 2011 @ 22:53 |
Link to this message
|
restart the computer & press f8 to get safemode menu. select safemode, let it load to where you have the option of administrator or your account. select administrator & press cancel when it comes up about safemode reasons so that you can do a system restore to before the problem showed up.
|
jandv46
Newbie
|
20. July 2011 @ 23:00 |
Link to this message
|
Originally posted by ddp: restart the computer & press f8 to get safemode menu. select safemode, let it load to where you have the option of administrator or your account. select administrator & press cancel when it comes up about safemode reasons so that you can do a system restore to before the problem showed up.
I have already tried restoring to previous points and every single one failed (in normal as well as safe mode)...so i currently have turned restore off to flush possible infections in the restore points...
i forgot to mention that sorry...also my IE8 is inaccessible while chrome still seems to work minus the random redirects...
Thank you
you'd think a name like SONY would be more reliable...
|
ddp
Moderator
|
20. July 2011 @ 23:06 |
Link to this message
|
save your data & do a fresh install of windows.
|
jandv46
Newbie
|
20. July 2011 @ 23:42 |
Link to this message
|
Originally posted by ddp: save your data & do a fresh install of windows.
is that really my only option?...
you'd think a name like SONY would be more reliable...
|
ddp
Moderator
|
20. July 2011 @ 23:46 |
Link to this message
|
i would say yes as you can't install programs to correct the problems or that they shut down before they are supposed to. your system restore does not work besides being turned off.
|
jandv46
Newbie
|
20. July 2011 @ 23:58 |
Link to this message
|
isn't there another prog i can use if i can't use hijackthis? just something, anything i could use to get a scan and log i could post...i'm desperate since i wouldn't even begin to know where to find my orig windows cd......
you'd think a name like SONY would be more reliable...
|
Igmutaka
Junior Member
1 product review
|
21. July 2011 @ 02:42 |
Link to this message
|
|
jandv46
Newbie
|
21. July 2011 @ 17:17 |
Link to this message
|
Originally posted by Igmutaka: Try http://www.safer-networking.org/index2.html it may remove all those viruses.
was that link for spybot s&d? anyways that didn't work either...
HOWEVER i was able to run combofix and here is the log:
ComboFix 11-07-21.02 - Compaq_Owner 07/21/2011 16:34:40.3.1 - x86
Running from: c:\documents and settings\Compaq_Owner\Desktop\Combo-Fix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_MSIL\desktop.ini
.
---- Previous Run -------
.
c:\documents and settings\Administrator.FAMILY\WINDOWS
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Compaq_Owner\Application Data\FFSJ
c:\documents and settings\Compaq_Owner\Application Data\FFSJ\FFSJ.cfg
c:\documents and settings\Compaq_Owner\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\JP\WINDOWS
c:\program files\Mozilla Firefox\extensions\{1CE11043-9A15-4207-A565-0C94C42D590D}
c:\program files\Mozilla Firefox\extensions\{1CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{1CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\Downloaded Program Files\ODCTOOLS
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\ps2.bat
.
.
((((((((((((((((((((((((( Files Created from 2011-06-21 to 2011-07-21 )))))))))))))))))))))))))))))))
.
.
