Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - 4on4off

Pages: 1 2 [3] 4
31
Analysis and Malware Removal / Re: Smart pc Cleaner
« on: August 23, 2012, 09:56:12 PM »
I will be giving it back my friend when I see him at work tonight. I didn't see any of the usual stuff I expected but I believe his son downloads anything that says it is free what he was telling me when he visits the game sites....not good.

He thought he might have a bad infection but we will see if he has any issues.

Thanks again.

4

32
Analysis and Malware Removal / Re: Smart pc Cleaner
« on: August 23, 2012, 07:31:04 PM »
The funny thing is when he was telling me about the pop up he said it was winsecurity or something. I didn't like the sound of that as that was the bugger that got me started helping others because it crippled me that day.

I was also concerned cuz he said he was unable to log on to certain sites for hunting but was able to on other machines. I had run some scans before posting and mwb found a few things that I believe were associated with the gaming sites that his kid plays on.

When nothing came up regarding the smart pc cleaner I thought I may need a little help, although RKILL found no malware to stop.

Anyway, thanks again for putting me at ease as this seems to have just needed a "surface cleaning" but I will get it back to him and see if he has any issues.

4

33
Analysis and Malware Removal / Re: Smart pc Cleaner
« on: August 23, 2012, 01:49:27 PM »
Hi Corrine,

No problem removing Smart PC Cleaner.

He does have a current license for McAfee, I just disabled it while running DDS.

Adobe has been updated and the AVG/Norton remnants dealt with.

Thank you for the advice.

4

34
Analysis and Malware Removal / Smart pc Cleaner
« on: August 23, 2012, 05:14:03 AM »
Hello,

My friend at work has been having issued with his laptop. He is running win7 home premium. The main thing that he has been noticing is a popup for Smart pc Cleaner that pops up whenever he starts his laptop that says he has some outlandish number of things that need to be checked.

Here is the checkup log:

