Microsoft security essentials not running. HJT log pasted.

Help and Discussion

Moderator: The Mod Squad

Microsoft security essentials not running. HJT log pasted.

Postby cw4cam » Fri Dec 14, 2012 4:56 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:47:33 PM, on 12/14/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Upromise\dca-ua.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Ruth Campbell\Local Settings\Application Data\Autobahn\nexdef.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\IncrediMail\Bin\IncMail.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {0297a026-3011-46d3-ad62-bb9a7612aea7} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7d69ed06-0171-4379-9528-08df51092727} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ToolHelper - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files\Upromise\upromisetoolbar.dll
O3 - Toolbar: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll
O3 - Toolbar: CouponXplorer - {65c72339-fb1d-4155-84e1-9afacee02d6f} - (no file)
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Upromise Update] C:\Program Files\Upromise\dca-ua.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: NexDef Plug-in.lnk = C:\Documents and Settings\Ruth Campbell\Local Settings\Application Data\Autobahn\nexdef.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll
O9 - Extra 'Tools' menuitem: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) - http://www.logitech.com/devicedetector/ ... tion32.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Google Update Service (gupdate1c9f67a760c9970) (gupdate1c9f67a760c9970) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP2\RpcAgentSrv.exe

--
End of file - 9014 bytes
"A pessimist sees a problem with an opportunity. an optimist sees an opportunity with a problem."
Winston Churchill

Civilization is invaded by barbarians every generation. (author unknown)
cw4cam
Brown Belt
Brown Belt
 
Posts: 288
Joined: Fri Mar 05, 2004 12:21 pm
Location: Middlesboro KY

Postby Ripshod » Sat Dec 15, 2012 1:51 am

For starters:
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Almost impossible to eradicate and is incompatible with some AV software


O2 - BHO: (no name) - {0297a026-3011-46d3-ad62-bb9a7612aea7} - (no file)
No Name - as yet unidentified process


O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
[Google Toolbar - not needed]

O2 - BHO: ToolHelper - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files\Upromise\upromisetoolbar.dll
will stop msse installing/running - TROJAN


O3 - Toolbar: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll
O3 - Toolbar: CouponXplorer - {65c72339-fb1d-4155-84e1-9afacee02d6f} - (no file)
[TROJAN]


I'm sure someone else will spot more and step in. I'm not sure on the steps you should take now we already know that SUPERAntiSpyware is almost impossible to get rid of, and I've never had a trojan. It does seem to me though that someone has been installing v dodgy browser addons/bars, maybe seen warnings of a virus and clicked on the 'SCAN NOW' button.
CALL &BD19 (If you need to ask you don't need to know)
Image
Ripshod
Black Belt
Black Belt
 
Posts: 708
Joined: Wed Aug 13, 2003 2:57 pm
Location: Yorkshire, UK

Postby Karlsweldt » Sat Dec 15, 2012 5:43 am

...warnings of a virus and clicked on the 'SCAN NOW' button.

Definitely a bad pop-up! And clicking on the 'close' box [X] will only activate a lot of those nasty intrusions!!
Best to close the browser from the task bar, but aborting the session (Ctrl + Alt + Del keys, then 'shut down' choice) may be an only option to stop the assault.
Stay away from those sites with pop-up ads and warnings!
Hijack This can describe a lot of the listings, and advise. But if in doubt about whether to delete the process, take advice from experienced users.
F@H.. to solve mankind's maladies.. in our lifetimes!
Karlsweldt
Mobo-fu Master
Mobo-fu Master
 
Posts: 20672
Joined: Wed Nov 12, 2003 11:57 am
Location: 07438

Postby Mr T » Sat Dec 15, 2012 7:14 am

http://www.superantispyware.com/support ... tml?faq=47

Removable, but is not malicious, only incompatible.

