HijackThis Logfile (Windows System Defender)

View previous topic View next topic Go down

HijackThis Logfile (Windows System Defender)

Post by kraye89 on 30th October 2009, 3:05 pm

*It told me a I may have to right-click the icon and select Run as administrator, because it was being denied access to my hosts file. Although, the same thing did happen to me earlier when I was trying to edit the hosts file, if you need me to do that I can sure try.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:21:22 PM, on 10/29/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\vsnp2uvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\ProgramData\3a5d3d7\WS3a5d.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Users\test\AppData\Local\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Transparent Windows\Transparent.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Windows\system32\wuauclt.exe
C:\Users\test\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\test\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\test\Documents\Downloads\winlogon.scr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\test\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Windows System Defender] "C:\ProgramData\3a5d3d7\WS3a5d.exe" /s /d
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: Transparent Windows.lnk = ?
O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - [You must be registered and logged in to see this link.]
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - [You must be registered and logged in to see this link.]
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - [You must be registered and logged in to see this link.]
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11305 bytes

kraye89
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-10-30
OS OS : Vista
Points Points : 25964
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HijackThis Logfile (Windows System Defender)

Post by kraye89 on 2nd November 2009, 1:28 am

Basically, I have Windows System Defender on my computer. It pops up every half hour or so in many different forms. Sometimes, it's a very loud pop-up that says I have a virus. Sometimes, it's a bubble that pops up from the taskbar at the bottom of my computer. And sometimes, it's a pop-up that comes up from the bottom of my screen. I tried running quick and full scans with my McAfee Virus Scanner, and it didn't do anything. So I ran quick and full scans with my Malwarebytes Anti-Malware Scanner, because I had to use that before when I got Personal Anti-Virus on the same computer and another in my house. That didn't work, either. I don't know what else to do, and really don't want to spend more money on virus software when I don't know if it will even find the program. I checked out a bunch of websites that had steps for how to remove it manually. Most of them told me to remove processes that weren't even on my computer. A couple of them told me to edit my hosts file, but when I tried to save, it kept saying I was denied access, even though my account is the admin. account. Also, for some reason it is only on my account. There are three other accounts on my computer, including a guest account, and they haven't had any problems with it.

kraye89
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-10-30
OS OS : Vista
Points Points : 25964
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HijackThis Logfile (Windows System Defender)

Post by Dr Jay on 2nd November 2009, 3:07 am

Please download ComboFix from [You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


I would also like to see a list of installed programs, so please do this:
Click Start > Run then copy/paste the following single-line command into the Run box and click OK:

C:\Qoobox\Add-Remove Programs.txt

In your next reply, please include the ComboFix log and the Add-Remove Programs log.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13743
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302211
# Likes # Likes : 10

View user profile

Back to top Go down

Re: HijackThis Logfile (Windows System Defender)

Post by kraye89 on 2nd November 2009, 4:43 am

I cannot do anything on my computer, now. I can't even get the list of installed programs for you. I had to go on a different computer to access the internet, so I could send this to you. Everytime I try to do something, a message pops up that says, "Illegal operation attempted on a registry key that has been marked for deletion." I hope this is normal, because it is making me very nervous.

Here is the log file you wanted:

ComboFix 09-10-30.01 - test 11/01/2009 21:45.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1982.980 [GMT -6:00]
Running from: c:\users\test\Desktop\commy.exe
Command switches used :: /stepdel
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3920745456-4171760788-1868303563-500
c:\programdata\3a5d3d7
c:\programdata\3a5d3d7\BackUp\Adobe Reader Speed Launch.lnk
c:\programdata\3a5d3d7\BackUp\Adobe Reader Synchronizer.lnk
c:\programdata\3a5d3d7\BackUp\HP Connections.lnk
c:\programdata\3a5d3d7\BackUp\Kodak EasyShare software.lnk
c:\programdata\3a5d3d7\BackUp\Transparent Windows.lnk
c:\programdata\3a5d3d7\WS3a5d.exe
c:\programdata\3a5d3d7\WSD.ico
c:\programdata\3a5d3d7\WSDDSys\vd952342.bd
c:\windows\system32\drivers\ndisrd.sys
c:\windows\system32\drivers\snetcfg.exe
c:\windows\system32\ndisapi.dll
c:\$recycle.bin\S-1-5-21-3920745456-4171760788-1868303563-500\desktop.ini
c:\users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows System Defender.lnk
c:\users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Windows System Defender.lnk
c:\users\test\Desktop\Windows System Defender.lnk
c:\windows\Downloaded Program Files\popcaploader.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Ndisrd
-------\Service_NdisrdMP


((((((((((((((((((((((((( Files Created from 2009-10-02 to 2009-11-02 )))))))))))))))))))))))))))))))
.

