TechSpot

Windows Vista Security virus

Resolved
By mom26gr8kids
Dec 14, 2011
  1. This morning when my son was on the computer a bunch of notifications popped up from Windows Security Center saying that we were infected and needed to activate Vista Security 2012. We had a similar situation happen 3 or 4 years ago, so I knew this was a "ploy" and did not click on it and then I attempted to run virus scans with my software. It wouldn't let me run a virus scan, but it did let me update the Avast definitions. At that point I was able to access the internet, but then Avast said it needed to restart my computer. So I restarted the computer and now every website I try to visit causes it to pop up with a message that says this website is unsafe and it won't let me visit there.

    I am having to post this from my laptop, but my husband uses the PC for his business. Could someone please help me get my security software working again? after my last infection I added some additional security measures, including the WOT and so my kids have not been to an unsafe website since, and yesterday we hardly used the computer at all, so I can't figure out how it happened this time, but I would appreciate the help. I know you guys are busy, but my husband will need to crate an invoice for a customer Friday so he can get paid. So, if we can get the computer working enough for him to do that I would really appreciate it.

    Thanks
    Kendra
     
  2. mom26gr8kids

    mom26gr8kids TS Maniac Topic Starter Posts: 389

    All right. I was able to get my virus software to run, so perhaps I won't need help after all. I will keep you updated.
     
  3. mom26gr8kids

    mom26gr8kids TS Maniac Topic Starter Posts: 389

    All right, my Super Anti-Spyware was able to remove and quarantine some items, but when it re-booted the computer the Vista security messages were still coming up. I have Malware bytes installed on my computer, but would prefer not to run it without instructions on what to do, so that I don't remove something I might need. My Avast is still running a scan, but my gut feeling is that if my spyware couldn't remove it completely then Avast will not be able to either.

    Thanks
    Kendra
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Welcome to TechSpot! I'll be glad to help with the malware.

    Understand that if it was as easy as running an antivirus scan to remove these malware infections, this forum would have very few posts! So let's see if we can get you back in business.

    Please know that all those alerts and error messages are products of the malware. The scam is to get the user to click on their link to "remove" what is suppose to be wrong. It's important that you don't act on any of these messages or alerts.
    ========================================
    If you can manage it, I'd like to get some preliminary information first:

    Please follow the steps in the Preliminary Virus and Malware Removal thread HERE
    ------------------------------
    NOTE: If you just put Malwarebytes on the system and it is the current version in the thread below, (database will be over 8000) please follow these directions:
    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to
      [o] Update Malwarebytes' Anti-Malware
      [o] and Launch Malwarebytes' Anti-Malware
    • then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform Quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. please attach this log with your reply
      Note: on opening Notepad, click on Format> make sure Word Wrap is unchecked.
      [o] If you accidentally close it, the log file is saved here and will be named like this:
      [o] C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    ========================
    Run the DDS scan in the thread, then GMER.> links for both are in the thread.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    If you have any problem running these scans, stop and tell me what the problem is. The malware may prevent your running some scans and that will be a part of the removal that we will work around.
    ========================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.
    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================.
     
  5. mom26gr8kids

    mom26gr8kids TS Maniac Topic Starter Posts: 389

    can't access internet

    Bobbye

    I do have malware bytes on my computer. It says it is 155 days old, so I am sure it needs an update. The problem is that the malware will not let me access the internet. Whether I use Mozilla or Internet explorer any website that I type in it says is unsafe for me to visit and it again recommends that I either activate Vista Security 2012 or run a virus scan (the "virus" scan has run several times on it's own (after a re-boot) which also recommends that I activate Vista security 2012 to remove the infections or it says I can continue exploring the internet without virus protection, but when I click on the last option it still won't let me access anything.

    So, do you want me to run the Malware-bytes software as is? Is it possible to download the updates from my laptop and save them to a flash drive and then install them?

    As for the gmer and DDS file I am not sure how I will download those at all without the internet. I can check and see if they are on my computer from my last virus removal (in July), but normally those are deleted when the process is finished.

    Kendra
     
  6. mom26gr8kids

    mom26gr8kids TS Maniac Topic Starter Posts: 389

    I did manage to download the newest version of malwarebytes on my computer (although it wouldn't update). I ran it and it found 3 infections and removed them, but even though the security alerts are no longer popping up I can't get my programs to run and I still cannot access the internet.
    When I try to run certain programs it says "choose the program you wish to open this file." It seems one of the programs not running is rundll32.exe.
    So, I cannot send you any log files, nor do anything else until I hear from you. If I manage to get the internet to work then I will follow the previous instructions and send you the log files. If you don't hear anything else from me then I am waiting for your reply.
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    It is not uncommon for malware to interfere with internet access. When that happens, you can download the scanning programs to a flash drive, then connect it to the problem computer to run.

    Please remove the Malwarebytes on the system now. It will be outdated and will not have current malware in it's database.

