Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

I have a virus and can't run antivirus etc :( [Solved]

Started by Damon(V) , Mar 13 2015 05:21 PM

This topic is locked

#106
emeraldnzl

Posted 20 March 2015 - 11:32 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Interesting.

Please download Rkill by Grinler and save it to your desktop.

Link 1
Link 2
- Double-click on the Rkill desktop icon to run the tool.
- If using Vista, right-click on it and Run As Administrator.
- A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
- If not, delete the file, then download and use the one provided in Link 2.
- If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
- If the tool does not run from any of the links provided, please let me know.
When the scan is done Notepad will open with rKill log. Please copy and past that in your reply.

Do not reboot the computer, we will likely want to run another program.

Note: rKill.txt log can also be found on your desktop.

#107
Damon(V)

Posted 20 March 2015 - 11:35 PM

Member

Topic Starter
Member
87 posts

no go on either link

#108
emeraldnzl

Posted 20 March 2015 - 11:41 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Here are all the links:

   1. rkill.exe
   2. rkill.com
   3. rkill.scr

If you still can't use them please run ComboFix again and post back the log.

#109
Damon(V)

Posted 20 March 2015 - 11:56 PM

Member

Topic Starter
Member
87 posts

ComboFix 15-03-14.03 - Work 2 21/03/2015 15:45:10.4.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1455 [GMT 10:00]

Running from: c:\documents and settings\Work 2\Desktop\ComboFix.exe

* Created a new restore point

((((((((((((((((((((((((( Files Created from 2015-02-21 to 2015-03-21 )))))))))))))))))))))))))))))))

2015-03-20 22:05 . 2015-03-20 22:05 -------- d-----w- C:\zoek_backup

2015-03-20 20:48 . 2015-03-20 20:48 -------- d-----w- C:\_OTL

2015-03-19 20:54 . 2015-03-19 20:54 -------- d-----w- c:\documents and settings\Work 2\Local Settings\Application Data\Avg2015

2015-03-19 07:49 . 2015-03-19 07:49 -------- d-----w- c:\documents and settings\Work 2\Application Data\SUPERAntiSpyware.com

2015-03-19 07:46 . 2015-03-19 07:49 -------- d-----w- c:\program files\SUPERAntiSpyware

2015-03-19 07:46 . 2015-03-19 07:46 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2015-03-16 23:02 . 2015-03-21 05:44 -------- d-----w- c:\windows\system32\CatRoot2

2015-03-16 21:47 . 2015-03-16 21:47 -------- d-----w- C:\RegBackup

2015-03-16 21:46 . 2015-03-16 21:46 -------- d-----w- c:\program files\Tweaking.com

2015-03-15 05:06 . 2001-08-17 12:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll

2015-03-15 05:05 . 2001-08-17 03:28 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys

2015-03-15 05:04 . 2001-08-17 12:36 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll

2015-03-15 05:03 . 2001-08-17 02:50 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys

2015-03-15 05:02 . 2001-08-17 03:51 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys

2015-03-15 05:01 . 2001-08-17 02:12 91294 -c--a-w- c:\windows\system32\dllcache\skfpwin.sys

2015-03-15 05:00 . 2001-08-17 03:51 16640 -c--a-w- c:\windows\system32\dllcache\scmstcs.sys

2015-03-15 04:59 . 2001-08-17 12:36 9216 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll

2015-03-15 04:58 . 2008-04-13 19:42 363520 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll

2015-03-15 04:57 . 2001-08-17 12:36 41984 -c--a-w- c:\windows\system32\dllcache\ovui2rc.dll

2015-03-15 04:56 . 2001-08-17 02:20 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys

2015-03-15 04:55 . 2008-04-13 14:16 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys

2015-03-15 04:54 . 2001-08-17 12:36 58880 -c--a-w- c:\windows\system32\dllcache\m3092dc.dll

2015-03-15 04:53 . 2008-04-13 19:39 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll

2015-03-15 04:52 . 2001-08-17 12:36 20480 -c--a-w- c:\windows\system32\dllcache\icam5ext.dll

2015-03-15 04:51 . 2001-08-17 03:28 199711 -c--a-w- c:\windows\system32\dllcache\hsf_faxx.sys

