« previous next »
Pages: [1] 2 3   Go Down

Author Topic: vista anti-spyware infection  (Read 1565 times)

0 Members and 1 Guest are viewing this topic.

Offline chbq

  • Newbie
  • *
  • Posts: 15
vista anti-spyware infection
« on: May 20, 2011, 01:02:05 AM »
I am a "lurker" on the gardenweb computer help forum and saw a recommendation to come here for help.  My laptop is infected with a vista anti-spyware infection.  I can't run any programs with an exe. extension.  I'm not very computer literate & will need very basic instructions!!

thanks in advance for any help you can provide.
Logged

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11530
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: vista anti-spyware infection
« Reply #1 on: May 20, 2011, 01:55:38 AM »
Hi, chbq.  Welcome to LandzDown Forum.  I'm thinking I should take out stock at Garden Web.  :)

We will do our best to assist you.  However, in order to do so, please follow all instructions provided in the sequence given.  Do not install/re-install any programs or run any fixes or scanners that you have not been instructed to use.  This may cause conflicts with the tools being used in the cleanup process.   

If you have questions regarding any of the instructions or problems running any tools, please let us know.

Download DDS.scr by sUBs from one of the following links and save it to your desktop.
Link 1
Link 2
  • Double-Click dds.scr and a command window will appear. This is normal
  • Shortly after two logs will appear, DDS.txt & Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline chbq

  • Newbie
  • *
  • Posts: 15
Re: vista anti-spyware infection
« Reply #2 on: May 20, 2011, 10:56:45 PM »
Hi,
Hope I did this correctly!..Thanks

DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 7.0.6002.18005
Run by Streetroad at 18:48:39 on 2011-05-20
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3573.1370 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\aestsrv.exe
C:\Windows\system32\atashost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10m_ActiveX.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Streetroad\Downloads\dds.scr
C:\Windows\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.msn.com
uURLSearchHooks: Elf 1 Toolbar: {22e03916-85c5-44b0-8dc9-1830c11238d9} - c:\program files\elf_1\tbElf_.dll
mURLSearchHooks: Elf 1 Toolbar: {22e03916-85c5-44b0-8dc9-1830c11238d9} - c:\program files\elf_1\tbElf_.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Elf 1 Toolbar: {22e03916-85c5-44b0-8dc9-1830c11238d9} - c:\program files\elf_1\tbElf_.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101103073513.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2380.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Elf 1 Toolbar: {22e03916-85c5-44b0-8dc9-1830c11238d9} - c:\program files\elf_1\tbElf_.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: @c:\program files\msn toolbar\platform\6.3.2380.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2380.0\npwinext.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10m_ActiveX.exe -update activex
mRun: [<NO NAME>]
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office2002\office10\OSA.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-5-14 386840]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-8-16 64304]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-8-16 164840]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsl88394fbb;MpKsl88394fbb;c:\programdata\microsoft\microsoft antimalware\definition updates\{cd13ca26-8a1a-4924-a25c-ead15026eb39}\MpKsl88394fbb.sys [2011-5-19 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-16 55840]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-7-8 111616]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-7-8 152960]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-7-8 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-16 313288]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-16 84264]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-7-8 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-7-8 40552]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
.
=============== Created Last 30 ================
.
2011-05-20 00:51:39   28752   ----a-w-   c:\programdata\microsoft\microsoft antimalware\definition updates\{cd13ca26-8a1a-4924-a25c-ead15026eb39}\MpKsl88394fbb.sys
2011-05-20 00:51:08   6962000   ----a-w-   c:\programdata\microsoft\microsoft antimalware\definition updates\{cd13ca26-8a1a-4924-a25c-ead15026eb39}\mpengine.dll
2011-05-12 00:52:46   2409784   ----a-w-   c:\program files\windows mail\OESpamFilter.dat
2011-04-27 09:41:15   28672   ----a-w-   c:\windows\system32\Apphlpdm.dll
2011-04-27 09:41:14   4240384   ----a-w-   c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 09:41:05   876032   ----a-w-   c:\windows\system32\XpsPrint.dll
.
==================== Find3M  ====================
.
2011-03-10 17:03:51   1162240   ----a-w-   c:\windows\system32\mfc42u.dll
2011-03-10 17:03:51   1136640   ----a-w-   c:\windows\system32\mfc42.dll
2011-03-03 15:42:03   739328   ----a-w-   c:\windows\system32\inetcomm.dll
2011-03-03 15:40:07   173056   ----a-w-   c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40:05   542720   ----a-w-   c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40:05   458752   ----a-w-   c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40:04   2159616   ----a-w-   c:\windows\apppatch\AcGenral.dll
2011-03-03 13:25:11   2041856   ----a-w-   c:\windows\system32\win32k.sys
2011-03-02 15:44:27   86528   ----a-w-   c:\windows\system32\dnsrslvr.dll
2011-02-22 14:13:01   288768   ----a-w-   c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33:12   1068544   ----a-w-   c:\windows\system32\DWrite.dll
2011-02-22 13:33:09   797696   ----a-w-   c:\windows\system32\FntCache.dll
2011-02-22 13:24:10   213504   ----a-w-   c:\windows\system32\drivers\mrxsmb10.sys
2011-02-22 13:24:02   79360   ----a-w-   c:\windows\system32\drivers\mrxsmb20.sys
2011-02-22 13:23:59   106496   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2011-02-22 13:23:55   69632   ----a-w-   c:\windows\system32\drivers\bowser.sys
.
============= FINISH: 18:50:47.55 ===============
Logged