    Avast and Superantispyware will not remove all of the entries. You will have to get the scans on the system using the flash drive, then post the logs. Let's make sure the flash drive is protected:
    • Please download Panda USB Vaccine(you must provide valid e-mail and they will send you download link to this e-mail address) to your desktop.
    • Install and run it.
    • Plug in USB drive and click on Vaccinate USB and Vaccinate computer.
    =====================================
    Now begin downloading and transferring the scans, then reverse process to get the logs to the thread.

    I was the one who assisted you in July. The last instructions were the removal of the tools we used including their backups and logs.
     
  8. mom26gr8kids

    mom26gr8kids TS Maniac Topic Starter Posts: 389

    mbam logs

    Sorry it took me so long to get back to you. It took me a while to figure out how to get the Malware bytes updates to load on my computer along with the exe file, but I figured it out and I am glad to say that I learned something.

    However, because I didn't figure it out right away there are two mbam logs. One before the updates and one after. I ran it again once I figured out how to get the updates to run as well. Here are the mbam logs.

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 7622

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 9.0.8112.16421

    12/17/2011 12:46:37 AM
    mbam-log-2011-12-17 (00-46-37).txt

    Scan type: Quick scan
    Objects scanned: 199918
    Time elapsed: 6 minute(s), 9 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_CLASSES_ROOT\.exe\(default) (PUM.HijackExefiles) -> Bad: (Dg) Good: (exefile) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Users\Dad\AppData\Local\temp\gyyuuaxxkc (Trojan.Agent) -> Quarantined and deleted successfully.


    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 7622

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 9.0.8112.16421

    12/15/2011 4:17:09 PM
    mbam-log-2011-12-15 (16-17-09).txt

    Scan type: Quick scan
    Objects scanned: 196262
    Time elapsed: 20 minute(s), 27 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 3
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    c:\Users\Dad\AppData\Local\hsx.exe (Trojan.ExeShell.Gen) -> 3076 -> Failed to unload process.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Dad\AppData\Local\hsx.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Dad\AppData\Local\hsx.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Dad\AppData\Local\hsx.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Users\Dad\AppData\Local\hsx.exe (Trojan.ExeShell.Gen) -> Delete on reboot.
    c:\Users\Dad\local settings\application data\hsx.exe (Trojan.ExeShell.Gen) -> Delete on reboot.
     
  9. mom26gr8kids

    mom26gr8kids TS Maniac Topic Starter Posts: 389

    gmer log

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-12-17 01:09:58
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000059 Hitachi_ rev.ST2O
    Running: jib9t5xz.exe; Driver: C:\Users\Dad\AppData\Local\Temp\kxtdapow.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x960257A2]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
    Device \FileSystem\fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