2009-11-02 04:12 . 2009-11-02 04:12 -------- d-----w- c:\users\Taylor\AppData\Local\temp
2009-11-02 04:12 . 2009-11-02 04:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-02 04:12 . 2009-11-02 04:12 -------- d-----w- c:\users\James\AppData\Local\temp
2009-11-02 04:10 . 2009-11-02 04:10 -------- d-----w- c:\users\Guest\AppData\Local\temp
2009-11-02 03:45 . 2008-01-19 07:42 45112 ----a-w- c:\windows\system32\drivers\nvstor.sys
2009-11-02 03:45 . 2008-01-19 07:41 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-10-29 23:53 . 2009-10-29 23:53 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-29 03:38 . 2009-10-29 03:38 -------- d-----w- c:\program files\uTorrent
2009-10-29 02:23 . 2009-10-29 02:24 -------- d-sh--w- c:\users\test\AppData\Roaming\Windows System Defender
2009-10-29 02:23 . 2009-10-29 02:23 -------- d-sh--w- c:\programdata\WSDDSys
2009-10-28 01:43 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 01:43 . 2009-09-10 15:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-17 17:01 . 2009-10-17 17:01 -------- d-----w- c:\users\Taylor\AppData\Roaming\Move Networks
2009-10-15 17:09 . 2009-10-31 20:16 -------- d-----w- c:\users\James\Tracing
2009-10-13 21:56 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-13 21:55 . 2009-08-05 14:22 3597896 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-13 21:55 . 2009-08-05 14:22 3546184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-13 21:55 . 2009-08-31 13:55 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-10-13 21:55 . 2009-08-31 13:55 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-10-13 21:54 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll
2009-10-13 21:54 . 2009-09-14 09:44 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-13 21:54 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-05 22:41 . 2009-10-05 23:00 -------- d-----w- c:\users\James\AppData\Roaming\LimeWire
2009-10-04 03:57 . 2009-10-04 03:57 -------- d-----w- c:\users\Taylor\AppData\Roaming\HP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-02 04:15 . 2006-12-19 14:46 12 ----a-w- c:\windows\bthservsdp.dat
2009-11-02 04:15 . 2008-10-30 07:01 -------- d-----w- c:\users\test\AppData\Roaming\uTorrent
2009-11-02 00:38 . 2009-09-26 04:59 -------- d-----w- c:\users\Taylor\AppData\Roaming\LimeWire
2009-11-02 00:33 . 2008-10-27 20:51 12978 ----a-w- c:\users\test\AppData\Roaming\nvModes.dat
2009-11-01 17:16 . 2009-10-02 01:55 13072 ----a-w- c:\users\Taylor\AppData\Roaming\nvModes.dat
2009-10-29 23:42 . 2006-12-19 15:58 -------- d-----w- c:\program files\Java
2009-10-23 17:08 . 2008-12-11 06:39 680 ----a-w- c:\users\test\AppData\Local\d3d9caps.dat
2009-10-18 15:13 . 2009-01-09 23:24 13025 ----a-w- c:\users\James\AppData\Roaming\nvModes.dat
2009-10-14 12:14 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-14 04:41 . 2006-12-19 15:26 -------- d-----w- c:\programdata\Microsoft Help
2009-10-14 04:40 . 2006-12-19 15:24 -------- d-----w- c:\program files\Microsoft Works
2009-10-05 01:50 . 2008-11-13 03:05 -------- d-----w- c:\users\Guest\AppData\Roaming\LimeWire
2009-10-02 23:21 . 2009-10-02 23:21 -------- d-----w- c:\program files\Transparent Windows
2009-09-28 03:10 . 2009-02-03 23:55 -------- d-----w- c:\programdata\pdf995
2009-09-28 02:48 . 2009-09-28 02:48 -------- d-----w- c:\users\Taylor\AppData\Roaming\TaxCut
2009-09-26 05:07 . 2009-09-26 05:07 -------- d-----w- c:\users\Taylor\AppData\Roaming\Apple Computer
2009-09-25 04:40 . 2009-09-25 04:40 -------- d-----w- c:\users\Taylor\AppData\Roaming\pdf995
2009-09-25 02:29 . 2009-09-25 02:29 -------- d-----w- c:\users\Taylor\AppData\Roaming\Skinux
2009-09-25 02:28 . 2009-09-25 02:28 -------- d-----w- c:\users\Taylor\AppData\Roaming\ArcSoft
2009-09-25 02:28 . 2009-09-25 02:28 7484 ----a-w- c:\users\Taylor\AppData\Local\d3d9caps.dat
2009-09-25 02:27 . 2009-09-25 02:27 133256 ----a-w- c:\users\Taylor\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-21 03:13 . 2008-11-05 07:19 -------- d-----w- c:\users\test\AppData\Roaming\LimeWire
2009-09-20 10:01 . 2006-12-19 15:31 -------- d-----w- c:\programdata\CyberLink
2009-09-20 06:18 . 2009-09-20 06:11 -------- d-----w- c:\program files\Microsoft
2009-09-20 06:17 . 2009-09-20 06:17 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-09-20 06:17 . 2008-11-01 18:59 -------- d-----w- c:\program files\Windows Live
