I wanted to go ahead and get this one in the queue for help too. So, here are my syptoms, updates made,and logs:
Symptoms:
1- Windows Live Essentials update will not load.
2- While updating my AV (Kaspersky) I received an message saying i do not have administrator previledges to delete the old AV. There is only a single user profile, and it has had admin prev. from the beginning.
3- Also got admin prev. message when trying to delete old Java prog.
4- Received several webpage errors while trying to view some threads on your website today...I am includeing an example of an below just in case it is helpful
5- I was not able to load the new Kaspersky 2011 program, received admin message noted above, but later, was able to proceed. Got another message saying it was not able to load and my computer may be infected. it recommended I download their avptool. I tried, but it failed to download and run automatically. It said the comp may be infected and recommended I download and run the avp tool manually. It too failed. So, I downloaded Avira to run while I'm getting this repaired.
6- I noticed that the Attach.txt file shows that Kaspersky 2010 is still loaded. I cannot find it in the programs director to uninstall nor is it in the program files directory (I am showing hidden files too.)
7-When I updated windows, it showed 11 updates. 10 of 11 updated, but Live Essentials didn't. I rebooted, checked again, it showed 5 updates. 4 of 5 updated, but Live didn't. I rebooted, it then showed 2 more updates, only one loaded - Live didn't.
8- I'm getting an IP conflict error.
Webpage error details
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; GTB6.5; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Timestamp: Tue, 21 Dec 2010 18:17:49 UTC
Message: Object expected
Line: 1
Char: 1
Code: 0
URI: http://kona5.kontera.com/KonaGet.js...14&mod=65563&rm=1&dc_aff_id=&add=FlashVer_WIN 10,0,22,87|user_|session_
Updates Made:
1- As mentioned above, Windows had many updates
2- Java was updated from 14 to 23
3- Adobe reader was updated from 9 to 10
Most of these updates were made after I performed the 6 steps and created the logs
Logs:
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Database version: 5366
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
12/21/2010 12:30:56 PM
mbam-log-2010-12-21 (12-30-56).txt
Scan type: Quick scan
Objects scanned: 152568
Time elapsed: 2 minute(s), 9 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
==============
NOTE - The GMER log was blank (I may have saved wrong...) so I reran it just now and it said there were no system modifications. That log is also blank.
==============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-12.02)
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 6/7/2010 4:04:50 PM
System Uptime: 12/21/2010 12:33:25 PM (1 hours ago)
Motherboard: TOSHIBA | | NBWAA
Processor: Intel(R) Celeron(R) CPU 900 @ 2.20GHz | U2E1 | 2194/mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 222 GiB total, 190.197 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP28: 8/28/2010 8:19:16 AM - Windows Update
RP29: 9/25/2010 12:53:03 PM - Windows Update
RP30: 10/6/2010 8:22:12 AM - Windows Update
RP31: 10/7/2010 9:01:37 AM - Windows Update
RP32: 10/15/2010 12:43:22 PM - Windows Update
RP33: 11/6/2010 9:05:13 AM - Windows Update
RP34: 11/6/2010 9:32:29 AM - Windows Update
RP35: 11/6/2010 1:46:55 PM - Windows Update
RP36: 11/17/2010 8:32:07 PM - Windows Update
RP37: 11/24/2010 9:17:15 PM - Windows Update
RP38: 11/26/2010 11:52:09 AM - Windows Update
RP39: 12/21/2010 12:04:24 AM - Installed Kaspersky Internet Security 2011.
RP40: 12/21/2010 12:21:58 AM - Installed Kaspersky Internet Security 2011.
RP41: 12/21/2010 12:54:41 AM - Installed Kaspersky Internet Security 2011.
RP42: 12/21/2010 10:18:36 AM - Installed Kaspersky Internet Security 2011.
RP43: 12/21/2010 10:21:58 AM - Windows Update
RP44: 12/21/2010 11:14:31 AM - Installed Kaspersky Internet Security 2011.
