Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Windows Defender starts and disappear right away...

15 Dec 2010   #21
Nokoyashi

Windows Vista Home Premium
 
 
Resulting ComboFix.TXT ....

Thank you so much for your detailed instructions and utility to run, Jacee.

Here's my ComboFix.TXT below. I had to uninstall MSE before I ran ComboFix (because I could not open it) and I shall reinstall it now that its done.

What should be my next step?

Many Thanks...Mimi

------------------------------------------

ComboFix 10-12-14.07 - mimitam 12/15/2010 10:18:52.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2430.1422 [GMT -5:00]
Running from: c:\users\mimitam\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\data
c:\program files\Common Files\Uninstall
c:\users\mimitam\AppData\Roaming\alot
c:\users\mimitam\AppData\Roaming\completescan
c:\users\mimitam\AppData\Roaming\install
c:\users\mimitam\AppData\Roaming\Microsoft\Windows\Recent\3gppprotocol.com_blog.pif
c:\users\mimitam\AppData\Roaming\Microsoft\Windows\Recent\Baidu.pif
c:\users\mimitam\AppData\Roaming\RacRulesy.dll
c:\windows\XSxS

.
((((((((((((((((((((((((( Files Created from 2010-11-15 to 2010-12-15 )))))))))))))))))))))))))))))))
.

2010-12-15 15:26 . 2010-12-15 15:27 -------- d-----w- c:\users\mimitam\AppData\Local\temp
2010-12-15 15:26 . 2010-12-15 15:26 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2010-12-15 15:26 . 2010-12-15 15:26 -------- d-----w- c:\users\LogMeInRemoteUser.mimitam-Laptop\AppData\Local\temp
2010-12-15 15:26 . 2010-12-15 15:26 -------- d-----w- c:\users\LogMeInRemoteUser.mimitam-Laptop.000\AppData\Local\temp
2010-12-15 15:26 . 2010-12-15 15:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-12 17:44 . 2010-12-12 17:44 -------- d-----w- c:\windows\system32\BestPractices
2010-12-12 17:44 . 2010-12-12 17:44 -------- d-----w- C:\inetpub
2010-12-12 17:28 . 2010-11-16 17:01 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C5EC9CCB-4308-48E4-BA7F-735388E824E3}\mpengine.dll
2010-12-10 16:18 . 2010-12-10 16:18 -------- d-----w- c:\users\mimitam\AppData\Roaming\SUPERAntiSpyware.com
2010-12-10 16:18 . 2010-12-10 16:18 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-12-10 16:18 . 2010-12-10 16:19 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-10 01:58 . 2010-12-10 01:58 -------- d-----w- c:\program files\Common Files\Java
2010-12-02 23:10 . 2010-12-11 01:39 -------- d-----w- c:\users\mimitam\AppData\Roaming\vlc
2010-12-02 23:09 . 2010-12-02 23:09 -------- d-----w- c:\users\mimitam\AppData\Local\Graboid
2010-12-02 23:09 . 2010-12-02 23:09 -------- d-----w- c:\users\mimitam\AppData\Roaming\MozillaControl
2010-12-02 23:08 . 2010-12-02 23:08 -------- d-----w- c:\program files\Mozilla ActiveX Control v1.7.12
2010-12-02 23:07 . 2010-12-02 23:07 -------- d-----w- c:\program files\VideoLAN
2010-11-24 14:48 . 2010-10-19 08:10 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-20 19:01 . 2010-10-20 19:01 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-10-20 16:10 . 2010-10-20 16:10 184 ----a-w- c:\users\mimitam\AppData\Roaming\31441.bat
2010-10-19 15:41 . 2010-01-17 19:28 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-27 18:50 . 2010-10-06 19:31 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-09-27 18:49 . 2010-10-06 19:31 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2010-09-27 18:49 . 2010-10-06 19:31 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-09-27 18:49 . 2010-10-06 19:31 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-09-23 04:47 . 2010-09-23 04:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-21 18:03 . 2010-09-21 18:03 208768 ----a-w- c:\windows\system32\LIVESSP.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-23 4240760]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-07 202256]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-08 47904]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]

c:\users\mimitam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
SDK Tray Menu.lnk - c:\sun\SDK\jdk\bin\javaw.exe [2009-12-15 384000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares destiny]
2007-08-27 22:02 2973184 ----a-w- c:\program files\Ares Destiny\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2010-05-31 15:31 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=""
"FirewallOverride"=""

