Jump to content


Photo

Advice for my Spyware


  • Please log in to reply
14 replies to this topic

#1 Majozak

Majozak

    PC Guru Wannabe

  • Full Member
  • Pip
  • 10 posts

Posted 01 May 2012 - 11:28 PM

Hi,

I currenlty have Spybot S&D, SUPERAntiSpyware, Microsoft Security Essentials and AVG installed. I also have the stock firewall for Vista.

I think I probably have some redundancies and am wondering if there are any suggestions for what I might delete.

Thanks!
Don't let life pass you by. Know what you want to achieve in life and then move towards that goal.
If you don't, you're like a ship without a rudder with life acting like the sea, tossing you about in no particular direction.
You have gifts and talents that others need...Go be a blessing to someone!

Mike

#2 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 02 May 2012 - 10:13 AM

Hello Majozak.

I've moved your thread to here.

Please read the Instructions and post the other requested logs. We need the information in order to help you.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#3 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,399 posts

Posted 02 May 2012 - 08:52 PM

Hi,

I currenlty have Spybot S&D, SUPERAntiSpyware, Microsoft Security Essentials and AVG installed. I also have the stock firewall for Vista.

I think I probably have some redundancies and am wondering if there are any suggestions for what I might delete.

Thanks!

Are you simply asking if you have too many protection programs?? If so, please run SecurityCheck (from the Instructions) and post it here... It looks like you may have too much going, but we need to get a better idea of how you have set them up... If you think you have more problems, post a full set of logs...
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#4 Majozak

Majozak

    PC Guru Wannabe

  • Full Member
  • Pip
  • 10 posts

Posted 03 May 2012 - 08:49 PM

Hello,

Thank you for your quick responses!

I've always wondered if my sluggish system is slow due to viruses or if it's just outdated.

Per your request, I've run all the requested programs and pasted the logs below.

Also, in order to speed up my system, I'm considering replacing one or both of my 1G Ram sticks with 2G ram sticks. Do you think that would be an efficient way of boosting my systems performance?

Here's my current set-up if it's not already obvious... Windows Vista x32 Home Premium Service Pack 2 (build:6002) AMD Athalon 64 x2 Dual Core Processor X2 with 2 Gbyte; NVIDIA GeForce 7300LE

Of late, I've only used this PC for surfing the net and watching 1080p videos on YouTube (My internet is 20mbps). Perhaps in the future I will game again, but in order to run games like D3 and SC2 etc. I think I'll need more of an upgrade; probably to a 64 bit system and nicer video card.

Thank you in advance for your help!