2015-03-15 04:50 . 2001-08-17 02:49 320384 -c--a-w- c:\windows\system32\dllcache\g200m.sys

2015-03-15 04:49 . 2008-04-13 12:06 137088 -c--a-w- c:\windows\system32\dllcache\essm2e.sys

2015-03-15 04:48 . 2001-08-17 02:11 26698 -c--a-w- c:\windows\system32\dllcache\dlh5xnd5.sys

2015-03-15 04:47 . 2001-08-17 12:36 216064 -c--a-w- c:\windows\system32\dllcache\cpscan.dll

2015-03-15 04:46 . 2001-08-17 03:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys

2015-03-15 04:45 . 2008-04-13 12:06 231552 -c--a-w- c:\windows\system32\dllcache\ac97ali.sys

2015-03-15 04:45 . 2001-08-17 12:36 462848 -c--a-w- c:\windows\system32\dllcache\a3dapi.dll

2015-03-15 04:45 . 2001-08-17 03:52 23552 -c--a-w- c:\windows\system32\dllcache\abp480n5.sys

2015-03-15 04:45 . 2008-04-13 14:16 48128 -c--a-w- c:\windows\system32\dllcache\61883.sys

2015-03-15 04:45 . 2001-08-17 12:36 98304 -c--a-w- c:\windows\system32\dllcache\a3d.dll

2015-03-15 04:45 . 2001-08-17 04:55 38400 -c--a-w- c:\windows\system32\dllcache\8514a.dll

2015-03-15 04:45 . 2008-04-13 14:10 12288 -c--a-w- c:\windows\system32\dllcache\4mmdat.sys

2015-03-15 04:45 . 2001-08-17 02:48 148352 -c--a-w- c:\windows\system32\dllcache\3dfxvsm.sys

2015-03-15 04:45 . 2001-08-17 04:55 689216 -c--a-w- c:\windows\system32\dllcache\3dfxvs.dll

2015-03-15 04:45 . 2001-08-17 04:06 11264 -c--a-w- c:\windows\system32\dllcache\1394vdbg.sys

2015-03-15 04:45 . 2001-08-17 03:28 762780 -c--a-w- c:\windows\system32\dllcache\3cwmcru.sys

2015-03-15 04:45 . 2001-08-17 04:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll

2015-03-15 04:45 . 2008-04-13 14:57 2188928 -c--a-w- c:\windows\system32\dllcache\ntoskrnl.exe

2015-03-14 04:00 . 2015-03-15 00:49 -------- d-----w- C:\AdwCleaner

2015-03-10 21:18 . 2015-03-19 21:04 -------- d-----w- C:\FRST

2015-03-09 10:57 . 2015-03-09 10:57 -------- d-----w- c:\documents and settings\User2

2015-03-08 03:10 . 2015-03-08 03:12 5475064 ----a-w- C:\avast_free_antivirus_setup_online.exe

2015-03-08 00:24 . 2015-03-08 00:25 -------- d-----w- c:\documents and settings\Administrator

2015-03-06 23:36 . 2015-03-06 23:36 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Identities

2015-03-06 23:34 . 2015-03-06 23:34 -------- d-----w- c:\program files\Common Files\Microsoft

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2015-02-06 20:34 . 2012-04-02 07:41 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2015-02-06 20:34 . 2011-06-12 04:21 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2015-02-06 20:34 . 2015-02-06 20:34 5059760 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2014-01-14 2122824]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2015-01-23 31090792]

"GoogleChromeAutoLaunch_3DFCF6B2AEB445B8DC09B36EA9332B3A"="c:\documents and settings\Work 2\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2015-03-14 809288]

"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2015-02-19 5503768]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2015-01-22 6699800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]

"D-Link D-Link Wireless G DWA-110"="c:\program files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe" [2008-04-15 1675264]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-22 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-22 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-22 118784]

"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 16855552]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-01 254336]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-07-13 273544]

"CheckNDISPort_df"="c:\program files\Hostless Modem\Telstra USB+Wi-Fi\CheckNDISPort_df.exe" [2012-09-20 442696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0sdnclean.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk

backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageMixer for HDD Camcorder.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ImageMixer for HDD Camcorder.lnk

backup=c:\windows\pss\ImageMixer for HDD Camcorder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Work 2^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:\documents and settings\Work 2\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-11-10 02:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-11-10 02:49 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