2009-09-20 06:15 . 2009-09-20 06:15 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-09-20 06:13 . 2009-09-20 06:13 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-09-20 06:11 . 2009-09-20 06:11 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-20 06:01 . 2009-09-20 06:01 -------- d-----w- c:\program files\Common Files\Windows Live
2009-09-20 05:57 . 2009-09-20 05:57 -------- d-----w- c:\users\test\AppData\Roaming\MSNInstaller
2009-09-16 15:22 . 2009-05-07 06:05 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 15:22 . 2009-05-07 06:05 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 15:22 . 2009-05-07 06:05 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 15:22 . 2009-03-25 16:06 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 15:22 . 2009-05-07 06:00 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-16 02:30 . 2009-02-19 05:16 -------- d-----w- c:\users\test\AppData\Roaming\Move Networks
2009-09-15 21:13 . 2009-02-24 14:33 7484 ----a-w- c:\users\James\AppData\Local\d3d9caps.dat
2009-09-14 20:15 . 2008-12-11 06:20 -------- d-----w- c:\programdata\McAfee
2009-09-09 05:38 . 2008-11-28 18:38 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-07 21:56 . 2008-11-27 23:19 13025 ----a-w- c:\users\Guest\AppData\Roaming\nvModes.dat
2009-08-28 12:39 . 2009-09-02 22:00 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 10:15 . 2009-09-02 22:00 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 05:22 . 2009-10-30 00:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-30 00:00 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-30 00:00 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-30 00:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-14 17:07 . 2009-09-09 02:26 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 16:29 . 2009-09-09 02:26 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 16:29 . 2009-09-09 02:26 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 14:16 . 2009-09-09 02:26 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:16 . 2009-09-09 02:26 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:16 . 2009-09-09 02:26 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:16 . 2009-09-09 02:26 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:16 . 2009-09-09 02:26 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:16 . 2009-09-09 02:26 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:16 . 2009-09-09 02:26 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-07 20:54 . 2008-12-29 02:15 250 ----a-w- c:\users\test\AppData\Roaming\wklnhst.dat
2009-08-07 02:24 . 2009-10-01 21:20 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 02:24 . 2009-10-01 21:20 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 02:24 . 2009-10-01 21:20 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-07 02:23 . 2009-10-01 21:20 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 02:23 . 2009-10-01 21:20 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-07 01:45 . 2009-10-01 21:20 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-08-07 01:44 . 2009-10-01 21:20 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-08-07 00:23 . 2009-10-01 21:20 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-08-06 23:44 . 2009-10-01 21:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-08-06 03:48 . 2009-09-20 06:17 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2009-08-05 00:52 . 2009-08-05 00:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2006-11-22 1474560]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Google Update"="c:\users\test\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-05-07 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-10-29 289072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-11-24 167936]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-11-28 46704]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-07-10 195072]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-07 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-07 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-07 81920]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2008-08-02 675840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