    ---- EOF - GMER 1.0.15 ----
     
  10. mom26gr8kids

    mom26gr8kids TS Maniac Topic Starter Posts: 389

    dds logs

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 10/10/2006 7:16:20 PM
    System Uptime: 12/17/2011 12:48:24 AM (1 hours ago)
    .
    Motherboard: Acer | | WMCP78M
    Processor: AMD Athlon(tm) 7450 Dual-Core Processor | Socket AM2 | 1200/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 142 GiB total, 31.353 GiB free.
    D: is FIXED (NTFS) - 142 GiB total, 141.567 GiB free.
    E: is CDROM ()
    F: is Removable
    I: is Removable
    K: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    2002 Games
    7-Zip 9.20
    Acer Arcade Live Main Page
    Acer Assist
    Acer DV Magician
    Acer DVDivine
    Acer eDataSecurity Management
    Acer Empowering Technology
    Acer eRecovery Management
    Acer HomeMedia
    Acer HomeMedia Connect
    Acer HomeMedia Trial Creator
    Acer Registration
    Acer ScreenSaver
    Acer SlideShow DVD
    Acer VideoMagician
    Acrobat.com
    Adobe Acrobat 4.0
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.1)
    Adobe Shockwave Player 11.6
    Agere Systems PCI-SV92EX Soft Modem
    Alice Greenfingers
    Alien Shooter
    Allmyapps
    Amazon MP3 Downloader 1.0.12
    Anna`s Ice Cream
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AV Input Selection
    avast! Free Antivirus
    Avenue Flo - Special Delivery
    Babysitting Mania
    Batch Update
    Bible Data Type System Files
    Big Fish Games: Game Manager
    Bonjour
    Bookworm Adventures
    Build In Time
    Burger Shop
    C:\Program Files\Acer GameZone\GameConsole
    Cake Mania
    Chicken Invaders 2
    Chocolatier
    Choice Guard
    Common System Files
    COMODO Internet Security
    Cookie Domination
    Cooking Academy
    Cooking Dash
    Cooking Dash Diner Town Studios
    Coupon Printer for Windows
    Dairy Dash
    Direct Show Ogg Vorbis Filter (remove only)
    Doggie Dash
    Double Play Jojo’s Fashion Show 1 & 2
    Dream Day First Home
    Dream Day Wedding
    Dream Day Wedding Married in Manhattan
    eMusic Download Manager 4.1.4
    EPSON TWAIN 5
    Family Feud 3
    Family Tree Maker 2005
    Fashion Dash
    Free Realms
    Free Realms Installer
    Galapago
    Garfield's Typing Pal
    Go-Go Gourmet
    Go Go Gourmet Chef of the Year
    Google Desktop
    Google Earth Plug-in
    Google SketchUp 8
    Google Update Helper
    Graphical Query Editor
    Guitar Praise
    Hax264 Codec 2.1.0.8
    Heroes of Hellas
    Home Sweet Home
    Hotel Dash Suite Success
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    ijji REACTOR
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 26
    Jessicas Cupcake Cafe
    Jewelleria
    Junk Mail filter update
    Kelly Green Garden Queen
    Kitchen Brigade
    LEGO Universe
    Libronix Digital Library System
    Libronix DLS Application
    Libronix DLS Shortcuts
    LibronixUpdate
    Lizard Safeguard - PDF Viewer 2.5.152
    LLS Resource Driver
    Magic Farm
    Magic Match Adventures
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Math Missions Grades 3-5
    Math Missions Grades K-2
    Mavis Beacon Teaches Typing 15
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Small Business Edition 2003
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Train Simulator
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    Minecraft version Beta 1.8
    Mozilla Firefox 8.0 (x86 en-US)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Musicnotes Software Suite 1.5.5
    Mystery Solitaire - Secret Island
    Norton Security Scan
    NTI Backup Now 5
    NTI Backup Now Standard
    NTI Media Maker 8
    NVIDIA Control Panel 275.33
    NVIDIA Display Control Panel
    NVIDIA Drivers
    NVIDIA ForceWare Network Access Manager
    NVIDIA Graphics Driver 275.33
    NVIDIA Install Application
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.3.5
    NVIDIA Update Components
    OEB Resource Driver
    OGA Notifier 2.0.0048.0
    Orchard
    Passport to Perfume™
    PDF Resource Driver
    PDFCreator
    pdfforge Toolbar v4.3
    Picasa 3
    Plants vs. Zombies
    PlayReady PC runtime
    Puzzle and Board XP Championship
    QuickTime
    Roblox
    Roblox for Dad
    ScanToWeb
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Windows Media Encoder (KB2447961)
    Sentence Diagramming
    Shopmania
    Spelling Dictionaries Support For Adobe Reader 9
    Spotify
    Spybot - Search & Destroy
    Sunshine Acres
    SUPERAntiSpyware Free Edition
    swMSM
    System Requirements Lab
    Teach Yourself to Play Guitar 1.8.1
    Timez Attack
    U.B. Funkeys
    Uninstall Dual Mode Camera
    Unity Web Player
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Wedding Dash 2
    Wedding Dash Ready Aim Love
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Encoder 9 Series
    Yard Sale Junkie
    Year 2 year-plan
    Year 3 Curriculum
    Year 3 Interface
    Year 4 Curriculum
    Year 4 Government
    Year 4 Interface
    Year 4 MapAids
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/17/2011 12:50:25 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
    12/17/2011 12:50:25 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    12/17/2011 12:50:25 AM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
    12/17/2011 12:50:25 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    12/17/2011 12:50:25 AM, Error: Service Control Manager [7003] - The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed.
    12/17/2011 12:50:25 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    12/16/2011 12:43:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    12/16/2011 12:43:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    12/16/2011 12:43:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    12/16/2011 12:43:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    12/16/2011 12:43:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    12/16/2011 12:43:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    12/16/2011 12:43:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    12/16/2011 11:18:21 AM, Error: EventLog [6008] - The previous system shutdown at 10:52:16 AM on 12/16/2011 was unexpected.
    12/16/2011 10:49:46 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows Live Sign-In Assistant (KB 967912).
    12/15/2011 3:37:29 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    12/15/2011 3:37:29 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/15/2011 3:13:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    12/15/2011 3:06:11 PM, Error: Service Control Manager [7023] - The Workstation service terminated with the following error: Not enough storage is available to complete this operation.
    12/15/2011 3:06:11 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: Not enough storage is available to complete this operation.
    12/14/2011 8:46:40 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
    12/14/2011 8:46:40 AM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/14/2011 10:51:17 AM, Error: nvstor32 [5] - A parity error was detected on \Device\RaidPort0.
    12/14/2011 10:00:38 AM, Error: Service Control Manager [7023] - The Network ProService service terminated with the following error: The specified module could not be found.
    12/14/2011 10:00:16 AM, Error: Service Control Manager [7030] - The Network ProService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    .
    ==== End Of File ===========================
     
