[Gr3iz]

My sister has suddenly gotten the dreaded red shield indicating a security issue on her Win XP Home system. I believe she's up to SP3. She's using CA anti-virus (I can find out the exact flavor if need be).

It started this morning. She emailed me telling me she's got the Antivirus 2009 malware. I instructed her to get MalwareBytes' mbam. She ran it and said it didn't find it. She said there was the red circle with the white x on it.

Well, after going around and around all day (while I'm at work!), I think what's really going on is that that is really a Windows red shield, not a circle. In the Security Center it's telling her that her AV is out of date. She insists it is not. She's manually run the update and CA reports being up to date.

It dawned on me that today is the 2nd Tuesday. Maybe Microsoft has released some update that conflicts with CA? Anybody else having any issues like this? Any other thoughts?

[Phantom010]

No Windows Updates today.

I would have her run HijackThis as follows:

Please click here to download and install the HijackThis installer.

Run it and select Do a system scan and save a logfile.

The log will be saved in Notepad. Copy and paste the log in your next post.

Do not fix anything

[Gr3iz]

She sent me the HJT file, but it seems at every line break either Hotmail (her email provider) or Eudora (my email client) inserted an "=". I started removing some, but I'm not sure whether some of them are supposed to be there. I guess you can get the jist of it.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:28:46 PM=2C on 10/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\EZBackitup\EZBkuptray.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\EZBackitup\EZBackitup.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\EZBackitup\EZBackitup.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\EZBackitup\EZBackitup.exe
C:\Program Files\EZBackitup\EZBackitup.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main=2CDefault_Page_URL =3D =
http://go.microsoft.com/fwlink/?LinkId=3D69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main=2CDefault_Search_URL =
=3D http://go.microsoft.com/fwlink/?LinkId=3D54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main=2CSearch Page =3D http:=
//go.microsoft.com/fwlink/?LinkId=3D54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main=2CStart Page =3D http:/=
/go.microsoft.com/fwlink/?LinkId=3D69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings=2CPro=
xyOverride =3D 127.0.0.1
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-5=
16ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE=
0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Pr=
ogram Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910=
} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -=
c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C5=
88A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -=
C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABEC=
AE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Progr=
am Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\=
cctray\cctray.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Sui=
te\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\=
CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Rea=
der 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Quick=
Cam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" =
-atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusc=
hed.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malware=
bytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EZBack-it-up Tray Scheduler] C:\Program Files\EZBackitup=
\EZBkuptray.exe
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft L=
ocation Finder\LocationFinder.exe"
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: hp psc 2000 Series.lnk =3D C:\Program Files\Hewlett-Pa=
ckard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: officejet 6100.lnk =3D ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~=
1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\P=
ROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\=
WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll=2C-20001 - {e2e2dd38-d088-4134-8=
2b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\=
Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0=
0C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - ht=
tp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_s=
ite.cab?1239221666219
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PR=
OGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA=
~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PRO=
GRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SAS=
WINLO.dll
O23 - Service: CaCCProvSP - CA=2C Inc. - C:\Program Files\CA\CA Internet Se=
curity Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International=2C Inc. - C:\Pro=
gram Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA=
=2C Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsyst=
ems=2C Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program File=
s\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee=2C Inc. - C:\Program Fil=
es\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PPCtlPriv - CA=2C Inc. - C:\Program Files\CA\CA Internet Sec=
urity Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: stllssvr - MicroVision Development=2C Inc. - C:\Program File=
s\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: VET Message Service (VETMSGNT) - CA=2C Inc. - C:\Program Fil=
es\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

[Phantom010]

She's going to have to give you precise details. What is the error message exactly?

[paz_48864]

I'm having exactly the same problem. The Windows Security Center is complaining that "CA Anti-Virus reports that it might be out of date". It is not. I verified it, manually did an update. Rebooted the computer, still the same message.

[Gr3iz]

She said:
~~~~~~~~~~~~~~~
in the windows security, under automatic updates is says ON
firewall ON
virus protection OUT OF DATE
~~~~~~~~~~~~~~~


Yet, her CA definitions are up to date.

[Gr3iz]

I still suspect either MS or CA provided an update that is not compatible with the other.

[Phantom010]

First, make sure her computer has the correct date and time.

Second, read this.

[Gr3iz]

I just found this in another forum:
I updated today and windows said that my anti virus was out of date. I do have 4 green checkmarks in my ca security overview. So I called Time Warner since I have their free version. They said that they know about the situation and said it is with windows and it should be fixed with 24 hours.

[Gr3iz]

My sister emailed me this morning. CA came out with a fix, installed it on her PC, rebooted as requested, and problem gone.

[Gr3iz]

CA auto-updated the software, like they normally do for definition updates, and requested a reboot. When it came back up, all was good. That's all I know. She's about 2000 miles from here. I did not see the PC myself.