GeekPolice Tech TutorialsLog in

 


Hijackthis Problems

Share

descriptionHijackthis Problems EmptyHijackthis Problems

more_horiz
I downloaded the Hijackthis log as recommended as a new user. I was able to use it as instructed as well. Now, this program randomly pops up EVERY FEW MINUTES. I close it and it does it again. What should I do? Is this a result of the virus on my computer?

descriptionHijackthis Problems EmptyRe: Hijackthis Problems

more_horiz
Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

descriptionHijackthis Problems EmptyRe: Hijackthis Problems

more_horiz
I followed the instructions to ComboFix and when I attempted to run the program two things happened.
1) I got this message:

C:\32788R22FWJFW\iexplore.exe
Windows cannot access the specified device, path, or file. You may not have the appropriate permission to access the item.


I have administrative access on this computer, so I right-clicked and selected Run as an Administrator.
2) Next message:

incompatible OS. ComboFix only works for workstations with Windows 2000 and XP.


I have Windows Vista. Also earlier in the day when I attempted to access Calculator and Notepad I could not get into either and I got the first message above. Though now when I tried again, I did not have an issue.

Please advise. Thanks Smile...

descriptionHijackthis Problems EmptyRe: Hijackthis Problems

more_horiz
RKill by Grinler
Link #1
Link #2
Link #3

  • Download Link #1.
  • Save it to your Desktop.
  • Double click the RKill desktop icon.
    If you are using Vista please right click and run as Admin!
  • A black screen will briefly flash indicating a successful run.
  • If this does not occur please delete that application and download Link #2.
  • Continue process until the tool runs.
  • If the tool does not run from any of the links tell me about it.


=====================

Please download A-Squared HiJackFree from here and save it to your Desktop. Double-click to install. When you launch the program, please wait 1 minute to allow it to load all the Processes, Services, etc.
Then, click the following: Hijackthis Problems Asquared
Save the log to the Desktop, or some other memorable place. Then, the log shall launch in Notepad. Please post the results of that log in your next reply.