2011-07-21 13:40 . 2011-07-21 20:28 -------- d-----w- C:\Combo-Fix
2011-07-21 13:04 . 2011-07-21 13:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-07-21 05:36 . 2011-07-21 05:36 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
2011-07-21 05:36 . 2011-07-21 05:36 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-07-21 05:36 . 2011-07-21 05:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-07-21 04:50 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-21 04:49 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-21 02:54 . 2011-07-21 02:54 -------- d-----w- c:\program files\ACW
2011-07-21 02:28 . 2011-07-21 14:01 -------- d-----w- c:\documents and settings\JP
2011-07-20 14:35 . 2011-07-20 14:35 388096 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-20 14:35 . 2011-07-20 14:35 -------- d-----w- c:\program files\Trend Micro
2011-07-19 23:53 . 2011-07-19 23:53 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\QuickScan
2011-07-19 22:13 . 2011-07-19 22:13 -------- d-----w- c:\program files\ESET
2011-07-19 16:18 . 2011-07-19 16:18 1152 ----a-w- c:\windows\system32\windrv.sys
2011-07-19 16:17 . 2011-07-20 20:28 -------- d-----w- c:\program files\SpyNoMore
2011-07-19 16:17 . 2011-07-19 16:17 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\GetRightToGo
2011-07-19 14:50 . 2011-07-19 14:50 -------- d-----w- c:\program files\Common Files\iS3
2011-07-19 14:50 . 2011-07-20 17:10 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2011-07-18 17:41 . 2011-07-18 17:41 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\ESET
2011-07-18 16:45 . 2011-07-18 16:45 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\RoboForm
2011-07-08 14:57 . 2011-07-08 14:57 532480 ----a-w- c:\windows\system32\WPB1003_?Ñ?»3.scr
2011-07-08 14:57 . 2011-07-08 14:57 -------- d-----w- c:\windows\system32\WPB1003_?Ñ?»3 dir
2011-07-08 14:57 . 2011-07-08 14:57 532480 ----a-w- c:\windows\system32\WPB1003_?Ñ?»2.scr
2011-07-08 14:57 . 2011-07-08 14:57 -------- d-----w- c:\windows\system32\WPB1003_?Ñ?»2 dir
2011-07-08 14:57 . 2011-07-08 14:57 532480 ----a-w- c:\windows\system32\WPB1003_?Ñ?»1.scr
2011-07-08 14:57 . 2011-07-08 14:57 -------- d-----w- c:\windows\system32\WPB1003_?Ñ?»1 dir
2011-07-08 14:51 . 2011-07-08 14:51 -------- d-----w- c:\windows\system32\v_269_ss2 dir
2011-07-08 14:51 . 2011-07-08 14:51 203264 ----a-w- c:\windows\system32\v_269_ss2.scr
2011-07-08 14:51 . 2011-07-08 14:52 -------- d-----w- c:\windows\system32\v_269_ss1 dir
2011-07-08 14:51 . 2011-07-08 14:51 203264 ----a-w- c:\windows\system32\v_269_ss1.scr
2011-07-08 14:44 . 2011-07-08 14:44 503892 ----a-w- c:\windows\v_322_ss2Uninst.exe
2011-07-08 14:44 . 2011-07-08 14:44 1308501 ----a-w- c:\windows\v_322_ss2.scr
2011-07-08 14:43 . 2011-07-08 14:43 503892 ----a-w- c:\windows\v_322_ss1Uninst.exe
2011-07-08 14:43 . 2011-07-08 14:43 1118130 ----a-w- c:\windows\v_322_ss1.scr
2011-07-08 14:43 . 2011-07-08 14:43 503892 ----a-w- c:\windows\v_360_ss2Uninst.exe
2011-07-08 14:43 . 2011-07-08 14:43 1422643 ----a-w- c:\windows\v_360_ss2.scr
2011-07-08 14:42 . 2011-07-08 14:42 503892 ----a-w- c:\windows\v_360_ss1Uninst.exe
2011-07-08 14:42 . 2011-07-08 14:42 1199595 ----a-w- c:\windows\v_360_ss1.scr
2011-07-08 14:36 . 2011-07-08 14:44 -------- d-----w- c:\windows\system32\WPB810_3 dir
2011-07-08 14:36 . 2011-07-08 14:36 532480 ----a-w- c:\windows\system32\WPB810_3.scr
2011-07-08 14:36 . 2011-07-08 14:54 -------- d-----w- c:\windows\system32\WPB810_?Ñ?»2 dir
2011-07-08 14:36 . 2011-07-08 14:36 532480 ----a-w- c:\windows\system32\WPB810_?Ñ?»2.scr
2011-07-08 14:35 . 2011-07-08 14:47 -------- d-----w- c:\windows\system32\WPB810_?Ñ?»1 dir
2011-07-08 14:35 . 2011-07-08 14:35 532480 ----a-w- c:\windows\system32\WPB810_?Ñ?»1.scr
2011-07-08 14:33 . 2011-07-08 14:33 503892 ----a-w- c:\windows\v_310_ss2Uninst.exe