Mike

Checkup Log

Results of screen317's Security Check version 0.99.32
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG 2012
AVG PC Tuneup
AVG 2012
Microsoft Security Essentials
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Out of date Spybot installed!
MVPS Hosts File
Spybot - Search & Destroy 1.4
Spybot - Search & Destroy
SUPERAntiSpyware
AVG PC Tuneup
CCleaner
Java™ 6 Update 29
Java version out of date!
Adobe Flash Player 11.2.202.233
Adobe Reader 8 Adobe Reader out of date!
Mozilla Firefox (3.6.16) Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbam.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Microsoft Security Essentials msseces.exe
``````````End of Log````````````


[u]DDS Log[/u]

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Mike at 21:33:28 on 2012-05-03
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2046.372 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\Program Files\AVG\AVG PC Tuneup\boostspeed.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer provided by Dell
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0070525
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.0.0.9\AVG Secure Search_toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: UC Toolbar: {2ad46959-7ee4-47c3-b976-c0912755de1f} - c:\program files\ucietb\ucietb.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.0.0.9\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WorkForce 630(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatigba.exe /fu "c:\users\mike\appdata\local\temp\E_SB010.tmp" /EF "HKCU"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [<NO NAME>]
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Spell Check Options... - c:\program files\ucietb\Speller.dll/RUNOPTIONS.HTM
IE: Spell Check this page... - c:\program files\ucietb\Speller.dll/RUNSPELLER.HTM
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - {2AD46959-7EE4-47C3-B976-C0912755DE1F} - c:\program files\ucietb\ucietb.dll
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: mnscu.edu\century.ims
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Risk/Images/armhelper.ocx
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{2470CE9A-C0ED-4223-979C-1D9AC6132818} : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.0.2\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mike\appdata\roaming\mozilla\firefox\profiles\xm33t0g0.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/|http://www.facebook.com/|https://email.secureserver.net/login.php?ci=21290&prog_id=GoDaddy
FF - prefs.js: network.proxy.type - 0
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\mike\appdata\roaming\mozilla\firefox\profiles\xm33t0g0.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-8 5158992]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-19 21504]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-5-3 654408]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2011-5-4 25824]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2011-6-1 14088]
R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files\common files\avg secure search\vtoolbarupdater\11.0.2\ToolbarUpdater.exe [2012-5-1 932736]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-5-3 22344]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-5-3 40776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-5-1 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 253088]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-7-8 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-5-1 136176]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-05-04 02:12:45 6734704 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{babbd43c-7082-4508-ba14-7f401089fd30}\mpengine.dll
2012-05-04 02:11:38 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-05-04 02:11:38 -------- d-----w- c:\users\mike\appdata\roaming\Malwarebytes
2012-05-04 02:11:00 -------- d-----w- c:\programdata\Malwarebytes
2012-05-04 02:10:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-04 02:10:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-02 08:02:14 6734704 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-05-02 05:33:17 -------- d-----w- c:\users\mike\appdata\roaming\AVG
2012-05-02 04:51:26 -------- d-----w- c:\users\mike\appdata\roaming\AVG2012
2012-05-02 04:47:14 -------- d-----w- c:\users\mike\appdata\local\AVG Secure Search
2012-05-02 04:47:00 -------- d-----w- c:\programdata\AVG Secure Search
2012-05-02 04:46:56 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-05-02 04:46:55 -------- d-----w- c:\program files\AVG Secure Search
2012-05-02 04:46:38 -------- d--h--w- c:\programdata\Common Files
2012-05-02 04:45:37 -------- d--h--w- C:\$AVG
2012-05-02 04:45:35 -------- d-----w- c:\windows\system32\drivers\AVG
2012-05-02 04:45:35 -------- d-----w- c:\programdata\AVG2012
2012-05-02 04:42:35 -------- d-----w- c:\program files\AVG
2012-05-02 04:38:19 -------- d-----w- c:\programdata\MFAData
2012-05-02 01:07:21 -------- d-----w- c:\program files\CCleaner
2012-04-19 09:50:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-04-12 07:10:04 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 07:10:04 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 07:10:04 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 07:10:03 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-06 03:53:51 -------- d-----w- c:\program files\iPod
2012-04-06 03:53:48 -------- d-----w- c:\program files\iTunes
2012-04-05 00:11:54 -------- d-----w- c:\users\mike\appdata\local\{217C920F-E4BA-4A32-924C-072D253EE2E8}
2012-04-05 00:08:35 -------- d-----w- c:\users\mike\appdata\local\{58C81BEB-B035-4B76-96F2-E72AB276C2CD}
.
==================== Find3M ====================
.
2012-04-17 00:34:13 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-17 00:34:12 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-21 01:44:12 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 01:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-19 10:17:28 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-22 10:25:32 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-02-15 17:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 17:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-14 15:45:30 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45:30 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-13 14:12:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 13:47:57 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 13:44:40 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-02-07 16:02:40 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