descriptionHijackthis Problems EmptyRe: Hijackthis Problems

more_horiz
Logfile of HiJackFree v3.0
Scan saved at 3:24:43 PM, on 3/18/2010
Platform: Windows Vista64 (Windows NT 6.0.6002)
MSIE: Internet Explorer v 8.0 (8.0.6001.18882)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\System32\csrss.exe
C:\Windows\System32\wininit.exe
C:\Windows\System32\csrss.exe
C:\Windows\System32\services.exe
C:\Windows\System32\lsass.exe
C:\Windows\System32\lsm.exe
C:\Windows\System32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\nvvsvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\SLsvc.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe
C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
C:\PROGRA~2\AVG\AVG8\avgrsa.exe
C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\drivers\XAudio64.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\System32\taskeng.exe
C:\Windows\System32\taskeng.exe
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Windows\mHotkey.exe
C:\Windows\RAVCpl64.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
C:\Windows\ChiFuncExt.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\SearchIndexer.exe
C:\Windows\System32\wuauclt.exe
C:\Windows\splwow64.exe
C:\PROGRA~2\AVG\AVG8\avgnsa.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\a-squared HiJackFree\a2hijackfree.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\dllhost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files (x86)\Windows Live\Family Safety\fssbho.dll
O2 - BHO: - {5C255C8A-E604-49b4-9D64-90988571CECB} -
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files (x86)\Kiwee Toolbar\2.9.201\KiweeIEToolbar.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: - {AE7CD045-E861-484f-8273-0445EE161910} -
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O2 - BHO: - {F4971EE7-DAA0-4053-9964-665D8EE6A077} -
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files (x86)\Kiwee Toolbar\2.9.201\KiweeIEToolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Smart Copy] "C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe" -A
O4 - HKLM\..\Run: [LchDrvKey] LchDrvKey.exe
O4 - HKLM\..\Run: [LedKey] CNYHKey.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KiweeHook] "C:\Program Files (x86)\Kiwee Toolbar\2.9.201\kwtbaim.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking10\Ereg.ini
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKLM\..\Run: [cdloader] "C:\Users\Broadcast\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O7 - Regedit - Enabled
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra "Tools" menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra "Tools" menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFBAR.ICO
O14 - IERESET.INF: SearchAssistant=http://www.gateway.com/g/sidepanel.html?Ch=&SubCH=HSN&Br=GTW&Loc=ENG_US&Sys=DTP&M=DX4640-UBC01A
O14 - IERESET.INF: CustomizeSearch=
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.gamehouse.com/games/beje2/popcaploader.cab
O21 - ShellServiceObjectDelayLoad: WebCheck -
O22 - SharedTaskScheduler: Component Categories cache daemon - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Version Cue CS4 - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Application Experience Service - C:\Windows\system32\svchost.exe
O23 - Service: AG Windows Service - C:\Program Files (x86)\AGI\common\win32\PythonService.exe
O23 - Service: Application Layer Gateway Service - C:\Windows\System32\alg.exe
O23 - Service: Application Information Service - C:\Windows\system32\svchost.exe
O23 - Service: Windows Audio Service - C:\Windows\System32\svchost.exe
O23 - Service: Windows Audio Service - C:\Windows\System32\svchost.exe
O23 - Service: AVG Free8 WatchDog - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
O23 - Service: Base Filtering Engine - C:\Windows\system32\svchost.exe
O23 - Service: Background Intelligent Transfer Service - C:\Windows\System32\svchost.exe
O23 - Service: Computer Browser Service DLL - C:\Windows\System32\svchost.exe
O23 - Service: Microsoft Smartcard Certificate Propagation Service - C:\Windows\system32\svchost.exe
O23 - Service: Microsoft .NET Framework NGEN v2.0.50727_X86 - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
O23 - Service: Microsoft .NET Framework NGEN v2.0.50727_X64 - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
O23 - Service: COMSysApp - C:\Windows\system32\dllhost.exe
O23 - Service: Cryptographic Services - C:\Windows\system32\svchost.exe
O23 - Service: DFSR - C:\Windows\system32\DFSR.exe
O23 - Service: DHCP Client Service - C:\Windows\system32\svchost.exe