  11. mom26gr8kids

    mom26gr8kids TS Maniac Topic Starter Posts: 389

    dds logs

    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
    Run by Dad at 1:21:47 on 2011-12-17
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2814.1664 [GMT -7:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
    FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\agrsmsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\bin32\nSvcAppFlt.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\bin32\nSvcIp.exe
    C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
    C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\ehome\ehsched.exe
    C:\Users\Dad\AppData\Roaming\Spotify\spotify.exe
    C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\minimavis.exe
    C:\Windows\ehome\ehRecvr.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/ig?brand=ACAW&bmod=ACUS
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp32&d=1006&m=aspire_x1300
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [Spotify] "c:\users\dad\appdata\roaming\spotify\Spotify.exe" /uri spotify:autostart
    mRun: [Acer Empowering Technology Monitor] c:\program files\acer\empowering technology\SysMonitor.exe
    mRun: [EmpoweringTechnology] c:\program files\acer\empowering technology\Framework.Launcher.exe boot
    mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
    mRun: [PCMMediaSharing] c:\program files\acer arcade live\acer homemedia connect\kernel\dms\PCMMediaSharing.exe
    mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled
    mRun: [Acer Product Registration] "c:\program files\acer\acer registration\ACE1.exe" /startup
    mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\person~1.lnk - c:\program files\broderbund\mavis beacon teaches typing 15\minimavis.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    LSP: %SYSTEMROOT%\system32\nvLsp.dll
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{21D9B156-F5AF-4B81-932D-E2ACBCAB943B} : NameServer = 156.154.70.22,156.154.71.22
    TCP: Interfaces\{21D9B156-F5AF-4B81-932D-E2ACBCAB943B} : DhcpNameServer = 192.168.1.1
    Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - c:\program files\libronix dls\system\FileProt.dll
    Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - c:\program files\libronix dls\system\ResProt.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    AppInit_DLLs: c:\progra~1\google\google~1\googledesktopnetwork3.dll c:\windows\system32\guard32.dll c:\windows\system32\guard32.dll c:\windows\system32\guard32.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\dad\appdata\roaming\mozilla\firefox\profiles\svjtkm5q.default\
    FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
    FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4dd2ebf0&i=23&tp=ab&nt=1&q=
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\emusic download manager\plugin\npemusic.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\iwonei\installr\1.bin\NPjfEISb.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPcol500.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npigl.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
    FF - plugin: c:\program files\musicnotes\npmusicn.dll
    FF - plugin: c:\program files\musicnotes\NPSibelius.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\dad\appdata\local\roblox\versions\version-fb3436d54f9e4598\NPRobloxProxy.dll
    FF - plugin: c:\users\dad\appdata\locallow\sony online entertainment\npsoe.dll
    FF - plugin: c:\users\dad\appdata\locallow\sony online entertainment\npsoeact.dll
    FF - plugin: c:\users\dad\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-15 435032]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-7-15 314456]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-1-6 488208]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-1-6 38616]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-9-4 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-4 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-10-18 116608]
    R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\acer arcade live\acer homemedia connect\kernel\dms\CLMSServer.exe [2009-1-19 269448]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-7-15 20568]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-7-15 55128]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-7-15 44768]
    R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2009-1-19 24576]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-9-23 144632]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-7-18 2214504]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-7-9 248936]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-1-19 43552]
    S2 Application Updater;Application Updater;"c:\program files\application updater\applicationupdater.exe" --> c:\program files\application updater\ApplicationUpdater.exe [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-17 136176]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-7-18 1153368]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-17 136176]
    S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
    S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
    S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]
    S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-9-23 50424]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-4 12872]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2011-12-17 07:27:31 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-14 16:12:22 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-12-14 16:12:22 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-12-14 16:12:20 429056 ----a-w- c:\windows\system32\EncDec.dll
    2011-12-14 16:12:19 2043904 ----a-w- c:\windows\system32\win32k.sys
    2011-12-14 16:12:18 49152 ----a-w- c:\windows\system32\csrsrv.dll
    2011-12-14 16:12:18 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2011-12-14 16:12:13 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-12-10 22:34:01 -------- d-----w- c:\users\dad\appdata\local\Spotify
    2011-12-10 22:32:58 -------- d-----w- c:\users\dad\appdata\roaming\Spotify
    2011-12-07 06:16:54 -------- d-----w- c:\program files\iPod
    2011-12-02 17:26:56 -------- d-----w- c:\program files\QuickTime(87)
    2011-12-02 17:10:47 -------- d-----w- c:\program files\iPod(37)
    2011-11-18 00:15:30 -------- d-----w- c:\program files\Minecraft
    2011-11-18 00:13:18 -------- d-----w- c:\users\dad\appdata\roaming\Allmyapps
    2011-11-18 00:12:19 -------- d-----w- c:\program files\Allmyapps
    2011-11-18 00:10:36 -------- d-----w- c:\programdata\Allmyapps
    .
    ==================== Find3M ====================
    .
    2011-11-29 01:57:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-28 18:01:25 41184 ----a-w- c:\windows\avastSS.scr
    2011-11-28 17:53:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-11-28 17:52:07 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
    2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
    2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-10-07 17:47:43 38616 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2011-10-07 17:47:42 488208 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
    2011-10-07 17:47:41 19600 ----a-w- c:\windows\system32\drivers\cmderd.sys
    2011-10-07 17:47:11 33984 ----a-w- c:\windows\system32\cmdcsr.dll
    2011-10-07 17:47:10 300200 ----a-w- c:\windows\system32\guard32.dll
    2011-09-20 21:02:55 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
    .
    ============= FINISH: 1:22
     
     
  12. mom26gr8kids

    mom26gr8kids TS Maniac Topic Starter Posts: 389

    more info

    I wanted to let you know how the system is running and a few other details.

