Vista security center virus

It came back with 16 infected objects it looks like it removed them all, im gonna run it again to be sure. Thanks for you help

Malwarebytes' Anti-Malware 1.41
Database version: 3080
Windows 6.0.6002 Service Pack 2

01/11/2009 2:51:48 PM
mbam-log-2009-11-01 (14-51-48).txt

Scan type: Quick Scan
Objects scanned: 161833
Time elapsed: 12 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\BlockScanner (Rogue.BlockScanner) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wno2ebd.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BlockScanner (Rogue.BlockScanner) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Run (Trojan.Agent) -> Data: c:\windows\services.exe -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\wno2EBD.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\sam\AppData\Local\Temp\cahE8B9.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\sam\AppData\Local\Temp\ezk390A.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\sam\AppData\Local\Temp\gmf7EDE.tmp.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\sam\AppData\Local\Temp\iiz8B6.tmp.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\sam\AppData\Local\Temp\ijy9108.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\sam\AppData\Local\Temp\iqyC2C1.tmp.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\sam\AppData\Local\Temp\izf2569.tmp.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\sam\AppData\Local\Temp\vtoD430.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\sam\AppData\Local\Temp\wno2EBD.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\sam\AppData\Local\Temp\xebD3E0.tmp.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Windows\services.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Welcome to TechSpot, Sam. My apology for the delay. You were also given insufficient information. There is more to malware cleaning.

Please follow the steps in out Virus and Malware Removal HERE:

Run the programs in the order givern. That mean you will need to update Malwarebytes and rescan. Follow with SAS aans HijackThis.

When finished:
Attach logs for Mbam and SAS.

Paste log for HJT.

lewislau957, please visit Special governing rules for the Virus & Malware removal board HERE.

so i ran the crap cleaner twice then shut off my norton auto protect and updated malaware bytes. i ran it and it came back with this:

Malwarebytes' Anti-Malware 1.41
Database version: 3086
Windows 6.0.6002 Service Pack 2

02/11/2009 11:39:04 AM
mbam-log-2009-11-02 (11-39-04).txt

Scan type: Quick Scan
Objects scanned: 93217
Time elapsed: 5 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Now scanning with SAS. sorry the logs arent attached, im not entirely sure how to do that, id rather do it this way

completed all steps

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:22:35 PM, on 02/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\vsnp2uvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/02/2009 at 12:58 PM

Application Version : 4.29.1004

Core Rules Database Version : 4220
Trace Rules Database Version: 2122

Scan type : Complete Scan
Total Scan Time : 01:08:22

Memory items scanned : 826
Memory threats detected : 0
Registry items scanned : 8549
Registry threats detected : 0
File items scanned : 37428
File threats detected : 15

Adware.Tracking Cookie
C:\Users\sam\AppData\Roaming\Microsoft\Windows\Cookies\Low\sam@ad.yieldmanager[1].txt
C:\Users\sam\AppData\Roaming\Microsoft\Windows\Cookies\Low\sam@apmebf[1].txt
C:\Users\sam\AppData\Roaming\Microsoft\Windows\Cookies\Low\sam@atdmt[1].txt
C:\Users\sam\AppData\Roaming\Microsoft\Windows\Cookies\Low\sam@collective-media[1].txt
C:\Users\sam\AppData\Roaming\Microsoft\Windows\Cookies\Low\sam@content.yieldmanager[2].txt
C:\Users\sam\AppData\Roaming\Microsoft\Windows\Cookies\Low\sam@content.yieldmanager[3].txt
C:\Users\sam\AppData\Roaming\Microsoft\Windows\Cookies\Low\sam@doubleclick[2].txt
C:\Users\sam\AppData\Roaming\Microsoft\Windows\Cookies\Low\sam@fastclick[1].txt
C:\Users\sam\AppData\Roaming\Microsoft\Windows\Cookies\Low\sam@insightexpressai[1].txt
C:\Users\sam\AppData\Roaming\Microsoft\Windows\Cookies\Low\sam@kontera[2].txt
C:\Users\sam\AppData\Roaming\Microsoft\Windows\Cookies\Low\sam@revsci[1].txt
C:\Users\sam\AppData\Roaming\Microsoft\Windows\Cookies\Low\sam@rotator.adjuggler[1].txt
C:\Users\sam\AppData\Roaming\Microsoft\Windows\Cookies\Low\sam@tribalfusion[1].txt
C:\Users\sam\AppData\Roaming\Microsoft\Windows\Cookies\Low\sam@www.googleadservices[1].txt
C:\Users\sam\AppData\Roaming\Microsoft\Windows\Cookies\Low\sam@zedo[2].txt

all steps done, tunring back on norton. Hijack log is attached. all good?