2010-03-05 17:44 500208 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]

2010-02-21 18:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2011-04-20 02:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2011-09-26 21:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsMon00]

2010-06-10 03:42 2621440 ----a-r- c:\program files\Browny02\Brother\BrStMonW.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]

2011-03-14 17:09 2565520 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]

2011-08-04 07:06 1612920 ----a-w- c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]

2006-10-17 01:20 398944 ----a-w- c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2014-10-22 06:05 107912 ----atw- c:\documents and settings\Work 2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2006-10-26 14:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-10-14 11:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]

2007-08-22 06:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-10-09 08:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]

2006-05-09 23:48 94208 ----a-w- c:\program files\Common Files\Logitech\KhalShared\KHALMNPR.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-13 19:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

2007-12-03 04:21 2213160 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-01 04:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnlineTextBuddy]

2005-04-07 04:13 839680 ----a-w- c:\program files\Telstra\OnlineTextBuddy\OnlineTextBuddy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]

2007-05-10 16:08 2512392 ----a-w- c:\windows\system32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-07-05 08:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

2007-10-11 03:04 1826816 ----a-r- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2013-07-01 23:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]

2010-02-19 03:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2011-07-13 23:45 273544 ----a-w- c:\program files\Real\realplayer\Update\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]

2007-03-03 04:12 341488 ----a-w- c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=

"c:\\Documents and Settings\\Work 2\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\SkypeCallRecorder\\SkypeCallRecorder.exe"=

"c:\\Documents and Settings\\Work 2\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/23/2011 2:27 AM 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/13/2011 7:55 AM 67664]

R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/23/2014 9:47 AM 142648]

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [8/20/2007 12:14 PM 3712]

R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2/12/2011 7:23 AM 35088]

S2 Ca1528av;SPCA1528 Video Camera Service;c:\windows\system32\Drivers\Ca1528av.sys --> c:\windows\system32\Drivers\Ca1528av.sys [?]

S2 PS3 Media Server;PS3 Media Server;c:\program files\PS3 Media Server\win32\service\wrapper.exe [5/17/2011 5:25 PM 366872]

S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1/2/2015 7:45 PM 315488]

S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\drivers\atl01_xp.sys [8/8/2007 7:09 AM 35712]

S3 AVEO;USB2.0 PC Camera;c:\windows\system32\drivers\AVEOdcnt.sys [1/26/2011 2:48 PM 224256]

S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [7/30/2013 4:27 PM 245760]

S3 Bulk1528;SPCA1528 Still Camera Service;c:\windows\system32\Drivers\Bulk1528.sys --> c:\windows\system32\Drivers\Bulk1528.sys [?]

S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [1/12/2011 5:20 PM 113280]

S3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys --> c:\windows\system32\Drivers\ANDROIDUSB.sys [?]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [1/23/2014 5:12 PM 137600]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [1/23/2014 5:12 PM 8576]

S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [8/16/2011 11:09 AM 16472]

S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [8/16/2011 11:09 AM 11104]

S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]

S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [3/11/2010 7:17 PM 25088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

Contents of the 'Scheduled Tasks' folder

2015-03-21 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 20:34]

2015-03-19 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 02:34]

2015-03-16 c:\windows\Tasks\Casper XP Scheduled Copy of Disk 1 to Disk 2.job

- c:\program files\Future Systems Solutions\Casper XP\CasperXP.EXE [2007-08-08 04:34]

2015-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-01 23:08]

2015-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-01 23:08]

2015-03-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-1326574676-725345543-1006Core.job

- c:\documents and settings\Work 2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-16 06:05]

2015-03-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-1326574676-725345543-1006UA.job

- c:\documents and settings\Work 2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-16 06:05]

2015-03-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1343024091-1326574676-725345543-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 00:47]

2015-03-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1343024091-1326574676-725345543-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 00:47]

2015-03-21 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-03-25 12:18]