2011-07-08 14:33 . 2011-07-08 14:33 1521079 ----a-w- c:\windows\v_310_ss2.scr
2011-07-08 14:32 . 2011-07-08 14:32 503892 ----a-w- c:\windows\v_310_ss1Uninst.exe
2011-07-08 14:32 . 2011-07-08 14:32 1217107 ----a-w- c:\windows\v_310_ss1.scr
2011-07-08 14:31 . 2011-07-08 14:31 503892 ----a-w- c:\windows\v_294_ss2Uninst.exe
2011-07-08 14:31 . 2011-07-08 14:31 1381093 ----a-w- c:\windows\v_294_ss2.scr
2011-07-08 14:31 . 2011-07-08 14:31 503892 ----a-w- c:\windows\v_294_ss1Uninst.exe
2011-07-08 14:31 . 2011-07-08 14:31 1136767 ----a-w- c:\windows\v_294_ss1.scr
2011-07-08 14:30 . 2011-07-08 14:30 503891 ----a-w- c:\windows\v_287_ss2Uninst.exe
2011-07-08 14:30 . 2011-07-08 14:30 1714122 ----a-w- c:\windows\v_287_ss2.scr
2011-07-08 14:29 . 2011-07-08 14:29 503892 ----a-w- c:\windows\v_287_ss1Uninst.exe
2011-07-08 14:29 . 2011-07-08 14:29 1170379 ----a-w- c:\windows\v_287_ss1.scr
2011-07-08 14:26 . 2011-07-08 14:26 -------- d-----w- c:\windows\system32\v_273_ss2 dir
2011-07-08 14:23 . 2011-07-08 14:26 203264 ----a-w- c:\windows\system32\v_273_ss2.scr
2011-07-08 14:22 . 2011-07-08 14:23 -------- d-----w- c:\windows\system32\v_273_ss1 dir
2011-07-08 14:22 . 2011-07-08 14:22 203264 ----a-w- c:\windows\system32\v_273_ss1.scr
2011-07-08 14:19 . 2011-07-08 14:19 -------- d-----w- c:\windows\system32\v_239_ss1 dir
2011-07-08 14:19 . 2011-07-08 14:19 201728 ----a-w- c:\windows\system32\v_239_ss1.scr
2011-07-08 14:17 . 2011-07-08 14:18 4727391 ----a-w- c:\windows\WPB603_?Ñ?»3.exe
2011-07-08 14:17 . 2011-07-08 14:18 467536 ----a-w- c:\windows\WPB603_?Ñ?»3.scr
2011-07-08 14:17 . 2011-07-08 14:18 5338153 ----a-w- c:\windows\WPB603_?Ñ?»2.exe
2011-07-08 14:17 . 2011-07-08 14:18 467536 ----a-w- c:\windows\WPB603_?Ñ?»2.scr
2011-07-08 14:15 . 2011-07-08 14:17 4788965 ----a-w- c:\windows\WPB603_?Ñ?»1.exe
2011-07-08 14:15 . 2011-07-08 14:18 29696 ----a-w- c:\windows\mickey32.dll
2011-07-08 14:15 . 2011-07-08 14:17 467536 ----a-w- c:\windows\WPB603_?Ñ?»1.scr
2011-06-25 14:52 . 2011-07-21 02:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-08 14:57 . 2011-07-08 14:57 532480 ----a-w- c:\windows\system32\WPB1003_?Ñ?»3.scr
2011-07-08 14:57 . 2011-07-08 14:57 532480 ----a-w- c:\windows\system32\WPB1003_?Ñ?»2.scr
2011-07-08 14:57 . 2011-07-08 14:57 532480 ----a-w- c:\windows\system32\WPB1003_?Ñ?»1.scr
2011-07-08 14:36 . 2011-07-08 14:36 532480 ----a-w- c:\windows\system32\WPB810_?Ñ?»2.scr
2011-07-08 14:35 . 2011-07-08 14:35 532480 ----a-w- c:\windows\system32\WPB810_?Ñ?»1.scr
2011-07-08 14:18 . 2011-07-08 14:17 4727391 ----a-w- c:\windows\WPB603_?Ñ?»3.exe
2011-07-08 14:18 . 2011-07-08 14:17 467536 ----a-w- c:\windows\WPB603_?Ñ?»3.scr
2011-07-08 14:18 . 2011-07-08 14:17 5338153 ----a-w- c:\windows\WPB603_?Ñ?»2.exe
2011-07-08 14:18 . 2011-07-08 14:17 467536 ----a-w- c:\windows\WPB603_?Ñ?»2.scr
2011-07-08 14:17 . 2011-07-08 14:15 4788965 ----a-w- c:\windows\WPB603_?Ñ?»1.exe
2011-07-08 14:17 . 2011-07-08 14:15 467536 ----a-w- c:\windows\WPB603_?Ñ?»1.scr
2011-06-06 19:55 . 2011-06-06 19:55 47512 ----a-w- c:\windows\system32\AdobePDF.dll
2011-06-06 19:55 . 2011-06-06 19:55 22936 ----a-w- c:\windows\system32\AdobePDFUI.dll
2011-06-06 00:58 . 2011-06-06 00:58 53248 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-06-06 00:57 . 2011-06-06 00:57 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-06-02 14:02 . 2004-08-04 05:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-04 08:52 . 2010-09-23 01:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 06:25 . 2009-08-21 22:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31 . 2004-08-04 05:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-04 05:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-04 05:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2004-08-04 05:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-26 11:07 . 2004-08-04 05:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-25 16:11 . 2004-08-04 05:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2004-08-04 05:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2004-08-04 05:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-04 05:00 385024 ----a-w- c:\windows\system32\html.iec