c:\users\Taylor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-7-31 139776]

c:\users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Transparent Windows.lnk - c:\users\test\AppData\Roaming\Microsoft\Installer\{26E30F32-01C0-47EF-930B-D36B676B86A9}\_294823.exe [2009-10-2 1078]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Connections.lnk - c:\program files\HP Connections\6811507\Program\HP Connections.exe [2006-12-19 34520]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-10-30 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [5/7/2009 12:06 AM 92296]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [9/20/2009 12:17 AM 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 9:48 PM 704864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder

2009-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3769123611-1160465140-3090171297-1000Core.job
- c:\users\test\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-07 05:51]

2009-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3769123611-1160465140-3090171297-1000UA.job
- c:\users\test\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-07 05:51]

2009-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3769123611-1160465140-3090171297-1002Core.job
- c:\users\Taylor\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-25 02:30]

2009-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3769123611-1160465140-3090171297-1002UA.job
- c:\users\Taylor\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-25 02:30]

2009-10-29 c:\windows\Tasks\HPCeeScheduleFortest.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2006-12-19 00:08]

2009-08-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 17:22]

2009-11-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 17:22]
.
.
------- Supplementary Scan -------
.
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Windows System Defender - c:\programdata\3a5d3d7\WS3a5d.exe
HKU-Default-Run-msnmsgr - c:\program files\MSN Messenger\msnmsgr.exe



**************************************************************************
scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3152)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\windows\system32\rundll32.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2009-11-02 22:24 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-02 04:24

Pre-Run: 50,770,616,320 bytes free
Post-Run: 56,298,352,640 bytes free

- - End Of File - - 5464D68C78D8F0CB962FCA7608AE02D1

kraye89
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-10-30
OS OS : Vista
Points Points : 25964
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HijackThis Logfile (Windows System Defender)

Post by Dr Jay on 2nd November 2009, 9:59 am

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Then, please re-run ComboFix.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13743
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302211
# Likes # Likes : 10

View user profile

Back to top Go down

Re: HijackThis Logfile (Windows System Defender)

Post by kraye89 on 2nd November 2009, 11:50 pm

I couldn't run ComboFix the same way as before, by copying and pasting that stuff into Run, so I just double-clicked it and let it run (in safe mode). I still can't access the internet or anything else.

Here's the log file:

ComboFix 09-10-30.01 - test 11/02/2009 16:33.2.2 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1982.1575 [GMT -6]
Running from: c:\users\test\Desktop\commy.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-10-02 to 2009-11-02 )))))))))))))))))))))))))))))))
.