.
============= FINISH: 21:35:20.13 ===============


MBAM Log

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.03.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Mike :: MIKE-PC [administrator]

Protection: Enabled

5/3/2012 9:17:01 PM
mbam-log-2012-05-03 (21-17-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221514
Time elapsed: 11 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Don't let life pass you by. Know what you want to achieve in life and then move towards that goal.
If you don't, you're like a ship without a rudder with life acting like the sea, tossing you about in no particular direction.
You have gifts and talents that others need...Go be a blessing to someone!

Mike

#5 Majozak

Majozak

    PC Guru Wannabe

  • Full Member
  • Pip
  • 10 posts

Posted 03 May 2012 - 08:54 PM

Hi,

I updated Spybot and ran it.

I typically will only use IE as I didn't like FireFox as well. That's why FireFox is out of date.

Should I be concerned about Java or Adobe being out of date?

Thanks

Mike
Don't let life pass you by. Know what you want to achieve in life and then move towards that goal.
If you don't, you're like a ship without a rudder with life acting like the sea, tossing you about in no particular direction.
You have gifts and talents that others need...Go be a blessing to someone!

Mike

#6 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,399 posts

Posted 03 May 2012 - 09:22 PM

Hi,

I updated Spybot and ran it.

I typically will only use IE as I didn't like FireFox as well. That's why FireFox is out of date.

Should I be concerned about Java or Adobe being out of date?

Thanks

Mike

Yes - you need to be concerned about them being out of date... Old versions are usually updated to address known vulnerabilities that malware makers exploit, so if you don't update, you are more likely to get infected...

Based on just a quick look, it appears that you have more than one anti-spyware program running in resident mode and that is a setup to slow down... It is a good idea to have only one of each type of protection program running at the same time so that they don't clash and slow down your system or, more importantly, weaken your protection... Depending on what elements of MS Security Essentials you have running, you may have an antivirus and/or anti-spyware running on that, you have AVG running at least an antivirus and possibly an anti-spyware as well... It looks like you have MBAM running in resident mode and that is primarily an anti-spyware... Add to that Windows Defender and you may have as many as 4 anti-spyware programs running in resident mode... It doesn't look like you have Super Anti-Spyware or Spybot in resident mode and it is okay to have as many as you want as long as they are not resident... I suggest that you make sure you have no more than one of each type of program running at the same time... If I remember, Vista will not let you run more than one firewall, but I believe AVG has one, so I suggest that you double check that... Note that you need to turn on outgoing protection in Vista's firewall, it is not on by default... If you are not using Firefox, I suggest you remove it since it is vulnerable if it is not updated... It is possible to make it much more secure than IE, but only if it is updated...

cnm may give you more detailed feedback based on your logs, I mainly looked at your Security Check log...


EDIT: I just attempted to check the link you posted and was unable to because I don't have a plugin in wants and I am not willing to install one without knowing what it is... Please explain what the link is for...

Edited by Budfred, 03 May 2012 - 09:24 PM.

Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#7 Majozak

Majozak

    PC Guru Wannabe

  • Full Member
  • Pip
  • 10 posts

Posted 03 May 2012 - 10:02 PM

Hi,

Thanks for the response.

From what I can tell, this is how I am set-up:

AVG: Anti-Virus, Link Scanner, E-mail Protection, Anti-Rootkit, and Identity Protection are all active.

MBAM: Protection Enabled
-Start protection module with Windows.
-Start file execution blocking when protection module starts.
-Start Malicious website blocking when protection module starts.
-Show tooltip balloon when malicious website is blocked.

Microsoft Essentials: Real-time Protection: On
"Depending on what elements of MS Security Essentials you have running, you may have an antivirus and/or anti-spyware running on that"
-How do I tell what elements I have running?

Windows Defender: Not on. I had an issue with it a long time ago and never fixed it.
-When trying to start it I get this message, "Service has stopped" A problem caused this program's service to stop. To start the service, restart your computer or search Help and Support on how to start a service manually.
-Definition version: 1.79.495.0

Spybot S&D: Default Mode

SUPERAntiSpyware: Real-Time Protection is NOT on. Hi-Jack Protections are on.


Any suggestions on what I should keep on and what I should turn off? I guess I don't really care what stays and what goes. I just need direction and don't know much of the difference between them.

Also, to answer your question about my link...I believe you're talking about my YouTube link in my signature? It's an hour long video of the timeless author and speaker Napoleon Hill on the importance of the Definite Purpose in your life. Definitely worth throwing up in the background as you answer some other posts...

Thank you!
Don't let life pass you by. Know what you want to achieve in life and then move towards that goal.
If you don't, you're like a ship without a rudder with life acting like the sea, tossing you about in no particular direction.
You have gifts and talents that others need...Go be a blessing to someone!

Mike

#8 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,399 posts

Posted 03 May 2012 - 10:16 PM

I am afraid that I have never used MS Security Essentials myself, so I don't know much about the interface - I believe it is a suite, so it probably has a pretty complete set running and that means that you probably have more that one resident protection program for at least a couple of things... I also have never used Super Anti-Spyware (and will not due to aggressive marketing), but the "Hi-Jack Protections" certainly sounds like it is likely to conflict with at least a couple of your other programs... Unless you have a space problem on your hard drive, the main issue is not about removing programs so much as making sure they are not running in resident mode if you have another with the same function...

