Jump to content

TB1RedShoe

Members
  • Posts

    19
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Dear noknojon, Sorry that it took me over a week to get back to you (I was sick), yet everything seems to be working fine on my desktop (including MBAM). Thanks again for ALL your help & props to the others that responded as well... From the Techno Clutz
  2. Dear exile360, Well, for starters, thank you to you as well for taking the time to read my post and for posting a solution. It appears I was a bit hasty when I called myself inept at program fixes (insecure would have been a better choice of words). I made myself a cup of coffee and carefully re-read the instructions to solution # 17 (they were more drawn out then need be, one or two steps anyway were redundant, and I managed to save the txt file with the fixes as per instructions correctly...saved to desktop...pressed okay 3 times...and THEN I was able to open MBAM). Ergo I managed without your attached text file, yet that does not diminish your efforts/contribution. I want to thank you, noknojon, GT500, and ALL the others on these forums that lend a helping hand to us naive folks (that are techno challanged). I, as said, have my MBAM back (currently running a full scan in back ground after updating MBAM). I will post back on how things are going in the next 48 hours and, as yet, have NOT tackled the exclusions. Thank you KIND people
  3. 17. ISSUE: I'm getting a Runtime error 0 and 440 automation error. SOLUTION: Please do the following to see if it fixes the error: ?Please copy and paste the following text in the Code box exactly as written into notepad (not wordpad or any other text editor): CODE regsvr32 "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" regsvr32 "C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll" regsvr32 "C:\Program Files\Malwarebytes' Anti-Malware\vbalsgrid6.ocx"?Once you've done that click on File and select Save As... ?In the Save dialogue box click on the drop down menu next to Save as type and select All Files ?Name the file MBAM Fix.bat (the .bat extension is very important) ?Save the file to your desktop and double click it to run it on XP. For Vista please right click on it and choose Run As Admin ?Click OK to each of the 3 dialog boxes that should show a success message for each file registered ?If you get an error that REGSVR32 "is not recognized as an internal or external command, operable program or batch file", then ensure that the file REGSVR32.EXE exists in the %WINDIR%\SYSTEM32 folder. If it's not found there you can copy if from another Computer running the same operating system and service pack level. If that doesn't fix it then please download and install the Microsoft Visual Basic Common Controls from here to see if it helps. OKAY...as predicted, blond techno clutz does not know how to "copy and paste the following text in the Code box exactly as written into notepad" (Painful to admitt). Ergo could someone please, in plain English, tell me how to step-by-step copy/paste into Code box (then I can attempt the fix). Inept blond techno clutz
  4. HELLO noknojon & GT500, Well, for starters, thank you for taking the time to read my post and for responding. Thank you also for listing possible solutions. My Dell desktop PC (Inspiron 530) is the 32-bit version of Vista Home Edition. My Firewall is McAfee Security Center (software came pre-installed & is user friendly). No conflict of interest, in recent past, between my security software (McAfee Security Center, Malwarebyte's Anti-Malware, SpySweeper with Anti-Virus) as I do not run them at the same time. Yesterday, after a 1 week hiatus, I was back on my computer and online. Once I closed my web browser I updated my security software in the following order... 1.) McAfee Security Center 2. ) Malwarebyte's Anti-Malware 3.) SpySweeper with Anti-Virus No problem regarding the first two, yet the Webroot program not only offered new virus definitions, but also a program update. I went from the previous "normal" Webroot updates to my first Webroot/Best Buy update (new desktop icon and interface). Once install wizard had uninstalled the previous version of SpySweeper it bagan to install the latest program update, prompt to restart computer. I ran the new Webroot SpySweeper with Anti-Virus (scan came back clean) and the MSC (also clean), yet when I clicked on Malwarebyte's Anti-Malware (short cut icon, mini icon, All Programs) I got said error message. I should have mentioned that I'm a luddite (read inept when it comes to fixes as I do not know how to write/read code...I need the idiot proof software that works flawlessly). Imagine if you had to explain this to a 3 year old (plus, in my defense, English is my second language). I am going to read threw the helpfull advice you listed, yet I have the strong feeling I might get stuck somewhere along the lines. Is it okay for me to post back where/why I'm stuck regarding the fixes/exclusions (I've never done this before)? From the VERY blond techno clutz