  Results of screen317's Security Check version 0.99.46 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 9 
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Firewall Enabled! 
McAfee Anti-Virus and Anti-Spyware   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````[/u]
 Malwarebytes Anti-Malware version 1.62.0.1300 
 Smart PC Cleaner v3.0 
 Adobe Reader X 10.1.3 Adobe Reader out of Date! 
````````Process Check: objlist.exe by Laurent````````[/u] 
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````[/u]

Here is the DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Arrowhead at 23:03:42 on 2012-08-22
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.1900.841 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Shop To Win\ShopToWin.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\SelectRebates\SelectRebates.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe
C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\ytbb.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k defragsvc
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.tdn.com/
uDefault_Page_URL = hxxp://acer.msn.com
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
uURLSearchHooks: FCToolbarURLSearchHook Class: {5e89d89e-4280-65b4-95ac-388697067b31} - C:\Program Files (x86)\Shop to Win 28\Helper.dll
uURLSearchHooks: H - No File
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Qwiklinx: {3e7c8b5a-96ab-438f-bf9b-782400655440} - C:\Users\Arrowhead\AppData\Roaming\Qwiklinx\Qwiklinx.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120714144935.dll
BHO: DefaultTab Browser Helper: {7f6afbf1-e065-4627-a2fd-810366367d01} - C:\Users\Arrowhead\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Shop to Win: {a0d2864a-05fa-91f4-a5cc-def70d52f5af} - C:\Program Files (x86)\Shop to Win 28\Shop to Win 28.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: TheSea.TheSeaPlugin: {c585d593-e7f3-4852-a200-561686ee02e4} - mscoree.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: ShopAtHomeIEHelper Class: {e8daaa30-6caa-4b58-9603-8e54238219e2} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB: ShopAtHome.com Toolbar: {98279c38-de4b-4bcf-93c9-8ec26069d6f4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: TheSeaApp: {c585d593-e7f4-4852-a200-561686ee02e4} - mscoree.dll
uRun: [Smart PC Cleaner] C:\Program Files (x86)\Smart PC Cleaner\SPCLauncher.exe
uRun: [Shop To Win] C:\Program Files (x86)\Shop To Win\ShopToWin.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SelectRebates] C:\Program Files (x86)\SelectRebates\SelectRebates.exe
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{32ABD6CA-786B-43B5-AEC8-D7EED6D70F4D} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{32ABD6CA-786B-43B5-AEC8-D7EED6D70F4D}\7427561637976627F676 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{32ABD6CA-786B-43B5-AEC8-D7EED6D70F4D}\84F4D454D253545323 : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{B3917305-A200-44C0-9D84-D55943D066B9} : DhcpNameServer = 40.12.1.201 40.12.1.202
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
BHO-X64:     0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64:     AcroIEHelperStub - No File
BHO-X64: Qwiklinx: {3E7C8B5A-96AB-438F-BF9B-782400655440} - C:\Users\Arrowhead\AppData\Roaming\Qwiklinx\Qwiklinx.dll
BHO-X64:     Qwiklinx - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120714144935.dll
BHO-X64:     scriptproxy - No File
BHO-X64: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Arrowhead\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
BHO-X64:     DefaultTabBHO - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO-X64: Shop to Win: {A0D2864A-05FA-91F4-A5CC-DEF70D52F5AF} - C:\Program Files (x86)\Shop to Win 28\Shop to Win 28.dll
BHO-X64:     FCTBPos00Pos - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: TheSea.TheSeaPlugin: {C585D593-E7F3-4852-A200-561686EE02E4} - mscoree.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: ShopAtHomeIEHelper Class: {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
BHO-X64:     ShopAtHomeIEHelper - No File
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB-X64: ShopAtHome.com Toolbar: {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB-X64: {c585d593-e7f4-4852-a200-561686ee02e4} - No File
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SelectRebates] C:\Program Files (x86)\SelectRebates\SelectRebates.exe