O23 - Service: DNS Client API DLL - C:\Windows\system32\svchost.exe
O23 - Service: Wired AutoConfig Service - C:\Windows\system32\svchost.exe
O23 - Service: Microsoft EAPHost service - C:\Windows\System32\svchost.exe
O23 - Service: Windows Media Center Receiver Service - C:\Windows\ehome\ehRecvr.exe
O23 - Service: Windows Media Center Scheduler Service - C:\Windows\ehome\ehsched.exe
O23 - Service: Windows Media Center Service Launcher - C:\Windows\\system32\svchost.exe
O23 - Service: ReadyBoost Service - C:\Windows\system32\svchost.exe
O23 - Service: Event Logging Service - C:\Windows\System32\svchost.exe
O23 - Service: EventSystem - C:\Windows\system32\svchost.exe
O23 - Service: WS Discovery Service - C:\Windows\system32\svchost.exe
O23 - Service: Function Discovery Resource Publication Service - C:\Windows\system32\svchost.exe
O23 - Service: FLEXnet Licensing Service - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Windows Font Cache Service - C:\Windows\system32\svchost.exe
O23 - Service: Windows Presentation Foundation Host - C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
O23 - Service: Windows Live Family Safety - C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
O23 - Service: GameConsoleService - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate1ca85fba6ca78c8) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HID Service - C:\Windows\system32\svchost.exe
O23 - Service: Key Management Service - C:\Windows\System32\svchost.exe
O23 - Service: Service Model Installer Resource Library - C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
O23 - Service: PIXMA Extended Survey Program - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: IKE extension - C:\Windows\system32\svchost.exe
O23 - Service: PnP-X IP Bus Enumerator DLL - C:\Windows\system32\svchost.exe
O23 - Service: Service that offers IPv6 connectivity over an IPv4 network. - C:\Windows\System32\svchost.exe
O23 - Service: KeyIso - C:\Windows\system32\lsass.exe
O23 - Service: KtmRm - C:\Windows\System32\svchost.exe
O23 - Service: Server Service DLL - C:\Windows\system32\svchost.exe
O23 - Service: Workstation Service DLL - C:\Windows\System32\svchost.exe
O23 - Service: Link-Layer Topology Discovery Resources - C:\Windows\System32\svchost.exe
O23 - Service: TCPIP NetBios Transport Services DLL - C:\Windows\system32\svchost.exe
O23 - Service: McAfee Security Scan Component Host Service - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Media Center Resources - C:\Windows\system32\svchost.exe
O23 - Service: Microsoft Office Groove Audit Service - C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
O23 - Service: Multimedia Class Scheduler Service - C:\Windows\system32\svchost.exe
O23 - Service: Windows Firewall API - C:\Windows\system32\svchost.exe
O23 - Service: MSCamSvc - C:\Program Files\Microsoft LifeCam\MSCamS64.exe
O23 - Service: MSDTC - C:\Windows\System32\msdtc.exe
O23 - Service: iSCSI Discovery api - C:\Windows\system32\svchost.exe
O23 - Service: Windows®️ Installer International Messages - C:\Windows\system32\msiexec
O23 - Service: Quarantine Agent Service Run-Time - C:\Windows\System32\svchost.exe
O23 - Service: Net Logon Services DLL - C:\Windows\system32\lsass.exe
O23 - Service: Network Connections Manager - C:\Windows\System32\svchost.exe
O23 - Service: Network Profile Management UI - C:\Windows\System32\svchost.exe
O23 - Service: Service Model Installer Resource Library - C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
O23 - Service: Network Location Awareness 2 - C:\Windows\System32\svchost.exe
O23 - Service: Network Store Interface RPC server - C:\Windows\system32\svchost.exe
O23 - Service: NVIDIA Display Driver Service - C:\Windows\system32\nvvsvc.exe
O23 - Service: Microsoft Office Diagnostics Service - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
O23 - Service: Office Source Engine - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
O23 - Service: Peer-to-Peer Services - C:\Windows\System32\svchost.exe
O23 - Service: Peer-to-Peer Services - C:\Windows\System32\svchost.exe
O23 - Service: Program Compatibility Assistant Service - C:\Windows\system32\svchost.exe
O23 - Service: x86 Performance Counter Host - C:\Windows\SysWow64\perfhost.exe
O23 - Service: Performance Logs & Alerts - C:\Windows\System32\svchost.exe
O23 - Service: User-mode Plug-and-Play Service - C:\Windows\system32\svchost.exe
O23 - Service: Peer-to-Peer Services - C:\Windows\System32\svchost.exe
O23 - Service: Peer-to-Peer Services - C:\Windows\System32\svchost.exe
O23 - Service: Policy Storage dll - C:\Windows\system32\svchost.exe