  5. Good Evening, This afternoon my Webroot SpySweeper with Anti-Virus (BEST BUY version) updated from a previous version (program update) downloaded & installed well, and restarted computer, yet now Malwarebyte's Anti-Malware wont launch. Wether I click the desktop short cut icon, mini icon in lower tray/toolbar, or go into All Programs Anti-Malware, I get 2 different pop-ups Pop-up 1) vbAccelerator SGrid II Cont... (Run-time error '0') Pop-up 2) Run-time error '440': Automation error Can someone please tell me what I need to do so that I can run/use Malwarebyte's Anti-Malware again? I have the full-paid version of Malwarebyte's Anti-Malware last updated this afternoon (prior to SpySweeper program update).. I thank you in advance for all your help and understanding! BIG SMILE
  6. Hello, Well, for starters, thank you for taking the time to read this post of mine. So, here it goes... The last 2 days my desktop pc has been rather slow/freezing up (OS - Vista Home Edition 32-bit). I updated my security software McAfee Security Center, Malwarebyte's Anti-Malware (full version), and Webroot SpySweeper w./ anti-virus and ran all scans = 3 trojans (FakeAlert & FakeSpy) + 3 rogues + 1 adware. MBAM "Quarantined and deleted successfully" the rogues (while McAfee did so with the trojans & SpySweeper the adware), hence need I further worry regarding the rogues? The Rogues were in Registry Keys and Registry Values (ergo could they have done more damage/infected other files?). I thank you in advance for all of your help and understanding. Mike
  7. Dear Jean, Well, for starters, thank you ever SO MUCH for reading & responding to my post/thread! <Big Hug> Sorry for not being able to get back to you sooner (I got sick the day after I started this thread...several trips to the doctor's office...this is my first opportunity to post here again) lest you think I forgot about this thread I had started (or worse...that I was inpolite & took you for granted). So, that having been said, thank you for looking at my logs & for your GREAT input! What made me a wee bit nervous about PowerPoint is that on one hand it is not the only program on my desktop's harddrive, yet it is the ONLY program that appears under "Outbound Events" for my McAfee Firewall (combine that with the trojans & the many pop-ups, hence my concern...thought a hacker was trying to upload/highjack information from my desktop...I get SO many attacks on my firewall on a daily basis...people trying to access various ports on my comp). System Mechanic? Sorry, the blonde, blue-eyed, German girl (that also majored in Social Science) doesn't have a clue... No, I don't really consider CCleaner to be a real security feature/alternative, yet I use it primarily to delete cookies (rather than making space on my harddrive). Oh, on that note, if I have a trojan in my browsers TEMP file...and I delete Internet Explorer's (Browser history) + run CCleaner...does that then also mean that I killed off the trojans (sorry if the question sounds naive)? I'm going to follow your suggestions and make the necessary changes to my desktop...if its okay I'll post here on this thread (within the next few days) should I run into any trouble. In the interval..I hope you have a great Thanksgiving! From the German klutz, Blondie
  8. Good Evening, Well, for starters, technology is wonderful when it works, yet when it doesn't...its not so wonderful! <groan> So, that having been said I've noticed a few (bad) changes to my computer within the last few days. 1.) I receive multiple pop-ups when opening my web browser (Internet Explorer). The Webpage replicates itself up to 172 times (completely taking over my monitor screen + slowing down my computer/freezing it entirely). 