2006-05-03 16:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 17:47 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 19:30 216064 --sha-r- c:\windows\system32\nbDX.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-06-29 . 02E2754D3E566C11A4934825920C47DD . 634632 . . [7.00.6000.21073] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\iexplore.exe
[7] 2009-04-25 . 092A7F2B49A19ECCE5369D3CB2276148 . 636088 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB972260-IE7\iexplore.exe
[7] 2009-04-25 . C0503FD8D163652735C1EE900672A75C . 636088 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\iexplore.exe
[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe
[7] 2009-02-28 . BCD8E48709BE4A79606F0B6E8E9A6162 . 636088 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\iexplore.exe
[7] 2009-02-28 . A251068640DDB69FD7805B57D89D7FF7 . 636072 . . [7.00.6000.16827] . . c:\windows\ie7updates\KB969897-IE7\iexplore.exe
[7] 2008-12-19 . 15E8A89499741D5CF59A9CF6463A4339 . 634024 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\iexplore.exe
[7] 2008-12-19 . 030D78FE84A086ED376EFCBD2D72C522 . 634024 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB963027-IE7\iexplore.exe
[7] 2008-10-15 . 9D3DB9ADFABD2F0BC778EC03250A3ABB . 633632 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\iexplore.exe
[7] 2008-10-15 . 056C927CF7207857E8B34F7A8FFD9B9E . 633632 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iexplore.exe
[7] 2008-08-23 . E8305C30D35E85D6657ED3E9934CB302 . 635848 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe
[7] 2008-08-23 . 1F03216084447F990AE797317D0A6E70 . 635848 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\iexplore.exe
[7] 2008-06-23 . 64E376A47763DAEABCDA14BD5B6EA286 . 625664 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\iexplore.exe
[7] 2008-06-23 . 64E376A47763DAEABCDA14BD5B6EA286 . 625664 . . [7.00.6000.16705] . . c:\windows\SoftwareDistribution\Download\13d5d266d7681d26b42f8dff88cadc20\SP2GDR\iexplore.exe
[7] 2008-06-23 . C52A9EF571E91535EB78DB4B8B95EA07 . 625664 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\iexplore.exe
[7] 2008-06-23 . C52A9EF571E91535EB78DB4B8B95EA07 . 625664 . . [7.00.6000.20861] . . c:\windows\SoftwareDistribution\Download\13d5d266d7681d26b42f8dff88cadc20\SP2QFE\iexplore.exe
[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[7] 2007-08-13 . DE49B348A18369B4626FBA1D49B07FB4 . 622080 . . [7.00.5730.13] . . c:\windows\ie7updates\KB953838-IE7\iexplore.exe
[7] 2004-08-04 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\ie7\iexplore.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]
"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-05-28 412560]
"SmartRAM"="c:\program files\IObit\Advanced SystemCare 4\Suo10_SmartRAM.exe" [2011-05-28 512400]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-30 2424192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 245760]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-03-12 119152]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-06-06 36760]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-06-06 2903448]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440]
"EvtMgr6"="c:\program files\Logi\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"TkBellExe1"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-19 202256]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-19 202256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"SNM"="c:\program files\SpyNoMore\SNM.exe" [2010-07-12 1067984]
.