------- Supplementary Scan -------

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html

TCP: DhcpNameServer = 192.168.0.1

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2015-03-21 15:52

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

"OODEFRAG10.00.00.01WORKSTATION"="8D40FBF355B23727A5A3D995C56052ADDDBF5945B9B947D7A11A0408CD8296481A133006FAED3DC256E7DE7D4A18D14900FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74C8EDD5E5BE2F6E667C038D530D6EB345287CB5A477225A30AF2DEF2890289784F75FD449C8183A5CE5201E4DBF35884876A359DE7936C1C4348B8D0DB4B6AB44F7F64C181F7EFC7C1D446A2A880D630D2BF2FF4013404BABE30C7B80C07C87541B3BFF0970F57DF96D905F04EDDC4E218758F7D57249A14DDA7BC3C02A1FD53773CB97807F0592F32D67CAC5597A8A06E6FCE6AF2E74393871DE905E5BEC4BDC9B41F943A7DFB46FAB414C80BE4F0C06B020D8221B87274A372C5CCA7B13C75132C5D9661C5278CDD5053487D3870EDAE770A9F750283C69F00EAE2F885E61130270B62ED90A6BBC8FA674602345A29570FADAFC1E4B570EE1099AB4FF62EF8051FDE6F19D8AB65B1F8216E30AFC9C68979803522B62AA986E2B31C65785C6DF77DB34B5D4DC9E90E0475836537BA6D6F5C3046F0FE687FDF2A40C2392E227DF3248B15F8CFF981DA487DD9410A109935D28F8D5279DA52780D6A3C0D729090E6660902EFF798B41868755BA61B8D990BEA15C92919CDD7D12602BC6652A060440DF3D8888FE6E448F73F85BF125E132627D8CC9E80F5977286770C90902DF80353B8784F9407447381DEE876CB0FFC3E7B1A7B210869EEE32F63059821763F9C69E64E123A0358257F7D2BFCD611A311D33AD161BD220FB2188096512E1EE511F2B2616467C77DED656905C5F5B9A65F8D3FDE54DFFD7BF02C2EC3D1162DF8610973C79E362461DF1811C38A22C2786CF953C13366400FB44AED25F1690FD495B6A62E5A74CD06146E8BC94606C8E201E0C434FA760F74984568E4D16D132C37FCE9D57626DBC426B78F0C3A81CD806BFA837E6D6E74ADB765E643529C6A83564E021298804CC6B4B47C93E9273741FB7727FE105EDE8F36E359139A24AFB60494584C24EEFE0A6319D17C1DBF4E6885F5E9A82A8AA2C23970D2BA14E4DC71582B767F488EB7E2DA0FB379E047410FE20F2881C9EBF2C2E82F89366DF551B66DE00EBC70341E7746B2EC4F84EA2020EF4CE524412FEB6273B55715981E4FDBE17BF12753E541C2551769D79C10615C0D2A47BEA3B38CC48B8FBDFACB5E010A58B19A7965DB8F92BBBE3A8080CE5DD51E1C9592CC10B5E3663BDD1E01656F41F631247D6207DD8AB1A314C94E70D2740D084176568A2F0B3DAC7FC9769A0C5069984D944B09E5A2F133CF48E47661F5C6C75AD5252122DCCE4A8CDDAE16285F5E7B7BB2DFB74124BB4E6AA6E71490683A2997ADDB849ECCDA7094CD6E26FBE687E3B5E02A9FF1ACD4C984A13FAFC831"

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(512)

c:\windows\system32\ieframe.dll

c:\windows\System32\OneX.DLL

c:\windows\System32\eappprxy.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

Completion time: 2015-03-21 15:55:20

ComboFix-quarantined-files.txt 2015-03-21 05:55

ComboFix2.txt 2015-03-15 03:24

ComboFix3.txt 2015-03-14 23:39

ComboFix4.txt 2015-03-14 22:35

Pre-Run: 72,143,388,672 bytes free

Post-Run: 72,107,438,080 bytes free

- - End Of File - - E4964D743D7ACE4B7E220C3449AC3607

8F558EB6672622401DA993E1E865C861

#110
emeraldnzl

Posted 21 March 2015 - 12:17 AM

GeekU Instructor

GeekU Moderator
20,051 posts

So we can run programs but we can't download anything.

Something is blocking things.