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11530
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: vista anti-spyware infection
« Reply #3 on: May 20, 2011, 11:41:31 PM »
Hi, chbq. 

I will need the second log, attach.txt but you can post it with your next reply.  First, please do the following:

Please download rkill from one of the following links and save to your Desktop.  You only need to get one of them to run, not all of them.
  • rkill.com or rkill.scr or rkill.pif
  • Right-click rkill and select Run as Administrator.
  • A command window will open then disappear upon completion, this is normal.
  • Please leave rkill on the Desktop until otherwise advised.
  • Do NOT restart your computer after running rkill as the malware program(s) will start again.
Notes: If you you receive security warnings about rkill, please ignore and allow the download to continue.

Now you should be able to scan with MBAM:
  • Launch Malwarebytes' Anti-Malware then click the Update tab and "Check for Updates
  • Once the update has been installed and the program has loaded, select Quick scan
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:

  • Click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See the Note below)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Please post contents of that file in your next reply.
** Note **

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline chbq

  • Newbie
  • *
  • Posts: 15
Re: vista anti-spyware infection
« Reply #4 on: May 21, 2011, 12:36:30 AM »
Hi,

  Is this the second log?
  I downloaded rkill.com and rkill.scr.  I can't open either of them - get a screen saying "Choose the program you want to use to open this file". What do you think I am doing wrong?
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft® Windows Vista™ Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 7/7/2009 10:04:52 AM
System Uptime: 5/20/2011 1:41:30 PM (5 hours ago)
.
Motherboard: Dell Inc. |  | 0U990C
Processor: Intel(R) Core(TM)2 Duo CPU     T5550  @ 1.83GHz | Microprocessor | 1000/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 295 GiB total, 214.758 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: Intel(R) ICH8 Family USB2 Enhanced Host Controller - 283A
Device ID: PCI\VEN_8086&DEV_283A&SUBSYS_022F1028&REV_02\3&18D45AA6&0&D7
Manufacturer: Intel
Name: Intel(R) ICH8 Family USB2 Enhanced Host Controller - 283A
PNP Device ID: PCI\VEN_8086&DEV_283A&SUBSYS_022F1028&REV_02\3&18D45AA6&0&D7
Service: usbehci
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Photosmart Plus B209a-m
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Photosmart Plus B209a-m
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart Plus B209a-m
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart Plus B209a-m
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP1018: 4/28/2011 9:29:15 PM - Windows Update
RP1019: 4/29/2011 3:00:28 AM - Windows Update
RP1020: 4/30/2011 3:01:55 AM - Windows Update
RP1021: 4/30/2011 7:02:16 PM - Windows Update
RP1022: 5/1/2011 3:00:27 AM - Windows Update
RP1023: 5/2/2011 3:01:09 AM - Windows Update
RP1024: 5/2/2011 3:16:27 AM - Windows Update
RP1025: 5/2/2011 9:40:33 PM - Scheduled Checkpoint
RP1026: 5/3/2011 3:00:26 AM - Windows Update
RP1027: 5/3/2011 7:28:07 PM - Windows Update
RP1028: 5/4/2011 3:00:29 AM - Windows Update
RP1029: 5/5/2011 3:00:29 AM - Windows Update
RP1030: 5/5/2011 6:22:53 AM - Windows Update
RP1031: 5/6/2011 3:00:32 AM - Windows Update
RP1032: 5/6/2011 6:30:57 AM - Windows Update
RP1033: 5/7/2011 3:01:16 AM - Windows Update
RP1034: 5/7/2011 10:12:02 PM - Windows Update
RP1035: 5/8/2011 3:00:28 AM - Windows Update
RP1036: 5/8/2011 10:21:04 PM - Windows Update
RP1037: 5/9/2011 3:00:30 AM - Windows Update
RP1038: 5/10/2011 3:01:05 AM - Windows Update
RP1039: 5/10/2011 3:11:58 AM - Windows Update
RP1040: 5/10/2011 6:31:35 PM - Scheduled Checkpoint
RP1041: 5/11/2011 3:00:24 AM - Windows Update
RP1042: 5/11/2011 9:05:43 PM - Windows Update
RP1043: 5/12/2011 3:00:50 AM - Windows Update
RP1044: 5/12/2011 9:22:56 PM - Windows Update
RP1045: 5/13/2011 3:00:29 AM - Windows Update
RP1046: 5/13/2011 9:55:15 PM - Scheduled Checkpoint
RP1047: 5/14/2011 3:00:29 AM - Windows Update
RP1048: 5/15/2011 6:01:52 AM - Scheduled Checkpoint
RP1049: 5/15/2011 6:04:26 AM - Windows Update
RP1050: 5/16/2011 3:00:23 AM - Windows Update
RP1051: 5/16/2011 7:28:54 AM - Windows Update
RP1052: 5/17/2011 3:01:11 AM - Windows Update
RP1053: 5/17/2011 8:59:08 PM - Windows Update
RP1054: 5/18/2011 3:00:18 AM - Windows Update
RP1055: 5/19/2011 3:00:32 AM - Windows Update
RP1056: 5/19/2011 8:50:16 PM - Windows Update
RP1057: 5/20/2011 3:00:24 AM - Windows Update
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.4
Advanced Audio FX Engine
Advanced Video FX Engine
Apple Application Support
Apple Software Update
B209a-m
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
BufferChm
CCleaner