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-7-14 352336]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-9-26 872552]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-1-17 29696]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-14 13336]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-7-14 244624]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-7-14 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-7-14 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-4-23 256832]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-9-26 2656280]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-25 935008]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DefaultTabUpdate;DefaultTabUpdate;C:\Users\Arrowhead\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [2012-8-1 107520]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-8-2 136176]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-4-2 173424]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-8-2 136176]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-7-14 224704]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
S4 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-08-23 03:52:55   --------   d-----w-   C:\Users\Arrowhead\AppData\Roaming\Malwarebytes
2012-08-23 03:52:45   --------   d-----w-   C:\ProgramData\Malwarebytes
2012-08-23 03:52:44   24904   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2012-08-23 03:52:44   --------   d-----w-   C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-19 03:19:03   503808   ----a-w-   C:\Windows\System32\srcore.dll
2012-08-19 03:19:03   43008   ----a-w-   C:\Windows\SysWow64\srclient.dll
2012-08-19 03:18:55   751104   ----a-w-   C:\Windows\System32\win32spl.dll
2012-08-19 03:18:55   559104   ----a-w-   C:\Windows\System32\spoolsv.exe
2012-08-19 03:18:54   67072   ----a-w-   C:\Windows\splwow64.exe
2012-08-19 03:18:54   492032   ----a-w-   C:\Windows\SysWow64\win32spl.dll
2012-08-19 03:18:44   59392   ----a-w-   C:\Windows\System32\browcli.dll
2012-08-19 03:18:44   136704   ----a-w-   C:\Windows\System32\browser.dll
2012-08-19 03:18:42   41984   ----a-w-   C:\Windows\SysWow64\browcli.dll
2012-08-19 03:18:34   3148800   ----a-w-   C:\Windows\System32\win32k.sys
2012-08-19 03:17:59   956928   ----a-w-   C:\Windows\System32\localspl.dll
2012-08-09 17:27:43   --------   d-----w-   C:\Program Files (x86)\Common Files\Symantec Shared
2012-08-04 05:43:53   --------   d-----w-   C:\Windows\System32\drivers\NSSx64\0307020.005
2012-08-04 05:43:53   --------   d-----w-   C:\Windows\System32\drivers\NSSx64
2012-08-04 05:43:52   --------   d-----w-   C:\Program Files (x86)\Norton Security Scan
2012-08-04 05:43:49   --------   d-----w-   C:\ProgramData\Norton
2012-08-04 05:43:39   --------   d-----w-   C:\ProgramData\NortonInstaller
2012-08-04 05:43:39   --------   d-----w-   C:\Program Files (x86)\NortonInstaller
2012-08-04 04:13:43   --------   d-----w-   C:\Users\Arrowhead\AppData\Local\Unity
2012-08-02 18:25:35   --------   d-----w-   C:\Windows\SysWow64\Adobe
2012-08-02 02:19:17   --------   d-----w-   C:\Users\Arrowhead\AppData\Local\visi_coupon
2012-08-02 02:19:08   --------   d-----w-   C:\extensions
2012-08-02 02:19:03   --------   d-----w-   C:\Users\Arrowhead\AppData\Roaming\Qwiklinx
2012-08-02 02:19:02   --------   d-----w-   C:\Program Files (x86)\Qwiklinx
2012-08-02 02:18:34   --------   d-----w-   C:\Program Files (x86)\Shop to Win 28
2012-08-02 02:18:08   --------   d-----w-   C:\Program Files (x86)\Playalot Games
2012-08-02 02:17:20   --------   d-----w-   C:\Program Files (x86)\Shop To Win
2012-08-02 02:16:08   --------   d-----w-   C:\Users\Arrowhead\AppData\Roaming\Smart PC Cleaner
2012-08-02 02:16:06   --------   d-----w-   C:\Program Files (x86)\Free Offers from Freeze.com
2012-08-02 02:16:01   --------   d-----w-   C:\Users\Arrowhead\AppData\Roaming\DefaultTab
2012-08-02 02:15:35   --------   d-----w-   C:\Program Files (x86)\The Sea App (Internet Explorer)
2012-08-02 02:15:21   --------   d-----w-   C:\Program Files (x86)\Smart PC Cleaner
2012-08-02 02:14:40   --------   d-----w-   C:\Program Files (x86)\Yahoo!
2012-08-01 16:34:07   --------   d-----w-   C:\ProgramData\HipSoft
2012-07-27 21:22:24   --------   d-----w-   C:\Users\Arrowhead\AppData\Roaming\runic games
2012-07-27 17:43:30   --------   d-----w-   C:\Users\Arrowhead\AppData\Roaming\FloodLightGames
2012-07-27 17:43:30   --------   d-----w-   C:\ProgramData\FloodLightGames
2012-07-27 16:21:08   737072   ----a-w-   C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-07-27 16:20:38   4283672   ----a-w-   C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-07-27 16:20:12   42776   ----a-w-   C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-07-27 16:20:03   539984   ----a-w-   C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-07-26 02:29:21   --------   d-----w-   C:\Users\Arrowhead\AppData\Local\Apple Computer
2012-07-26 02:29:19   --------   d-----w-   C:\Users\Arrowhead\AppData\Roaming\Barnes & Noble
2012-07-26 01:32:33   --------   d-----w-   C:\Users\Arrowhead\AppData\Roaming\Jewel Match 3
2012-07-25 22:49:56   --------   d-----w-   C:\Users\Arrowhead\AppData\Roaming\Mystery of Mortlake Mansion
.
==================== Find3M  ====================
.
2012-06-29 03:56:34   2312704   ----a-w-   C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11   1392128   ----a-w-   C:\Windows\System32\wininet.dll