It could be malware but I am not seeing it. While I am not completely certain at this stage I don't see a security program as the problem.

Question

Do you have SUPERAntiSpyware running in real time? If you do, then that might be a cause.

Try booting to Safe Mode and see if you can install Avira.

Also, can you remember if when we ran System File Checker (sfc /scannow) whether it signaled any problem? Same goes for chkdsk.

Tell me when you return.

EDIT

I have just had a thought.

What about the program PeerBlock?

While that is not a bad program do you think it might be blocking more than it should?

Edited by emeraldnzl, 21 March 2015 - 12:22 AM.
another thought

#111
Damon(V)

Posted 21 March 2015 - 12:28 AM

Member

Topic Starter
Member
87 posts

I can download and run some programs but many we have tried won't run/install inc antivirus programs.

Superantispyware is still installed but we only installed that not so long ago, Rkill etc wouldn't run prior to that either.

We ran chkdsk on page 4

I don't think we have run System File Checker

Cheers

Edited by Damon(V), 21 March 2015 - 12:28 AM.

#112
emeraldnzl

Posted 21 March 2015 - 12:42 AM

GeekU Instructor

GeekU Moderator
20,051 posts

Superantispyware is still installed

That's fine as long as it is the free version. If, for example, you downloaded the full version as a trial period, then it would likely be running in real time and may be, although not likely, blocking some things.

System File Checker

Oh, I must be going doolally. :whistling:

I thought we had done that long ago. It is a way to check and fix System File corruption which could be a cause of things not working properly.

Let's do it now:

Please run the System File Checker.

Follow these steps:

Click Start > Run and type sfc /scannow (note the space, it should be there), and then press ENTER.
Follow the prompts throughout the System File Checker process.
Restart your computer when System File Checker process is complete.

#113
Damon(V)

Posted 21 March 2015 - 12:47 AM

Member

Topic Starter
Member
87 posts

Yes it was only the free version of Superantispyware.

Sorry yes we ran sfc on page 3

#114
emeraldnzl

Posted 21 March 2015 - 01:02 AM

GeekU Instructor

GeekU Moderator
20,051 posts

Okay did you try the Safe Mode attempt suggested at post #110?

#115
Damon(V)

Posted 21 March 2015 - 01:14 AM

Member

Topic Starter
Member
87 posts

yes sorry no go there either

#116
emeraldnzl

Posted 21 March 2015 - 01:16 AM

GeekU Instructor

GeekU Moderator
20,051 posts

Alright, I am going to try something out of left field now. Hopefully we can download and run it.

Please download Delfix from here.

Put a check (tick) in the following boxes:

Activate UAC
Remove disinfection tools
Create registry backup
Purge System Restore
Reset System Settings
Then click Run

The tool will run for a short time. When completed a notepad window will open with a log. Please copy and paste the log back here.

#117
Damon(V)