Conduit Engine
Conexant HDA D330 MDC V.92 Modem
Coupon Printer for Windows
CutePDF Writer 2.8
D3DX10
Definition update for Microsoft Office 2010 (KB982726)
Dell Resource CD
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
Destinations
DeviceDiscovery
Elf 1 Toolbar
ESET Online Scanner v3
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Imaging Device Functions 13.0
HP Photosmart Plus B209a-m All-In-One Driver Software 13.0 Rel .6
HP Print Projects 1.0
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
HPPhotoGadget
hpPrintProjects
HPProductAssistant
hpWLPGInstaller
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
Intuit SiteBuilder
Java Auto Updater
Java(TM) 6 Update 22
Laptop Integrated Webcam Driver (1.04.01.1011) 
Marvell Miniport Driver
McAfee Security Scan Plus
McAfee SecurityCenter
mCore
mDriver
mHelp
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Office XP Media Content
Microsoft Office XP Small Business
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Works
mMHouse
mPfMgr
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
mWMI
Network
OGA Notifier 2.0.0048.0
OpenOffice.org 3.2
PS_AIO_06_B209a-m_SW_Min
QuickBooks
QuickBooks Pro 2009
QuickSet
QuickTime
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Excel 2010 (KB2466146)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Segoe UI
SigmaTel Audio
Skype Toolbars
Skype™ 5.1
SmartWebPrinting
SolutionCenter
Status
SUPERAntiSpyware Free Edition
SupportSoft Assisted Service
Toolbox
TrayApp
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2441641)
WebEx Support Manager for Internet Explorer
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
5/20/2011 3:02:33 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070490: Security Update for Windows Vista (KB967723).
5/20/2011 3:01:01 AM, Error: Microsoft-Windows-Servicing [4375]  - Windows Servicing failed to complete the process of setting package KB967723 (Security Update) into Installed(Installed) state
5/19/2011 8:51:40 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.     Feature: Network Inspection System     Error Code: 0x8007042c     Error description: The dependency service or group failed to start.      Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.
5/18/2011 7:50:23 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the STacSV service.
5/18/2011 7:08:09 AM, Error: Service Control Manager [7000]  - The Parallel port driver service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
5/18/2011 7:07:26 AM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.     Feature: Network Inspection System     Error Code: 0x8007042c     Error description: The dependency service or group failed to start.      Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.
5/18/2011 6:57:26 AM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.     Feature: Network Inspection System     Error Code: 0x8007042c     Error description: The dependency service or group failed to start.      Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.
5/17/2011 9:39:23 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.     Feature: Network Inspection System     Error Code: 0x8007042c     Error description: The dependency service or group failed to start.      Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.
5/17/2011 9:00:15 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.     Feature: Network Inspection System     Error Code: 0x8007042c     Error description: The dependency service or group failed to start.      Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.
5/17/2011 3:01:46 AM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.     Feature: Network Inspection System     Error Code: 0x8007042c     Error description: The dependency service or group failed to start.      Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.
5/17/2011 3:00:47 AM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.     Feature: Network Inspection System     Error Code: 0x8007042c     Error description: The dependency service or group failed to start.      Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.
5/17/2011 3:00:46 AM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.     Feature: On Access     Error Code: 0x80004005     Error description: Unspecified error      Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
5/16/2011 7:29:43 AM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.     Feature: Network Inspection System     Error Code: 0x8007042c     Error description: The dependency service or group failed to start.      Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.
5/15/2011 6:05:41 AM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.     Feature: Network Inspection System     Error Code: 0x8007042c     Error description: The dependency service or group failed to start.      Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.
.
==== End Of File ===========================
Logged

