Jump to content

Disabled Windows Security Center, Security Essentials and Windows Defender


Recommended Posts

Hello,

I can't pinpoint when exactly I might have gotten a virus, but all of a sudden:

1. Windows Security Center is disabled.

a) A simple attempt to turn it on gives the generic "can't be started" message box.

b) I can enable and start it through Services.msc, but it becomes disabled again within 30 seconds.

2. Windows Defender won't start.

3. Security Essentials won't stay open for more than a moment.

a) It worked in safe mode, but found nothing.

b) I've since uninstalled it.

Eset online scan found nothing; HouseCall online scan found a couple virus threats and fixed them without problem, but the issues above are still present. (Unfortunately, I ran this scan at the very start of my troubles and, believing the viruses to have been removed, didn't record their names or details.)

Jemmo92 had the same problems, and was given useful instructions here: http://forums.malwarebytes.org/index.php?s...=71178&st=0

I imagine we have the same issue, but his solution was tailor-made for his system, so I hesitate to follow it.

My HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:57:17 AM, on 1/8/2011

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16700)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Program Files\Deluxe Digital Studios\SNL Client\SNLClient.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Users\Matthew\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE

C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

Q:\140061.enu\Office14\ONENOTEM.EXE

C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe

C:\Users\Matthew\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Matthew\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Matthew\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Matthew\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Matthew\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Matthew\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://snl.bydeluxe.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [D-Link D-Link Wireless 150 USB Adapter DWA-125] C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKCU\..\Run: [sNLClient] C:\Program Files\Deluxe Digital Studios\SNL Client\SNLClient.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O4 - Startup: Dropbox.lnk = Matthew\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE

O4 - Global Startup: Logitech SetPoint.lnk = ?

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O15 - Trusted Zone: http://snl.bydeluxe.com

O15 - Trusted Zone: http://iweb.dgmusa.com

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: ANIWConn Service (ANIWConnService) - Unknown owner - C:\Windows\system32\ANIWConnService.exe

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

Note that it gave me the message "For some reason your system denied write access to the Hosts file."

Thank you in advance, and happy new year,

Matthew

Link to post
Share on other sites

post-32477-1261866970.gif

Note that it gave me the message "For some reason your system denied write access to the Hosts file."
That's normal with Vista ans Win 7. Nothing to worry about.

Please do not attach the scan results from Combofx. Use copy/paste.

DO NOT use any TOOLS such as Combofix, or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

XP Users

Double-click My Computer.

Click the Tools menu, and then click Folder Options.

Click the View tab.

Uncheck "Hide file extensions for known file types."

Under the "Hidden files" folder, select "Show hidden files and folders."

Uncheck "Hide protected operating system files."

Click Apply, and then click OK.

Vista Users

To enable the viewing of hidden and protected system files in Windows Vista please follow these steps:

Close all programs so that you are at your desktop.

Click on the Start button. This is the small round button with the Windows flag in the lower left corner.

Click on the Control Panel menu option.

When the control panel opens you can either be in Classic View or Control Panel Home view:

If you are in the Classic View do the following:

Double-click on the Folder Options icon.

Click on the View tab.

If you are in the Control Panel Home view do the following:

Click on the Appearance and Personalization link.

Click on Show Hidden Files or Folders.

Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.

Remove the checkmark from the checkbox labeled Hide extensions for known file types.

Remove the checkmark from the checkbox labeled Hide protected operating system files.

Please do not delete anything unless instructed to.

Next:

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Link to post
Share on other sites

Hi, and thanks for the response,

My computer is currently running very slowly, despite having very few running processes. This is new, as it was running with no noticeable problems before the ComboFix reboot, apart from the software issues mentioned in my first post. Also, none of my usual "start up" software initiated following the ComboFix reboot; BOINC, uTorrent, Logitech apps, etc. Again, this is new.

Here's my log:

ComboFix 11-01-08.05 - Matthew 01/09/2011 12:46:39.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3327.2396 [GMT -5:00]

Running from: c:\users\Matthew\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\-1608165053

C:\install.exe

C:\jsykm.exe

C:\jvbfrms.exe

c:\windows\TEMP\logishrd\LVPrcInj01.dll

C:\ydbkaxo.exe

.

((((((((((((((((((((((((( Files Created from 2010-12-09 to 2011-01-09 )))))))))))))))))))))))))))))))

.

