You know me and have had my introduction before so i`ll skip it this time. HJT is not showing anything unusual, lets have a deeper look and see if anything is lurking deeper. Please proceed as follows.
1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option ORdownload the toolbar-free or Slim versions instead of the Standard Build. 2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 24/48 hours" 3. Then select the items you wish to clean up. In the Windows Tab:
Clean all entries in the "Internet Explorer" section except Cookies if you want to keep those.
Clean all the entries in the "Windows Explorer" section.
Clean all entries in the "System" section.
Clean all entries in the "Advanced" section.
Clean any others that you choose.
In the Applications Tab:
Clean all except cookies in the Firefox/Mozilla section if you use it.
Clean all in the Opera section if you use it.
Clean Sun Java in the Internet Section.
Clean any others that you choose.
4. Click the "Run Cleaner" button. 5. A pop up box will appear advising this process will permanently delete files from your system. 6. Click "OK" and it will scan and clean your system. 7. Click "exit" when done.
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to ALLOW the changes.Instructions available HERE
Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
If you encounter any problems while downloading the definition updates, manually download them from HERE and just double-click on mbam-rules.exe to install.
On the Scanner tab:
Make sure the "Perform Quick Scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
Step 3
We need to see some additional information about what is happening in your machine. Please perform the following scan:
Download DDS by sUBs from one of the following links. Save it to your desktop.
A small box will open, with an explanation about the tool.
When done, DDS will open two (2) logs 1. DDS.txt 2. Attach.txt
Save both reports to your desktop.
The instructions here ask you to attach the Attach.txt.
Instead of attaching, please copy/past both logs into your next reply.
Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE
Step 4
Download Security Check by screen317 from HERE or HERE. Save it to your Desktop. Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. Press any key when asked. A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Thank you!!! Malwarebytes' quick scan didn't report anything. Still can't get Windows to update. I told Hubby there never were any updates but he said the update history has been lost and that it had originally been getting the updates. Here are the log files you requested:
Memory Processes Infected: (No malicious items detected)
Memory Modules Infected: (No malicious items detected)
Registry Keys Infected: (No malicious items detected)
Registry Values Infected: (No malicious items detected)
Registry Data Items Infected: (No malicious items detected)
Folders Infected: (No malicious items detected)
Files Infected: (No malicious items detected)
DDS:
DDS (Ver_10-03-17.01) - NTFSx86 Run by *** at 14:49:56.73 on Mon 06/14/2010 Internet Explorer: 8.0.6001.18865 Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3573.2168 [GMT -7:00]
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft® Windows Vista™ Ultimate Boot Device: \Device\HarddiskVolume3 Install Date: 2/18/2009 9:25:56 AM System Uptime: 6/14/2010 11:36:45 AM (3 hours ago)
Motherboard: Dell Inc. | | 0U990C Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz | Microprocessor | 2000/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 221 GiB total, 161.629 GiB free. D: is FIXED (NTFS) - 10 GiB total, 3.901 GiB free. E: is CDROM () G: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================
==== Installed Programs ======================
Acrobat.com Adobe AIR Adobe Flash Player 10 ActiveX Adobe Reader 9.3.2 Advanced Audio FX Engine Advanced Video FX Engine AnswerWorks 4.0 Runtime - English AutoCAD 2000 AutoCAD 2000 Migration Assistance BitPim 1.0.6 CCleaner Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Compatibility Pack for the 2007 Office system Dell Driver Download Manager Dell Resource CD Dell Touchpad Dell Webcam Center Dell Webcam Manager Dell Wireless WLAN Card GoToAssist 8.0.0.514 HiJackThis HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Intel(R) Graphics Media Accelerator Driver J2SE Runtime Environment 5.0 Update 5 Laptop Integrated Webcam Driver (1.04.01.1011) Live! Cam Avatar Creator Live! Cam Avatar v1.0 Malwarebytes' Anti-Malware Marvell Miniport Driver McAfee Online Backup McAfee Total Protection Microsoft .NET Framework 3.5 SP1 Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Excel MUI (English) 2007 Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Works Mozilla Firefox (3.5.2) Netflix Movie Viewer OGA Notifier 2.0.0048.0 RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 Roxio Creator Audio Roxio Creator Copy Roxio Creator Data Roxio Creator DE Roxio Creator Tools Roxio Express Labeler 3 Roxio Update Manager Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB973704) Security Update for Microsoft Office Excel 2007 (KB973593) Security Update for Microsoft Office PowerPoint 2007 (KB957789) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB969613) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) SigmaTel Audio Sony ACID Music Studio 7.0 Sony Preset Manager 2.0e Spelling Dictionaries Support For Adobe Reader 9 SUPERAntiSpyware TurboTax 2009 wcaiper Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office InfoPath 2007 (KB976416) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 (KB974561) Update for Microsoft Office Word 2007 Help (KB963665) Yahoo! Toolbar
==== End Of File ===========================
CHECKUP:
Results of screen317's Security Check version 0.99.4 Windows Vista Service Pack 2 (UAC is enabled) Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Sony Preset Manager 2.0e McAfee Total Protection McAfee Online Backup WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware HijackThis 2.0.2 CCleaner Adobe Flash Player Adobe Reader 9.3.2 Mozilla Firefox (3.5.2) Firefox Out of Date! ```````````````````````````````` Process Check: objlist.exe by Laurent McAfee Online Backup MOBKbackup.exe ```````````````````````````````` DNS Vulnerability Check: GREAT! (Not vulnerable to DNS cache poisoning)