2012-06-29 03:48:07   1494528   ----a-w-   C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49   173056   ----a-w-   C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48   2382848   ----a-w-   C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58   1800704   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01   1129472   ----a-w-   C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59   1427968   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43   142848   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45   2382848   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2012-06-06 06:06:16   2004480   ----a-w-   C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16   1881600   ----a-w-   C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54   1133568   ----a-w-   C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52   1390080   ----a-w-   C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52   1236992   ----a-w-   C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06   805376   ----a-w-   C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:19:42   186752   ----a-w-   C:\Windows\System32\wuwebv.dll
2012-06-02 22:15:31   2622464   ----a-w-   C:\Windows\System32\wucltux.dll
2012-06-02 22:15:12   36864   ----a-w-   C:\Windows\System32\wuapp.exe
2012-06-02 22:15:08   99840   ----a-w-   C:\Windows\System32\wudriver.dll
2012-06-02 05:50:10   458704   ----a-w-   C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16   95600   ----a-w-   C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16   151920   ----a-w-   C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31   340992   ----a-w-   C:\Windows\System32\schannel.dll
2012-06-02 05:44:21   307200   ----a-w-   C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42   22016   ----a-w-   C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39   225280   ----a-w-   C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10   219136   ----a-w-   C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09   96768   ----a-w-   C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 23:04:29.09 ===============

Here is the Attach log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/11/2012 9:50:04 PM
System Uptime: 8/22/2012 9:34:26 PM (2 hours ago)
.
Motherboard: Acer |  | HMA51_HR
Processor: Intel(R) Celeron(R) CPU B800 @ 1.50GHz | CPU1 | 795/1067mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 218 GiB total, 178.024 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP34: 6/15/2012 4:26:40 PM - Windows Update
RP35: 7/5/2012 10:52:30 PM - Windows Update
RP36: 7/14/2012 2:44:07 PM - Windows Update
RP37: 7/18/2012 1:13:13 PM - Windows Update
RP38: 7/31/2012 10:02:15 AM - Scheduled Checkpoint
RP39: 8/9/2012 10:08:16 AM - Scheduled Checkpoint
RP40: 8/19/2012 9:33:29 AM - Windows Update
.
==== Installed Programs ======================
.
Acer Backup Manager
Acer Crystal Eye Webcam
Acer ePower Management
Acer eRecovery Management
Acer Games
Acer Registration
Acer ScreenSaver
Acer Updater
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3) MUI
Adobe Shockwave Player 11.6
Agatha Christie - Death on the Nile
Alcor Micro USB Card Reader
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
AVG Security Toolbar
Backup Manager V3
Big Fish Games: Game Manager
Bing Bar
clear.fi
clear.fi Client
D3DX10
DefaultTab
eBay Worldwide
FATE: The Cursed King
Final Drive: Nitro
Galerie de photos Windows Live
Google Toolbar for Internet Explorer
Google Update Helper
Governor of Poker 2 Premium Edition
Identity Card
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Jewel Match 3
Junk Mail filter update
Launch Manager
Malwarebytes Anti-Malware version 1.62.0.1300
McAfee Internet Security Suite
Mesh Runtime
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSVCRT_amd64
Mystery of Mortlake Mansion
MyWinLocker 4
MyWinLocker Suite
newsXpresso
NOOK for PC
Norton Online Backup
Norton Security Scan
NTI Media Maker 9
Penguins!
Plants vs. Zombies
Plants vs. Zombies - Game of the Year
Playalot Games
Polar Bowler
Polar Golfer
Qwiklinx
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Shop To Win
ShopAtHome.com Toolbar
Shredder
Skype™ 5.3
Smart PC Cleaner v3.0
swMSM
The Sea App (Internet Explorer)
Times Reader
Torchlight
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update Installer for WildTangent Games App
Virtual Villagers 5 - New Believers
Welcome Center
WildTangent Games App (Acer Games)
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Software Update
Yahoo! Toolbar
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
8/22/2012 9:34:10 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
8/22/2012 8:59:37 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
8/22/2012 8:55:41 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/22/2012 8:55:41 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/22/2012 8:55:39 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/22/2012 8:55:34 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  discache mwlPSDFilter mwlPSDNServ mwlPSDVDisk spldr Wanarpv6