c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-18 4742184]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Wireless Configuration Utility HW.51.lnk - c:\program files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe [2004-12-14 454656]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRealMode"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^setup_9.0.0.722_20.08.2010_21-52.lnk]
backup=c:\windows\pss\setup_9.0.0.722_20.08.2010_21-52.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUpKiller
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShredAgent
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
2005-05-10 17:50 253952 -c--a-w- c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2005-01-24 02:56 544768 -c--a-w- c:\windows\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 16:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-08-19 07:06 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TapiSrv"=3 (0x3)
"MDM"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Yahoo!\\Widgets\\YahooWidgets.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Documents and Settings\\Compaq_Owner\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\real\\RealUpgrade\\realupgrade.exe"=
"c:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe"=
"c:\\Program Files\\IObit\\Advanced SystemCare 4\\AutoUpdate.exe"=
"c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\IObit\\Password Folder\\PasswordFolder.exe"=
"c:\\Program Files\\VideoStream\\VideoStream.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5010:UDP"= 5010:UDP:emule udp
"110:TCP"= 110:TCP:BT
"110:UDP"= 110:UDP:BT1
"5000:TCP"= 5000:TCP:emule tcp
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 54343852;54343852 Boot Guard Driver;c:\windows\system32\DRIVERS\54343852.sys [x]
R0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [x]
R1 54343851;54343851;c:\windows\system32\DRIVERS\54343851.sys [x]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-05-28 351232]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24576]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 16512]
R3 jumi;%Jumi%;c:\windows\system32\DRIVERS\jumi.sys [2010-06-03 13112]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
R3 RegGuard;RegGuard;c:\windows\system32\Drivers\regguard.sys [2010-01-29 24416]
R3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe [2008-04-14 14336]
R3 WipeFile;WipeFile;c:\windows\system32\DRIVERS\WipeFile.sys [2007-03-03 57472]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 13496]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-12-19 717296]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-12 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\Drivers\LBeepKE.sys [2010-08-24 10448]
S2 PfFilter;PfFilter;c:\program files\IObit\Password Folder\pffilter.sys [2011-01-12 163648]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-03-12 30576]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
2011-07-20 c:\windows\Tasks\ASC4_AutoUpdate.job
- c:\program files\IObit\Advanced SystemCare 4\AutoUpdate.exe [2011-05-11 18:46]
.
2011-07-21 c:\windows\Tasks\ASC4_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-05-11 18:46]
.
2011-07-18 c:\windows\Tasks\Game_Booster_AutoUpdate.job
- c:\program files\IObit\Game Booster\AutoUpdate.exe [2011-03-31 23:07]
.
2011-07-21 c:\windows\Tasks\Game_Booster_Startup.job
- c:\program files\IObit\Game Booster\GameBox.exe [2011-07-15 23:08]
.
2011-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2637110039-1654121908-4178984955-1009Core.job
- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-27 05:30]
.
2011-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2637110039-1654121908-4178984955-1009UA.job
- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-27 05:30]
.