Thank you!!! Malwarebytes' quick scan didn't report anything. Still can't get Windows to update. I told Hubby there never were any updates but he said the update history has been lost and that it had originally been getting the updates. Here are the log files you requested:
Memory Processes Infected: (No malicious items detected)
Memory Modules Infected: (No malicious items detected)
Registry Keys Infected: (No malicious items detected)
Registry Values Infected: (No malicious items detected)
Registry Data Items Infected: (No malicious items detected)
Folders Infected: (No malicious items detected)
Files Infected: (No malicious items detected)
DDS:
DDS (Ver_10-03-17.01) - NTFSx86 Run by *** at 14:49:56.73 on Mon 06/14/2010 Internet Explorer: 8.0.6001.18865 Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3573.2168 [GMT -7:00]
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft® Windows Vista™ Ultimate Boot Device: \Device\HarddiskVolume3 Install Date: 2/18/2009 9:25:56 AM System Uptime: 6/14/2010 11:36:45 AM (3 hours ago)
Motherboard: Dell Inc. | | 0U990C Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz | Microprocessor | 2000/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 221 GiB total, 161.629 GiB free. D: is FIXED (NTFS) - 10 GiB total, 3.901 GiB free. E: is CDROM () G: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================
==== Installed Programs ======================
Acrobat.com Adobe AIR Adobe Flash Player 10 ActiveX Adobe Reader 9.3.2 Advanced Audio FX Engine Advanced Video FX Engine AnswerWorks 4.0 Runtime - English AutoCAD 2000 AutoCAD 2000 Migration Assistance BitPim 1.0.6 CCleaner Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Compatibility Pack for the 2007 Office system Dell Driver Download Manager Dell Resource CD Dell Touchpad Dell Webcam Center Dell Webcam Manager Dell Wireless WLAN Card GoToAssist 8.0.0.514 HiJackThis HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Intel(R) Graphics Media Accelerator Driver J2SE Runtime Environment 5.0 Update 5 Laptop Integrated Webcam Driver (1.04.01.1011) Live! Cam Avatar Creator Live! Cam Avatar v1.0 Malwarebytes' Anti-Malware Marvell Miniport Driver McAfee Online Backup McAfee Total Protection Microsoft .NET Framework 3.5 SP1 Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Excel MUI (English) 2007 Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Works Mozilla Firefox (3.5.2) Netflix Movie Viewer OGA Notifier 2.0.0048.0 RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 Roxio Creator Audio Roxio Creator Copy Roxio Creator Data Roxio Creator DE Roxio Creator Tools Roxio Express Labeler 3 Roxio Update Manager Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB973704) Security Update for Microsoft Office Excel 2007 (KB973593) Security Update for Microsoft Office PowerPoint 2007 (KB957789) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB969613) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) SigmaTel Audio Sony ACID Music Studio 7.0 Sony Preset Manager 2.0e Spelling Dictionaries Support For Adobe Reader 9 SUPERAntiSpyware TurboTax 2009 wcaiper Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office InfoPath 2007 (KB976416) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 (KB974561) Update for Microsoft Office Word 2007 Help (KB963665) Yahoo! Toolbar
==== End Of File ===========================
CHECKUP:
Results of screen317's Security Check version 0.99.4 Windows Vista Service Pack 2 (UAC is enabled) Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Sony Preset Manager 2.0e McAfee Total Protection McAfee Online Backup WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware HijackThis 2.0.2 CCleaner Adobe Flash Player Adobe Reader 9.3.2 Mozilla Firefox (3.5.2) Firefox Out of Date! ```````````````````````````````` Process Check: objlist.exe by Laurent McAfee Online Backup MOBKbackup.exe ```````````````````````````````` DNS Vulnerability Check: GREAT! (Not vulnerable to DNS cache poisoning)
Those logs are clean, I assume that you have Windows set to update Automatically? What happens if you try a manual update. Are there any error codes.
Select > Start > All Programs > Windows Update. What happens does windows look for or offer updates, let me know what happens.
Kevin
Edit,
I`ve just noticed your other reply about the prior scans you ran. I`m not concerned about the cookies but I am about the Rogueware.
Run an online virus scan with Kaspersky from HERE.
1. At the main page. Press on "Accept". After reading the contents. 2. At the next window Select Update. Allow the Database to update. Note: If prompted to run or update your Java, then follow the prompts to do so. Kaspersky requires Java to run. 3. Once the Database has finished, under the Scan icon Select My Computer to start the scan. The scan may take a few minutes to complete. 4. Select Scan Report. 5. If any threats were found they will appear in the report 6. Select "Save error report as" Then in the file name just type in kaspersky Under "save as type" select text .txt Save it to your Desktop. Copy and post the results of the Kaspersky Online scan. If no threats were found then report that as well.
Oops, before I started this thread, I ran Superantispyware which removed 1000+ Adware tracking cookies and a full scan of MBAM which did remove one infected file:
Just to let you know I am running Kaspersky and it's finding some things. If it's done before I hit the sack I'll post.
I was trying to figure out if the Windows install behavior had changed some from what we did today or was it when I took a run at the problem a few weeks ago. (I haven't really made a big effort to help hubby on this one; we both figured it was just that Vista was buggy).
So today, when I try and update Windows from IE's Tools menu, nothing happens, no window comes up or anything. At the microsoft.com update center, I get "Microsoft updater could not be installed." I think what I tried a few weeks back is to at least just get the updater installed. Nothing doing today either and I couldn't seem to find the place to just check for updates. I go to the Control Panel, I get error 800B0109. The little icon in the system tray doesn't do anything, it at least used to lead you on to another merry dead end. It seems in the past all paths used to report this error 800B0109 if my memory serves me correctly (it doesn't always and sometimes the recall takes awhile).