O23 - Service: ProfSvc - C:\Windows\system32\svchost.exe
O23 - Service: Protected Storage default provider - C:\Windows\system32\lsass.exe
O23 - Service: Windows NT - C:\Windows\\system32\svchost.exe
O23 - Service: Remote Access AutoDial Manager - C:\Windows\system32\svchost.exe
O23 - Service: Remote Access Connection Manager - C:\Windows\system32\svchost.exe
O23 - Service: Dynamic Interface Manager - C:\Windows\system32\svchost.exe
O23 - Service: RemoteRegistry - C:\Windows\system32\svchost.exe
O23 - Service: Rpc Locator - C:\Windows\system32\locator.exe
O23 - Service: Smart Card Resource Management Server - C:\Windows\system32\svchost.exe
O23 - Service: Task Scheduler Service - C:\Windows\system32\svchost.exe
O23 - Service: Microsoft Smartcard Certificate Propagation Service - C:\Windows\system32\svchost.exe
O23 - Service: Microsoft®️ Windows Backup Service - C:\Windows\system32\svchost.exe
O23 - Service: SeaPort - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
O23 - Service: System Event Notification Service (SENS) - C:\Windows\system32\svchost.exe
O23 - Service: Terminal Services Configuration service - C:\Windows\System32\svchost.exe
O23 - Service: Microsoft NAT Helper Components - C:\Windows\System32\svchost.exe
O23 - Service: Windows Shell Services Dll - C:\Windows\System32\svchost.exe
O23 - Service: Microsoft Software Licensing Service - C:\Windows\system32\SLsvc.exe
O23 - Service: Software Licensing UI Notification Service - C:\Windows\system32\svchost.exe
O23 - Service: SNMP Trap - C:\Windows\System32\snmptrap.exe
O23 - Service: SSDP Service DLL - C:\Windows\system32\svchost.exe
O23 - Service: Provides the facility of using Secure Socket Tunneling Protocol (SSTP) to connect to remote computers (using VPN). - C:\Windows\system32\svchost.exe
O23 - Service: Still Image Devices Service - C:\Windows\system32\svchost.exe
O23 - Service: Microsoft®️ Volume Shadow Copy Service software provider - C:\Windows\System32\svchost.exe
O23 - Service: Superfetch Service Host - C:\Windows\system32\svchost.exe
O23 - Service: Microsoft Tablet PC Input Service - C:\Windows\System32\svchost.exe
O23 - Service: Microsoft®️ Windows(TM) Telephony Server - C:\Windows\System32\svchost.exe
O23 - Service: TBS Service - C:\Windows\System32\svchost.exe
O23 - Service: Terminal Server Remote Connections Manager - C:\Windows\System32\svchost.exe
O23 - Service: Windows Shell Services Dll - C:\Windows\System32\svchost.exe
O23 - Service: Multimedia Class Scheduler Service - C:\Windows\system32\svchost.exe
O23 - Service: Interactive services detection - C:\Windows\system32\UI0Detect.exe
O23 - Service: UPnP Device Host - C:\Windows\system32\svchost.exe
O23 - Service: Desktop Window Manager - C:\Windows\System32\svchost.exe
O23 - Service: Virtual Disk Service - C:\Windows\System32\vds.exe
O23 - Service: Microsoft®️ Volume Shadow Copy Service - C:\Windows\system32\vssvc.exe
O23 - Service: Windows Time Service - C:\Windows\system32\svchost.exe
O23 - Service: Windows Connect Now - Config Registrar Service - C:\Windows\System32\svchost.exe
O23 - Service: WcsPlugInService DLL - C:\Windows\system32\svchost.exe
O23 - Service: Web DAV Service DLL - C:\Windows\system32\svchost.exe
O23 - Service: Event Collector Service - C:\Windows\system32\svchost.exe
O23 - Service: Problem Reports and Solutions - C:\Windows\System32\svchost.exe
O23 - Service: Windows Error Reporting Service - C:\Windows\System32\svchost.exe
O23 - Service: Windows Defender - C:\Windows\System32\svchost.exe
O23 - Service: Windows HTTP Services - C:\Windows\system32\svchost.exe
O23 - Service: WMI - C:\Windows\system32\svchost.exe
O23 - Service: WSMan Service - C:\Windows\System32\svchost.exe
O23 - Service: Windows WLAN AutoConfig Service DLL - C:\Windows\system32\svchost.exe
O23 - Service: WMI Performance Reverse Adapter - C:\Windows\system32\wbem\WmiApSrv.exe
O23 - Service: WMPNetworkSvc - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
O23 - Service: WPC Filtering Service - C:\Windows\system32\svchost.exe
O23 - Service: Portable Device Enumerator - C:\Windows\system32\svchost.exe
O23 - Service: Windows Security Center Service - C:\Windows\System32\svchost.exe
O23 - Service: Microsoft Windows Search Indexer - C:\Windows\system32\SearchIndexer.exe
O23 - Service: Windows Update Agent - C:\Windows\system32\svchost.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework Service - C:\Windows\system32\svchost.exe
O23 - Service: XAudioService - C:\Windows\system32\DRIVERS\xaudio64.exe
O23 - Service: Yahoo! Updater - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