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11530
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: vista anti-spyware infection
« Reply #5 on: May 21, 2011, 01:14:15 AM »
Yes, thank you.  That is the second log.

Are you connecting to the Internet from the infected computer "normally"? 

Try just double-clicking the downloaded rkill and see if that works.
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline chbq

  • Newbie
  • *
  • Posts: 15
Re: vista anti-spyware infection
« Reply #6 on: May 21, 2011, 01:33:03 AM »
Hi,

   I still can't run the program - can't do anything with a program that has an "exe" extension.
Logged

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11530
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: vista anti-spyware infection
« Reply #7 on: May 21, 2011, 04:33:36 PM »
Quote
Are you connecting to the Internet from the infected computer "normally"?  

Also, can you tell me the name of the rogue antivirus?  The rkill files I linked to do not have an .exe extension.
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline chbq

  • Newbie
  • *
  • Posts: 15
Re: vista anti-spyware infection
« Reply #8 on: May 22, 2011, 02:07:17 AM »
Sorry, I don't know the name.  Everything I try to run - such as microsoft word, even the game freecell, I get a screen saying to choose the program I want to use to open the file and show the file with an .exe (FreeCell.exe, userinit.exe-when I try to run rkill.com. or rkill.scr) When I try to download rkill.pif the message "The webpage cannot be found".
please help!

Logged

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11530
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: vista anti-spyware infection
« Reply #9 on: May 22, 2011, 05:29:40 PM »
Hi, chbq.

Please follow these instructions carefully. 

Right-click on the Internet Explorer icon, or any other browser icon, and select Run as Administrator. For Windows Vista, you will be prompted to enter your Administrator account password.

Once you enter the password, your browser will start.  Download FixNCR.reg. When saving it, make sure you save it to C:\Users\Streetroad\Downloads\ so that it can be accessed by your normal account.

Now double-click on the downloaded FixNCR.reg and allow the data to be merged.  You should now be able to run rkill and proceed with the instructions to run MBAM from above. 


Download to your desktop.
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline chbq

  • Newbie
  • *
  • Posts: 15
Re: vista anti-spyware infection
« Reply #10 on: May 24, 2011, 02:02:20 AM »
Hi,
I was finally able to run malwarebytes.  I ran the complete scan-not the quick scan.  It was late at nite (for me) and didn't see the word "quick" in your instructions.  This is the log:  I restarted the computer afterwards.  What is next?  thanks!