Anyway, it's kind of a side note. A lot of people have this problem with Vista getting Windows Updates and there doesn't seem to be any help out there. That's probably why so many people hate Vista!
When we bought this laptop, dell didn't format the drive correctly based on the hardware and so our first experience was of a system slowly unravelling. Hubby got some help finally but it required reformatting and reinstalling everything (and he has alot). After a bit, this problem with updates began, so his experience has been a nightmare, really.
The only thing I could find on the antispywaresoft (and I meant to bring it up with you again because it didn't look like a good one to have) and Windows Update was a guy who had an XP system that had malware. He ran it through a bunch of different things but still couldn't do an update. He got a redistributable SP3 install and ran it and got the updating back. He had hoped he got rid of all the malware.
It's probably not significant but he did have the antispywaresoft and he did have a lot of problems getting rid of it (plus he had the problems with the updating).
I guess the next thing I thought about doing is looking for the latest SP in a form I could install from say my memory stick, downloaded at the desk top. What ever other stuff from Microsoft, downloaded to the desktop somehow (I am assuming I can get some of this in redistributable form at their website, if not, I thought I'd ask you).
It's getting late and I'm rambling but I wanted you to know I'm still here. BTW, I am keeping up on the e-mails because I had hubby disable all the shared places between computers (not like my solution to just disconnect myself from the Internet). Who can stand to be disconnected?
-------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Tuesday, June 15, 2010 Operating system: Microsoft Windows Vista Ultimate Edition, 32-bit Service Pack 2 (build 6002) Infected: 7.0.26.13 Last database update: Tuesday, June 15, 2010 02:14:49 Records in database: 4277619 --------------------------------------------------------------------------------
Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes
Copy the text between the dotted lines below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): ---------------------------------------------------------------------- :Processes explorer.exe
Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose
Yes.
If the machine reboots, the Results log can be found here:
c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log
Where mmddyyyy_hhmmss is the date of the tool run.
Next,
We will contiue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
Combofix
Don`t forget
Combofix must be saved to your desktop.
Ensure you have
disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Please include the
C:\ComboFix.txt in your next reply for further review.
Note: Do not click combofix's window with your mouse while it's running. That action may cause it to stall.
Examples of how to disable realtime protection available at the following link :-
Here we go. I see a couple 'denied' entries in Combofix, I wonder if I disabled the McAfee enough. Also, when kaspersky scans, does it also quaranteen. I just wondered because I didn't do anything special after the scan, I just grabbed the report.
OTM:
All processes killed ========== PROCESSES ========== No active process named explorer.exe was found! ========== FILES ========== File/Folder C:\Users\***\AppData\Local\Temp\Low\jxwbng.exe not found. File/Folder C:\Users\***\AppData\Local\Temp\Low\xfhedg.exe not found. ========== COMMANDS ========== Restore point Set: OTM Restore Point
OTM by OldTimer - Version 3.1.12.2 log created on 06152010_110417
Files moved on Reboot... C:\Users\***\AppData\Local\Temp\Low\~DF66BF.tmp moved successfully. C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
Registry entries deleted on Reboot...
COMBOFIX:
ComboFix 10-06-15.01 - *** 06/15/2010 11:26:03.1.2 - x86 Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3573.2581 [GMT -7:00] Running from: c:\users\***\Downloads\ComboFix.exe SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} .
((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) .
c:\users\***\GoToAssistDownloadHelper.exe
. ((((((((((((((((((((((((( Files Created from 2010-05-15 to 2010-06-15 ))))))))))))))))))))))))))))))) .
- - End Of File - - 8357FA9A502C1FA9B7E5CAC5AA5BD43C
HJT:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:35:19 AM, on 6/15/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18865) Boot mode: Normal
Lets do a scan with ESET just to make sure we`ve not missed any remnants, if ESET comes up OK we`ll remove all of the tools and clean up. I`ll then give you a fix for the windows updates and see how it goes, OK. Proceed as follows :-
Run ESET Online Scan
Hold down Control and click on the following link to open ESET OnlineScan in a new window.ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Push the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
ESET didn't find anything and it didn't seem to give me the option of looking at a log file. I hope that's okay.
In the meantime I tried a Microsoft fixit utility for Windows Update to no avail (I think I've been down that path already). It did get me back to the more consistent error reporting for 800B0109 on all the different approaches for Windows Updating. I tried manually installing SP2 (I hope I didn't jump the gun), even though hubby supposedly already has SP2 installed, and got the same error number with the text 'A certificate chain processed, but terminated in the root certificate which is not trusted by the trust provider'.
Ok lets clean all the tools out of the way then try another fix i`ve just located on the microsoft social website. It still involves using the fixit you`ve tried , but first you have to uninstall McAfee, run a cleanup tool, then reinstall.
Step 1
Remove Combofix now that we're done with it
Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
Please follow the prompts to uninstall Combofix.
You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
Step 2
Download OTC by OldTimer and save it to your Desktop.
Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
Then Click the big button.
You will get a prompt saying "Begining Cleanup Process". Please select Yes.
Restart your computer when prompted.It will also remove the OTC application.
kevinf80_1d0ac6
1.1K Posts
0
June 14th, 2010 09:00
Hi Laurie,
You know me and have had my introduction before so i`ll skip it this time. HJT is not showing anything unusual, lets have a deeper look and see if anything is lurking deeper. Please proceed as follows.