As for the link, we are not fond of people proselytizing in this forum, so please remove it - especially since it seems to require a plugin to run it...
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#9 Majozak

Majozak

    PC Guru Wannabe

  • Full Member
  • Pip
  • 10 posts

Posted 03 May 2012 - 11:24 PM

Hi,

I'm surprised at your reaction to the YouTube link, but I'm a guest so I'll be happy to remove it.

I saw it as a personal mark, being that I enjoy self-development and love sharing things that have affected me in a positive manner. I never meant for it to be spam.

In reference to my spware, I guess I'm not sure what to do from here on out.

It sounds like I need:

1 Firewall
1 Anti-Virus
1 Anti-Spyware

Vista Firewall is enabled.
AVG sounds like it's both Anti-Virus and Anti-Spyware. (This would be my one "resident" anti-virus)
Spybot S&D + SAS are additional spyware detection?

Does this look sufficient if I were to disable everything else?
Don't let life pass you by. Know what you want to achieve in life and then move towards that goal.
If you don't, you're like a ship without a rudder with life acting like the sea, tossing you about in no particular direction.
You have gifts and talents that others need...Go be a blessing to someone!

Mike

#10 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 03 May 2012 - 11:32 PM

For the most part I agree with Budfred. However Malwarebytes Anti-Malware is not "primarily an anti-spyware". It detects viruses and trojans. You have its protection module and that is all the real time protection you need. However Security Essentials will not conflict with it and can be enabled as well.

AVG seems superflous to me. I would uninstall it or disable its resident features and just run occasional scans with it. The same is true of Super AntiSpyware.

The Vista firewall is fine, but as Budfred says, needs some configuring to enable its outbound protection. There are many articles about this - Google "Configure Vista firewall". This one seems good: Tap into the Vista firewall's advanced configuration features

Uninstall Firefox if you are not using it. It represents a vulnerability if not updated, and you have Viewpoint installed in it - usually regarded as foistware and not desirable.


Please do these important security updates:

Update Adobe Reader (uncheck the option box for McAfee scan)

Updating Java:. It is very important to remove old versions.
  • Go here and download the latest version of Java:
  • Go to Start -> Control Panel -> Add or Remove Programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
    They should have this icon next to any that are there: Posted Image
    Select any found and choose Uninstall.
  • Then install the version you downloaded earlier.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#11 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,399 posts

Posted 04 May 2012 - 05:21 AM

From the MBAM FAQ:

Malwarebytes Anti-Malware is not meant to be a replacement for antivirus software. Malwarebytes Anti-Malware is a complimentary but essential program which detects and removes zero-day malware and "Malware in the Wild". This includes malicious programs and files, such as viruses, worms, trojans, rootkits, dialers, spyware, and rogue applications that many antivirus programs do not detect or cannot fully remove. It is important to note that Malwarebytes Anti-Malware works well and should run alongside antivirus software without conflicts. In some rare instances, exclusions may need to be set for your specific antivirus product to achieve the best possible system performance.

I interpret this to mean that it is a particularly powerful anti-spyware program, but as they say, not intended to replace an antivirus...
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#12 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 04 May 2012 - 09:39 AM

Microsoft Security Essentials is an adequate supplement.

Incidentally Microsoft says that Security Essentials disables Windows Defender.
Windows Defender and Microsoft Security Essentials on Windows 7, Windows Vista and Windows XP
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#13 Majozak

Majozak

    PC Guru Wannabe

  • Full Member
  • Pip
  • 10 posts

Posted 05 May 2012 - 01:22 AM

AVG is now gone.

Adobe is updated.

Firefox is gone.

Java is updated.

Keeping Microsoft Security Essentials, Spybot S&D, & MBAM. SAS is not set to resident and will be updated and used for scans periodically.

I've been tinkering with my Firewall settings, but all I've managed to do is upgrade my Key Exchange Settings to Elliptic Curve Diffie-Hellman 256 (medium resource usage). I tried messing with outbound protection and only managed to block my internet lol. Not sure what other settings to adjust for my outgoing protection. It's late so perhaps I'll look at that again another time.

Thank you for the clarification on MSE and Defender; that helps.

And thank you again for all your help. This helps me feel a bit better about my old computer for sure.

Mike
Don't let life pass you by. Know what you want to achieve in life and then move towards that goal.
If you don't, you're like a ship without a rudder with life acting like the sea, tossing you about in no particular direction.
You have gifts and talents that others need...Go be a blessing to someone!

Mike

#14 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 05 May 2012 - 10:54 AM

Sounds good.

For your browser: Consider using Chrome. I like it a lot.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#15 Majozak

Majozak

    PC Guru Wannabe

  • Full Member
  • Pip
  • 10 posts

Posted 05 May 2012 - 02:29 PM

I'll check it out!

Thanks
Don't let life pass you by. Know what you want to achieve in life and then move towards that goal.
If you don't, you're like a ship without a rudder with life acting like the sea, tossing you about in no particular direction.
You have gifts and talents that others need...Go be a blessing to someone!

Mike




Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!