descriptionHijackthis Problems EmptyRe: Hijackthis Problems

more_horiz
Hmm.. could not find it there. If this program does not start, try RKill again, then run the program.

Hijackthis Problems Mbamicontw5 Please download Malwarebytes Anti-Malware from Malwarebytes.org .
Alternate link: BleepingComputer.com .
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

descriptionHijackthis Problems EmptyRe: Hijackthis Problems

more_horiz
Malwarebytes' Anti-Malware 1.44
Database version: 3885
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

3/19/2010 2:16:37 PM
mbam-log-2010-03-19 (14-16-37).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|L:\|)
Objects scanned: 854656
Time elapsed: 2 hour(s), 36 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Jay D\Downloads\Dragon NaturallySpeaking 10.1 Preffered (1 dvd)\CRACK\Nuance_KeyMaker.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Jay D\Downloads\Xara Xtreme Pro 5.1.0.8917 DL [By Black Knight]\Patch1.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Public\Downloads\Adobe Visual Communicator 3.0.3129.0\Keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\END (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Broadcast\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Users\Broadcast\AppData\Local\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Users\Broadcast\downloads\winlogon.scr (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.




After I restart, my computer is giving me this message.

Windows Defender
Application failed to initialize: 0x800106ba. A problem caused this program's service to stop. To start the service, restart your computer or search Help and Support for how to start a service manually.


I got this message once before this and I just got it when I had to restart after this scan. I did see the Windows Defender folder in my start menu under programs, and I do not recall ever seeing it there before. I have seen that name as a virus as well over the net, so I have not opened it at all. Please advise. Thank you.

descriptionHijackthis Problems EmptyRe: Hijackthis Problems

more_horiz

  1. Download Win32kDiag from any of the following locations and save it to your Desktop.

  • Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
  • When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
  • Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.
  • descriptionHijackthis Problems EmptyRe: Hijackthis Problems

    more_horiz
    Running from: C:\Users\Broadcast\Desktop\Win32kDiag.exe

    Log file at : C:\Users\Broadcast\Desktop\Win32kDiag.txt

    WARNING: Could not get backup privileges!

    Searching 'C:\Windows'...



    Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

    [1] 2010-03-19 14:18:56 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()



    Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

    [1] 2010-03-19 14:18:49 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl ()



    Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

    [1] 2010-03-19 14:18:49 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl ()



    Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

    [1] 2010-03-19 14:18:49 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl ()





    Finished!

    descriptionHijackthis Problems EmptyRe: Hijackthis Problems

    more_horiz
    Please download Stealth MBR Rootkit Detector by GMER from GMER.net , and save to your Desktop.
    • Double-click mbr.exe to start the program.
    • When done scanning, it will save a log on the Desktop called mbr.log.
    • Please post the contents of that log in your next reply.


    =======================================

    Please download V-Tool , and save to your Desktop.
    • Double-click on vtool.zip, and extract the file to your Desktop.
    • Double-click on vtool.cmd to start.
    • !! IMPORTANT !!::: At each prompt ("Press any key to continue..."), wait 10 seconds before pressing a key. This tool needs time to process each prompt.
    • It will finish eventually and launch a log. Do NOT exit the tool. Allow it to finish. (vtool.txt)
    • Post the contents of it in your next reply along with the Stealth MBR Log.

    descriptionHijackthis Problems EmptyRe: Hijackthis Problems

    more_horiz
    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: error reading MBR
    kernel: error reading MBR