2.) My Computer, even those areas not directly affected, is VERY slow... 3.) When checking my Anti-Virus (McAfee Security Center) I notice 3 Trojans quarantined (yet not deleted/removed). The 3 Trojans are JS/FakeAlert-AB.dldr .Their pathways are the same: C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Blondie\AppData\Local\Microsoft\Temporary Internet Files\Low\Content.IE5\BI40B174\_freescan[1].htm C:\Users\Blondie\AppData\Local\Microsoft\Temporary Internet Files\Low\Content.IE5\WKKU1CXH\_freescan[1].htm 4.) Last, but not least, I noticed that in my Firewall log (McAfee Security Center), under outbound events, it noted that Microsoft Office PowerPoint tried to access the internet (yet was blocked by the firewall twice). I, however, have never opened/used PowerPoint (bit worried about that to tell you the truth). So, here's what I've done so far... Deleted the TEMP file in IE & updated ALL my security software (SpySweeper, MBAM, McAfee Security Center, SpywareBlaster, CCleaner) and ran scans. Not sure though if that did the trick could someone PLEASE check my logs to see if ALL is okay? Malwarebytes' Anti-Malware 1.30 Database version: 1390 Windows 6.0.6001 Service Pack 1 11/12/2008 6:39:03 PM mbam-log-2008-11-12 (18-39-03).txt Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|) Objects scanned: 120811 Time elapsed: 1 hour(s), 6 minute(s), 33 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:33:30 PM, on 11/13/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Windows\wdcbg.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Windows\System32\WDBtnMgr.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\System32\mobsync.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\McAfee\MSK\mskagent.exe C:\Program Files\McAfee\MSC\mcshell.exe C:\PROGRA~1\McAfee\MSC\McLgView.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Mickey C\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellcommunity.com/supportforums...=0&nav=true R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [ECenter] "C:\Dell\E-Center\EULALauncher.exe" O4 - HKLM\..\Run: [RtHDVCpl] "C:\Windows\RtHDVCpl.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [WDCBG] "C:\Windows\WDCBG.EXE" O4 - HKLM\..\Run: [WD Button Manager] "C:\Windows\system32\WDBtnMgr.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [WindowsWelcomeCenter] "C:\Windows\system32\rundll32.exe" oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe -- End of file - 8777 bytes O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (WHAT THE HECK???) O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (Again...WHAT THE HECK???) I also did a Panda ActiveScan 2.0 (albeit I didn't get a log file) that said, "Congratulations you don't have any infections today." I am, as said, REALLY worried about the Firewall Outbound events (Microsoft PowerPoint) as well. I thany you ALL for any and all help in this matter. Blondie
  9. Good Afternoon Jean, Yes, I'm sure Dell PC TuneUp did what it did "with the best interest in mind," yet the results were frustrating nonetheless. I spoke, at length, with Dell Tech Support America (Texas?) and the representative said the same thing. It has been 48 hours (ran six MBAM scans) and no infections. In either case... I think these boards/forums are great! Thank you again for all your help, Blondie
  10. Good Afternoon Nosirrah, Jean, and Vero44, So, many thanks to all of you for reading and responding to my post! It was a great relief to me when Jean informed me that the 2 infections weren't actually malware (and Nosirrah confirmed as much). Thereafter I spent more time considering what could be getting in the way of MBAM (conclusion had to be either McAfee Security Center, which I had disabled, or Dell PC Tuneup). I cannot swear to it, yet I believe Dell PC Tuneup is the program getting in the way of MBAM (a conflict between theses two programs on my computer). When I look in McAfee Security Center (Logs/Recent Events) I find that SystemGuards reports several times "allowed" change C:\Program Files\Dell\PC TuneUp\SMSystemAnalyzer.exe HKEY_LOCAL_MACHINE\SOFTWARE\Classes\regfile\shell\open\commandnotepad.exe So, armed with this info I tried to disable Dell PC TuneUp myself (turns out all I knew was how to uninstall). I called Dell Tech Support, told them about my problem, and asked them for assistance in disabling Dell PC TuneUp (they were very friendly & helpful). These changes took place last night, yet so far...no more problems/conflicts...no more infection notices (and constant switch backs) which leads me to believe that there is indeed a sudden conflict between MBAM and Dell PC TuneUp (no idea why though). I am posting this information here so as to inform the developers (if this is happening to my computer then it can also happen to others). If someone can come up with a solution as to how to fix the conflict (either at MBAM's side or at Dell) great, yet, if not, no big deal for the time being. I want to thank ALL of you for taking this matter seriously, your prompt replies, and any and all help which you have offered me. (Big Hug) From the blonde German Girl who prefers technology that works flawlessly, Blondie