R2 AppServer9PE;SunJavaSystemAppserver9PE;c:\sun\SDK\lib\appservService.exe [2010-01-23 26826]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-06 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-20 691696]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-08-29 73728]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2010-09-27 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2010-05-31 12856]
S2 NfsClnt;Client for NFS;c:\windows\system32\nfsclnt.exe [2009-07-14 52736]
S3 NfsRdr;Client for NFS Redirector;c:\windows\system32\drivers\nfsrdr.sys [2009-07-13 201216]
S3 RpcXdr;Server for NFS Open RPC (ONCRPC);c:\windows\system32\drivers\rpcxdr.sys [2009-07-13 86528]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2086743
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Download all by YouTube Robot - c:\program files\YouTubeRobot\downall.htm
IE: Download by YouTube Robot - c:\program files\YouTubeRobot\downlink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
Trusted Zone: qword.com
FF - ProfilePath - c:\users\mimitam\AppData\Roaming\Mozilla\Firefox\Profiles\hoyeuxwb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - CNN.com - Breaking News, U.S., World, Weather, Entertainment & Video News
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z021&form=ZGAADF&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: capability.policy.policynames - allowclipboard
FF - user.js: capability.policy.allowclipboard.sites - hxxp://www.justhost.com
FF - user.js: capability.policy.allowclipboard.Clipboard.cutcopy - allAccess
FF - user.js: capability.policy.allowclipboard.Clipboard.paste - allAccess
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-HJVZH - c:\users\mimitam\AppData\Roaming\RacRulesy.dll
MSConfigStartUp-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe
MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\DTLite.exe
MSConfigStartUp-Zune Launcher - c:\program files\Zune\ZuneLauncher.exe
AddRemove-SmartDraw VP - c:\smartd~1\Uninstall.exe



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-12-15 10:28:43
ComboFix-quarantined-files.txt 2010-12-15 15:28

Pre-Run: 17,263,755,264 bytes free
Post-Run: 16,948,297,728 bytes free

- - End Of File - - ACF53B083BF58A4B1D7EB4EF7D6794A5


My System SpecsSystem Spec
.
15 Dec 2010   #22
Nokoyashi

Windows Vista Home Premium
 
 
Finally fixed!! Hurray!

Thank you Jacee and all who helped.

I greatly appreciate it!

You guys and gals are great!

Much Obliged...Mimi
My System SpecsSystem Spec
15 Dec 2010   #23
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Do you know what this batch file is? c:\users\mimitam\AppData\Roaming\31441.bat
Please upload it to VirSCAN.org - Free Multi-Engine Online Virus Scanner v1.02, Supports 36 AntiVirus Engines! and have it scanned. Save the result and post them.

Download MSE http://www.microsoft.com/security_essentials/ update it, and run a full/complete scan.

Let me know if it runs and also, how your computer is acting now.
My System SpecsSystem Spec
.

16 Dec 2010   #24
Nokoyashi

Windows Vista Home Premium
 
 
Running fine now....

I couldn't find file: 31441.bat in my system anymore.

I updated MSE and is running a full scan at the moment and my machine seems to be running fine now.

Will keep you posted.

Many Thanks...Mimi
My System SpecsSystem Spec
16 Dec 2010   #25
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Please post a fresh Combofix log when you finish scanning with MSE.
My System SpecsSystem Spec
Reply

 Windows Defender starts and disappear right away...




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Gadgets Disappear after Windows Update
Hi, I use a few gadgets to monitor my system temps. I can't seem to find the fix to this new issue. I just recently updated MS Windows 7 x64 with the following Updates: Since then, some of my monitoring gadgets are not working correctly, circled in red:(see Insert)
Gadgets
something appear in new windows and then disappear within millisecond
hello, i used windows 7 home premium 64bit, somethin when i used my laptop, something appear on my desktop, but it only for a short period of time. i dont know what is it. it comes and goes within seconds. can anyone help to solve my problem?
General Discussion
Icons won't disappear when delete, only disappear when refresh!
Hello Guys! This is my problem: Icons won't disappear when I move to recycle bin, only when I click REFRESH it disappear, I scanned my computer and I found threats with my Anti-Virus, all threats are deleted! and the problem won't go! PLEASE HELP! :cry: P.S: I have explorer.exe error: not...
General Discussion
Windows 7 sounds disappear.
Hello. Two days ago I installed Windows 7 on my new computer and till then I had serious problem with sound. In playback section it shows that sounds are playing and everything is ok, but I can't hear them and they only appear for a second or 2 and disappear again. Tried to install all kind of...
General Discussion
When computer starts wifi starts automatically?
Hello I bougth new Notebook Acer 5741G which has Windows 7 X64. When I start computer it always starts up automatically WiFi adaptor. Do you think is it possible to disable that function? I have tried to do that in many ways but I cant. Thank you in advance
Network & Sharing
Windows Defender starts maximized
When Windows Defender starts, it starts maximized and displays the status screen. I have to click the minimize or close button each time to get it to minimize. Is there a way to get it to start minimized so I don't have to manually do it?
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 22:22.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App