    V-Tool by DragonMaster Jay

    Microsoft®️ Windows Vista™️ Home Premium 6.0.6002.2.1252.1.1033.18.3838.1677 [GMT -4:00]

    Username: Broadcast - Date: 03/20/2010 - Time: 12:29:14 - Number of processors: 2 - Arch.: AMD64 SF:


    ((((( Security Software information )))))

    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    ((((( System File Verify )))))

    c:\windows\system32\eventlog.dll is missing! (If XP or lower)
    c:\windows\system32\drivers\beep.sys is missing!

    ((((( System File Enumeration )))))

    Volume in drive C is Partition_1
    Volume Serial Number is 3CBD-EA70

    Directory of C:\WINDOWS\System32

    scecli.dll netlogon.dll cngaudit.dll
    3 File(s) 967,680 bytes

    Directory of C:\WINDOWS\System32\drivers

    atapi.sys
    1 File(s) 20,952 bytes

    Directory of C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_1d87dda2

    atapi.sys
    1 File(s) 22,584 bytes

    Directory of C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_b6d20d6f

    atapi.sys
    1 File(s) 20,952 bytes

    Directory of C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_f8cccc79

    atapi.sys
    1 File(s) 20,072 bytes

    Directory of C:\WINDOWS\SysWOW64

    scecli.dll netlogon.dll cngaudit.dll
    3 File(s) 781,824 bytes

    Directory of C:\WINDOWS\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c

    cngaudit.dll
    1 File(s) 14,848 bytes

    Directory of C:\WINDOWS\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048

    scecli.dll
    1 File(s) 235,520 bytes

    Directory of C:\WINDOWS\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94

    scecli.dll
    1 File(s) 235,520 bytes

    Directory of C:\WINDOWS\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d

    netlogon.dll
    1 File(s) 716,800 bytes

    Directory of C:\WINDOWS\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9

    netlogon.dll
    1 File(s) 717,312 bytes

    Directory of C:\WINDOWS\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2

    atapi.sys
    1 File(s) 22,584 bytes

    Directory of C:\WINDOWS\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e

    atapi.sys
    1 File(s) 20,952 bytes

    Directory of C:\WINDOWS\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243

    scecli.dll
    1 File(s) 177,152 bytes

    Directory of C:\WINDOWS\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f

    scecli.dll
    1 File(s) 177,152 bytes

    Directory of C:\WINDOWS\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88

    netlogon.dll
    1 File(s) 592,384 bytes

    Directory of C:\WINDOWS\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4

    netlogon.dll
    1 File(s) 592,896 bytes

    Directory of C:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6

    cngaudit.dll
    1 File(s) 11,776 bytes

    Total Files Listed:
    22 File(s) 5,348,960 bytes
    0 Dir(s) 283,042,242,560 bytes free

    -----------------------------

    +++ End-of-file +++

    descriptionHijackthis Problems EmptyRe: Hijackthis Problems

    more_horiz
    Sorry. Please re-run the Stealth MBR Rootkit Detector, but to do it, please right-click on it and click Run as Administrator.

    descriptionHijackthis Problems EmptyRe: Hijackthis Problems

    more_horiz
    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    kernel: error reading MBR

    descriptionHijackthis Problems EmptyRe: Hijackthis Problems

    more_horiz
    Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.

    descriptionHijackthis Problems EmptyRe: Hijackthis Problems

    more_horiz
    Malwarebytes' Anti-Malware 1.44
    Database version: 3894
    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18882

    3/21/2010 4:29:59 PM
    mbam-log-2010-03-21 (16-29-59).txt

    Scan type: Quick Scan
    Objects scanned: 121729
    Time elapsed: 5 minute(s), 47 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    descriptionHijackthis Problems EmptyRe: Hijackthis Problems

    more_horiz
    Permissions in this forum:
    You cannot reply to topics in this forum