Step 1
Download and scan with CCleaner
1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free or Slim versions instead of the Standard Build.
2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 24/48 hours"
3. Then select the items you wish to clean up.
In the Windows Tab:
In the Applications Tab:
4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.
Step 2
Please download Malwarebytes Anti-Malware and save it to your desktop.
Alernative D/L mirror
Alternative D/L mirror
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to ALLOW the changes. Instructions available HERE
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
On the Scanner tab:
Back at the main Scanner screen:
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
Step 3
We need to see some additional information about what is happening in your machine.
Please perform the following scan:
2. Attach.txt
Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE
Step 4
Download Security Check by screen317 from HERE or HERE.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
What i`d like to see in your reply :-
Kevin
chkn
41 Posts
0
June 14th, 2010 16:00
Hi Kevin:
Thank you!!! Malwarebytes' quick scan didn't report anything. Still can't get Windows to update. I told Hubby there never were any updates but he said the update history has been lost and that it had originally been getting the updates. Here are the log files you requested:
Laurie
MBAM:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4198
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865
6/14/2010 2:43:15 PM
mbam-log-2010-06-14 (14-43-15).txt
Scan type: Quick scan
Objects scanned: 131681
Time elapsed: 5 minute(s), 17 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
DDS:
DDS (Ver_10-03-17.01) - NTFSx86
Run by *** at 14:49:56.73 on Mon 06/14/2010
Internet Explorer: 8.0.6001.18865
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3573.2168 [GMT -7:00]
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\STacSV.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Users\***\AppData\Local\Sony Corporation\VirtualExpander\VirtualExpander.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\***\Downloads\dds.pif
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uSearch Bar = Preserve
uStart Page = hxxp://monstercrawler.com/
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100607113803.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\***\appdata\roaming\microsoft\windows\start menu\programs\startup\OneNote Table Of Contents.onetoc2
StartupFolder: c:\users\***\appdata\roaming\micros~1\windows\startm~1\programs\startup\virtua~1.lnk - c:\users\***\appdata\local\sony corporation\virtualexpander\VirtualExpander.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_05\bin\npjpi150_05.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
Trusted Zone: turbotax.com
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\***\appdata\roaming\mozilla\firefox\profiles\5kvkvv4q.default\
FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJPI150_05.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPOJI610.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-4-14 385536]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-6-7 64304]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-6-7 160720]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [2010-6-7 54776]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2009-2-18 73728]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-6-7 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-6-7 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-6-7 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-6-7 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-6-7 170144]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-6-7 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-6-7 141792]
R2 MOBKbackup;McAfee Online Backup;c:\program files\mcafee online backup\MOBKbackup.exe [2010-4-13 229688]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-6-7 55456]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-2-18 111616]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-6-7 152320]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-6-7 51688]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-6-7 312616]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-6-7 83496]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-10-8 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-10-8 40552]
=============== Created Last 30 ================
2010-06-14 20:03:50 0 d-----w- c:\programdata\Yahoo! Companion
2010-06-14 20:03:46 0 d-----w- c:\program files\CCleaner
2010-06-13 17:32:05 0 d-----w- c:\program files\Trend Micro
2010-06-13 07:23:15 0 d-----w- c:\users\***\appdata\roaming\SUPERAntiSpyware.com
2010-06-13 07:23:15 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-06-13 07:23:10 0 d-----w- c:\program files\SUPERAntiSpyware
2010-06-13 06:05:04 0 d-----w- c:\users\***\appdata\roaming\Malwarebytes
2010-06-13 06:04:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-13 06:04:49 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-13 06:04:49 0 d-----w- c:\programdata\Malwarebytes
2010-06-13 06:04:49 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-07 19:53:23 1905 ----a-w- c:\windows\diagwrn.xml
2010-06-07 19:53:23 1905 ----a-w- c:\windows\diagerr.xml
2010-06-07 18:40:04 0 d-----w- c:\program files\McAfeeMOBK
2010-06-07 18:39:58 54776 ----a-w- c:\windows\system32\drivers\MOBK.sys
2010-06-07 18:39:56 0 d-----w- c:\program files\McAfee Online Backup
2010-06-07 18:38:01 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-06-07 18:37:31 160720 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-06-07 18:37:30 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-06-07 18:37:30 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-06-07 18:37:29 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-06-07 18:37:28 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-06-07 18:37:28 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-06-07 18:37:28 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-06-07 18:21:11 0 d-----w- c:\program files\McAfee.com
==================== Find3M ====================
2010-06-07 18:38:49 51200 ----a-w- c:\windows\inf\infpub.dat
2010-06-07 18:38:49 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-06-07 18:38:48 86016 ----a-w- c:\windows\inf\infstor.dat
2009-10-29 14:50:30 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-02-18 19:58:15 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-02-18 20:36:43 75 --sh--r- c:\windows\CT4CET.bin
2009-10-20 01:30:05 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-01-13 02:43:11 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2010-01-13 02:43:11 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2010-01-13 02:43:11 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-10-17 03:47:20 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
============= FINISH: 14:50:38.04 ===============
ATTACH:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume3
Install Date: 2/18/2009 9:25:56 AM
System Uptime: 6/14/2010 11:36:45 AM (3 hours ago)
Motherboard: Dell Inc. | | 0U990C
Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz | Microprocessor | 2000/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 221 GiB total, 161.629 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 3.901 GiB free.