2011-07-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
.
2011-07-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2637110039-1654121908-4178984955-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
.
2011-07-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
.
2011-07-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2637110039-1654121908-4178984955-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
.
2011-07-18 c:\windows\Tasks\SmartDefrag_Schedule.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-03-31 22:19]
.
2011-07-21 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-03-31 22:19]
.
2011-07-21 c:\windows\Tasks\User_Feed_Synchronization-{D4801835-F956-4975-AEF8-0E5592BA2263}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0gma2n4r.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://search.search-star.net/?sid=10101045100&s=
FF - prefs.js: network.proxy.type - 4
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-star.net/?sid=10101045100&s=);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
HKU-Default-Run-RoboForm - c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
ShellExecuteHooks-{F552DDE6-2090-4bf4-B924-6141E87789A5} - (no file)
Notify-TPSvc - TPSvc.dll
SafeBoot-Wdf01000.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-21 16:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\$NtUninstallKB3255$:SummaryInformation 0 bytes hidden from API
.
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,93,b8,13,18,95,fa,b5,43,8a,e8,b5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,93,b8,13,18,95,fa,b5,43,8a,e8,b5,\
.
[HKEY_USERS\S-1-5-21-2637110039-1654121908-4178984955-1009\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{97D1B5A3-39C5-C0D4-0C0C-0066D4EBC639}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\SUPER *]
"DisplayName"="SUPER ?Version 2009.bld.36 (June 10, 2009)"
"UninstallString"="c:\\PROGRA~1\\ERIGHT~1\\SUPER\\Setup.exe /remove /q0"
"InstallDate"="2009-06-22 20:22"
"InstallLocation"="c:\\Program Files\\eRightSoft\\SUPER"
"InstallSource"="c:\\Documents and Settings\\Compaq_Owner\\Desktop"
"DisplayIcon"="c:\\Program Files\\eRightSoft\\SUPER\\SUPER.exe"
"DisplayVersion"="Version 2009.bld.36 (June 10, 2009)"
"VersionMajor"=dword:00000000
"VersionMinor"=dword:00000000
"Publisher"="eRightSoft"
"HelpLink"="http://www.eRightSoft.com"
"URLInfoAbout"="http://www.eRightSoft.com"
"URLUpdateInfo"="http://www.eRightSoft.com"
"Contact"="support@eRightSoft.com"
.
Completion time: 2011-07-21 16:44:26
ComboFix-quarantined-files.txt 2011-07-21 20:44
ComboFix2.txt 2010-08-21 07:51
.
Pre-Run: 6,291,963,904 bytes free
Post-Run: 6,249,820,160 bytes free
.
Current=18 Default=18 Failed=17 LastKnownGood=19 Sets=,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19
- - End Of File - - A9AB07EDEDD5F3CE4B823230AFC984CA
you'd think a name like SONY would be more reliable...
|
jandv46
Newbie
|
22. July 2011 @ 13:49 |
Link to this message
|
can someone PLEASE HELP?
Please!
you'd think a name like SONY would be more reliable...
|
Senior Member
|
22. July 2011 @ 21:03 |
Link to this message
|
run combofix and select fix problems.you have nothing to lose at this point.
|
JST1946
Senior Member
|
22. July 2011 @ 21:59 |
Link to this message
|
You can try and remove your hard drive and put it in an external USB enclosure and scan it on another computer. Most of the time it works.I had the same problem with mine.I tried all the same things you did and I couldn't get rid of it.Hope this helps.
|
Advertisement
|
|
|
jandv46
Newbie
|
23. July 2011 @ 11:10 |
Link to this message
|
Originally posted by JST1946: You can try and remove your hard drive and put it in an external USB enclosure and scan it on another computer. Most of the time it works.I had the same problem with mine.I tried all the same things you did and I couldn't get rid of it.Hope this helps.
Thank you! I am hoping for more assistance and trying other forums as well, but i guess if i can't find another solution that one may be a good option. Better than reformatting -_-
you'd think a name like SONY would be more reliable...
|
|