2009-11-02 04:24 . 2009-11-02 22:44 -------- d-----w- c:\users\test\AppData\Local\temp
2009-11-02 04:24 . 2009-11-02 22:44 -------- d-----w- c:\users\Taylor\AppData\Local\temp
2009-11-02 04:24 . 2009-11-02 22:44 -------- d-----w- c:\users\Guest\AppData\Local\temp
2009-11-02 04:24 . 2009-11-02 04:24 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-11-02 04:24 . 2009-11-02 04:24 -------- d-----w- c:\users\James\AppData\Local\temp
2009-11-02 04:24 . 2009-11-02 04:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-02 03:45 . 2008-01-19 07:42 45112 ----a-w- c:\windows\system32\drivers\nvstor.sys
2009-11-02 03:45 . 2008-01-19 07:41 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-10-29 23:53 . 2009-10-29 23:53 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-29 03:38 . 2009-10-29 03:38 -------- d-----w- c:\program files\uTorrent
2009-10-29 02:23 . 2009-10-29 02:24 -------- d-sh--w- c:\users\test\AppData\Roaming\Windows System Defender
2009-10-29 02:23 . 2009-10-29 02:23 -------- d-sh--w- c:\programdata\WSDDSys
2009-10-28 01:43 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 01:43 . 2009-09-10 15:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-17 17:01 . 2009-10-17 17:01 -------- d-----w- c:\users\Taylor\AppData\Roaming\Move Networks
2009-10-15 17:09 . 2009-10-31 20:16 -------- d-----w- c:\users\James\Tracing
2009-10-13 21:56 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-13 21:55 . 2009-08-05 14:22 3597896 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-13 21:55 . 2009-08-05 14:22 3546184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-13 21:55 . 2009-08-31 13:55 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-10-13 21:55 . 2009-08-31 13:55 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-10-13 21:54 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll
2009-10-13 21:54 . 2009-09-14 09:44 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-13 21:54 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-05 22:41 . 2009-10-05 23:00 -------- d-----w- c:\users\James\AppData\Roaming\LimeWire
2009-10-04 03:57 . 2009-10-04 03:57 -------- d-----w- c:\users\Taylor\AppData\Roaming\HP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-02 22:30 . 2006-12-19 14:46 12 ----a-w- c:\windows\bthservsdp.dat
2009-11-02 22:30 . 2008-10-30 07:01 -------- d-----w- c:\users\test\AppData\Roaming\uTorrent
2009-11-02 22:27 . 2008-10-27 20:51 12978 ----a-w- c:\users\test\AppData\Roaming\nvModes.dat
2009-11-02 04:52 . 2009-09-26 04:59 -------- d-----w- c:\users\Taylor\AppData\Roaming\LimeWire
2009-11-01 17:16 . 2009-10-02 01:55 13072 ----a-w- c:\users\Taylor\AppData\Roaming\nvModes.dat
2009-10-29 23:42 . 2006-12-19 15:58 -------- d-----w- c:\program files\Java
2009-10-23 17:08 . 2008-12-11 06:39 680 ----a-w- c:\users\test\AppData\Local\d3d9caps.dat
2009-10-18 15:13 . 2009-01-09 23:24 13025 ----a-w- c:\users\James\AppData\Roaming\nvModes.dat
2009-10-14 12:14 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-14 04:41 . 2006-12-19 15:26 -------- d-----w- c:\programdata\Microsoft Help
2009-10-14 04:40 . 2006-12-19 15:24 -------- d-----w- c:\program files\Microsoft Works
2009-10-05 01:50 . 2008-11-13 03:05 -------- d-----w- c:\users\Guest\AppData\Roaming\LimeWire
2009-10-02 23:21 . 2009-10-02 23:21 -------- d-----w- c:\program files\Transparent Windows
2009-09-28 03:10 . 2009-02-03 23:55 -------- d-----w- c:\programdata\pdf995
2009-09-28 02:48 . 2009-09-28 02:48 -------- d-----w- c:\users\Taylor\AppData\Roaming\TaxCut
2009-09-26 05:07 . 2009-09-26 05:07 -------- d-----w- c:\users\Taylor\AppData\Roaming\Apple Computer
2009-09-25 04:40 . 2009-09-25 04:40 -------- d-----w- c:\users\Taylor\AppData\Roaming\pdf995
2009-09-25 02:29 . 2009-09-25 02:29 -------- d-----w- c:\users\Taylor\AppData\Roaming\Skinux
2009-09-25 02:28 . 2009-09-25 02:28 -------- d-----w- c:\users\Taylor\AppData\Roaming\ArcSoft
2009-09-25 02:28 . 2009-09-25 02:28 7484 ----a-w- c:\users\Taylor\AppData\Local\d3d9caps.dat
2009-09-25 02:27 . 2009-09-25 02:27 133256 ----a-w- c:\users\Taylor\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-21 03:13 . 2008-11-05 07:19 -------- d-----w- c:\users\test\AppData\Roaming\LimeWire
2009-09-20 10:01 . 2006-12-19 15:31 -------- d-----w- c:\programdata\CyberLink
2009-09-20 06:18 . 2009-09-20 06:11 -------- d-----w- c:\program files\Microsoft
2009-09-20 06:17 . 2009-09-20 06:17 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-09-20 06:17 . 2008-11-01 18:59 -------- d-----w- c:\program files\Windows Live
2009-09-20 06:15 . 2009-09-20 06:15 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-09-20 06:13 . 2009-09-20 06:13 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-09-20 06:11 . 2009-09-20 06:11 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-20 06:01 . 2009-09-20 06:01 -------- d-----w- c:\program files\Common Files\Windows Live
2009-09-20 05:57 . 2009-09-20 05:57 -------- d-----w- c:\users\test\AppData\Roaming\MSNInstaller