E: is CDROM ()
G: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================
==== Installed Programs ======================
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.2
Advanced Audio FX Engine
Advanced Video FX Engine
AnswerWorks 4.0 Runtime - English
AutoCAD 2000
AutoCAD 2000 Migration Assistance
BitPim 1.0.6
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Dell Driver Download Manager
Dell Resource CD
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
Dell Wireless WLAN Card
GoToAssist 8.0.0.514
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
J2SE Runtime Environment 5.0 Update 5
Laptop Integrated Webcam Driver (1.04.01.1011)
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
Malwarebytes' Anti-Malware
Marvell Miniport Driver
McAfee Online Backup
McAfee Total Protection
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.5.2)
Netflix Movie Viewer
OGA Notifier 2.0.0048.0
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
SigmaTel Audio
Sony ACID Music Studio 7.0
Sony Preset Manager 2.0e
Spelling Dictionaries Support For Adobe Reader 9
SUPERAntiSpyware
TurboTax 2009 wcaiper
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Yahoo! Toolbar
==== End Of File ===========================
CHECKUP:
Results of screen317's Security Check version 0.99.4
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Sony Preset Manager 2.0e
McAfee Total Protection
McAfee Online Backup
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
Adobe Flash Player
Adobe Reader 9.3.2
Mozilla Firefox (3.5.2) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
McAfee Online Backup MOBKbackup.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)
``````````End of Log````````````
chkn
41 Posts
0
June 14th, 2010 16:00
Hi Kevin:
Thank you!!! Malwarebytes' quick scan didn't report anything. Still can't get Windows to update. I told Hubby there never were any updates but he said the update history has been lost and that it had originally been getting the updates. Here are the log files you requested:
Laurie
MBAM:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4198
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865
6/14/2010 2:43:15 PM
mbam-log-2010-06-14 (14-43-15).txt
Scan type: Quick scan
Objects scanned: 131681
Time elapsed: 5 minute(s), 17 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
DDS:
DDS (Ver_10-03-17.01) - NTFSx86
Run by *** at 14:49:56.73 on Mon 06/14/2010
Internet Explorer: 8.0.6001.18865
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3573.2168 [GMT -7:00]
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\STacSV.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Users\***\AppData\Local\Sony Corporation\VirtualExpander\VirtualExpander.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\***\Downloads\dds.pif
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uSearch Bar = Preserve
uStart Page = hxxp://monstercrawler.com/
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100607113803.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\***\appdata\roaming\microsoft\windows\start menu\programs\startup\OneNote Table Of Contents.onetoc2
StartupFolder: c:\users\***\appdata\roaming\micros~1\windows\startm~1\programs\startup\virtua~1.lnk - c:\users\***\appdata\local\sony corporation\virtualexpander\VirtualExpander.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_05\bin\npjpi150_05.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
Trusted Zone: turbotax.com
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\***\appdata\roaming\mozilla\firefox\profiles\5kvkvv4q.default\
FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJPI150_05.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPOJI610.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-4-14 385536]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-6-7 64304]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-6-7 160720]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [2010-6-7 54776]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2009-2-18 73728]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-6-7 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-6-7 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-6-7 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-6-7 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-6-7 170144]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-6-7 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-6-7 141792]
R2 MOBKbackup;McAfee Online Backup;c:\program files\mcafee online backup\MOBKbackup.exe [2010-4-13 229688]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-6-7 55456]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-2-18 111616]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-6-7 152320]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-6-7 51688]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-6-7 312616]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-6-7 83496]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-10-8 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-10-8 40552]
=============== Created Last 30 ================
2010-06-14 20:03:50 0 d-----w- c:\programdata\Yahoo! Companion
2010-06-14 20:03:46 0 d-----w- c:\program files\CCleaner
2010-06-13 17:32:05 0 d-----w- c:\program files\Trend Micro
2010-06-13 07:23:15 0 d-----w- c:\users\***\appdata\roaming\SUPERAntiSpyware.com
2010-06-13 07:23:15 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-06-13 07:23:10 0 d-----w- c:\program files\SUPERAntiSpyware
2010-06-13 06:05:04 0 d-----w- c:\users\***\appdata\roaming\Malwarebytes
2010-06-13 06:04:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-13 06:04:49 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-13 06:04:49 0 d-----w- c:\programdata\Malwarebytes
2010-06-13 06:04:49 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-07 19:53:23 1905 ----a-w- c:\windows\diagwrn.xml
2010-06-07 19:53:23 1905 ----a-w- c:\windows\diagerr.xml
2010-06-07 18:40:04 0 d-----w- c:\program files\McAfeeMOBK
2010-06-07 18:39:58 54776 ----a-w- c:\windows\system32\drivers\MOBK.sys
2010-06-07 18:39:56 0 d-----w- c:\program files\McAfee Online Backup
2010-06-07 18:38:01 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-06-07 18:37:31 160720 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-06-07 18:37:30 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-06-07 18:37:30 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-06-07 18:37:29 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-06-07 18:37:28 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-06-07 18:37:28 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-06-07 18:37:28 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-06-07 18:21:11 0 d-----w- c:\program files\McAfee.com
==================== Find3M ====================
2010-06-07 18:38:49 51200 ----a-w- c:\windows\inf\infpub.dat
2010-06-07 18:38:49 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-06-07 18:38:48 86016 ----a-w- c:\windows\inf\infstor.dat
2009-10-29 14:50:30 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-02-18 19:58:15 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-02-18 20:36:43 75 --sh--r- c:\windows\CT4CET.bin
2009-10-20 01:30:05 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-01-13 02:43:11 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2010-01-13 02:43:11 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2010-01-13 02:43:11 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-10-17 03:47:20 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
============= FINISH: 14:50:38.04 ===============
ATTACH:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume3
Install Date: 2/18/2009 9:25:56 AM
System Uptime: 6/14/2010 11:36:45 AM (3 hours ago)
Motherboard: Dell Inc. | | 0U990C
Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz | Microprocessor | 2000/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 221 GiB total, 161.629 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 3.901 GiB free.
