Tech Support banner

Status
Not open for further replies.
1 - 13 of 13 Posts

·
Registered
Joined
·
259 Posts
Hi

I have a Dell Inspiron desktop (Vista, SP1) which will not run any Microsoft updates, I am wondering whether it might have been affected by a virus.

I have run an attached the reports you asked for. To date I have run Malwarebytes and Norton Internet security. I still cannot run updates though (I get error 80070422).

Here is dds.txt:


DDS (Ver_11-03-05.01) - NTFSx86
Run by Biit at 17:56:50.81 on 28/04/2011
Internet Explorer: 7.0.6001.18000
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.5.0.125\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.5.0.125\ips\IPSBHO.DLL
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\2.1.1119.1736\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.5.0.125\coIEPlg.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [<NO NAME>]
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe"
dRunOnce: [DelayShred] "c:\program files\mcafee\mshr\shrcl.exe" /p7 /q c:\users\dellboy\appdata\local\temp\~dfe2f9.tmp c:\users\dellboy\appdata\local\temp\~dfe2b6.tmp c:\users\dellboy\appdata\local\temp\~df4f6c.tmp c:\users\dellboy\appdata\local\temp\~df4f55.tmp c:\users\dellboy\appdata\local\temp\low\HSPERF~1.SH!
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v2\WG111v2.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~2.lnk - c:\program files\netgear\wg111v3\WG111v3.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {3195CF7C-E9E2-49B2-8B61-14F285298E1C} - hxxps://access.debconnect.com/wa/AccessClientLoader.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2011-04-28 16:51:55 784136 ----a-w- c:\progra~2\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2011-04-28 14:53:31 6216032 ----a-w- C:\windowsupdateagent30-x86.exe
2011-04-28 14:49:09 -------- d-----w- c:\program files\CCleaner
2011-04-28 13:42:13 7071056 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{a3d3931e-e1e5-484e-8d9f-2198f4708a53}\mpengine.dll
2011-04-28 13:42:12 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-28 13:30:07 -------- d-----w- c:\users\biit\appdata\roaming\PCFix
2011-04-28 12:36:36 -------- d-----w- c:\program files\AVAST Software
2011-04-28 12:36:36 -------- d-----w- c:\progra~2\AVAST Software
2011-04-28 12:33:32 -------- d-----w- c:\users\biit\appdata\roaming\Malwarebytes
2011-04-28 09:45:41 -------- d-----w- c:\users\biit\appdata\local\Google
2011-04-28 09:17:39 -------- d-----w- C:\OEMSettings
2011-04-28 08:53:56 290816 ----a-w- c:\windows\system32\SCMLib.dll
2011-04-28 08:53:56 21728 ----a-w- c:\windows\system32\drivers\SCMNdisP.sys
2011-04-28 08:53:56 180224 ----a-w- c:\windows\system32\WinService.exe
2011-04-27 19:13:30 348160 ----a-w- c:\windows\system32\drivers\wg111v3.sys
2011-04-27 19:13:23 -------- d-----w- c:\program files\NETGEAR
2011-04-27 19:13:05 -------- d-----w- c:\windows\Downloaded Installations
2011-04-27 13:17:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-27 13:17:23 -------- d-----w- c:\progra~2\Malwarebytes
2011-04-27 13:17:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-27 13:17:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-11 17:46:39 -------- d-----w- c:\program files\PCFix
2011-04-11 17:21:26 -------- d-----w- c:\progra~2\ErrorEND
2011-04-08 09:17:38 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
==================== Find3M ====================
.
.
============= FINISH: 17:57:39.51 ===============

I would be very grateful if anyone could advise whether it is a security issue causing the problem. If not obviously I'll have to go back to trawling through Microsoft articles.