    I am no longer getting the annoying pop-ups. Malware took care of that right away. At first I could not run most of my programs and a few I could only run as administrator. I am now able to run several programs without having to right-click on it, so I am seeing some improvements in the system. I still cannot connect to the internet and still having trouble running some programs. My Comodo is still not functioning properly at this point, but Avast seems to be running all right.

    I also wanted to let you know that while I was running one of the scans I stepped away from the computer momentarily and windows attempted to run some updates. I know I am not supposed to run other programs while attempting to clean the computer. I think it was while I was running Malwarebytes, because I stopped the updates and restarted the computer as instructed.

    Thanks so much for your help. One of our friends got this same virus this week and took his computer up to the Geek Squad, so I am very grateful to not have to do that. I also have to say I think it's very cool that there is a vaccine for a flash drive. I am not thankful to have gotten such a nasty virus, but I have learned a couple of new things and I am getting a kick out of some of this stuff that I now know.

    Let me know what the next steps for my system are and thanks again for the advice.

    Kendra
     
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    About Malwarebytes:
    First Scan:>>>> Objects scanned: 196262
    Malwarebytes' Anti-Malware 1.51.2.1300
    Database version: 7622
    12/15/2011 4:17:09 PM
    mbam-log-2011-12-15 (16-17-09).txt
    Memory Processes Infected: 1
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 3
    Folders Infected: 0
    Files Infected: 2
    Memory Processes Infected:
    c:\Users\Dad\AppData\Local\hsx.exe (Trojan.ExeShell.Gen) -> 3076 -> Failed to unload process.
    --------------------------------------------------
    Second Scan: >>>> Objects scanned: 199918
    Malwarebytes' Anti-Malware 1.51.2.1300
    Database version: 7622
    12/17/2011 12:46:37 AM
    mbam-log-2011-12-17 (00-46-37).txt
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 1
    ---------------------------------
    Although you ran Mbam twice, there was no update. Both the version and the database are the same in both logs. But what the 2 logs do show is that the system is still actively being infected. I copied the 2 sections for the infected files in each category and as you can see, they are different. But it is interesting to note that with only 2 days between, the second scan had 3656 more objects to scan!
    --------------------------------'
    So Mbam did not get updated and although some malware entries were remove in the 1st scan, you are still actively getting malware
    ======================
    About the 'updates.'>> set it to Don't download/don't install, notify me.
    There are many other auto-update running. I'll help you with those later.
    ======================
    About the internet connection:
    When you get the 'warning' from the malware that a site isn't safe, can you bypass it and access the site? Is this all site, any sites or just security sites?

    Does it prevent the connection when you click on a link and/or type a URL in the Address Bar? Which? Both?
    ======================
    I'd like you to download and run Combofix. Use the flash drive if needed.
    NOTE: There will be a query about downloading a Recovery Console when downloading Combofix. You cannot do this using the flash drive- just go on the click on the Scan button
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
      ***Please note: if you have downloaded Combofix to a flash drive, then run it on the infected machine> the Recovery Console will not install- just bypass and go on.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    ==================================
    And if you can manage it, please also run HijackThis- it should give me some indication if the hosts files need repair:
    Download the HijackThis Installer and save to the desktop:
    1. Double-click on HJTInstall.exe to run the program.
    2. By default it will install to C:\Program Files\Trend Micro\HijackThis.
    3. Accept the license agreement by clicking the "I Accept" button.
    4. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
    5. Click "Save log" to save the log file and then the log will open in notepad.
    6. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    7. Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
    ====================================
    If you can keep those 6 munchkins off until we finish cleaning, that would be a good thing. :)
     
  14. mom26gr8kids

    mom26gr8kids TS Maniac Topic Starter Posts: 389

    Bobbye

    The munchkins have not been on the computer since they can't access most of the programs--one of the blessings of having a virus I guess.

    As for the internet access originally (when the Vista Security warnings were popping up every few minutes) the malware told me that every site was unsafe and I couldn't access any page. Now my internet is not working at all. Since I ran the Malwarebytes the first time it hasn't been able to load the page. It has been saying that it can't establish a connection and one time I got a message about some rundll32 or something like that. I called my ISP and my internet connection provider and they tried a few things with me. They say that my computer is not responding to the modem. My modem and internet access and wireless are all lit up and seem to be working, but my computer is not responding to the connection. I figured that the malware still had some of the files disabled and once we started fixing things my internet would start working/responding, but at this point it is still doing the same thing. I am getting an error 814 (error connecting to Broadband connection). If you know some way to fix this then I can start doing some of these things from the internet instead of the flash drive. I did run Combofix and I will attach that log in my next reply because it's really long.
     