E: is CDROM ()
G: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================
==== Installed Programs ======================
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.2
Advanced Audio FX Engine
Advanced Video FX Engine
AnswerWorks 4.0 Runtime - English
AutoCAD 2000
AutoCAD 2000 Migration Assistance
BitPim 1.0.6
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Dell Driver Download Manager
Dell Resource CD
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
Dell Wireless WLAN Card
GoToAssist 8.0.0.514
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
J2SE Runtime Environment 5.0 Update 5
Laptop Integrated Webcam Driver (1.04.01.1011)
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
Malwarebytes' Anti-Malware
Marvell Miniport Driver
McAfee Online Backup
McAfee Total Protection
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.5.2)
Netflix Movie Viewer
OGA Notifier 2.0.0048.0
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
SigmaTel Audio
Sony ACID Music Studio 7.0
Sony Preset Manager 2.0e
Spelling Dictionaries Support For Adobe Reader 9
SUPERAntiSpyware
TurboTax 2009 wcaiper
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Yahoo! Toolbar
==== End Of File ===========================
CHECKUP:
Results of screen317's Security Check version 0.99.4
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Sony Preset Manager 2.0e
McAfee Total Protection
McAfee Online Backup
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
Adobe Flash Player
Adobe Reader 9.3.2
Mozilla Firefox (3.5.2) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
McAfee Online Backup MOBKbackup.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)
``````````End of Log````````````
kevinf80_1d0ac6
1.1K Posts
0
June 14th, 2010 17:00
Hi Laurie,
Those logs are clean, I assume that you have Windows set to update Automatically? What happens if you try a manual update. Are there any error codes.
Select > Start > All Programs > Windows Update. What happens does windows look for or offer updates, let me know what happens.
Kevin
Edit,
I`ve just noticed your other reply about the prior scans you ran. I`m not concerned about the cookies but I am about the Rogueware.
chkn
41 Posts
0
June 14th, 2010 17:00
Oops, before I started this thread, I ran Superantispyware which removed 1000+ Adware tracking cookies and a full scan of MBAM which did remove one infected file:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4192
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865
6/13/2010 12:08:26 AM
mbam-log-2010-06-13 (00-08-26).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 242628
Time elapsed: 52 minute(s), 32 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\74G6X0QL\movie[1].exe (Rogue.AntispywareSoft) -> Quarantined and deleted successfully.
chkn
41 Posts
0
June 15th, 2010 01:00
Hi Kevin:
Just to let you know I am running Kaspersky and it's finding some things. If it's done before I hit the sack I'll post.
I was trying to figure out if the Windows install behavior had changed some from what we did today or was it when I took a run at the problem a few weeks ago. (I haven't really made a big effort to help hubby on this one; we both figured it was just that Vista was buggy).
So today, when I try and update Windows from IE's Tools menu, nothing happens, no window comes up or anything. At the microsoft.com update center, I get "Microsoft updater could not be installed." I think what I tried a few weeks back is to at least just get the updater installed. Nothing doing today either and I couldn't seem to find the place to just check for updates. I go to the Control Panel, I get error 800B0109. The little icon in the system tray doesn't do anything, it at least used to lead you on to another merry dead end. It seems in the past all paths used to report this error 800B0109 if my memory serves me correctly (it doesn't always and sometimes the recall takes awhile).
Anyway, it's kind of a side note. A lot of people have this problem with Vista getting Windows Updates and there doesn't seem to be any help out there. That's probably why so many people hate Vista!
When we bought this laptop, dell didn't format the drive correctly based on the hardware and so our first experience was of a system slowly unravelling. Hubby got some help finally but it required reformatting and reinstalling everything (and he has alot). After a bit, this problem with updates began, so his experience has been a nightmare, really.
The only thing I could find on the antispywaresoft (and I meant to bring it up with you again because it didn't look like a good one to have) and Windows Update was a guy who had an XP system that had malware. He ran it through a bunch of different things but still couldn't do an update. He got a redistributable SP3 install and ran it and got the updating back. He had hoped he got rid of all the malware.
It's probably not significant but he did have the antispywaresoft and he did have a lot of problems getting rid of it (plus he had the problems with the updating).
http://www.bleepingcomputer.com/forums/topic312219.html#entry1729768
I guess the next thing I thought about doing is looking for the latest SP in a form I could install from say my memory stick, downloaded at the desk top. What ever other stuff from Microsoft, downloaded to the desktop somehow (I am assuming I can get some of this in redistributable form at their website, if not, I thought I'd ask you).
It's getting late and I'm rambling but I wanted you to know I'm still here. BTW, I am keeping up on the e-mails because I had hubby disable all the shared places between computers (not like my solution to just disconnect myself from the Internet). Who can stand to be disconnected?
Kaspersky 38% and counting....me sooo tired.