Posted 21 March 2015 - 01:20 AM

Member

Topic Starter
Member
87 posts

that one worked although Activate UAC was blanked out and not tickable

# DelFix v10.9 - Logfile created 21/03/2015 at 17:18:21

# Updated 27/02/2015 by Xplode

# Username : Work 2 - COMPUTER

# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\Qoobox

Deleted : C:\_OTL

Deleted : C:\FRST

Deleted : C:\zoek_backup

Deleted : C:\AdwCleaner

Deleted : C:\Documents and Settings\Work 2\Desktop\FRST-OlderVersion

Deleted : C:\ComboFix.txt

Deleted : C:\Documents and Settings\Work 2\Desktop\Addition.txt

Deleted : C:\Documents and Settings\Work 2\Desktop\AdwCleaner.exe

Deleted : C:\Documents and Settings\Work 2\Desktop\ComboFix.exe

Deleted : C:\Documents and Settings\Work 2\Desktop\Fixlog.txt

Deleted : C:\Documents and Settings\Work 2\Desktop\FRST.exe

Deleted : C:\Documents and Settings\Work 2\Desktop\FRST.txt

Deleted : C:\Documents and Settings\Work 2\Desktop\FSS.exe

Deleted : C:\Documents and Settings\Work 2\Desktop\FSS.txt

Deleted : C:\Documents and Settings\Work 2\Desktop\JRT.exe

Deleted : C:\Documents and Settings\Work 2\Desktop\RogueKiller.exe

Deleted : C:\Documents and Settings\Work 2\Desktop\SecurityCheck.exe

Deleted : C:\Documents and Settings\Work 2\Desktop\tdsskiller.exe

Deleted : C:\Documents and Settings\Work 2\Desktop\TFC.exe

Deleted : C:\Documents and Settings\Work 2\Desktop\zoek.exe

Deleted : C:\Documents and Settings\Work 2\My Documents\Downloads\Extras.Txt

Deleted : C:\Documents and Settings\Work 2\My Documents\Downloads\OTL.Txt

Deleted : C:\Documents and Settings\Work 2\My Documents\Downloads\OTL.exe

Deleted : C:\WINDOWS\grep.exe

Deleted : C:\WINDOWS\PEV.exe

Deleted : C:\WINDOWS\NIRCMD.exe

Deleted : C:\WINDOWS\MBR.exe

Deleted : C:\WINDOWS\SED.exe

Deleted : C:\WINDOWS\SWREG.exe

Deleted : C:\WINDOWS\SWSC.exe

Deleted : C:\WINDOWS\SWXCACLS.exe

Deleted : C:\WINDOWS\Zip.exe

Deleted : HKLM\SOFTWARE\OldTimer Tools

Deleted : HKLM\SOFTWARE\AdwCleaner

Deleted : HKLM\SOFTWARE\Swearware

Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #1463 [System Checkpoint | 03/09/2015 11:36:23]

Deleted : RP #1464 [System Checkpoint | 03/10/2015 11:56:40]

Deleted : RP #1465 [Removed Symantec pcAnywhere. | 03/10/2015 21:05:07]

Deleted : RP #1466 [System Checkpoint | 03/11/2015 21:51:27]

Deleted : RP #1467 [System Checkpoint | 03/12/2015 22:35:19]

Deleted : RP #1468 [Installed calibre | 03/14/2015 07:04:15]

Deleted : RP #1469 [Removed calibre | 03/14/2015 07:05:50]

Deleted : RP #1470 [Removed Ad-Aware 2007 | 03/14/2015 07:36:17]

Deleted : RP #1471 [Removed RIA-Media Viewer | 03/14/2015 07:38:14]

Deleted : RP #1472 [Removed YTD Toolbar v6.2. | 03/14/2015 07:38:56]

Deleted : RP #1473 [Removed YTD Toolbar v6.2. | 03/14/2015 07:39:14]

Deleted : RP #1474 [Removed YTD Toolbar v6.2. | 03/15/2015 01:10:12]

Deleted : RP #1475 [Removed QuarkXPress 7.2. | 03/15/2015 01:10:30]

Deleted : RP #1476 [Configured PowerDirector | 03/15/2015 01:11:22]

Deleted : RP #1477 [Configured MYOB Accounting Plus v18.5 | 03/15/2015 01:19:27]

Deleted : RP #1478 [Configured MYOB Accounting Plus v16 | 03/15/2015 01:20:32]

Deleted : RP #1479 [Configured MYOB Accounting Plus v17 | 03/15/2015 01:24:28]

Deleted : RP #1480 [Removed Australian City Streets Ver 3 | 03/15/2015 01:28:48]

Deleted : RP #1481 [System Checkpoint | 03/16/2015 11:49:11]

Deleted : RP #1482 [Removed AVG 2015 | 03/16/2015 20:49:26]

Deleted : RP #1483 [System Checkpoint | 03/17/2015 21:17:27]

Deleted : RP #1484 [System Checkpoint | 03/18/2015 21:46:49]

Deleted : RP #1485 [Removed AVG 2015 | 03/19/2015 20:55:09]

Deleted : RP #1486 [ComboFix created restore point | 03/21/2015 05:44:17]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

#118
emeraldnzl

Posted 21 March 2015 - 01:29 AM

GeekU Instructor

GeekU Moderator
20,051 posts

Well that will have removed the tools we have been using and cleared some space. Bit like a clean slate.

Please try the install of Avira again.