8/22/2012 8:55:34 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/22/2012 10:50:06 PM, Error: Service Control Manager [7034]  - The DefaultTabUpdate service terminated unexpectedly.  It has done this 1 time(s).
8/19/2012 9:33:03 AM, Error: Service Control Manager [7031]  - The McAfee McShield service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
8/19/2012 9:32:49 AM, Error: Service Control Manager [7034]  - The McAfee Scanner service terminated unexpectedly.  It has done this 1 time(s).
.
==== End Of File ===========================


I think I got that right.

4

35
Analysis and Malware Removal / Re: slow infected laptop
« on: July 19, 2012, 09:56:33 PM »
Well, I figured to just leave well enough alone. I have returned her laptop to here as it is great working order compared to when I got it. If I come across here and she has it with her I will give safe mode a try.

4

36
Analysis and Malware Removal / Re: slow infected laptop
« on: July 19, 2012, 01:06:32 AM »
I didn't thinks so..Nothing is missing compared to the screen shot. I only get a create shortcut option with a right click and I can't drag it anywhere.

4

37
Analysis and Malware Removal / Re: slow infected laptop
« on: July 19, 2012, 12:12:44 AM »
Hi Corrine,

Just got done replacing the keyboard and that fixed the beeping at start up and selection of os. I ran the sfc scan again and same thing at 89% with the reported corrupted files. Also, when I fired it back up it ran the check disc and did some things along the lines of deleting and replacing this and that.

The thing is running great and I am sure she will be pleased, and my brother especially since he will not have to buy her a new laptop.

I do have one question tho... In the control panel there is a blank icon, I am not sure if it was there before or after the cleaning. Is this something to be too concerned about? Can it be safely deleted?

Thanks again for all your help.

4

38
Analysis and Malware Removal / Re: slow infected laptop
« on: July 16, 2012, 01:47:47 PM »
Hi Corrine,

Thank you again for the help.

4

39
Analysis and Malware Removal / Re: slow infected laptop
« on: July 15, 2012, 10:15:25 PM »
Hi Corrine,

Finally was able to uninstall adobe 8 and install the latest update you link. I checked windows update and there were no new security updates available. I forgot to check installed updates before I started the defrag this morning when I got off work and I didn't want to until it was done. It is still running as I type.

I still get the beeping and choice for os at start up and I ran the sfc a second time and it gave the same error at 89% complete:

"Windows Resource ???? found some corrupted files but was not able to fix all of them"

Once the defrag finishes I will run the sfc scan a third time, hopefully it is done before I go in for my last night shift.

Other than that, just waiting for the keyboard to show up so I can try to replace it.

Thanks for all your help on this.

4

40
Analysis and Malware Removal / Re: slow infected laptop
« on: July 14, 2012, 08:02:16 PM »
If have uninstallled the applications as you instructed and I will defrag and check the security updates and let you know.

4

41
Analysis and Malware Removal / Re: slow infected laptop
« on: July 14, 2012, 05:13:48 PM »
Hello Corrine,

Sorry, I followed your suggestions last couple go arounds but forgot to give you an update on how it is running.

I just fired it up and bounced around to a few sites, it is responding alot faster when opening a browser and moving from site to site. I pulled up some videos and they seems to run fine although I do not know how that was behaving before.

I upon MSE and it says it is up to date and when I update it manually it seems to do fine.

I noticed she had the volume on mute. There is a noise in the background but I think it has to do with the key board having something spilled on it. Whenever I log on the / key repeats like it is being pressed. I knew keyboard is on the way and I will try to replace that. Hopefully there is no damage below.

4

42
Analysis and Malware Removal / Re: slow infected laptop
« on: July 14, 2012, 04:51:27 AM »


Quote
Hi, 4on4off.

Since your niece is using the sidebar gadget, please see Microsoft Security Advisory 2719662, Gadget Vulnerability.

This is the second time in two days that an ESET scan has detected DataSafe.  It appears to be a f/p.  The Qoobox are items in ComboFix quarantine.  The remaining items are in the downloads folder and can be deleted from there:

C:\Users\Aaliyah Kilbourne\Downloads\cnet_FacadeInstaller103p_exe.exe
C:\Users\Aaliyah Kilbourne\Downloads\flstudio_10.0.9.exe
C:\Users\Aaliyah Kilbourne\Downloads\installer_adobe_premiere_pro_1_5_English.exe
C:\Users\Aaliyah Kilbourne\Downloads\MindQuizSetup.exe   
C:\Users\Aaliyah Kilbourne\Downloads\She_Wants_Revenge_-_Valleyheart_(2011)_mediaget.exe 