2009-09-16 15:22 . 2009-05-07 06:05 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 15:22 . 2009-05-07 06:05 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 15:22 . 2009-05-07 06:05 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 15:22 . 2009-03-25 16:06 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 15:22 . 2009-05-07 06:00 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-16 02:30 . 2009-02-19 05:16 -------- d-----w- c:\users\test\AppData\Roaming\Move Networks
2009-09-15 21:13 . 2009-02-24 14:33 7484 ----a-w- c:\users\James\AppData\Local\d3d9caps.dat
2009-09-14 20:15 . 2008-12-11 06:20 -------- d-----w- c:\programdata\McAfee
2009-09-09 05:38 . 2008-11-28 18:38 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-07 21:56 . 2008-11-27 23:19 13025 ----a-w- c:\users\Guest\AppData\Roaming\nvModes.dat
2009-08-28 12:39 . 2009-09-02 22:00 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 10:15 . 2009-09-02 22:00 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 05:22 . 2009-10-30 00:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-30 00:00 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-30 00:00 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-30 00:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-14 17:07 . 2009-09-09 02:26 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 16:29 . 2009-09-09 02:26 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 16:29 . 2009-09-09 02:26 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 14:16 . 2009-09-09 02:26 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:16 . 2009-09-09 02:26 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:16 . 2009-09-09 02:26 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:16 . 2009-09-09 02:26 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:16 . 2009-09-09 02:26 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:16 . 2009-09-09 02:26 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:16 . 2009-09-09 02:26 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-07 20:54 . 2008-12-29 02:15 250 ----a-w- c:\users\test\AppData\Roaming\wklnhst.dat
2009-08-07 02:24 . 2009-10-01 21:20 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 02:24 . 2009-10-01 21:20 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 02:24 . 2009-10-01 21:20 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-07 02:23 . 2009-10-01 21:20 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 02:23 . 2009-10-01 21:20 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-07 01:45 . 2009-10-01 21:20 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-08-07 01:44 . 2009-10-01 21:20 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-08-07 00:23 . 2009-10-01 21:20 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-08-06 23:44 . 2009-10-01 21:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-08-06 03:48 . 2009-09-20 06:17 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2009-08-05 00:52 . 2009-08-05 00:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-12-19 15:02 . 2009-11-02 22:28 57272 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:05 . 2009-11-02 04:19 75304 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-11-02 22:28 75304 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-10-27 20:51 . 2009-11-02 22:28 14108 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3769123611-1160465140-3090171297-1000_UserData.bin
- 2008-10-27 19:45 . 2009-11-02 03:26 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-27 19:45 . 2009-11-02 04:30 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-10-27 19:45 . 2009-11-02 03:26 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-27 19:45 . 2009-11-02 04:30 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-27 19:45 . 2009-11-02 03:26 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-27 19:45 . 2009-11-02 04:30 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 10:33 . 2009-11-02 22:38 594698 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-11-02 22:38 100766 c:\windows\System32\perfc009.dat
+ 2008-10-27 20:13 . 2009-11-02 22:30 1789360 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2008-10-27 20:13 . 2009-11-02 04:15 1789360 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2006-11-22 1474560]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Google Update"="c:\users\test\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-05-07 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-10-29 289072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-11-24 167936]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-11-28 46704]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-07-10 195072]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-07 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-07 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-07 81920]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2008-08-02 675840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