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6646

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

5/23/2011 12:46:48 AM
mbam-log-2011-05-23 (00-45-50).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 321971
Time elapsed: 2 hour(s), 13 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malic

ious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\streetroad\AppData\LocalLow\Sun\Java\deployment\cache\6.0\44\7f8027ac-4f78c05c (Malware.Gen) -> No action taken.
Logged

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11530
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: vista anti-spyware infection
« Reply #11 on: May 24, 2011, 02:13:34 AM »
Hi, chbq.  I have some questions . . .


Did you run the FixNCR.reg?  Is that what enabled you to run Malwarebytes?
Did you also have to run rkill?
I'm a bit confused as this MBAM log does not show any indication of the virus you mentioned.  Did you run any other scans with MBAM?

You need to pick one antivirus software and uninstall the second.  Either keep MSE or McAfee.
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline chbq

  • Newbie
  • *
  • Posts: 15
Re: vista anti-spyware infection
« Reply #12 on: May 24, 2011, 02:51:05 AM »
Now I realize I should have made a note of each step as I did it.  I did run the Fis NCR.reg.  Don't remember if I ran rkill before malwarebytes, but believe I did.  Trying to do this when I'm too tired-which is no excuse when you're trying to help me.  One more thing - when I restarted the laptop an icon appeared in the lower right area with the message  " solve computer problems  check to see solutions windows has found for your computer".  This message also appeared before I started having the problem I asked you for help with.
Which antivirus software is best to have-MSE or McAfee?


Logged

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11530
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: vista anti-spyware infection
« Reply #13 on: May 24, 2011, 02:57:14 PM »
Hi, chbq.

Based on the error messages in your log, it appears that the conflicts are due to having two antivirus programs installed and, although the log shows MSE is updated, there are errors relating to MSE.  In addition, critical security update http://support.microsoft.com/kb/967723 appears to have failed to install. 

MSE is free for personal use.  McAfee is a licensed/paid program.  Did you recently pay for a license for McAfee?  I have personal preferences -- MSE as a free solution and ESET as a licensed program.  However, as I said, those are my personal preferences. 

If you elect to stay with McAfee, you need to uninstall MSE.  If you elect to stay with MSE, in addition to uninstalling McAfee, you will need to activate the Windows Vista firewall.  If would also be advisable to run http://www.appremover.com/ to remove remnants left behind by McAfee. 

If you remove McAfee, to turn on the Windows Firewall, do the following:

--  Open Windows Firewall by clicking the Start button, clicking Control Panel, clicking Security, and then clicking Windows Firewall.
--  Click Turn Windows Firewall on or off.  If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
--  Click On (recommended), and then click OK.

The decision is yours as to which program you wish to keep.  If you have recently paid for McAfee, then you may want to uninstall MSE. 

After uninstalling either MSE or McAfee, please shutdown/restart your computer, I'd like you to run the System File Checker tool to determine whether the issue that you are experiencing is caused by one or more system files that are used by Windows.  The System File Checker tool scans system files and replaces incorrect versions of the system files by using the correct versions.

To run the System File Checker tool, follow these steps:
  • Click Start, and then type cmd in the Start Search box.
  • Right-click cmd in the Programs list, and then click Run as administrator.
  • If you are prompted for an administrator password or confirmation, type your password or click Continue
  • At the command prompt, type the following line, and then press ENTER:

sfc /scannow (note the space before the backslash)
  • When the scan is complete, shut down/restart the computer.

Next, please go to Control Panel\Security\Windows Update and click on View update history to see if Security Update for Windows Vista (KB967723) was already installed.  If not, see if it will install now.

Please let me know the results. 
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline chbq

  • Newbie
  • *
  • Posts: 15
Re: vista anti-spyware infection
« Reply #14 on: September 25, 2011, 11:46:13 AM »
Hi Corrine,
After a few months, I finally have time to reply to your instructions… “Next, please go to Control Panel\Security\Windows Update and click on View update history to see if Security Update for Windows Vista (KB967723) was already installed.  If not, see if it will install now.”  I have tried to install the Security Update several times, but it doesn’t install.  The error detail code given is “80070490”. 
Logged
Pages: [1] 2 3   Go Up
« previous next »