Spybot won't execute on Windows 7

[Stephen Clark]

Hello:

I have been lead here by your FAQ, as I can't get Spybot S&D to start even after removing .scr files as directed.

This is on my wife's machine Kitty4, on my machine it runs correctly. Both are Windows 7, and identically configured. On Kitty4, the only way I can get Spybot S&D to run is to do a clean re-install. But the next time I have a scheduled automated run, it does not execute. Then, if I try to execute manually, it does not start. From then on, it will not execute, unless I re-install again.

I have found the randomly named .scr files, and removed them but it does not correct the problem. I would appreciate any help you can offer. I am puzzled why it runs perfectly on my machine, but not hers!

Thanks,

Stephen Clark

Start DDS File:

_______________________________________________________________

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Kitty Clark at 15:33:39 on 2011-11-17
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4094.2610 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\splwow64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk"&"inst=NzctNzExNTI1MDAxLVhPMTArMTEtTElDKzItVklQKzEtRkwxMCsxLVRVRyszLUREVCs2MTY
wMy1ERDEwRisxLVNUMTBGQVBQKzEtU1QxMkZPSSsxLUVVTEErMS1TVDEyRkFQUCsx"&"prod=90"&"ver=2012.0.1809"&"mid=ec2ba82855f747d6a39abdb90fe
5910e-473b8ab7618aadb6b0f68fdc49d2c8fec08d808c
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 216.230.224.34 216.230.227.34
TCP: Interfaces\{B238F230-1086-475C-9FF8-8E85232E8E4E} : DhcpNameServer = 216.230.224.34 216.230.227.34
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO-X64: Canon Easy-WebPrint EX BHO - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk"&"inst=NzctNzExNTI1MDAxLVhPMTArMTEtTElDKzItVklQKzEtRkwxMCsxLVRVRysz
LUREVCs2MTYwMy1ERDEwRisxLVNUMTBGQVBQKzEtU1QxMkZPSSsxLUVVTEErMS1TVDEyRkFQUCsx"&"prod=90"&"ver=2012.0.1809"&"mid=
ec2ba82855f747d6a39abdb90fe5910e-473b8ab7618aadb6b0f68fdc49d2c8fec08d808c
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kitty Clark\AppData\Roaming\Mozilla\Firefox\Profiles\z49pdjoq.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/nwshp?gl=us&ned=us&topic=e|http://www.rushlimbaugh.com/|http://www.foxnews.com/|http://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&q=
FF - component: C:\Documents and Settings\Kitty Clark.KITTY3\Application Data\Mozilla\Firefox\Profiles\hwi43x7r.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: C:\Documents and Settings\Kitty Clark.KITTY3\Application Data\Mozilla\Firefox\Profiles\hwi43x7r.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox\components\avgssff.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SBRE;SBRE;\??\C:\Windows\system32\drivers\SBREdrv.sys --> C:\Windows\system32\drivers\SBREdrv.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 ES lite Service;ES lite Service for program management.;C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe [2011-4-11 68136]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-11-8 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-8-3 379496]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SrvHsfPCI;SrvHsfPCI;C:\Windows\system32\DRIVERS\VSTBS26.SYS --> C:\Windows\system32\DRIVERS\VSTBS26.SYS [?]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
R3 UsbFltr;WayTech USB Filter Driver;C:\Windows\system32\Drivers\UsbFltr.sys --> C:\Windows\system32\Drivers\UsbFltr.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP1a\RpcAgentSrv.exe [2011-4-13 93848]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-11-17 21:09:56 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0682407D-7803-4EA3-B6B6-B3BA3DF27427}\offreg.dll
2011-11-16 22:52:34 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0682407D-7803-4EA3-B6B6-B3BA3DF27427}\mpengine.dll
2011-11-12 19:57:24 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-11-12 19:57:24 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-11-12 19:57:24 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-11-12 19:57:24 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-11-12 19:57:24 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-11-12 19:57:24 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-11-12 19:57:24 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-11-08 19:19:16 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-08 19:19:10 3144704 ----a-w- C:\Windows\System32\win32k.sys
2011-11-08 19:19:01 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-08 19:19:01 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-10-26 00:54:49 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-10-24 20:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 20:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
==================== Find3M ====================
.
2011-11-17 21:10:04 25640 ----a-w- C:\Windows\gdrv.sys
2011-10-04 20:00:57 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-26 21:45:12 627600 ----a-w- C:\Windows\System32\deployJava1.dll
2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-01 00:21:15 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-08-31 04:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-08-31 04:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-08-31 04:05:32 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-08-31 04:05:32 212840 ----a-w- C:\Windows\System32\dnssdX.dll
2011-08-31 04:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-08-31 04:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-08-31 04:05:04 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-08-31 04:05:04 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2011-08-27 05:37:49 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-27 05:37:48 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-27 04:26:27 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-27 04:26:27 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
.
============= FINISH: 15:34:19.36 ===============

[ken545]

Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Sorry for the delay, we get a bit busy and sometimes a thread falls through the cracks, but I am linked to you now.

I am not looking at anything malicious on your log but do see some issues with AVG , looks like you tried to remove it at one time, it may have not been a clean uninstall. Run one of these AVG Removal tools , then reboot and try Spybot again.

http://www.avg.com/us-en/download-tools
http://download.avg.com/filedir/util..._2011_1322.exe

[Stephen Clark]

Thanks for your suggestion. I have in the interim successfully installed Spybot so that it will execute from the start menu, but it still will not run when I schedule an execution such as 3:00PM every Tues,Thurs, & Sun. Nothing happens. On my machine I can clearly see it executing, and I have used exactly the same settings in advanced mode for the machine in question, Kitty4.