Thank you Sam. The main log I ask to be pasted is the HijackThis log- the others can be attached.

Are you still having the original problem? There's not much in the HJT log.

You have the Ask Toolbar installed, I would recommend you uninstall it. It is not a virus or malware- it's referred to as Foistware. It usually comes with another program without the users permission - decide after taking a look at this article:

http://www.benedelman.org/spyware/ask-toolbars/

I have coded the HJT entries for this program in green. Most of us encourage the removal of the AskBar.

Please reopen HijackThis to 'do system scan only.' Check the following entries if present:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll Optional removal
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe Optional removal

Close all Windows except HijackThis. Click on "Fix Checked."

You can easily uninstall the AskToolbar using the instructions below for Windows Vista:

• 
  [1]. Close all open Web browsers
  [2]. From the "Start" menu in Windows, select "Control Panel"
  [3]. Under the "Programs" icon, select "Uninstall a program"
  [4]. Select the program with the Ask logo and the text "Ask Toolbar"
  [5]. Click "Uninstall" and then "Continue" to remove the Toolbar
  [6]. Use Windows Excplorer: right click on Start> Explore> Local Drive (C)> Progrqms> right click> delete on any 'Ask' entry.

If you reopen your Web browser and still see the Toolbar, you may need to restart your computer for the uninstall process to be completed.

I'd like you to run an online virus scanner:
Open
Kaspersky Online Scanner in Internet Explorer

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

• Click Accept and the web scanner will begin to load
• If a yellow warning bar appears at the top of the browser, click it and choose Install ActiveX Control
• You will be prompted to install an ActiveX component from Kaspersky, click Install
• If you are prompted about another ActiveX control called Kaspersky Online Scanner GUI part then allow it to be installed also.
• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT and then Scan Settings
• In the scan settings make that the following are selected:
  [o] Scan using the following Anti-Virus database> Extended (if available otherwise Standard)
  [o] Scan Options: Scan Archives> Scan Mail Bases
• Click OK
• Now under select a target to scan:
  [o] Select My Computer
• The program will start to scan your system.
• Once the scan is complete, click on the Save as Text button and save the file to your desktop

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.

Attach the Kaspersky log. IF it's clean and if the originl problems have been resolved, I'll have you remove the cleaning toos and set new restore point.

No, after running malawarebytes the first time, after Lewis told me to, I stopped having any problems. and this morning trying to delete the ask toolbar when my computer restarted it could not reboot. I had to wipe my hard drive.

Sam, removing the AskBar should not have caused a problem like that. Lewis is not one of our malware helpers- but even running Malwarebytes shouldn't have contributed.

It is more likely in my opinion, that you either got other malware or had some system problem- even that at his point shouldn't have demanded a reinstall.

But the system should be clean now. Here are some tips to keep it that way:
Please follow these simple steps to keep your computer clean and secure:
1.Disable and Enable System Restore: This will help you to drop the old restore points and set a new, clean one:

System Restore Guide

2.Stay current on updates:

• Visit the Microsoft Download Sitefrequently.
  You should get All updates marked Critical and the current SP updates:Windows 2000> SP4, Windows XP> SP2, SP3, Vista> SP1
• Visit this site[Adobe Readeroften and make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.
• Check this site often.Java Updates Stay current as most updates are for security. Uninstall any earlier versions in Add/Remove Programs.

3.Make Internet Explorer safer. Follow the suggestions HERE
This Tutorial will help guide you through Configuring Security Settings, Managing Active X Controls and other safety features.

4.Remove Temporary Internet Files regularly: Use

• ATF Cleaner by Atribune or
• TFC

5. Use an AntiVirus Software(only one)

• This can save you a lot of trouble with malware in the future.It should be kept updated and useed to scan regularly.
• See This link for a listing of some online & their stand-alone antivirus programs:
  Virus, Spyware, and Malware Protection and Removal Resources

6.Use a good, bi-directional firewall(one software firewall)
[*]See Understanding and Using Firewalls including links to download a firewall.

7.Consider these programs for Extra Security

• Spywareblaster:
• SpywareBlaster protects against bad ActiveX. It places kill bits to stop bad Active X controls from being installed. Remember to update it regularly.
• IE/Spyad
• This places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
• MVPS Hosts files This replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
• Google Toolbar Get the free google toolbar to help stop pop up windows.

If I can be of further assistance, please let me know. Help and support is only given in the forums but you can send a PM to me and bring my attention back to the thread.