Laurie
chkn
41 Posts
0
June 15th, 2010 02:00
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, June 15, 2010
Operating system: Microsoft Windows Vista Ultimate Edition, 32-bit Service Pack 2 (build 6002)
Infected: 7.0.26.13
Last database update: Tuesday, June 15, 2010 02:14:49
Records in database: 4277619
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
Scan statistics:
Objects scanned: 106011
Threats found: 1
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 01:16:23
File name / Threat / Threats count
C:\Users\***\AppData\Local\Temp\Low\jxwbng.exe Infected: Trojan-Dropper.Win32.Drooptroop.cpt 1
C:\Users\***\AppData\Local\Temp\Low\xfhedg.exe Infected: Trojan-Dropper.Win32.Drooptroop.cpt 1
Selected area has been scanned.
chkn
41 Posts
0
June 15th, 2010 02:00
Did a separate scan on his memory stick and that came up clean.
kevinf80_1d0ac6
1.1K Posts
0
June 15th, 2010 03:00
Please download OTM by OldTimer. Save it to your desktop.
Double click OTM.exe to start the tool.
----------------------------------------------------------------------
:Processes
explorer.exe
:Files
C:\Users\***\AppData\Local\Temp\Low\jxwbng.exe
C:\Users\***\AppData\Local\Temp\Low\xfhedg.exe
:Commands
[CreateRestorePoint]
[EmptyFlash]
[EmptyTemp]
[Purity]
[Start Explorer]
[Reboot]
---------------------------------------------------------------------
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
If the machine reboots, the Results log can be found here:
c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log
Where mmddyyyy_hhmmss is the date of the tool run.
Next,
We will contiue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool: Combofix
Don`t forget Combofix must be saved to your desktop. Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Please include the C:\ComboFix.txt in your next reply for further review.
Note: Do not click combofix's window with your mouse while it's running. That action may cause it to stall.
Examples of how to disable realtime protection available at the following link :-
Disable realtime protection
Let me see the logs from OTM and Combofix in reply, also a fresh HJT log please..
Kevin
chkn
41 Posts
0
June 15th, 2010 12:00
Here we go. I see a couple 'denied' entries in Combofix, I wonder if I disabled the McAfee enough. Also, when kaspersky scans, does it also quaranteen. I just wondered because I didn't do anything special after the scan, I just grabbed the report.
OTM:
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\Users\***\AppData\Local\Temp\Low\jxwbng.exe not found.
File/Folder C:\Users\***\AppData\Local\Temp\Low\xfhedg.exe not found.
========== COMMANDS ==========
Restore point Set: OTM Restore Point
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 4468030 bytes
->Temporary Internet Files folder emptied: 2321722 bytes
->Flash cache emptied: 434 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: ***
->Temp folder emptied: 111535476 bytes
->Temporary Internet Files folder emptied: 106038121 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 30317128 bytes
->Flash cache emptied: 5074 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 604 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 25082381 bytes
RecycleBin emptied: 268 bytes
Total Files Cleaned = 267.00 mb
OTM by OldTimer - Version 3.1.12.2 log created on 06152010_110417
Files moved on Reboot...
C:\Users\***\AppData\Local\Temp\Low\~DF66BF.tmp moved successfully.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
Registry entries deleted on Reboot...
COMBOFIX:
ComboFix 10-06-15.01 - *** 06/15/2010 11:26:03.1.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3573.2581 [GMT -7:00]
Running from: c:\users\***\Downloads\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\***\GoToAssistDownloadHelper.exe
.
((((((((((((((((((((((((( Files Created from 2010-05-15 to 2010-06-15 )))))))))))))))))))))))))))))))
.
2010-06-15 18:24 . 2010-06-15 18:25 -------- d-----w- C:\32788R22FWJFW
2010-06-15 18:04 . 2010-06-15 18:04 -------- d-----w- C:\_OTM
2010-06-14 22:12 . 2010-06-14 22:12 -------- d-----w- c:\users\Administrator\AppData\Roaming\Yahoo!
2010-06-14 22:12 . 2010-06-14 22:12 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2010-06-14 20:03 . 2010-06-14 22:12 -------- d-----w- c:\programdata\Yahoo! Companion
2010-06-14 20:03 . 2010-06-14 20:03 -------- d-----w- c:\program files\CCleaner
2010-06-13 17:32 . 2010-06-13 17:32 388096 ----a-r- c:\users\***\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-13 17:32 . 2010-06-13 17:32 -------- d-----w- c:\program files\Trend Micro
2010-06-13 07:23 . 2010-06-13 07:23 63488 ----a-w- c:\users\***\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-13 07:23 . 2010-06-13 07:23 52224 ----a-w- c:\users\***\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-13 07:23 . 2010-06-13 07:23 117760 ----a-w- c:\users\***\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-13 07:23 . 2010-06-13 07:23 -------- d-----w- c:\users\***\AppData\Roaming\SUPERAntiSpyware.com
2010-06-13 06:05 . 2010-06-13 06:05 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2010-06-13 06:04 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-13 06:04 . 2010-06-13 06:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-13 06:04 . 2010-06-13 06:04 -------- d-----w- c:\programdata\Malwarebytes
2010-06-13 06:04 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-07 18:40 . 2010-06-07 18:40 -------- d-----w- c:\program files\McAfeeMOBK
2010-06-07 18:39 . 2010-06-07 18:39 -------- dc----w- c:\windows\system32\DRVSTORE
2010-06-07 18:39 . 2010-04-14 03:10 54776 ----a-w- c:\windows\system32\drivers\MOBK.sys
2010-06-07 18:39 . 2010-06-07 18:39 -------- d-----w- c:\program files\McAfee Online Backup
2010-06-07 18:38 . 2010-04-14 19:50 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-06-07 18:37 . 2010-04-14 19:50 160720 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-06-07 18:37 . 2010-04-14 19:50 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-06-07 18:37 . 2010-04-14 19:50 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-06-07 18:37 . 2010-04-14 19:50 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-06-07 18:37 . 2010-04-14 19:50 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-06-07 18:37 . 2010-04-14 19:50 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-06-07 18:37 . 2010-04-14 19:50 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-06-07 18:21 . 2010-06-07 18:21 -------- d-----w- c:\program files\McAfee.com
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-14 20:03 . 2009-02-20 02:29 -------- d-----w- c:\program files\Yahoo!