Toolbars on the otherhand... I have much experience with tool bar removal due to two step daughters infatuation in using them.
Step 1 - STOP using IE and Chrome, use Firefox instead.
Step 2 With Firefox, use the following Add-ons - NoScript and ADblocker - they will stop Java exploits.
Step 3 Reset IE to initial settings and delete all cookies, browing history etc.
Step 4 Install and update Malware bytes.
Step 5 Uninstall toolbars using add/remove programs.
Step 6 Boot into SAFE MODE and run malwarebytes, then check add/remove programs, if toolbar is present remove them.
Step 7 In normal mode run CrapCleaner and also run the registry fixer.

This does in most cases, but if you have got the SmitFraud Virus or variant, then only a format will completely eradicate it. However, you do look free of it, you can generally tell by IE behaviour of page redirects.

My main advice though is ditch XP, it is 12 years old and bloated with patches bugfixes, security holes etc. Upgrade to windows 8 pro... aaargh, I hear you say more M$ bull s**t... It is not perfect, but is still pretty good so far. I have tried my damnest to get a virus on it without success, so it seems pretty secure so far. fast to boot and is compatible with most programs I use on my old XP setups. The pro upgrade is £25 off the M$ website which ain't bad, the offer ends in January (whisper.. and you can do a clean install with the upgrade!!).

That is providing you want to stick with M$ windows...

For a virus free computing life, go the free route and try linux...
I have been programming on computers since the ZX81.
I am an apprentice trained Electronics Engineer with qualifications to back it up.
I have been repairing computers since 1996.
Yet to some people I still know nothing...
Mr T
Enlightened Master
Enlightened Master
 
Posts: 17088
Joined: Fri Jun 14, 2002 1:03 am
Location: England

Postby cw4cam » Sat Dec 15, 2012 1:30 pm

Mr T wrote:http://www.superantispyware.com/supportfaqdisplay.html?faq=47

Removable, but is not malicious, only incompatible.

Toolbars on the otherhand... I have much experience with tool bar removal due to two step daughters infatuation in using them.
Step 1 - STOP using IE and Chrome, use Firefox instead.
Step 2 With Firefox, use the following Add-ons - NoScript and ADblocker - they will stop Java exploits.
Step 3 Reset IE to initial settings and delete all cookies, browing history etc.
Step 4 Install and update Malware bytes.
Step 5 Uninstall toolbars using add/remove programs.
Step 6 Boot into SAFE MODE and run malwarebytes, then check add/remove programs, if toolbar is present remove them.
Step 7 In normal mode run CrapCleaner and also run the registry fixer.

This does in most cases, but if you have got the SmitFraud Virus or variant, then only a format will completely eradicate it. However, you do look free of it, you can generally tell by IE behaviour of page redirects.

My main advice though is ditch XP, it is 12 years old and bloated with patches bugfixes, security holes etc. Upgrade to windows 8 pro... aaargh, I hear you say more M$ bull s**t... It is not perfect, but is still pretty good so far. I have tried my damnest to get a virus on it without success, so it seems pretty secure so far. fast to boot and is compatible with most programs I use on my old XP setups. The pro upgrade is £25 off the M$ website which ain't bad, the offer ends in January (whisper.. and you can do a clean install with the upgrade!!).

That is providing you want to stick with M$ windows...

For a virus free computing life, go the free route and try linux...




I always use firefox, IE has been reset,3 days ago,the 2 toolbars have been installed for more than 2 years and never caused any conflict, I ran malwarebytes in safe mode several times (latest updated version). Looked on Cnet download for "crapcleaner" and the the one nearest I coulld find was Ccleaner?? Up dating is what I want to do but, this is the wife's computer. She can just barley use it at this point (eight years). I can't go through all that again.
Is there an on line virus scan recommended? I already scanned on line with Bitdefender and it found nothing. Anything that Malwarebytes or superspyware found, I followed their recommendations as to what to do.
I may purchase the upgrade just in case.
"A pessimist sees a problem with an opportunity. an optimist sees an opportunity with a problem."
Winston Churchill

Civilization is invaded by barbarians every generation. (author unknown)
cw4cam
Brown Belt
Brown Belt
 
Posts: 288
Joined: Fri Mar 05, 2004 12:21 pm
Location: Middlesboro KY

Postby Mr T » Sat Dec 15, 2012 11:31 pm

I always get anything off filehippo as it is virus free... Got a virus of a Cnet download once and it was a bugger to remove, probablt just unlucky!