Hello Corrine,

Been a long day, waaaay too hot for me.

I deleted the above items per your intructions. I ran the script, Here is the log:

ComboFix 12-07-13.03 - Aaliyah Kilbourne 07/14/2012   1:15.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3034.1798 [GMT -4:00]
Running from: c:\users\Aaliyah Kilbourne\Desktop\ComboFix.exe
Command switches used :: c:\users\Aaliyah Kilbourne\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Aaliyah Kilbourne\AppData\Local\MediaGet2
c:\users\Aaliyah Kilbourne\AppData\Local\MediaGet2\Firefox\chrome.manifest
c:\users\Aaliyah Kilbourne\AppData\Local\MediaGet2\Firefox\chrome\content\mg_ffext.js
c:\users\Aaliyah Kilbourne\AppData\Local\MediaGet2\Firefox\chrome\content\mg_ffext.xul
c:\users\Aaliyah Kilbourne\AppData\Local\MediaGet2\Firefox\components\img_ffext.xpt
c:\users\Aaliyah Kilbourne\AppData\Local\MediaGet2\Firefox\components\mg_ffext.dll
c:\users\Aaliyah Kilbourne\AppData\Local\MediaGet2\Firefox\install.rdf
c:\users\Aaliyah Kilbourne\AppData\Local\MediaGet2\imageformats\qgif4.dll
c:\users\Aaliyah Kilbourne\AppData\Local\MediaGet2\imageformats\qjpeg4.dll
c:\users\Aaliyah Kilbourne\AppData\Local\MediaGet2\imageformats\qmng4.dll
c:\users\Aaliyah Kilbourne\AppData\Local\MediaGet2\libeay32.dll
c:\users\Aaliyah Kilbourne\AppData\Local\MediaGet2\mediaget-admin-proxy.exe
c:\users\Aaliyah Kilbourne\AppData\Local\MediaGet2\mediaget.exe
c:\users\Aaliyah Kilbourne\AppData\Local\MediaGet2\mgiehook.dll
c:\users\Aaliyah Kilbourne\AppData\Local\MediaGet2\parameters.txt
c:\users\Aaliyah Kilbourne\AppData\Local\MediaGet2\phonon_backend\phonon_vlc.dll
c:\users\Aaliyah Kilbourne\AppData\Local\MediaGet2\phonon4.dll
c:\users\Aaliyah Kilbourne\AppData\Local\MediaGet2\QtCore4.dll
c:\users\Aaliyah Kilbourne\AppData\Local\MediaGet2\QtGui4.dll
c:\users\Aaliyah Kilbourne\AppData\Local\MediaGet2\QtNetwork4.dll
c:\users\Aaliyah Kilbourne\AppData\Local\MediaGet2\QtXml4.dll
c:\users\Aaliyah Kilbourne\AppData\Local\MediaGet2\ssleay32.dll
c:\users\Aaliyah Kilbourne\AppData\Local\MediaGet2\unins000.dat
c:\users\Aaliyah Kilbourne\AppData\Local\MediaGet2\unins000.exe
c:\users\Aaliyah Kilbourne\AppData\Local\MediaGet2\unins000.msg
.
.
(((((((((((((((((((((((((   Files Created from 2012-06-14 to 2012-07-14  )))))))))))))))))))))))))))))))
.
.
2012-07-14 05:29 . 2012-07-14 05:29   --------   d-----w-   c:\users\Aaliyah Kilbourne\AppData\Local\temp
2012-07-14 05:29 . 2012-07-14 05:29   --------   d-----w-   c:\users\RA Media Server\AppData\Local\temp
2012-07-14 05:29 . 2012-07-14 05:29   --------   d-----w-   c:\users\Mcx1\AppData\Local\temp
2012-07-14 05:29 . 2012-07-14 05:29   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-07-14 05:29 . 2012-07-14 05:29   --------   d-----w-   c:\users\Aaliyah\AppData\Local\temp
2012-07-14 05:10 . 2012-07-14 05:10   29904   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{90C66F98-EE48-4A15-9609-95F68034C9EC}\MpKsl81271db7.sys
2012-07-14 05:09 . 2012-07-14 05:09   56200   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{90C66F98-EE48-4A15-9609-95F68034C9EC}\offreg.dll
2012-07-14 04:56 . 2012-06-18 07:14   6762896   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{90C66F98-EE48-4A15-9609-95F68034C9EC}\mpengine.dll
2012-07-12 22:17 . 2012-06-18 07:14   6762896   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-12 00:58 . 2012-07-12 00:58   --------   d-----w-   c:\program files\Common Files\Java
2012-07-12 00:57 . 2012-07-12 00:57   --------   d-----w-   c:\program files\Oracle
2012-07-12 00:56 . 2012-05-04 23:29   772504   ----a-w-   c:\windows\system32\npDeployJava1.dll
2012-07-11 21:11 . 2012-06-13 13:40   2047488   ----a-w-   c:\windows\system32\win32k.sys
2012-07-11 20:53 . 2012-06-05 16:47   708608   ----a-w-   c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 20:53 . 2012-06-05 16:47   1401856   ----a-w-   c:\windows\system32\msxml6.dll
2012-07-11 20:53 . 2012-06-05 16:47   1248768   ----a-w-   c:\windows\system32\msxml3.dll
2012-07-11 20:53 . 2012-06-04 15:26   440704   ----a-w-   c:\windows\system32\drivers\ksecdd.sys
2012-07-11 20:53 . 2012-06-02 00:04   278528   ----a-w-   c:\windows\system32\schannel.dll
2012-07-11 20:53 . 2012-06-02 00:03   204288   ----a-w-   c:\windows\system32\ncrypt.dll
2012-07-11 20:33 . 2012-02-09 18:17   713784   ------w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{386D93B8-F4E5-45D7-A17C-B974A0F47A5B}\gapaengine.dll
2012-07-11 20:24 . 2012-07-11 20:25   --------   d-----w-   c:\program files\Microsoft Security Client
2012-07-11 20:23 . 2010-04-05 20:00   221568   ----a-w-   c:\windows\system32\drivers\netio.sys
2012-07-11 19:52 . 2012-07-11 19:52   --------   d-----w-   c:\program files\VS Revo Group
2012-07-11 17:37 . 2012-07-11 17:37   --------   d-----w-   c:\users\Aaliyah Kilbourne\AppData\Roaming\Malwarebytes
2012-07-11 17:37 . 2012-07-11 17:37   --------   d-----w-   c:\programdata\Malwarebytes