The first AVG link you gave me is an advertisement for a paid AVG product, so I did not use it. The second link provided a de-installer, which I installed and ran, but didn't seem to do much when I executed it; a command line window opened briefly, then closed immediately.

The next opportunity for me to test is a scheduled execution tomorrow at 3:00 PM, then I will report the results to you.

[ken545]

Lets try this link for AVG
http://techdows.com/2010/10/download...oval-tool.html

Lets run a few scans and if nothing is found to suggest your computer is infected and preventing Spybot from running than I will link you to the Spybot forum that can help you with Spybot.



Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan


On completion of the scan click save log, save it to your desktop and post in your next reply








Please download Malwarebytes from Here or Here

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected .
• When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
• Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

Post the report please

[Stephen Clark]

OK, Ken:

AVG remover seemed to execute properly.

AVAST log:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-28 15:59:02
-----------------------------
15:59:02.715 OS Version: Windows x64 6.1.7601 Service Pack 1
15:59:02.715 Number of processors: 2 586 0x602
15:59:02.716 ComputerName: KITTY4 UserName:
15:59:03.440 Initialize success
15:59:13.754 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
15:59:13.759 Disk 0 Vendor: WDC_WD7500AADS-32L5B1 01.01A01 Size: 715404MB BusType: 3
15:59:15.775 Disk 0 MBR read successfully
15:59:15.780 Disk 0 MBR scan
15:59:15.785 Disk 0 Windows 7 default MBR code
15:59:15.793 Service scanning
15:59:16.734 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
15:59:17.372 Modules scanning
15:59:17.380 Disk 0 trace - called modules:
15:59:17.391 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
15:59:17.400 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c21060]
15:59:17.409 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa800478fd20]
15:59:17.418 5 ACPI.sys[fffff88000ef87a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0xfffffa8004a19060]
15:59:17.423 Scan finished successfully
15:59:51.860 Disk 0 MBR has been saved successfully to "C:\Users\Kitty Clark\Downloads\MBR.dat"
15:59:51.865 The log file has been saved successfully to "C:\Users\Kitty Clark\Downloads\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-28 16:11:58
-----------------------------
16:11:58.853 OS Version: Windows x64 6.1.7601 Service Pack 1
16:11:58.853 Number of processors: 2 586 0x602
16:11:58.853 ComputerName: KITTY4 UserName:
16:11:59.609 Initialize success
16:12:03.329 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
16:12:03.336 Disk 0 Vendor: WDC_WD7500AADS-32L5B1 01.01A01 Size: 715404MB BusType: 3
16:12:05.360 Disk 0 MBR read successfully
16:12:05.366 Disk 0 MBR scan
16:12:05.370 Disk 0 Windows 7 default MBR code
16:12:05.373 Service scanning
16:12:08.967 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
16:12:10.070 Modules scanning
16:12:10.072 Disk 0 trace - called modules:
16:12:10.094 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys
16:12:10.097 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c21060]
16:12:10.100 3 CLASSPNP.SYS[fffff8800161743f] -> nt!IofCallDriver -> [0xfffffa8004a17580]
16:12:10.102 5 ACPI.sys[fffff88000f9d7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0xfffffa8004a19060]
16:12:10.105 Scan finished successfully
16:12:24.895 Disk 0 MBR has been saved successfully to "C:\Users\Kitty Clark\Downloads\MBR.dat"
16:12:24.903 The log file has been saved successfully to "C:\Users\Kitty Clark\Downloads\aswMBR.txt"

--------------------------------------------------------------------------

Malwarebytes found nothing. Log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8261

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

11/28/2011 4:20:11 PM
mbam-log-2011-11-28 (16-20-11).txt

Scan type: Quick scan
Objects scanned: 206680
Time elapsed: 3 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



------------------------------------------------------------------------------

[ken545]

Hi,

aswMBR checks for Rootkit type of infections and it found none, and MBAM came back clean, lets do this, post here in the Spybot forum, you can link them to this thread so they can see what we have done, these fine people know Spybot inside and out and I am sure they can get you up and running, if by chance they still feel its malware than post back and we can dig deeper, I will keep this thread open for you for about a week so post back and let me know how it went.

Post here
http://forums.spybot.info/forumdisplay.php?f=4

Ken

[Stephen Clark]

OK, will do. Thanks for your help, Ken!

I posted in the Spybot forum tonight.

[ken545]

[Stephen Clark]

Hello Ken:

Spybot S & D forum was helpful, but has not replied in four days. Thread:

http://forums.spybot.info/showthread...411#post417411


My last post to them:


"I examined the Task Scheduler settings, and changed the User from Stephen to Kitty, verified other settings and saved it yesterday. Today at 3:00PM it still did not appear to execute on either User. However I checked the Spybot log files, and it did execute on time as scheduled. Why does it not show up on either User I am logged on to?"

So, it is executing on time, but just not showing up on the screen ( it is running in the background ). How do I remedy this?

Thanks,

Stephen Clark

[ken545]

Stephan,

Just hang on I have notified and administrator , help is on the way