  15. mom26gr8kids

    mom26gr8kids TS Maniac Topic Starter Posts: 389

    Combofix Log

    ComboFix 11-12-19.01 - Dad 12/19/2011 14:52:03.3.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2814.1826 [GMT -7:00]
    Running from: c:\users\Dad\Desktop\ComboFix.exe
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Dad\AppData\Local\._Revolution_
    c:\users\Dad\AppData\Roaming\.#
    c:\users\Dad\AppData\Roaming\.#\MBX@1690@1DF2990.###
    c:\users\Dad\AppData\Roaming\.#\MBX@1690@1DF29C0.###
    c:\users\Dad\AppData\Roaming\.#\MBX@1690@1DF29F0.###
    c:\windows\$NtUninstallKB48032$
    c:\windows\$NtUninstallKB48032$\1674958965\@
    c:\windows\$NtUninstallKB48032$\1674958965\bckfg.tmp
    c:\windows\$NtUninstallKB48032$\1674958965\cfg.ini
    c:\windows\$NtUninstallKB48032$\1674958965\Desktop.ini
    c:\windows\$NtUninstallKB48032$\1674958965\keywords
    c:\windows\$NtUninstallKB48032$\1674958965\kwrd.dll
    c:\windows\$NtUninstallKB48032$\1674958965\L\qnbwvoto
    c:\windows\$NtUninstallKB48032$\1674958965\lsflt7.ver
    c:\windows\$NtUninstallKB48032$\1674958965\U\00000001.@
    c:\windows\$NtUninstallKB48032$\1674958965\U\00000002.@
    c:\windows\$NtUninstallKB48032$\1674958965\U\00000004.@
    c:\windows\$NtUninstallKB48032$\1674958965\U\80000000.@
    c:\windows\$NtUninstallKB48032$\1674958965\U\80000004.@
    c:\windows\$NtUninstallKB48032$\1674958965\U\80000032.@
    c:\windows\$NtUninstallKB48032$\2449666687
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-19 to 2011-12-19 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-19 22:14 . 2011-12-19 22:14 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2011-12-17 07:27 . 2011-09-01 00:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-14 16:12 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-12-14 16:12 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-12-14 16:12 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
    2011-12-14 16:12 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys
    2011-12-14 16:12 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2011-12-14 16:12 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
    2011-12-14 16:12 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-12-10 22:34 . 2011-12-14 17:52 -------- d-----w- c:\users\Dad\AppData\Local\Spotify
    2011-12-10 22:32 . 2011-12-19 21:18 -------- d-----w- c:\users\Dad\AppData\Roaming\Spotify
    2011-12-07 06:16 . 2011-12-07 06:16 -------- d-----w- c:\program files\iPod
    2011-12-02 17:26 . 2011-12-02 17:28 -------- d-----w- c:\program files\QuickTime(87)
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-29 01:57 . 2011-06-03 15:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-28 18:01 . 2011-07-16 05:08 41184 ----a-w- c:\windows\avastSS.scr
    2011-11-28 18:01 . 2011-07-16 05:08 199816 ----a-w- c:\windows\system32\aswBoot.exe
    2011-11-28 17:53 . 2011-07-16 05:10 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-11-28 17:53 . 2011-07-16 05:10 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-11-28 17:52 . 2011-07-16 05:10 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-11-28 17:52 . 2011-07-16 05:10 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-11-28 17:52 . 2011-07-16 05:10 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-11-28 17:51 . 2011-07-16 05:10 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-10-07 17:47 . 2011-01-06 23:36 38616 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2011-10-07 17:47 . 2011-01-06 23:36 488208 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
    2011-10-07 17:47 . 2011-01-06 23:36 19600 ----a-w- c:\windows\system32\drivers\cmderd.sys
    2011-10-07 17:47 . 2011-11-14 16:01 33984 ----a-w- c:\windows\system32\cmdcsr.dll
    2011-10-07 17:47 . 2010-12-29 07:42 300200 ----a-w- c:\windows\system32\guard32.dll
    2011-11-09 03:55 . 2011-03-24 02:39 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2008-07-30 01:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-12 4617600]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 135680]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    "Spotify"="c:\users\Dad\AppData\Roaming\Spotify\Spotify.exe" [2011-11-23 6856528]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Acer Empowering Technology Monitor"="c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2008-10-01 319488]
    "EmpoweringTechnology"="c:\program files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-10-01 323584]
    "eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-30 526896]
    "PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-05-21 204908]
    "CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2008-10-03 294544]
    "Acer Product Registration"="c:\program files\Acer\Acer Registration\ACE1.exe" [2007-11-26 3387392]
    "Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-09-01 1047208]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-10-20 2497352]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-09-06 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 21:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\windows\System32\guard32.dll c:\windows\System32\guard32.dll c:\windows\System32\guard32.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-08-17 136176]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-08-17 136176]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
    R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2008-08-22 18688]
    R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2008-08-22 8320]
    R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2007-06-19 23680]
    R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
    R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-18 12872]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-10-07 488208]
    S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-10-07 38616]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-09-06 12880]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2011-09-06 67664]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-09-06 116608]
    S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-05-21 269448]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
    S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-10-01 24576]
    S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-03-22 43552]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    xmlpros REG_MULTI_SZ XMLProvS
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-17 19:41]
    .
    2011-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-17 19:41]
    .
    2011-12-14 c:\windows\Tasks\Norton Security Scan for Dad.job
    - c:\progra~1\NORTON~2\Engine\360~1.31\Nss.exe [2011-10-10 15:22]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/ig?brand=ACAW&bmod=ACUS
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp32&d=1006&m=aspire_x1300
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    LSP: %SYSTEMROOT%\system32\nvLsp.dll
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{21D9B156-F5AF-4B81-932D-E2ACBCAB943B}: NameServer = 156.154.70.22,156.154.71.22
    FF - ProfilePath - c:\users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\svjtkm5q.default\
    FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
    FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4dd2ebf0&i=23&tp=ab&nt=1&q=
    FF - user.js: yahoo.homepage.dontask - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - c:\users\Dad\AppData\Local\Temp\xxk.dll
    .
    .
    .
    **************************************************************************
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files:
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(3192)
    c:\windows\System32\guard32.dll
    .
    - - - - - - - > 'lsass.exe'(3336)
    c:\windows\System32\guard32.dll
    .
    Completion time: 2011-12-19 15:20:02
    ComboFix-quarantined-files.txt 2011-12-19 22:19
    .
    Pre-Run: 35,252,621,312 bytes free
    Post-Run: 35,752,202,240 bytes free
    .
    - - End Of File - - 9C77A9F1392E55DD795A63A1CA12E7C0