2012-07-11 17:37 . 2012-07-11 17:37   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2012-07-11 17:37 . 2012-04-04 19:56   22344   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-07-03 09:26 . 2012-06-02 22:19   53784   ----a-w-   c:\windows\system32\wuauclt.exe
2012-07-03 09:26 . 2012-06-02 22:19   45080   ----a-w-   c:\windows\system32\wups2.dll
2012-07-03 09:26 . 2012-06-02 22:12   2422272   ----a-w-   c:\windows\system32\wucltux.dll
2012-07-03 09:26 . 2012-06-02 22:19   1933848   ----a-w-   c:\windows\system32\wuaueng.dll
2012-07-03 09:24 . 2012-06-02 22:19   35864   ----a-w-   c:\windows\system32\wups.dll
2012-07-03 09:24 . 2012-06-02 22:19   577048   ----a-w-   c:\windows\system32\wuapi.dll
2012-07-03 09:24 . 2012-06-02 22:12   88576   ----a-w-   c:\windows\system32\wudriver.dll
2012-07-03 09:23 . 2012-06-02 19:19   171904   ----a-w-   c:\windows\system32\wuwebv.dll
2012-07-03 09:23 . 2012-06-02 19:12   33792   ----a-w-   c:\windows\system32\wuapp.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-15 06:37 . 2012-06-12 20:56   916992   ----a-w-   c:\windows\system32\wininet.dll
2012-05-15 06:32 . 2012-06-12 20:55   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2012-05-15 06:32 . 2012-06-12 20:56   1469440   ----a-w-   c:\windows\system32\inetcpl.cpl
2012-05-15 06:31 . 2012-06-12 20:55   109056   ----a-w-   c:\windows\system32\iesysprep.dll
2012-05-15 06:31 . 2012-06-12 20:55   71680   ----a-w-   c:\windows\system32\iesetup.dll
2012-05-15 05:01 . 2012-06-12 20:56   385024   ----a-w-   c:\windows\system32\html.iec
2012-05-15 03:26 . 2012-06-12 20:55   133632   ----a-w-   c:\windows\system32\ieUnatt.exe
2012-05-15 03:23 . 2012-06-12 20:55   1638912   ----a-w-   c:\windows\system32\mshtml.tlb
2012-05-01 14:03 . 2012-06-12 20:38   180736   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
2012-04-23 16:00 . 2012-06-12 20:58   984064   ----a-w-   c:\windows\system32\crypt32.dll
2012-04-23 16:00 . 2012-06-12 20:58   133120   ----a-w-   c:\windows\system32\cryptsvc.dll
2012-04-23 16:00 . 2012-06-12 20:58   98304   ----a-w-   c:\windows\system32\cryptnet.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Facebook Update"="c:\users\Aaliyah Kilbourne\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-04-01 217088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-04-01 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-04-01 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-04-01 150552]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 3810304]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-01-30 206064]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-04-01 483428]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\Components\scheduler\Launcher.exe" [2009-02-23 165104]
.
c:\users\Aaliyah Kilbourne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dell Remote Access.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Dell Remote Access.lnk
backup=c:\windows\pss\Dell Remote Access.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Aaliyah Kilbourne^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\users\Aaliyah Kilbourne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Aaliyah Kilbourne^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\users\Aaliyah Kilbourne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2011-10-29 03:33   3292248   ----a-w-   c:\users\Aaliyah Kilbourne\AppData\Local\Akamai\netsession_win.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-04-13 06:29   47392   ----a-w-   c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 01:28   59240   ----a-w-   c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite]
2010-09-15 11:12   281744   ----a-w-   c:\program files\Carbonite\CarbonitePreinstaller.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell DataSafe Online]
2009-11-13 21:15   1807600   ----a-w-   c:\program files\Dell DataSafe Online\DataSafeOnline.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
2007-03-15 23:16   454784   ----a-w-   c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-07-11 21:22   138096   ----atw-   c:\users\Aaliyah Kilbourne\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-06-20 03:54   136176   ----atw-   c:\users\Aaliyah Kilbourne\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24   54840   ----a-w-   c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-06 23:05   421736   ----a-w-   c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2011-08-12 17:18   205336   ----a-w-   c:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 02:12   3872080   ----a-w-   c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2009-10-25 01:34   2923192   ----a-w-   c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-02-05 02:26   128232   ------w-   c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 23:36   421888   ----a-w-   c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 12:55   17148552   ----a-r-   c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2012-07-11 16:55   7609560   ----a-w-   c:\users\Aaliyah Kilbourne\AppData\Roaming\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2012-07-11 16:55   1192664   ----a-w-   c:\users\Aaliyah Kilbourne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 15:07   252296   ----a-w-   c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2009-06-17 11:44   85160   ----a-w-   c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23   1008184   ----a-w-   c:\program files\Windows Defender\MSASCui.exe