2011-01-08 15:47 . 2011-01-08 15:47 388096 ----a-r- c:\users\Matthew\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-01-08 15:47 . 2011-01-08 15:47 -------- d-----w- c:\program files\Trend Micro

2011-01-08 00:09 . 2011-01-08 00:09 -------- d-----w- c:\users\Matthew\AppData\Roaming\Malwarebytes

2011-01-08 00:08 . 2011-01-08 00:08 -------- d-----w- c:\programdata\Malwarebytes

2011-01-07 22:59 . 2010-10-16 18:55 888424 ----a-w- c:\windows\system32\nvdispco322050.dll

2011-01-07 22:59 . 2010-10-16 18:55 813672 ----a-w- c:\windows\system32\nvgenco322030.dll

2011-01-07 22:59 . 2010-10-16 18:55 57960 ----a-w- c:\windows\system32\OpenCL.dll

2011-01-07 22:59 . 2010-10-16 18:55 4837480 ----a-w- c:\windows\system32\nvcuda.dll

2011-01-07 22:59 . 2010-10-16 18:55 319080 ----a-w- c:\windows\system32\nvdecodemft.dll

2011-01-07 22:59 . 2010-10-16 18:55 2912360 ----a-w- c:\windows\system32\nvcuvid.dll

2011-01-07 22:59 . 2010-10-16 18:55 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll

2011-01-07 22:59 . 2010-10-16 18:55 14899816 ----a-w- c:\windows\system32\nvoglv32.dll

2011-01-07 22:59 . 2010-10-16 18:55 13019752 ----a-w- c:\windows\system32\nvcompiler.dll

2011-01-07 22:59 . 2010-10-16 18:55 10084360 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2011-01-07 22:59 . 2011-01-07 22:59 -------- d-----w- C:\NVIDIA

2011-01-07 22:50 . 2011-01-07 22:50 -------- d-----w- c:\users\Matthew\AppData\Local\Windows Live

2011-01-07 22:50 . 2011-01-07 22:50 -------- d-----w- c:\program files\Common Files\Windows Live

2011-01-07 22:50 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL

2011-01-07 22:50 . 2010-05-23 10:11 196608 ----a-w- c:\windows\system32\mfreadwrite.dll

2011-01-07 22:50 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\system32\mf.dll

2011-01-07 21:12 . 2011-01-07 21:12 102400 ----a-w- c:\windows\RegBootClean.exe

2011-01-07 21:03 . 2010-09-06 09:26 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2011-01-07 02:12 . 2011-01-07 02:12 -------- d-----w- c:\program files\Common Files\Macrovision Shared

2011-01-07 02:12 . 2011-01-07 03:29 -------- d-----w- c:\programdata\Rosetta Stone

2011-01-07 02:12 . 2011-01-07 02:12 -------- d-----w- c:\program files\Rosetta Stone

2011-01-07 02:12 . 2011-01-07 02:12 70144 --sha-r- c:\windows\system32\KBDICY.dll

2011-01-06 23:12 . 2011-01-06 23:12 -------- d-----w- c:\program files\PowerISO

2011-01-05 08:00 . 2011-01-05 08:00 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2

2011-01-04 18:10 . 2011-01-04 18:10 -------- d-----w- c:\users\Matthew\AppData\Roaming\Leadertech

2011-01-04 18:10 . 2011-01-08 00:02 -------- d-----w- c:\programdata\LogiShrd

2011-01-04 18:08 . 2011-01-04 18:10 -------- d-----w- c:\program files\Common Files\logishrd

2010-12-20 16:42 . 2010-12-20 16:42 -------- d-----w- c:\program files\iPod

2010-12-20 16:42 . 2010-12-20 16:42 -------- d-----w- c:\program files\iTunes

2010-12-20 16:41 . 2010-12-20 16:41 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll

2010-12-20 16:41 . 2010-12-20 16:41 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll

2010-12-20 16:41 . 2010-12-20 16:41 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll

2010-12-20 16:41 . 2010-12-20 16:41 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll

2010-12-20 16:41 . 2010-12-20 16:41 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll

2010-12-20 16:41 . 2010-12-20 16:41 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll

2010-12-20 16:41 . 2010-12-20 16:41 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll

2010-12-20 16:40 . 2010-12-20 16:41 -------- d-----w- c:\program files\QuickTime

2010-12-10 22:49 . 2010-12-20 00:23 -------- d-----w- c:\programdata\VirtualizedApplications

2010-12-10 20:39 . 2010-12-10 20:39 -------- d-----w- c:\users\Matthew\AppData\Local\SoftGrid Client

2010-12-10 20:39 . 2011-01-08 15:27 -------- d-----w- c:\users\Matthew\AppData\Roaming\SoftGrid Client

2010-12-10 20:37 . 2010-12-12 05:19 -------- d-----w- c:\program files\Microsoft Application Virtualization Client

2010-12-10 20:37 . 2010-12-10 20:37 -------- d-----w- c:\windows\PCHEALTH

2010-12-10 20:36 . 2010-12-10 20:39 -------- d-----w- c:\users\Matthew\AppData\Roaming\TP

2010-12-10 19:47 . 2010-12-10 19:55 -------- d-----w- c:\users\Matthew\AppData\Roaming\Canon

2010-12-10 19:38 . 2010-12-10 19:46 -------- d-----w- c:\program files\Canon

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-11-24 13:33 . 2010-11-09 23:46 184320 ----a-w- c:\windows\system32\UnsConv.dll

2010-11-19 23:18 . 2010-11-19 23:18 517535 ----a-w- c:\windows\system32\MetrePlus.dll