2010-06-07 18:42 . 2009-02-18 19:50 -------- d-----w- c:\programdata\McAfee
2010-06-07 18:40 . 2009-10-09 03:43 -------- d-----w- c:\program files\McAfee
2010-06-07 18:39 . 2009-10-09 03:43 -------- d-----w- c:\program files\Common Files\McAfee
2010-04-14 19:50 . 2010-04-14 19:50 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-04-14 19:50 . 2010-04-14 19:50 385536 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-03-30 21:25 . 2009-02-18 17:32 102776 ----a-w- c:\users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-14 19:50 . 2010-06-07 18:38 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2009-02-18 20:36 . 2009-02-18 20:36 75 --sh--r- c:\windows\CT4CET.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-14 03:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-14 03:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-14 03:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VirtualExpanderFile.1]
@="{E4000AC4-5E5F-4956-807A-C5854405D64F}"
[HKEY_CLASSES_ROOT\CLSID\{E4000AC4-5E5F-4956-807A-C5854405D64F}]
2009-02-24 18:49 73728 ----a-w- c:\users\***\AppData\Local\Sony Corporation\VirtualExpander\VEShellExt.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 133656]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-10 36864]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-10-25 167936]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-04-21 1193336]
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote Table Of Contents.onetoc2 [2010-2-7 3656]
VirtualExpander.lnk - c:\users\***\AppData\Local\Sony Corporation\VirtualExpander\VirtualExpander.exe [2009-2-24 474808]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:21 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):cc,a7,0b,7e,56,df,c9,01
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-04-14 83496]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-04-14 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-04-14 160720]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [2010-04-14 54776]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-20 73728]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-04-14 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-04-14 141792]
S2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [2010-04-14 229688]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-04-14 55456]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2007-06-07 111616]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-04-14 312616]
--- Other Services/Drivers In Memory ---
*Deregistered* - mfeavfk01
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://monstercrawler.com/
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
Trusted Zone: internet
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
Trusted Zone: turbotax.com
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5kvkvv4q.default\
FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJPI150_05.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPOJI610.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
Notify-GoToAssist - c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-15 11:31
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-06-15 11:33:39
ComboFix-quarantined-files.txt 2010-06-15 18:33
Pre-Run: 207,001,792,512 bytes free
Post-Run: 206,963,712,000 bytes free
- - End Of File - - 8357FA9A502C1FA9B7E5CAC5AA5BD43C
HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:35:19 AM, on 6/15/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\***\AppData\Local\Sony Corporation\VirtualExpander\VirtualExpander.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://monstercrawler.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100607113803.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Startup: OneNote Table Of Contents.onetoc2
O4 - Startup: VirtualExpander.lnk = C:\Users\***\AppData\Local\Sony Corporation\VirtualExpander\VirtualExpander.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Online Backup (MOBKbackup) - McAfee, Inc. - C:\Program Files\McAfee Online Backup\MOBKbackup.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
--
End of file - 7154 bytes
kevinf80_1d0ac6
1.1K Posts
0
June 15th, 2010 13:00
Hi Laurie,
Lets do a scan with ESET just to make sure we`ve not missed any remnants, if ESET comes up OK we`ll remove all of the tools and clean up. I`ll then give you a fix for the windows updates and see how it goes, OK. Proceed as follows :-
Run ESET Online Scan
You can refer to this animation by neomage if needed.
Kevin.
chkn
41 Posts
0
June 15th, 2010 14:00
ESET didn't find anything and it didn't seem to give me the option of looking at a log file. I hope that's okay.
In the meantime I tried a Microsoft fixit utility for Windows Update to no avail (I think I've been down that path already). It did get me back to the more consistent error reporting for 800B0109 on all the different approaches for Windows Updating. I tried manually installing SP2 (I hope I didn't jump the gun), even though hubby supposedly already has SP2 installed, and got the same error number with the text 'A certificate chain processed, but terminated in the root certificate which is not trusted by the trust provider'.
chkn
41 Posts
0
June 15th, 2010 15:00
Yes, that's the one. Hubby had it in his favorites so I know he must have tried that already. I went ahead and tried it today using both methods.
kevinf80_1d0ac6
1.1K Posts
0
June 15th, 2010 15:00
Good news that ESET found nothing. Is this the fixit link you tried KB971058
Kevin
kevinf80_1d0ac6
1.1K Posts
0
June 15th, 2010 15:00
Hi Laurie,
Ok lets clean all the tools out of the way then try another fix i`ve just located on the microsoft social website. It still involves using the fixit you`ve tried , but first you have to uninstall McAfee, run a cleanup tool, then reinstall.
Step 1
Remove Combofix now that we're done with it
Step 2
Delete any remaining tools left on the Desktop.
Step 3
Run this McAfee Procedure
Step 4
Run CCleaner as previously instructed.
Step 5
Reset Windows update components with Fixit KB971058 Default mode first, then Aggresive if Default no good.
Reboot and see how it goes...
Kevin.