    I will be running hijack this next
     
  16. mom26gr8kids

    mom26gr8kids TS Maniac Topic Starter Posts: 389

    hijackthis logfile

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 5:30:33 PM, on 12/19/2011
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\explorer.exe
    C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\minimavis.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp32&d=1006&m=aspire_x1300
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
    O4 - HKLM\..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
    O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
    O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled
    O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer\Acer Registration\ACE1.exe" /startup
    O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [Spotify] "C:\Users\Dad\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
    O4 - HKUS\S-1-5-21-448598220-3968628860-416183352-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-448598220-3968628860-416183352-1001\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-448598220-3968628860-416183352-1001\..\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe (User 'UpdatusUser')
    O4 - Global Startup: Personal Coach.lnk = ?
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O17 - HKLM\System\CCS\Services\Tcpip\..\{21D9B156-F5AF-4B81-932D-E2ACBCAB943B}: NameServer = 156.154.70.22,156.154.71.22
    O17 - HKLM\System\CS1\Services\Tcpip\..\{21D9B156-F5AF-4B81-932D-E2ACBCAB943B}: NameServer = 156.154.70.22,156.154.71.22
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll C:\Windows\System32\guard32.dll C:\Windows\System32\guard32.dll C:\Windows\System32\guard32.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Application Updater - Unknown owner - C:\Program Files\Application Updater\ApplicationUpdater.exe (file missing)
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\bin32\nSvcAppFlt.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\bin32\nSvcIp.exe
    O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

    --
    End of file - 10332 bytes

    Let me know what my next steps should be
     
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Let's check the Device Manager for the Network Adapter:

    Click on Start> Control Panel> System> Hardware tab> Device Manager> click on the + (plus sign) to the left of Network Adapters:
    Do you see an Error icon [​IMG] by the Net Adapter?

    Did the ISP verify that the Modem and Router were online and functioning?
     
  18. mom26gr8kids

    mom26gr8kids TS Maniac Topic Starter Posts: 389

    There is no error by the network adapter and the ISP did verify that the Modem and ROuter were online and functioning.
     
  19. mom26gr8kids

    mom26gr8kids TS Maniac Topic Starter Posts: 389

    Internet is working

    Yea! I got my internet to work today, so now we can do the rest of the steps directly from the PC and hopefully that will make this run a little smoother. After reading your post about checking the device manager it occurred to me that if I rolled back the driver I might be able to get the computer to reinstall the latest driver on reboot and sure enough that worked.

    I don't know a lot about viruses, but if the virus changed some of the files on my PC then I suppose it could have caused an error in the driver.

    Anyhow, internet is working now, so let me know what other steps I need to take to make sure my computer is clean.

    Thanks
    Kendra
     
  20. mom26gr8kids

    mom26gr8kids TS Maniac Topic Starter Posts: 389

    Firewall--urgent

    Now that my computer can connect to the internet I ran diagnostics on my Comodo Firewall, which has not been working properly. It said there were problems with my installation and that it would need to fix them and I may need to re-start my computer. I did restart and Comodo still is not working properly. I don't want my computer running without a firewall. I know I'm not supposed to download or update anything while cleaning my computer, but I wanted to know if I could uninstall and reinstall Comodo so that my computer can be protected.

    Thanks
    Kendra
     
  21. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Can you tell me about how the internet connection started working? Was it the Network Adapter you rolled back?

    About Comodo: I didn't finish my searching last night but saved it to ask about today. The NVidia Forceware has a firewall in it. I had wondered if that could be causing a problem with running the Comodo firewall.

    Can you catch me up on what happened originally with Comodo and did the problem begin when you got the malware? Was it on the system previously and working okay then?

    Also, do you know this scheduled task is running?
    2011-12-14 c:\windows\Tasks\Norton Security Scan for Dad.job
    - c:\progra~1\NORTON~2\Engine\360~1.31\Nss.exe [2011-10-10 15:22]

    Answer what you can. I'll go through all of the logs and finish you up after I take a lunch break.

    Let do a scan for the security in the meantime:
    Download Security Check by screen317 from one of these links:
    Link1
    Link 2
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    ==========================================
    BTW, if you find it necessary to send me a PM, please put the URL of the thread in the message. Then I can link to it instead of having to go through the threads in the forum.
     