2010-11-10 22:12 . 2010-11-10 22:12 380928 ----a-w- c:\windows\system32\GlebeU.dll

2010-11-09 23:52 . 2010-11-09 23:52 438272 ----a-w- c:\windows\system32\SBox.ocx

2010-10-26 06:14 . 2010-10-26 06:14 53248 ----a-r- c:\users\Matthew\AppData\Roaming\Microsoft\Installer\{23C12370-3A82-4558-B727-F345B473AD87}\ARPPRODUCTICON.exe

2010-10-20 21:24 . 2010-11-24 13:31 106496 ----a-w- c:\windows\system32\TextConvertor.dll

2010-10-19 20:51 . 2010-10-23 22:27 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-10-18 13:41 . 2010-10-23 22:27 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{80491235-3666-4919-B3CB-3C3164317AF5}\mpengine.dll

2010-10-16 18:55 . 2011-01-07 22:59 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd

2010-10-16 18:55 . 2010-07-10 10:37 1719912 ----a-w- c:\windows\system32\nvapi.dll

2010-10-16 18:55 . 2009-07-13 22:09 5473896 ----a-w- c:\windows\system32\nvwgf2um.dll

2010-10-16 18:55 . 2009-06-10 21:19 10023528 ----a-w- c:\windows\system32\nvd3dum.dll

2010-10-16 17:42 . 2010-10-16 17:42 600680 ----a-w- c:\windows\system32\nvvsvc.exe

2010-10-16 17:42 . 2010-10-16 17:42 110696 ----a-w- c:\windows\system32\nvmctray.dll

2010-10-16 17:42 . 2010-10-16 17:42 3420776 ----a-w- c:\windows\system32\nvcpl.dll

2010-10-16 17:42 . 2010-10-16 17:42 2079336 ----a-w- c:\windows\system32\nvsvc.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SNLClient"="c:\program files\Deluxe Digital Studios\SNL Client\SNLClient.exe" [2010-10-01 325064]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-12-14 395640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"D-Link D-Link Wireless 150 USB Adapter DWA-125"="c:\program files\D-Link\DWA-125 revA\AirGCFG.exe" [2009-04-22 1683456]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]

"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]

c:\users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Matthew\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE [2010-2-28 3207072]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-10-26 688128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

[HKLM\~\startupfolder\C:^Users^Matthew^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]

path=c:\users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk

backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup

backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]

2007-01-19 15:49 49152 ----a-w- c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-12-13 22:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 netr28u;D-Link USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-04-17 722944]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-24 1343400]

S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwf.sys [2009-03-06 12800]

S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 ANIWConnService;ANIWConn Service;c:\windows\system32\ANIWConnService.exe [2009-02-26 147456]

S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]

S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-04-24 550760]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-04-24 195944]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-04-24 21864]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-04-24 19304]

S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]

.

Contents of the 'Scheduled Tasks' folder

2011-01-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1953818763-4026089624-272341136-1000Core.job

- c:\users\Matthew\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-25 22:03]

2011-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1953818763-4026089624-272341136-1000UA.job

- c:\users\Matthew\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-25 22:03]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://snl.bydeluxe.com/

uInternet Settings,ProxyOverride = *.local

Trusted Zone: bydeluxe.com\snl

Trusted Zone: dgmusa.com\iweb

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(7936)

c:\users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\program files\NVIDIA Corporation\Display\NvXDSync.exe

c:\windows\system32\nvvsvc.exe

c:\program files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\UI0Detect.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\conhost.exe

.

**************************************************************************

.

Completion time: 2011-01-09 13:02:14 - machine was rebooted

ComboFix-quarantined-files.txt 2011-01-09 18:02

Pre-Run: 201,742,217,216 bytes free

Post-Run: 204,697,751,552 bytes free

- - End Of File - - E5D31B7CC47754956856CB8FCB6B4FDF

Link to post
Share on other sites

BOINC, uTorrent, Logitech apps, etc.

I'm not sure why you'd want those to auto load as they aren't need to autostart.

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

If you used DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Reboot and let me know how it's running.

Link to post
Share on other sites

Hello again, and thanks for the speedy reply - very appreciated!

My computer's running at its usual speed, and Security Center is enabled and staying on (even after a reboot). So, that's a good sign. Also, the start-up programs I mentioned before are starting and running as usual. (You're right they're quite unnecessary; I mentioned them in case their failure to start was indicative of a problem, but that seems to not be the case.)

I'm unable to start Windows Defender, as before. However, whereas it originally gave the generic "Windows Defender is unable to start" message box, it now says "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. (Error Code: 0x80070422)". I then attempted to start it through the Services manager, first enabling it then clicking "Start," and it gave the message "The Windows Defender service on Local Computer started and then stopped. Some services stop automatically if they are not in use by other services or programs."

As for Security Essentials, I haven't yet re-downloaded and re-installed it. Before I do: Would you suggest I continue to use MSE, or should I switch to, e.g., Eset's Nod32 software? I've heard it's good, but am unsure if it's better than MSE.

Regards,

Matthew

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.