  11. Good Evening Nosirrah, Well, to begin with, thank you ever so much for reading my post & reponding! (big hug) So, if I understand you correctly (just as JeanInMontana had stated) this is NOT malicious (dangerous to my computer...ergo that it could lead to ID theft/electronic foul play), but rather a relatively small and benign matter? I noticed the bright RED 2 infections notice in the scan and immediately assumed the worst (and put ALL my internet transactions on hold). "This is a one time correction MBAM is making to registry data se set incorrectly in the past." So, no big deal if this remains unresolved (and I keep getting the same 2 infection alerts in MBAM scans/logs)? You need to understand, as you don't know me, that I'm somewhat naive in matters of computer programs (ergo software problems). I can neither read nor write code/script, hence I need my Obi Wan Kenobi to come through for me as well (why should he only help Princess Leah?). I am all for MBAM fixing this (once and for all), yet it is not clear to me why this is not the case. I've had this computer (with the same software) for 2 months, but this problem has only started occuring as of this past week. Maybe someone knows of a sudden/new conflict between either MBAM and McAfee Security Center or MBAm and Dell PC Tuneup. Any and all info and help is greatly appreciated, Blondie
  12. Good Evening, Well, for this past week I've been contending with MBAM scan results informing me there are 2 infections in the registry. So, I see the scan results (once they're finished)...click on remove selected...and up pops McAfee Security Center SystemGuards (Windos Shell Open Commands) asking me allow/block MBAM...I choose allow. MBAM says everything was quarantined/removed successfully, yet I now have to restart the computer...which I do. A few hours later the same 2 infections reappear in the registry (via MBAM scan). I brought this to the attention of JeanInMontana (over at Malware Removal - HighJackThis). She informed me this is NOT actually malware, but rather an issue of MBAM trying to change a registry key back to its original factory settings, however, my computer is blocking the change/changing it back (we're both baffled as to why). As per her suggestion I reconfigured McAfee Security Center so it does NOT pop up when MBAM tries to make changes (immediately following after the scan), yet it still has NOT done the trick (as I still get the same MBAM infection alert a few hours later...once I rerun a MBAM scan). Does anyone on these boards know of a sudden conflict between MBAM or McAfee Security Center or Dell PC Tuneup. I've had this computer for about 2 months (no problems untill now), yet as of a week ago I keep getting these same 2 infections showing up in MBAM scans. Any and all help would be GREATLY appreciated. Here are, for example, two MBAM log files... Malwarebytes' Anti-Malware 1.28 Database version: 1147 Windows 6.0.6001 Service Pack 1 9/13/2008 11:08:04 PM mbam-log-2008-09-13 (23-08-04).txt Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|) Objects scanned: 115961 Time elapsed: 55 minute(s), 1 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ................................................................................ ................................................................................ . .................. Malwarebytes' Anti-Malware 1.28 Database version: 1151 Windows 6.0.6001 Service Pack 1 9/14/2008 3:01:19 PM mbam-log-2008-09-14 (15-01-19).txt Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|) Objects scanned: 116125 Time elapsed: 1 hour(s), 0 minute(s), 55 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) The thread I started over at Malware Removal - HijackThis Logs is "Registry Infections, Reoccuring Malware in registry" in case you want more info on this. Alas I can no longer recall the e-mail address under which I registered my Pro/Full version of MBAM, hence I'll check back here often (also people can send me PMs at this website). I hope you are having more luck then I am, Blondie