==== Installed Programs ======================
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Adobe Reader 9.2
Avira AntiVir Personal - Free Antivirus
Best Buy Software Installer
Bing Bar
Bing Bar Platform
Google Talk Plugin
Google Toolbar for Internet Explorer
Java(TM) 6 Update 14
Junk Mail filter update
Kaspersky Internet Security 2010
Malwarebytes' Anti-Malware
Microsoft Choice Guard
Microsoft Interactive Training
Microsoft Office 97, Professional Edition
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Suite Activation Assistant
Microsoft Office XP Media Content
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Works
Mozilla Firefox (3.6.12)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
QuickBooks
QuickBooks Pro 2010
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Roxio Burn
Roxio Express Labeler 3
Roxio Roxio Burn
Roxio Update Manager
Spelling Dictionaries Support For Adobe Reader 9
TOSHIBA Application Installer
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Quality Application
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
ToshibaRegistration
Unity Web Player
Utility Common Driver
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
==== Event Viewer Messages From Past Week ========
12/21/2010 12:55:14 AM, Error: Service Control Manager [7000] - The Kaspersky Lab Driver service failed to start due to the following error: %%-2145452015
12/21/2010 12:34:34 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer HAMVENT-LAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{7B604AE2-D6E1-456B-A235-D976067B60C0}. The master browser is stopping or an election is being forced.
12/21/2010 12:24:58 AM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.2.3 with the system having network hardware address 00-23-14-CC-18-44. Network operations on this system may be disrupted as a result.
12/21/2010 12:11:47 PM, Error: Service Control Manager [7034] - The QBCFMonitorService service terminated unexpectedly. It has done this 1 time(s).
12/21/2010 12:08:05 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
12/21/2010 12:01:52 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
12/20/2010 11:52:01 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
12/19/2010 4:16:42 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.2.3 with the system having network hardware address 00-1D-E0-33-68-F1. Network operations on this system may be disrupted as a result.
==== End Of File ===========================
Symptoms:
1- Windows Live Essentials update will not load.
2- While updating my AV (Kaspersky) I received an message saying i do not have administrator previledges to delete the old AV. There is only a single user profile, and it has had admin prev. from the beginning.
3- Also got admin prev. message when trying to delete old Java prog.
4- Received several webpage errors while trying to view some threads on your website today...I am includeing an example of an below just in case it is helpful
5- I was not able to load the new Kaspersky 2011 program, received admin message noted above, but later, was able to proceed. Got another message saying it was not able to load and my computer may be infected. it recommended I download their avptool. I tried, but it failed to download and run automatically. It said the comp may be infected and recommended I download and run the avp tool manually. It too failed. So, I downloaded Avira to run while I'm getting this repaired.
6- I noticed that the Attach.txt file shows that Kaspersky 2010 is still loaded. I cannot find it in the programs director to uninstall nor is it in the program files directory (I am showing hidden files too.)
7-When I updated windows, it showed 11 updates. 10 of 11 updated, but Live Essentials didn't. I rebooted, checked again, it showed 5 updates. 4 of 5 updated, but Live didn't. I rebooted, it then showed 2 more updates, only one loaded - Live didn't.
8- I'm getting an IP conflict error.
Webpage error details
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; GTB6.5; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Timestamp: Tue, 21 Dec 2010 18:17:49 UTC
Message: Object expected
Line: 1
Char: 1
Code: 0
URI: http://kona5.kontera.com/KonaGet.js...14&mod=65563&rm=1&dc_aff_id=&add=FlashVer_WIN 10,0,22,87|user_|session_
Updates Made:
1- As mentioned above, Windows had many updates
2- Java was updated from 14 to 23
3- Adobe reader was updated from 9 to 10
Most of these updates were made after I performed the 6 steps and created the logs
Logs:
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Database version: 5366
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
12/21/2010 12:30:56 PM
mbam-log-2010-12-21 (12-30-56).txt
Scan type: Quick scan
Objects scanned: 152568
Time elapsed: 2 minute(s), 9 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
==============
NOTE - The GMER log was blank (I may have saved wrong...) so I reran it just now and it said there were no system modifications. That log is also blank.