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe

.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL81271DB7
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation   REG_MULTI_SZ      FontCache
Akamai   REG_MULTI_SZ      Akamai
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4143027877-4185091322-3881734219-1000Core.job
- c:\users\Aaliyah Kilbourne\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-10 21:22]
.
2012-07-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4143027877-4185091322-3881734219-1000UA.job
- c:\users\Aaliyah Kilbourne\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-10 21:22]
.
2012-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4143027877-4185091322-3881734219-1000Core.job
- c:\users\Aaliyah Kilbourne\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-20 03:54]
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4143027877-4185091322-3881734219-1000UA.job
- c:\users\Aaliyah Kilbourne\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-20 03:54]
.
2012-07-14 c:\windows\Tasks\User_Feed_Synchronization-{6FE96B10-E20B-4E69-8FA4-D59D7FAF518A}.job
- c:\windows\system32\msfeedssync.exe [2012-06-12 03:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=Z045&form=ZGAPHP
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-MediaGet2 - c:\users\Aaliyah Kilbourne\AppData\Local\MediaGet2\mediaget.exe
MSConfigStartUp-MediaGet2 - c:\users\Aaliyah Kilbourne\AppData\Local\MediaGet2\mediaget.exe
AddRemove-{9193306E-5935-47E0-B458-2548778C1614}_is1 - c:\users\Aaliyah Kilbourne\AppData\Local\MediaGet2\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-14 01:29
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_4f7fccd.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(768)
c:\windows\System32\BCMLogon.dll
.
Completion time: 2012-07-14  01:32:01
ComboFix-quarantined-files.txt  2012-07-14 05:31
ComboFix2.txt  2012-07-11 23:23
.
Pre-Run: 56,675,319,808 bytes free
Post-Run: 56,637,390,848 bytes free
.
- - End Of File - - 58B680E69B4609359030EBE375D4B49B

4

43
Analysis and Malware Removal / Re: slow infected laptop
« on: July 13, 2012, 03:51:21 AM »
well, I turned around and it was done. Here is he log:

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=625d30c37a4ad24b8d4ac254655225bb
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-07-13 04:43:58
# local_time=2012-07-13 12:43:58 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 59754978 178738981 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=293409
# found=7
# cleaned=0
# scan_time=23182
C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe   a variant of Win32/HiddenStart.A application (unable to clean)   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\Program Files\Search Toolbar\SearchToolbar.dll.vir   Win32/Toolbar.Zugo application (unable to clean)   00000000000000000000000000000000   I
C:\Users\Aaliyah Kilbourne\Downloads\cnet_FacadeInstaller103p_exe.exe   a variant of Win32/InstallCore.D application (unable to clean)   00000000000000000000000000000000   I
C:\Users\Aaliyah Kilbourne\Downloads\flstudio_10.0.9.exe   Win32/OpenCandy application (unable to clean)   00000000000000000000000000000000   I
C:\Users\Aaliyah Kilbourne\Downloads\installer_adobe_premiere_pro_1_5_English.exe   Win32/Toggle application (unable to clean)   00000000000000000000000000000000   I
C:\Users\Aaliyah Kilbourne\Downloads\MindQuizSetup.exe   Win32/Toolbar.Zugo application (unable to clean)   00000000000000000000000000000000   I
C:\Users\Aaliyah Kilbourne\Downloads\She_Wants_Revenge_-_Valleyheart_(2011)_mediaget.exe   a variant of Win32/MediaGet application (unable to clean)   00000000000000000000000000000000   I

44
Analysis and Malware Removal / Re: slow infected laptop
« on: July 13, 2012, 03:31:35 AM »
It seems to be cruising thru the files now. It is sitting at 50% complete but I know she has a ton of stuff on this laptop so I will let it run and check it in the morning.

4

45
Analysis and Malware Removal / Re: slow infected laptop
« on: July 13, 2012, 01:28:22 AM »
Hello Corrine,

Just got home from work. I couldn't stand it so I called my kid and had him check the forum. He uninstalled Yontoo and I had him run the ESET scan again. It has been going for 4 hours now and has picked up 7 infections. It is still at the 46% mark again but it has scanned more files this time and is still counting. Just thought I would give you an update.

4

Pages: 1 2 [3] 4