#119
Damon(V)

Posted 21 March 2015 - 01:31 AM

Member

Topic Starter
Member
87 posts

no go for Avira still

#120
emeraldnzl

Posted 21 March 2015 - 01:35 AM

GeekU Instructor

GeekU Moderator
20,051 posts

Did you see my question about PeerBlock?

I don't know much about it but I understand it blocks advertising and things its data base says should be blocked.

Can you disable it and see whether that makes a difference?

Back to Can't Run Any Antivirus or Malware Removal Programs · Next Unread Topic →

As Featured On:

Geeks to Go Forum 343,325 topics
Quick Links FAQ Malware Cleaning Guide How it Works
Downloads 2+ million

View New Content

I have a virus and can't run antivirus etc :( [Solved]

#106
emeraldnzl

Posted 20 March 2015 - 11:32 PM

Advertisements

#107
Damon(V)

Posted 20 March 2015 - 11:35 PM

#108
emeraldnzl

Posted 20 March 2015 - 11:41 PM

#109
Damon(V)

Posted 20 March 2015 - 11:56 PM

#110
emeraldnzl

Posted 21 March 2015 - 12:17 AM

#111
Damon(V)

Posted 21 March 2015 - 12:28 AM

#112
emeraldnzl

Posted 21 March 2015 - 12:42 AM

#113
Damon(V)

Posted 21 March 2015 - 12:47 AM

#114
emeraldnzl

Posted 21 March 2015 - 01:02 AM

#115
Damon(V)

Posted 21 March 2015 - 01:14 AM

Advertisements

#116
emeraldnzl

Posted 21 March 2015 - 01:16 AM

#117
Damon(V)

Posted 21 March 2015 - 01:20 AM

#118
emeraldnzl

Posted 21 March 2015 - 01:29 AM

#119
Damon(V)

Posted 21 March 2015 - 01:31 AM

#120
emeraldnzl

Posted 21 March 2015 - 01:35 AM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

I have a virus and can't run antivirus etc :( [Solved]

#106 emeraldnzl Posted 20 March 2015 - 11:32 PM

Advertisements

#107 Damon(V) Posted 20 March 2015 - 11:35 PM

#108 emeraldnzl Posted 20 March 2015 - 11:41 PM

#109 Damon(V) Posted 20 March 2015 - 11:56 PM

#110 emeraldnzl Posted 21 March 2015 - 12:17 AM

#111 Damon(V) Posted 21 March 2015 - 12:28 AM

#112 emeraldnzl Posted 21 March 2015 - 12:42 AM

#113 Damon(V) Posted 21 March 2015 - 12:47 AM

#114 emeraldnzl Posted 21 March 2015 - 01:02 AM

#115 Damon(V) Posted 21 March 2015 - 01:14 AM

Advertisements

#116 emeraldnzl Posted 21 March 2015 - 01:16 AM

#117 Damon(V) Posted 21 March 2015 - 01:20 AM

#118 emeraldnzl Posted 21 March 2015 - 01:29 AM

#119 Damon(V) Posted 21 March 2015 - 01:31 AM

#120 emeraldnzl Posted 21 March 2015 - 01:35 AM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

Sign In

#106
emeraldnzl

Posted 20 March 2015 - 11:32 PM

#107
Damon(V)

Posted 20 March 2015 - 11:35 PM

#108
emeraldnzl

Posted 20 March 2015 - 11:41 PM

#109
Damon(V)

Posted 20 March 2015 - 11:56 PM

#110
emeraldnzl

Posted 21 March 2015 - 12:17 AM

#111
Damon(V)

Posted 21 March 2015 - 12:28 AM

#112
emeraldnzl

Posted 21 March 2015 - 12:42 AM

#113
Damon(V)

Posted 21 March 2015 - 12:47 AM

#114
emeraldnzl

Posted 21 March 2015 - 01:02 AM

#115
Damon(V)

Posted 21 March 2015 - 01:14 AM

#116
emeraldnzl

Posted 21 March 2015 - 01:16 AM

#117
Damon(V)

Posted 21 March 2015 - 01:20 AM

#118
emeraldnzl

Posted 21 March 2015 - 01:29 AM

#119
Damon(V)

Posted 21 March 2015 - 01:31 AM

#120
emeraldnzl

Posted 21 March 2015 - 01:35 AM