Many thanks

Gavin
 

Attachments

·
Security Team , Moderator, Analyst , Rangemaster,
Joined
·
29,790 Posts
Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Due to the restrictions on Vista, all tools should be started by right-click > Run as Administrator

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

A guide and tutorial on using ComboFix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------
 

·
Registered
Joined
·
259 Posts
Hi

Thanks for your reply. I have run Combofix, here are the results


ComboFix 11-04-29.03 - Biit 30/04/2011 9:57.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.1022.254 [GMT 1:00]
Running from: c:\users\Biit\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\PCFix
c:\program files\PCFix\AssistPCFix.exe
c:\program files\PCFix\backup\20110411_1847.dat
c:\program files\PCFix\backup\20110411_1859.dat
c:\program files\PCFix\backup\20110411_1910.dat
c:\program files\PCFix\backup\20110421_1404.dat
c:\program files\PCFix\backup\20110427_2011.dat
c:\program files\PCFix\backup\20110428_1430.dat
c:\program files\PCFix\Loading.gif
c:\program files\PCFix\PCFix.exe
c:\program files\PCFix\rebooter.exe
c:\program files\PCFix\unins000.dat
c:\program files\PCFix\unins000.exe
c:\program files\PCFix\unins000.msg
c:\programdata\Microsoft\Internet Explorer\Quick Launch\PC Fix 2011.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\PC Fix 2011 Registry Cleaner
c:\programdata\Microsoft\Windows\Start Menu\Programs\PC Fix 2011 Registry Cleaner\PC Fix 2011.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\PC Fix 2011 Registry Cleaner\Uninstall PC Fix 2011.lnk
c:\users\Biit\AppData\Roaming\PCFix
c:\users\Biit\AppData\Roaming\PCFix\log.dat
c:\users\Biit\AppData\Roaming\PCFix\unresolvederrors.dat
c:\users\Dellboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1587.tmp
c:\users\Dellboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1D33.tmp
c:\users\Dellboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4887.tmp
c:\users\Dellboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4C8D.tmp
c:\users\Dellboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc50CE.tmp
c:\users\Dellboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc50D0.tmp
c:\users\Dellboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5EC.tmp
c:\users\Dellboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5FF5.tmp
c:\users\Dellboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6357.tmp
c:\users\Dellboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6A79.tmp
c:\users\Dellboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc79B7.tmp
c:\users\Dellboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7B8C.tmp
c:\users\Dellboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7C92.tmp
c:\users\Dellboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7F9E.tmp
c:\users\Dellboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8DC0.tmp
c:\users\Dellboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8DD0.tmp
c:\users\Dellboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8E5E.tmp
c:\users\Dellboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8F46.tmp
c:\users\Dellboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc907.tmp
c:\users\Dellboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9214.tmp
c:\users\Dellboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc961A.tmp
c:\users\Dellboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc983C.tmp
c:\users\Dellboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9C60.tmp
c:\users\Dellboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9FCA.tmp
c:\users\Dellboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA556.tmp
c:\users\Dellboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA611.tmp
c:\users\Dellboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA755.tmp
c:\users\Dellboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA862.tmp
c:\users\Dellboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAAC3.tmp
c:\users\Dellboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAC6B.tmp
c:\users\Dellboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccACC5.tmp
c:\users\Dellboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAF35.tmp
c:\users\Dellboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAF64.tmp
c:\users\Dellboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB157.tmp
c:\users\Dellboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB489.tmp
c:\users\Dellboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB56C.tmp
c:\users\Dellboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC41C.tmp
c:\users\Dellboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC525.tmp
c:\users\Dellboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC766.tmp
c:\users\Dellboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC777.tmp
c:\users\Dellboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCA05.tmp
c:\users\Dellboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCC37.tmp
c:\users\Dellboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCF52.tmp
c:\users\Dellboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD606.tmp
c:\users\Dellboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD6A2.tmp
c:\users\Dellboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD8A5.tmp
c:\users\Dellboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDA5A.tmp
c:\users\Dellboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDD85.tmp
c:\users\Dellboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEA0.tmp
c:\users\Dellboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEE47.tmp
c:\users\Dellboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEFDD.tmp
c:\users\Dellboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF23D.tmp
c:\users\Dellboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF2AB.tmp
c:\users\Dellboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF308.tmp
c:\users\Dellboy\AppData\Roaming\PCFix
c:\users\Dellboy\AppData\Roaming\PCFix\log.dat
c:\users\Dellboy\AppData\Roaming\PCFix\unresolvederrors.dat
c:\users\Dellboy\Desktop\Setup.exe
c:\users\Public\Desktop\PC Fix 2011.lnk
c:\windows\system32\winservice.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
-------\Service_SCM_Service
.
.
((((((((((((((((((((((((( Files Created from 2011-03-28 to 2011-04-30 )))))))))))))))))))))))))))))))
.
.
2011-04-30 09:05 . 2011-04-30 09:05 -------- d-----w- c:\users\Dellboy\AppData\Local\temp
2011-04-28 16:51 . 2011-04-28 16:51 784136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-04-28 14:53 . 2011-04-28 15:01 6216032 ----a-w- C:\windowsupdateagent30-x86.exe
2011-04-28 14:49 . 2011-04-28 14:49 -------- d-----w- c:\program files\CCleaner
2011-04-28 13:42 . 2011-04-18 08:15 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A3D3931E-E1E5-484E-8D9F-2198F4708A53}\mpengine.dll
2011-04-28 13:42 . 2011-02-02 17:11 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-28 12:36 . 2011-04-28 13:04 -------- d-----w- c:\programdata\AVAST Software
2011-04-28 12:36 . 2011-04-28 13:04 -------- d-----w- c:\program files\AVAST Software
2011-04-28 09:17 . 2011-04-28 09:17 -------- d-----w- C:\OEMSettings
2011-04-28 09:12 . 2011-04-28 09:17 -------- d-----w- c:\users\Biit
2011-04-28 08:53 . 2007-05-04 10:29 290816 ----a-w- c:\windows\system32\SCMLib.dll
2011-04-28 08:53 . 2007-01-18 11:20 21728 ----a-w- c:\windows\system32\drivers\SCMNdisP.sys
2011-04-28 08:53 . 2011-04-28 08:53 -------- d-----w- c:\users\Dellboy\AppData\Roaming\InstallShield
2011-04-27 19:13 . 2009-10-14 14:07 348160 ----a-w- c:\windows\system32\drivers\wg111v3.sys
2011-04-27 19:13 . 2011-04-28 09:17 -------- d-----w- c:\program files\NETGEAR
2011-04-27 19:13 . 2011-04-27 19:13 -------- d-----w- c:\windows\Downloaded Installations
2011-04-27 13:46 . 2011-04-27 13:46 -------- d-----w- c:\users\Default\AppData\Roaming\Trusteer
2011-04-27 13:18 . 2011-04-27 13:18 -------- d-----w- c:\users\Dellboy\AppData\Roaming\Malwarebytes
2011-04-27 13:17 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-27 13:17 . 2011-04-27 13:17 -------- d-----w- c:\programdata\Malwarebytes
2011-04-27 13:17 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-27 13:17 . 2011-04-27 13:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-23 07:08 . 2011-04-23 07:08 -------- d-----w- c:\users\Dellboy\AppData\Local\Trusteer
2011-04-11 17:21 . 2011-04-11 17:22 -------- d-----w- c:\programdata\ErrorEND
2011-04-08 09:17 . 2011-04-08 09:17 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-15 4390912]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-24 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-24 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-12-07 1584640]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2011-4-28 1261568]
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2009-11-6 2469888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-22 05:05 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 11:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2008-08-13 17:32 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 09:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-25 06:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-12-16 22:27 29744 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-10-03 10:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2007-05-24 05:49 86016 ----a-w- c:\windows\System32\nvsvc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-11-05 10:22 221184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-02-15 22:14 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-12 21:39 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 waclient;Portwise Access Client Driver;c:\windows\system32\drivers\waclient.sys [2010-09-23 34296]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v3.sys [2009-10-14 348160]
R4 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-16 29744]
S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2011-04-08 53816]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-18 21728]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1205000.07D\SYMDS.SYS [2010-10-21 340016]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1205000.07D\SYMEFA.SYS [2010-11-18 652336]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110419.001\BHDrvx86.sys [2011-04-15 802936]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110429.002\IDSvix86.sys [2011-03-14 353912]
S1 RapportCerberus_25973;RapportCerberus_25973;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\25973\RapportCerberus_25973.sys [2011-04-16 57144]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2011-04-08 66360]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2011-04-08 158904]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1205000.07D\Ironx86.SYS [2010-11-16 136312]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\NIS\1205000.07D\SYMTDIV.SYS [2010-12-01 330360]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe [2010-11-24 130000]
S2 pwClientService;PortWise Client Service;c:\program files\PortWise\Access Client\AccessClient-Service.exe [2010-09-23 177392]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-04-08 870200]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-01-06 102448]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-30 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
2011-01-10 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Dellboy.job
- c:\program files\Norton Internet Security\Engine\18.5.0.125\Navw32.exe [2011-01-10 06:57]
.
2011-04-27 c:\windows\Tasks\WebReg Photosmart C4100 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2006-12-10 20:36]
.
2010-06-19 c:\windows\Tasks\{41A62C7D-5110-4E5E-94A9-F7B5D645732D}.job
- c:\program files\Skype\Phone\Skype.exe [2010-05-13 15:12]
.
2010-06-19 c:\windows\Tasks\{48A62541-B5FC-49E3-A7A9-4EF39D4BB87F}.job
- c:\program files\Internet Explorer\iexplore.exe [2009-04-15 04:40]
.
2010-06-19 c:\windows\Tasks\{94DB726B-2EDD-42B5-A1D6-441271045BF6}.job
- c:\program files\Internet Explorer\iexplore.exe [2009-04-15 04:40]
.
2010-06-19 c:\windows\Tasks\{B1B30BB4-624C-416D-A3DE-3021F1822FB4}.job
- c:\program files\Internet Explorer\iexplore.exe [2009-04-15 04:40]
.
2011-03-28 c:\windows\Tasks\{ED4BF49E-FC07-4750-860D-972E1B420AD9}.job
- c:\program files\Internet Explorer\iexplore.exe [2009-04-15 04:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
DPF: {3195CF7C-E9E2-49B2-8B61-14F285298E1C} - hxxps://access.debconnect.com/wa/AccessClientLoader.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKU-Default-RunOnce-DelayShred - c:\program files\mcafee\mshr\ShrCL.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-04-30 10:09
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.5.0.125\diMaster.dll\" /prefetch:1"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\DllHost.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2011-04-30 10:12:54 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-30 09:12
.
Pre-Run: 105,082,249,216 bytes free
Post-Run: 106,076,622,848 bytes free
.
- - End Of File - - BADDCE671D16EA7DFAF8CDE6A9DBB0DE

Hope this helps? I look forward to your reply.

Thanks

Gvain
 

·
Security Team , Moderator, Analyst , Rangemaster,
Joined
·
29,790 Posts
Hello Gvain. No need to bold the logs in your replies. Thanks.

Is Windows Updates working now? If not...

Go StartSearch and type cmd.exe into the StartSearch box.

Right-click cmd.exe and choose 'Run as administrator'.

Copy the following single-line command:

net start > c:\netstart.txt

Right-click the cursor in the command window > Paste and press OK.

Type exit and press OK.

------------------------------------------------------

Go StartSearch and copy/paste the following into the StartSearch box and click OK:

c:\netstart.txt

A Notepad file should open. Please post the contents of the log here.

------------------------------------------------------
 

·
Registered
Joined
·
259 Posts
Discussion Starter #5
Hi Chemist

The updates are now working, many thanks for your help.

Any idea what the problem was?

Thanks again

Gavin
 

·
Security Team , Moderator, Analyst , Rangemaster,
Joined
·
29,790 Posts
Hello again, Gavin. Not sure what the problem was. Any remaining problems?

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

CCleaner

We do not recommend the use of registry cleaners, or the registry cleaner feature of CCleaner. Our colleague miekiemoes has an excellent writeup here

------------------------------------------------------

Please uninstall the following via Start->(or Computer)->Control Panel->Programs->Programs and Features if it still exists:

Coupon Printer<<Please read here

If you decide to uninstall it, also delete the following Folder if it still exists:

C:\Program Files\Coupons

------------------------------------------------------

If you click 'Start' and have no 'Run' function, please right-click Start > Properties > Start menu tab > Customize button > scroll down to and tick the 'Display Run' or 'Run command' box > OK > OK.

------------------------------------------------------

Go Start > Run and copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "c:\programdata\ErrorEND"

A DOS window will open and close again, this is normal.

------------------------------------------------------

Open Notepad and copy/paste the entire contents of the codebox below into Notepad(don't forget to copy and paste REGEDIT4):

Code:
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=-
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000
Save the file as fix.reg and choose to Save as type: - All Files then close the Notepad file.
It should look like this:


Double-click on fix.reg and choose Yes to merge/add it to the registry. Please delete the file afterwards.

------------------------------------------------------

Uninstall the following via the Programs and Features Panel (Start->(Settings)->Control Panel->Programs and Features):

Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6


These are all outdated, and security risks by having them installed still. Reboot your computer once all those Java components are removed.

Going forward, Java will overwrite existing installs, so removing older versions should not be required after this.

In fact, you should be able to update your current Java, Java(TM) 6 Update 12, by going to Control Panel (Classic View) and double-clicking on the Java icon (looks like a coffee cup). Click on the Update tab. On the lower right, click on Update Now. An update should begin. Allow the install of the new Java.

Make sure you untick the box next to whatever free program they prompt you to install, unless you want it.
  • After the install is complete, go back to your Control Panel > Programs and click the Java icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

In Microsoft Windows Vista/Win7, you must open the Web browser via a right-click using the Run as Administrator command.

Go here and click 'ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change.. button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish, then click 'Finish'.
  • Use Notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Copy/paste that log as a reply to this topic.
------------------------------------------------------

Please post the following in your next reply:

ESET report
report on system behavior
 

·
Security Team , Moderator, Analyst , Rangemaster,
Joined
·
29,790 Posts
You're welcome, Gavin. Remember, we haven't cleaned up yet.

Are you sure that was the complete ESET log?

If you click 'Start' and have no 'Run' function, please right-click Start > Properties > Start menu tab > Customize button > scroll down to and tick the 'Display Run' or 'Run command' box > OK > OK.

Go Start > Run and copy/paste the following into the Run box and click OK:

C:\Program Files\Eset\Eset Online Scanner\log.txt

A Notepad file will open. Post the contents of log.txt in your next reply.

------------------------------------------------------
 

·
Security Team , Moderator, Analyst , Rangemaster,
Joined
·
29,790 Posts
Still with us, Gavin? Any trouble with those last instructions?
 

·
Registered
Joined
·
259 Posts
Discussion Starter #10
Sorry, got sidetracked by a neighbour's non-booting Vista laptop!

I'm at another location (temporarily), might be a week or so til I can run the last instruction. Close the call if you wish, or I'll post the last bit when I can get back to the PC?

Once again many thanks for your help

Gavin
 

·
Registered
Joined
·
259 Posts
Discussion Starter #11
Hi

I've checked the ESET log file on the PC and it is as stated above:

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK

The PC is working correctly now, so close the call if you wish

Many thanks for your help

Gavin
 

·
Security Team , Moderator, Analyst , Rangemaster,
Joined
·
29,790 Posts
Congratulations. Well done! Your logs appear clean. You should be good to go.

Please disable Norton before uninstalling ComboFix and then re-enable it after doing so.

Go to Start >> Run and Copy/Paste the following single-line command into the Run box and click OK:

combofix /uninstall

This will uninstall ComboFix and delete ComboFix's quarantine folder. It will also implement some cleanup procedures, remove old System Restore Points which contain previous infections, and create a fresh, clean System Restore Point.

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

Also, support is ending for some versions of Windows > Windows End of Support Information - Windows Help & How-to

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article:
To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • SpywareBlaster prevents the installation of ActiveX-based malware, blocks cookies, and restricts the actions of "bad" sites in Internet Explorer. See tutorial here
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows Vista here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
 

·
Security Team , Moderator, Analyst , Rangemaster,
Joined
·
29,790 Posts
As this topic appears to be resolved, this thread will be archived. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

------------------------------------------------------
 
1 - 13 of 13 Posts
Status
Not open for further replies.
Top