  13. Good Morning, So, please disregard the recycle bin desktop icon issue (I found out how to restore it in Control Panel Classic View). I'm currently running all my security software in order to ensure that there no longer are any traces of viruses/malware/spyware on my computer (I'll post the results asap). From Ms. Not so lost afterall, Blondie
  14. Good Night Jean, So, what a difference an hour can make! LOL It was, as previously said, a great relief for me to see YOU write I don't actually have maleware in my registry (desktop), hence I'm feeling giddy and light-headed (Geek Squad can "Kiss My Bumper"). So, if McAfee Security Center was contributing to the problem (by getting in the way of MBAM) then something had to be done about it (albeit not too radical). I tried to call McAfee Tech Support (Dell/McAfee customers have their own 1-800 #), yet to no avail (could not get through). Well, so I tinkered around a little bit (last time I did that I gave my Dad's $5,000 computer a lobotomy). It turns out it isn't necessary to turn off McAfee entirely (or at least not in my case). Under McAfee Security Center (Home) one clicks on "Computer & Files" (blue arrow)...click on configure...under Virus Protection click advanced...(new pop up appears)...click SystemGuards...(new interface) on the right side it says Program SystemGuards (its actually part of a drop down menu)...click on the down arrow...choose Windows SystemGuard...scroll down to Windows Shell Open Commands...click on it...(on the bottom right) choose I want to - Only log changes...click okay or apply. That seems to do the trick for me (now MBAM can do what it has to without interferance from McAfee Security Center). So, here are my logs... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:25:46 PM, on 9/13/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Windows\wdcbg.exe C:\Windows\System32\WDBtnMgr.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Dell\PC TuneUp\SMSystemAnalyzer.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellcommunity.com/supportforums...=0&nav=true R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [Dell PC TuneUp Startup] "C:\Program Files\iolo\Common\Lib\ioloLManager.exe" O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [WDCBG] C:\Windows\WDCBG.EXE O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [WindowsWelcomeCenter] "rundll32.exe" oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- End of file - 8645 bytes Malwarebytes' Anti-Malware 1.28 Database version: 1147 Windows 6.0.6001 Service Pack 1 9/13/2008 11:23:42 PM mbam-log-2008-09-13 (23-23-42).txt Scan type: Quick Scan Objects scanned: 42256 Time elapsed: 4 minute(s), 39 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) I'll try and post tomorrow if that finally, once and for all, took care of the MBAM infection alert regarding my registry. Hmmm, don't laugh, but I accidently deleted my recycle bin. With Windows XP you could simply right-click the icon and delete the contents without having to open the recycle bin (apparently if you do that with Vista you delete the desktop icon). Any idea on how I can get my recycle bin back (or create a new desktop icon)? From out East, Blondie
  15. Good Evening Jean, So...sorry about the old logs (I posted them so that people on this forum could see what I was talking about...that this process just kept repeating itself). It is, however, good to hear YOU say that those lines are not actually malware (what a relief)! Turn OFF McAfee? As this is both my Anti-Virus & Firewall...maybe a little problematic...also I'm not familiar enough with McAfee Security Center on how to do so safely without further exposing myself to danger (this is a new desktop computer on which McAfee Security was free/pre-installed...I used to subscribe to Norton). There I've said it...I publicly admitted to being "low brow" when it comes to computers/programs. Also, as of this late afternoon I encountered problems opening/running TrendMicro's HighJackThis (got a pop up that said, "Your system denied write access to the Hosts file. If any highjacked domains are in this file, HighJackThis may not be able to fix this"). Hmmm, You wouldn't, by any chance, happen to know how I could go about turning off the part of McAfee that is interfereing with MBAM (without turning off my McAfee firewall...I get about 100 attacks on my firewall per day). And, if so, share that with me? (imagine me being coy) From a German Blonde (not Techno Girl), Blondie
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.