  22. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Duplicate post.
     
  23. mom26gr8kids

    mom26gr8kids TS Maniac Topic Starter Posts: 389

    1. For the internet connection, yes I rolled back the driver for the Network Adapter and then when I turned the computer back on it updated the driver and the internet started working.

    2. Comodo has not been working since I got the malware. I think it has been on my computer for at least a year, and the only time I had problems with it was when I had viruses on the computer.

    3. As for the Norton Security Scan I knew that was on our computer (I believe it was some of that annoying freeware that comes with certain programs) but I did not know that it was running scans because I never use it or ask it to scan anything, I remember trying to uninstall it once, but for some reason it didn't work. Now that I know it is running scans I will uninstall it when we are done cleaning the computer. I think I recall that there is a program to uninstall security software with that removes all of it.

    4. As for the firewall I cannot get the Windows Firewall to run either. Every time I try it says that Windows Firewall cannot update or run because there is an unidentified problem. So, apparently neither firewall will run.

    Here is the results from the security scan. Let me know my next steps.

    Results of screen317's Security Check version 0.99.30
    Windows Vista Service Pack 2 x86 (UAC is enabled)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    avast! Free Antivirus
    COMODO Internet Security
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 26
    Java version out of date!
    Adobe Flash Player 11.1.102.55
    Adobe Reader 9 Adobe Reader out of date!
    Mozilla Firefox 8.0. Firefox out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Comodo Firewall cmdagent.exe
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    ``````````End of Log````````````


    By the way I noticed it says that several of my programs are out of date and I wanted to let you know that both Java and Adobe Reader have asked me to update but I have not been allowing it until we get the computer clean.

    Thanks
    Kendra
     
  24. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Holiday Notice! I will not be working on the threads Sat. Dec. 24 or Sunday Dec. 25. I will begin with the oldest threads first on Monday. I will do my best to get you finished or as far along as I can before that. Please do not send a PM during those days.
    --------------------------------------
    Now is the time to do these:

    Please update Java: Java Updates . Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.

    Please update the Adobe Reader:Visit this Adobe Reader site often and make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.
    =====================================
    Go ahead and stop this Scheduled Task. This is not a freebie that came with another program:
    2011-12-14 c:\windows\Tasks\Norton Security Scan for Dad.job
    - c:\progra~1\NORTON~2\Engine\360~1.31\Nss.exe [2011-10-10 15:22]

    Opening scheduled tasks to modify or delete them:

    Access Scheduled Tasks with Click on Start> All Programs> Accessories> System Tools> Scheduled Tasks.

    • To change the settings for a task: right-click the Task> click Properties> do any of the following:
      1. To delete a task> right-click the task> click Delete.
        c:\windows\Tasks\Norton Security Scan for Dad
      2. To prevent task from running until you run again>
        [o] right-click the task> Properties> On the General tab>
        [o] clear the Enabled check box> Select the check box again when you are ready to run it again.
      ======================================
      Now that you have internet access, I'd like to run a Full Scan with Mbam:
      Update and rescan with Malwarebytes: Note: On the Scanner tab, make sure the the Perform Full Scan option is selected and then click on the Scan button.
      When scan has finished, you will see this image:
      [​IMG]
      • Click on OK to close box and continue.
      • Click on the Show Results button.
      • Click on the Remove Selected button to remove all the listed malware.
      • At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format> Uncheck Word Wrap before copying the log to paste in your next reply.
      ================================
      The the Eset Online virus scan:
      To run the Eset Online Virus Scan:
      If you use Internet Explorer:
      1. Open the ESETOnlineScan
      2. Skip to #4 to "Continue with the directions"

        If you are using a browser other than Internet Explorer
      3. Open Eset Smart Installer
        [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
        [o] Double click on the desktop icon to run.
        [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
      4. Continue with the directions.
      5. Check 'Yes I accept terms of use.'
      6. Click Start button
      7. Accept any security warnings from your browser.
        [​IMG]
      8. Uncheck 'Remove found threats'
      9. Check 'Scan archives/
      10. Leave remaining settings as is.
      11. Press the Start button.
      12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
      13. When the scan completes, press List of found threats
      14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
      15. Push the Back button, then Finish
      NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
      ======================================
      After finishing the above, try uninstalling, then reinstalling the Comodo Firewall. If you get an error message, please let me know exactly what it says.
     
  25. mom26gr8kids

    mom26gr8kids TS Maniac Topic Starter Posts: 389

    mbam log

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 911122308

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 9.0.8112.16421

    12/23/2011 7:17:01 PM
    mbam-log-2011-12-23 (19-17-01).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 458009
    Time elapsed: 3 hour(s), 46 minute(s), 55 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    I was also able to stop the Security scan from Norton, but strangely enough it is not listed under my scheduled task manager. I had to go into Norton to find it and disable it. When we're done cleaning my system can you let me know how to uninstall it? It is the software that came with the computer when we bought it. it has an uninstall tab, will that be enough to remove it?

    Running eset scan now
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.