c:\users\Taylor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-7-31 139776]

c:\users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Transparent Windows.lnk - c:\users\test\AppData\Roaming\Microsoft\Installer\{26E30F32-01C0-47EF-930B-D36B676B86A9}\_294823.exe [2009-10-2 1078]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Connections.lnk - c:\program files\HP Connections\6811507\Program\HP Connections.exe [2006-12-19 34520]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-10-30 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [5/7/2009 12:06 AM 92296]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [9/20/2009 12:17 AM 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 9:48 PM 704864]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ECACHE
*NewlyCreated* - MBR
*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder

2009-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3769123611-1160465140-3090171297-1000Core.job
- c:\users\test\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-07 05:51]

2009-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3769123611-1160465140-3090171297-1000UA.job
- c:\users\test\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-07 05:51]

2009-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3769123611-1160465140-3090171297-1002Core.job
- c:\users\Taylor\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-25 02:30]

2009-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3769123611-1160465140-3090171297-1002UA.job
- c:\users\Taylor\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-25 02:30]

2009-10-29 c:\windows\Tasks\HPCeeScheduleFortest.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2006-12-19 00:08]

2009-08-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 17:22]

2009-11-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 17:22]
.
.
------- Supplementary Scan -------
.
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce- - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-11-02 16:44
Windows 6.0.6001 Service Pack 1 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(760)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
Completion time: 2009-11-02 16:46
ComboFix-quarantined-files.txt 2009-11-02 22:46
ComboFix2.txt 2009-11-02 04:24

Pre-Run: 58,431,332,352 bytes free
Post-Run: 58,333,003,776 bytes free

- - End Of File - - BC9C68D13A9ACB1D39076B9B8C512062

kraye89
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-10-30
OS OS : Vista
Points Points : 25964
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HijackThis Logfile (Windows System Defender)

Post by Dr Jay on 3rd November 2009, 12:58 am

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13743
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302211
# Likes # Likes : 10

View user profile

Back to top Go down

Re: HijackThis Logfile (Windows System Defender)

Post by kraye89 on 3rd November 2009, 3:30 am

I cannot download anything to my computer, because I haven't been able to access the internet on my computer ever since I ran ComboFix. Since I already have Malwarebytes' Anti-Malware, I was still able to run a full scan.
Here is the log file:

Malwarebytes' Anti-Malware 1.40
Database version: 2667
Windows 6.0.6001 Service Pack 1

11/2/2009 9:19:13 PM
mbam-log-2009-11-02 (21-19-13).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 338649
Time elapsed: 1 hour(s), 24 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.Search) -> Bad: (http://search-gala.com/?&uid=220&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

kraye89
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-10-30
OS OS : Vista
Points Points : 25964
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HijackThis Logfile (Windows System Defender)

Post by Dr Jay on 3rd November 2009, 3:51 am

Please restart your computer and re-run Malwarebytes. Post a log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13743
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302211
# Likes # Likes : 10

View user profile

Back to top Go down

Re: HijackThis Logfile (Windows System Defender)

Post by kraye89 on 3rd November 2009, 6:21 am

Malwarebytes' Anti-Malware 1.40
Database version: 2667
Windows 6.0.6001 Service Pack 1

11/3/2009 12:18:34 AM
mbam-log-2009-11-03 (00-18-34).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 338043
Time elapsed: 1 hour(s), 25 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

kraye89
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-10-30
OS OS : Vista
Points Points : 25964
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HijackThis Logfile (Windows System Defender)

Post by Dr Jay on 3rd November 2009, 6:40 am

Do you have internet access now?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13743
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302211
# Likes # Likes : 10

View user profile

Back to top Go down

Re: HijackThis Logfile (Windows System Defender)

Post by kraye89 on 3rd November 2009, 4:54 pm

No, I still don't have inernet access. Internet Explorer will actually run, now, but my compter isn't connecting to the internet. When I click on connect or disconnect, it says "connected with limited access." I tried disconnecting and connecting, again, and I tried restarting my computer. Neither one seemed to work.

kraye89
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-10-30
OS OS : Vista
Points Points : 25964
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HijackThis Logfile (Windows System Defender)

Post by kraye89 on 3rd November 2009, 6:57 pm

So I just went on my computer to try again with the internet. I went to the Connect to a Network thing, and it still says Connected with limited access. I right-clicked and chose Diagnose. A window popped up that says:
The network adapter "Wireless Network Connection" is not properly configured to use the IP protocol

And there are two different things for me to click on:
(1) The network adapter "Broadcom 802.11b/g WLAN" is experiencing driver or hardware related issues. Click here for information.
(2) Make sure your Internet Protocol Bindings are correct. Ensure that "Internet Protocol Version 4 (TCP/IPv4)" and "Internet Protocol Version 6 (TCP/IPv6)" are Selected in the configuration for the network adapter "Wireless Network Connection". Click here to open the adapter's configuration settings.