==============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-12.02)
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 6/7/2010 4:04:50 PM
System Uptime: 12/21/2010 12:33:25 PM (1 hours ago)
Motherboard: TOSHIBA | | NBWAA
Processor: Intel(R) Celeron(R) CPU 900 @ 2.20GHz | U2E1 | 2194/mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 222 GiB total, 190.197 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP28: 8/28/2010 8:19:16 AM - Windows Update
RP29: 9/25/2010 12:53:03 PM - Windows Update
RP30: 10/6/2010 8:22:12 AM - Windows Update
RP31: 10/7/2010 9:01:37 AM - Windows Update
RP32: 10/15/2010 12:43:22 PM - Windows Update
RP33: 11/6/2010 9:05:13 AM - Windows Update
RP34: 11/6/2010 9:32:29 AM - Windows Update
RP35: 11/6/2010 1:46:55 PM - Windows Update
RP36: 11/17/2010 8:32:07 PM - Windows Update
RP37: 11/24/2010 9:17:15 PM - Windows Update
RP38: 11/26/2010 11:52:09 AM - Windows Update
RP39: 12/21/2010 12:04:24 AM - Installed Kaspersky Internet Security 2011.
RP40: 12/21/2010 12:21:58 AM - Installed Kaspersky Internet Security 2011.
RP41: 12/21/2010 12:54:41 AM - Installed Kaspersky Internet Security 2011.
RP42: 12/21/2010 10:18:36 AM - Installed Kaspersky Internet Security 2011.
RP43: 12/21/2010 10:21:58 AM - Windows Update
RP44: 12/21/2010 11:14:31 AM - Installed Kaspersky Internet Security 2011.
==== Installed Programs ======================
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Adobe Reader 9.2
Avira AntiVir Personal - Free Antivirus
Best Buy Software Installer
Bing Bar
Bing Bar Platform
Google Talk Plugin
Google Toolbar for Internet Explorer
Java(TM) 6 Update 14
Junk Mail filter update
Kaspersky Internet Security 2010
Malwarebytes' Anti-Malware
Microsoft Choice Guard
Microsoft Interactive Training
Microsoft Office 97, Professional Edition
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Suite Activation Assistant
Microsoft Office XP Media Content
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Works
Mozilla Firefox (3.6.12)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
QuickBooks
QuickBooks Pro 2010
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Roxio Burn
Roxio Express Labeler 3
Roxio Roxio Burn
Roxio Update Manager
Spelling Dictionaries Support For Adobe Reader 9
TOSHIBA Application Installer
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Quality Application
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
ToshibaRegistration
Unity Web Player
Utility Common Driver
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
==== Event Viewer Messages From Past Week ========
12/21/2010 12:55:14 AM, Error: Service Control Manager [7000] - The Kaspersky Lab Driver service failed to start due to the following error: %%-2145452015
12/21/2010 12:34:34 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer HAMVENT-LAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{7B604AE2-D6E1-456B-A235-D976067B60C0}. The master browser is stopping or an election is being forced.
12/21/2010 12:24:58 AM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.2.3 with the system having network hardware address 00-23-14-CC-18-44. Network operations on this system may be disrupted as a result.
12/21/2010 12:11:47 PM, Error: Service Control Manager [7034] - The QBCFMonitorService service terminated unexpectedly. It has done this 1 time(s).
12/21/2010 12:08:05 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
12/21/2010 12:01:52 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
12/20/2010 11:52:01 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
12/19/2010 4:16:42 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.2.3 with the system having network hardware address 00-1D-E0-33-68-F1. Network operations on this system may be disrupted as a result.
==== End Of File ===========================