Crap Cleaner, now known as CCleaner...

You probably do not have a virus, just a program incompatibility...
I have been programming on computers since the ZX81.
I am an apprentice trained Electronics Engineer with qualifications to back it up.
I have been repairing computers since 1996.
Yet to some people I still know nothing...
Mr T
Enlightened Master
Enlightened Master
 
Posts: 17088
Joined: Fri Jun 14, 2002 1:03 am
Location: England

Postby cw4cam » Sun Dec 16, 2012 10:17 am

I went into safe mode and I ran Msse. It didn't find anything. I also reset firefox and got rid of all the junk it had collected. I guess I will have to find me a virus protect program to use. I appreciate all the help from here. I'm still learning.
"A pessimist sees a problem with an opportunity. an optimist sees an opportunity with a problem."
Winston Churchill

Civilization is invaded by barbarians every generation. (author unknown)
cw4cam
Brown Belt
Brown Belt
 
Posts: 288
Joined: Fri Mar 05, 2004 12:21 pm
Location: Middlesboro KY

Postby Karlsweldt » Sun Dec 16, 2012 1:09 pm

MCafee still offers their "Stinger" viral sniper program from http://www.mcafee.com/us/downloads/free ... inger.aspx which is a stand-alone scanner that can root out nasties. Most good brands of anti-virus software do offer free programs, but the protection is not as great as with a purchased program. And with some 'free' offers, you get only anti-virus and firewall guardians. A purchased program may include malware detectors, link scanners, anti-root kit services plus Email spoof scanners and more. And for multiple-computer families, a "package" deal is less costly than individual purchases.
F@H.. to solve mankind's maladies.. in our lifetimes!
Karlsweldt
Mobo-fu Master
Mobo-fu Master
 
Posts: 20672
Joined: Wed Nov 12, 2003 11:57 am
Location: 07438

Postby cw4cam » Tue Dec 18, 2012 8:30 am

:o I exported the services folder to notepad and printed it off and compared it to my other computer which has Windows Xp home. Could find no significant differences. Of course the differences were the graphic cards and programs installed, so, this morning, Tuesday 18 I find Msse on the tool bar in red! I opened it, downloaded updates and did a scan, turned on security center. Nothing I did. go figure.
"A pessimist sees a problem with an opportunity. an optimist sees an opportunity with a problem."
Winston Churchill

Civilization is invaded by barbarians every generation. (author unknown)
cw4cam
Brown Belt
Brown Belt
 
Posts: 288
Joined: Fri Mar 05, 2004 12:21 pm
Location: Middlesboro KY

Postby Karlsweldt » Tue Dec 18, 2012 8:43 am

Exactly how many 'security' programs are operating simultaneously? It is advisable to run only one AV and firewall program.. otherwise, identical programs will buck for priority and cause conflicts.. or cause one version to be disabled. Yes, you can run ancillary programs to increase security.. but not identical programs.
But still possible the system has been "hooked" by a hacker, and the elements are in stealth mode.. very difficult to remove. Crap Cleaner and Hijack This should disclose any malevolent features, and you then can choose to delete those processes. But do a Registry and OS backup first, just in case one bad "thread" is woven into OS files!!
F@H.. to solve mankind's maladies.. in our lifetimes!
Karlsweldt
Mobo-fu Master
Mobo-fu Master
 
Posts: 20672
Joined: Wed Nov 12, 2003 11:57 am
Location: 07438

Next

Return to Virus/Spyware/Security

Who is online

Users browsing this forum: No registered users and 1 guest