I wanted to try to figure this out by myself, but I have no idea what it is talking about.

kraye89
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-10-30
OS OS : Vista
Points Points : 25964
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HijackThis Logfile (Windows System Defender)

Post by kraye89 on 3rd November 2009, 11:22 pm

Okay, I've been going back to my computer whenever I have free time, thinking maybe this is something really simple, and I can figure it out on my own. I didn't fix anything, but I thought I should let you know what I already tried.
I figured out what number (2) was talking about, and I checked it out to make sure those things were checked, which they were. Then it gave me a box with something to click on once I was done checking them out, so I tried going on the internet again. It still didn't work, so I clicked "Diagnose Connection Problems." It gave me the same message as the one in my previous post, except this time it said NVIDIA wasn't working, instead of Broadcom. I went to my Device Manager and under NVIDIA nForce Networking Controller - WinpkFilter, it said:
Windows cannot start this hardware device becasue its configuration (in the registry) is incomplete or damaged. (Code 19) Click 'Check for Solutions' to send data about this device to Microsoft and to see if there is a solution available.

It also said this on the Broadcom one. When I clicked on Check for Solutions, a box popped up that said:
Could not load driver software
Windows is collecting more information about the problem. This might take several minutes...

I did this for both drivers. Nothing really happened, and the message disappeared as quickly as it appeared. I also checked for driver updates, and there weren't any for either one of them. Then I disbaled and enabled both of them and tried restarting my computer just for fun.

kraye89
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-10-30
OS OS : Vista
Points Points : 25964
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HijackThis Logfile (Windows System Defender)

Post by Dr Jay on 4th November 2009, 3:39 am

Ok. Do you have the drivers for both of those devices?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13743
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302211
# Likes # Likes : 10

View user profile

Back to top Go down

Re: HijackThis Logfile (Windows System Defender)

Post by kraye89 on 4th November 2009, 1:57 pm

Not sure what you mean by that

kraye89
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-10-30
OS OS : Vista
Points Points : 25964
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HijackThis Logfile (Windows System Defender)

Post by kraye89 on 4th November 2009, 2:44 pm

They're both listed in my device manager with little exclamation points on them. Also, I noticed that there are three others that say the same thing. They are:
WAN Miniport (IP) - WinpkFilter Miniport
WAN Miniport (IPv6) - WinpkFilter Miniport
WAN Miniport (Network Monitor) - WinpkFilter Miniport

Also, there are two others that don't have the exclamation points on them. They're the Broadcom and NVIDIA ones like from before, except the don't have "- WinpkFilter Miniport" at the end of their names.

kraye89
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-10-30
OS OS : Vista
Points Points : 25964
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HijackThis Logfile (Windows System Defender)

Post by Dr Jay on 4th November 2009, 9:57 pm

Usually a disc is included with your computer, that might say Drivers and Utilities. Do you have that or not sure?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13743
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302211
# Likes # Likes : 10

View user profile

Back to top Go down

Re: HijackThis Logfile (Windows System Defender)

Post by kraye89 on 5th November 2009, 2:25 am

I've had my computer for about two years, so if I do, I would have no idea where it is. I went on the HP website, and chatted with a support tech. He sent me the downloads for the NVIDIA and Broadcom drivers, and I saved them to a disk so I could transfer them to my computer and install them. After I installed them, however, my computer still wouldn't connect to the internet. He told me that the only option he had left for me was to do a system recovery. I really don't want to have to do that, becasue it will take me forever to back up all of my files. Do you have any other ideas, or is this pretty much my only option?

kraye89
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-10-30
OS OS : Vista
Points Points : 25964
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HijackThis Logfile (Windows System Defender)

Post by Dr Jay on 5th November 2009, 3:00 am

Please re-run ComboFix and post a new log. Make sure the computer reboots again, to see if the connection will restore.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13743
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302211
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum