Jump to content


Photo

Compaq laptop very sluggish


  • This topic is locked This topic is locked
18 replies to this topic

#1 brabirschorr

brabirschorr

    Member

  • Full Member
  • Pip
  • 70 posts

Posted 30 December 2012 - 08:02 PM

Hi – thanks in advance for your help. I have read the posting instructions and FAQs, and run the requested logs (posted below). Here is a brief description of the problem:
My daughter has a three year old Compaq Presario CQ60-210US laptop running Vista. Computer is sluggish. Sometimes it takes a very long time to start up, and then it's slow to launch programs. She ran the Malwarebytes program and detected/cleaned one trojan. The next day, she restarted computer after she closed out of a game because the computer was freezing up. She got an update for Adobe, and when the "allow?" prompt came up, the computer started freaking out, flashing between a "run" box and a dialogue box saying that some program she didn't recognize but that Google said is a spyware remover (ComboFix) had failed or couldn't launch. When she got that to close (it came back at least once, maybe twice, so she had to go through the closing process a couple of times, which was tricky with it freaking out and flashing back and forth), she tried to open Chrome so that she could look up the program, and ended up having to look it up on her iPod), and it wouldn't launch and gave her a failed to launch dialogue box (actually there were a few boxes, but she couldn't close any of them, so she could only see the one on top) which she took a picture of on her iPod. She was unable to close any of those boxes (and every so often another Chrome fail dialogue box would pop up, so she clicked it more than once), and had to do a hard shutdown. Today, the computer was slow at start up and sometimes when launching programs, but not as bad as what she had been experiencing the other day.

Malwarebytes scan:


Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.27.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19393
Ashley :: ALEC [administrator]

12/28/2012 6:36:03 PM
mbam-log-2012-12-28 (18-36-03).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 548153
Time elapsed: 5 hour(s), 4 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

DDS log:


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.19393 BrowserJavaVersion: 10.7.2
Run by Ashley at 23:47:25 on 2012-12-28
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1790.771 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Kaspersky Anti-Virus *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Anti-Virus *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\SafeConnect\scManager.sys
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SafeConnect\scClient.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Users\Ashley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ashley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ashley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ashley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ashley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ashley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ashley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ashley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ashley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtblfs.exe
C:\Users\Ashley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ashley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ashley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ashley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ashley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ashley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ashley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ashley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\ievkbd.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\klwtbbho.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Google Update] "c:\users\ashley\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Facebook Update] "c:\users\ashley\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [GameXN GO] "c:\programdata\gamexn\GameXNGO.exe" /startup
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\safeco~1.lnk - c:\program files\safeconnect\scClient.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\ashley\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\ievkbd.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\klwtbbho.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://avatar.mabinogi.com:88/renderer/mabiweb.2009.4.9.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{B628C769-CFE3-4DE8-8D6B-7E6EF68CCF9D} : DHCPNameServer = 158.65.8.11 158.65.3.66
TCP: Interfaces\{E6816D0A-6EE1-4CDD-9809-2F863C71F035} : DHCPNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: klogon - c:\windows\system32\klogon.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ashley\appdata\roaming\mozilla\firefox\profiles\9anuc329.default\
FF - component: c:\program files\kaspersky lab\kaspersky anti-virus 2012\ffext\linkfilter@kaspersky.ru\components\ff6\kavlinkfilter6.dll
FF - component: c:\program files\kaspersky lab\kaspersky anti-virus 2012\ffext\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - component: c:\program files\kaspersky lab\kaspersky anti-virus 2012\ffext\virtualkeyboard@kaspersky.ru\components\ff6\ffvkplugin6.dll
FF - component: c:\program files\kaspersky lab\kaspersky anti-virus 2012\ffext\virtualkeyboard@kaspersky.ru\components\ffvkplugin.dll
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\ashley\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\ashley\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\users\ashley\appdata\roaming\facebook\npfbplugin_1_0_0.dll
FF - plugin: c:\users\ashley\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\ashley\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\ashley\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2009-07-14 16:05; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2011-01-26 09:35; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-8-25 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-8-25 361032]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2011-3-10 23856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-8-25 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-8-25 58680]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19984]
.
=============== Created Last 30 ================
.
2012-12-28 06:57:30 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ff6a6e47-a537-47c3-bc08-00e9f02c50e4}\mpengine.dll
2012-12-27 06:57:35 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-27 06:57:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-21 21:51:56 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 21:51:55 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-18 22:09:37 -------- d-----w- c:\program files\iPod
2012-12-18 22:09:33 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-12-18 22:09:33 -------- d-----w- c:\program files\iTunes
2012-12-14 08:07:57 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-12-14 08:07:42 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-12-14 08:07:42 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-12-14 08:07:41 16896 ----a-w- c:\windows\system32\winusb.dll
2012-12-14 08:07:39 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-12-14 08:07:38 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-12-14 08:07:37 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-14 08:07:36 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-14 08:07:27 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-12-14 08:07:25 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-12-14 08:07:24 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-12-13 09:08:59 71680 ----a-w- c:\windows\system32\iesetup.dll
2012-12-13 09:08:59 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-12-13 09:08:59 197632 ----a-w- c:\program files\internet explorer\IEShims.dll
2012-12-13 09:08:59 109056 ----a-w- c:\windows\system32\iesysprep.dll
2012-12-13 09:08:57 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-12-13 09:08:39 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-10 21:44:45 -------- d-----w- c:\program files\SystemRequirementsLab
.
==================== Find3M ====================
.
2012-12-05 16:05:12 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-05 16:05:11 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-13 01:36:35 2048000 ----a-w- c:\windows\system32\win32k.sys
2012-11-09 10:42:46 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-09 10:36:43 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-09 09:01:43 385024 ----a-w- c:\windows\system32\html.iec
2012-11-09 07:13:56 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-02 10:18:17 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 08:26:06 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2012-10-30 23:51:58 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 23:51:57 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 23:51:07 41224 ----a-w- c:\windows\avastSS.scr
2012-10-25 08:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 08:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-10-04 09:07:43 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-04 09:07:18 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-04 09:07:18 746984 ----a-w- c:\windows\system32\deployJava1.dll
2009-08-20 08:13:26 9815040 ----a-w- c:\program files\openofficeorg31.msi
2002-03-11 09:06:30 1822520 ----a-w- c:\program files\instmsiw.exe
2002-03-11 08:45:04 1708856 ----a-w- c:\program files\instmsia.exe
.
============= FINISH: 23:49:37.32 ===============

Security Check log:


Results of screen317's Security Check version 0.99.56
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Kaspersky Anti-Virus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java™ 6 Update 26
Java 7 Update 7
Java version out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader 10.1.4 Adobe Reader out of Date!
Mozilla Firefox 11.0 Firefox out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
Google Chrome 23.0.1271.91
Google Chrome 23.0.1271.95
Google Chrome 23.0.1271.97
````````Process Check: objlist.exe by Laurent````````
Kaspersky Lab Kaspersky Anti-Virus 2012 klwtblfs.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````


Many thanks for your help!

#2 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 13,569 posts

Posted 31 December 2012 - 09:38 AM

Hi brabirschorr, and welcome back.

I suggest printing out each set of instructions and reading the entire post before proceeding. It will make following them easier. Please follow the directions in the order listed, and please don't install any programs other than those I request until the system is cleaned.

I have a few questions for you. You mention ComboFix, is that something that you or your daughter tried to run on your own? It's not designed to be run by a user except under the guidance of a trained Helper. It's a powerful tool that in untrained hands can result in an unbootable system. If she did try to run it, please also post the log that it would have created at C:\combofix.txt.

It appears that you are running two different antivirus programs, Kaspersky Antivirus and Avast!. It is never recommended to run more than one antivirus program resident, as they can conflict with each other, and you actually end up with less protection, not more. You should decide which you want to keep, and completely uninstall the other. Kaspersky Antivirus was the 2012 version. Do you have a still valid key for that? If you do, all you have to do to update it to the current version is to uninstall it (be very sure you leave all the optional uninstalls such as settings and license/key intact), and reinstall the current version, and it will keep your current license until it expires. You can download the current version from here - http://www.kaspersky...latest-versions.

If your license to Kaspersky is expired, which may be the case and I see it is not currently enabled, then you would be best to uninstall it and keep Avast! as that is updated.

Please let me know which you chose to do.

I also have a question on these entries:

TCP: Interfaces\{B628C769-CFE3-4DE8-8D6B-7E6EF68CCF9D} : DHCPNameServer = 158.65.8.11 158.65.3.66
TCP: Interfaces\{E6816D0A-6EE1-4CDD-9809-2F863C71F035} : DHCPNameServer = 192.168.2.1


That address resolves to Keene State College in NH. Is that a legitimate entry?

Next, your Malwarebytes' Anti-Malware is outdated. Please start the program, click the update tab, and when it offers to install the current version go ahead and do that and then run a new scan and post the log in your next reply.

This will require access to an uninfected, properly working system.
The Kaspersky Rescue Disk is a bootable CD based version of Kaspersky Antivirus.
The download is in ISO format.
If you are not sure how to burn an image, please read How to write a CD/DVD image or ISO. If you need a FREE utility to burn the ISO image, download and use ImgBurn.

Download the Kaspersky Rescue Disk:
http://support.kaspe...edisk#downloads
  • You can find these instructions with graphics at:
    http://support.kaspersky.com/8093
  • Burn the Kaspersky Rescue Disk ISO image to CD.
  • Insert the Kaspersky Rescue Disk CD into your CD/DVD drive and boot the computer (you may need to change the boot sequence in your system's BIOS to boot from the CD/DVD drive).
  • Once the program starts, you will be prompted to press any key to enter the menu.
  • Select your language.
  • Press "1" to accept the End User License Agreement
  • Select Kaspersky Rescue Disk. Graphic Mode
  • If you have more than one bootable drive, you may be asked to select your operating system, then click OK.
  • In the "Scan your computer" menu that opens, click the "My Update Center" tab.
  • Click "Start Update" (it may take a while to complete updating the database).
  • When the update is finished, click the "Objects Scan" tab.
  • Select all the hard drives available (Disk boot sectors and Hidden startup objects will already be selected by default).
  • Click the "Start Objects Scan" button
  • When finished (you may need to let it run overnight), click "Report" at the top of the window.
  • Click the "Detailed report" button.
  • Click the "Save" button, and in the "Save As" window select a drive to save the report to, enter KRD.txt as the file name, and click "Save".
  • Close the Detailed Report window, click "Close" again, select Exit, and click "Yes" to confirm.
  • Click the "K" in the far left of the toolbar at the bottom of the screen and click "Restart" and "Yes" to confirm to reboot your system.
  • Please post the contents of KRD.txt in your next reply.
Please post the new log from your updated MBAM, the log from Kaspersky Rescue Disk, and answer the questions from above:
Was ComboFix previously run? If so, when, and post the log in a separate reply as it's long.
Is the DHCPNameServer entry above legitimate?
What did you chose to do with your two antivirus programs.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#3 brabirschorr

brabirschorr

    Member

  • Full Member
  • Pip
  • 70 posts

Posted 01 January 2013 - 08:50 PM

Dear Joker:

Thanks for your prompt response. My daughter did not run ComboFix recently, at least not intentionally. There is a ComboFix log dated 8/22/11 on the machine that I’ve posted below. We had another issue with this laptop that we addressed through this forum so it’s possible we were instructed to run it then and that’s why the log is still on the computer (I don’t remember the date but a year and a half ago sounds about right). I don’t see the actual program on the machine.

She did not install Kaspersky intentionally and thinks it may have been bundled with a browser (Firefox?) she installed some time ago. I have now uninstalled it.

She is a student at Keene State College so I’m guessing the entries you reference are legit.

We are currently running the updated MBAM scan and will post that in our next message. Now that Kaspersky has been removed, do you still want me to download and run the Kaspersky Rescue Disk?

Thanks

ComboFix log (dated 8/22/11):


ComboFix 11-08-22.04 - Ashley 08/22/2011 18:12:39.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1790.986 [GMT -4:00]
Running from: c:\users\Ashley\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Anti-Virus *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ashley\AppData\Local\{E2A56351-7333-47AD-9112-712C11217AB8}
c:\users\Ashley\AppData\Local\{E2A56351-7333-47AD-9112-712C11217AB8}\chrome.manifest
c:\users\Ashley\AppData\Local\{E2A56351-7333-47AD-9112-712C11217AB8}\chrome\content\_cfg.js
c:\users\Ashley\AppData\Local\{E2A56351-7333-47AD-9112-712C11217AB8}\chrome\content\overlay.xul
c:\users\Ashley\AppData\Local\{E2A56351-7333-47AD-9112-712C11217AB8}\install.rdf
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-07-22 to 2011-08-22 )))))))))))))))))))))))))))))))
.
.
2011-08-21 02:22 . 2011-08-21 02:22 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2011-08-21 02:22 . 2011-08-21 02:22 115369 ----a-w- c:\windows\system32\drivers\klin.dat
2011-08-21 02:20 . 2011-08-22 21:59 -------- d-----w- c:\programdata\Kaspersky Lab
2011-08-21 02:20 . 2011-08-21 02:20 -------- d-----w- c:\program files\Kaspersky Lab
2011-08-20 18:52 . 2011-08-20 18:52 388096 ----a-r- c:\users\Ashley\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-20 18:52 . 2011-08-20 18:52 -------- d-----w- c:\program files\Trend Micro
2011-08-20 15:56 . 2011-08-20 15:56 -------- d-----w- c:\users\Dad\AppData\Roaming\HP
2011-08-20 03:36 . 2011-08-16 12:48 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{30EB9B93-E4CA-4280-9AB3-F688927E0FDC}\mpengine.dll
2011-08-18 19:54 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-18 19:54 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-18 19:54 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-08-18 19:52 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-18 19:52 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-18 19:52 . 2011-06-17 20:13 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-20 16:51 . 2011-06-03 23:19 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-24 23:14 . 2009-10-04 00:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2009-08-20 08:13 . 2009-08-20 08:13 9815040 ----a-w- c:\program files\openofficeorg31.msi
2002-03-11 09:06 . 2002-03-11 09:06 1822520 ----a-w- c:\program files\instmsiw.exe
2002-03-11 08:45 . 2002-03-11 08:45 1708856 ----a-w- c:\program files\instmsia.exe
2009-09-13 03:05 . 2009-09-13 03:05 124240 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2009-09-13 03:06 . 2009-09-13 03:06 13136 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2009-09-13 03:06 . 2009-09-13 03:06 70488 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2009-09-13 03:06 . 2009-09-13 03:06 91480 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2009-09-13 03:06 . 2009-09-13 03:06 22360 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2009-09-13 03:07 . 2009-09-13 03:07 255312 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2009-09-13 03:06 . 2009-09-13 03:06 31064 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2009-09-13 03:06 . 2009-09-13 03:06 40280 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2009-08-14 17:33 . 2009-08-14 17:33 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2009-09-13 03:06 . 2009-09-13 03:06 23896 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SafeConnect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SafeConnect.lnk
backup=c:\windows\pss\SafeConnect.lnk.Commonstartup
backupExtension=.Commonstartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 09:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]
2009-09-13 03:09 103768 ----a-w- c:\program files\Citrix\ICA Client\concentr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-06-09 17:16 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-03-30 21:50 2937528 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-08-01 23:14 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
2008-06-14 01:11 210216 ------w- c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
2008-06-14 01:11 210216 ------w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDIRShortCut]
2008-06-14 01:11 210216 ------w- c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
2008-10-07 03:42 210216 ------w- c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 dump_wmimmc;dump_wmimmc;c:\program files\Gpotato\Flyff\GameGuard\dump_wmimmc.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-06-02 3623304]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 65584]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 23856]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 19984]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-09 43040]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-18 c:\windows\Tasks\HPCeeScheduleForAshley.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-25 18:34]
.
2011-08-22 c:\windows\Tasks\User_Feed_Synchronization-{2C768013-B72B-45DA-B1A8-AB30CC5514D2}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\9anuc329.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru
FF - Ext: Kaspersky Virtual Keyboard: virtualKeyboard@kaspersky.ru - c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: New Tab Homepage: {66E978CD-981F-47DF-AC42-E3CF417C1467} - %profile%\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Ashley\AppData\Roaming\Move Networks
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-EPSON NX110 Series - c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIFBA.EXE
MSConfigStartUp-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
MSConfigStartUp-McAfeeUpdaterUI - c:\program files\McAfee\Common Framework\UdaterUI.exe
MSConfigStartUp-mpnonet - c:\users\Ashley\AppData\Local\Temp\icacings.dll
MSConfigStartUp-ShStatEXE - c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-22 18:26
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Completion time: 2011-08-22 18:32:56 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-22 22:32
.
Pre-Run: 141,251,424,256 bytes free
Post-Run: 141,696,413,696 bytes free
.
- - End Of File - - 69A57C85AA1CFB99F84CD8658C4674CC

#4 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 13,569 posts

Posted 01 January 2013 - 09:24 PM

There is a ComboFix log dated 8/22/11 on the machine that Iíve posted below. We had another issue with this laptop that we addressed through this forum so itís possible we were instructed to run it then and thatís why the log is still on the computer


It's good that it wasn't run without being under supervision and is simply a leftover that wasn't deleted. It looks like when that log was created, Kaspersky Antivirus was the installed antivirus at that time and Avast! hadn't been installed yet.

She is a student at Keene State College so Iím guessing the entries you reference are legit.

Excellent.

Now that Kaspersky has been removed, do you still want me to download and run the Kaspersky Rescue Disk?


Yes, Kaspersky Rescue Disk doesn't actually install onto the computer, the system boots from the CD/DVD, updates its signatures, and then scans the system, but it doesn't install software onto the computer. Depending on the size of the hard disk, it may take several hours to complete the scan. No antivirus program detects everything, and it may find something that your installed version of Avast! didn't find.

Once you post the new MBAM log and the log from Kaspersky Rescue Disk, we will proceed from there.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#5 brabirschorr

brabirschorr

    Member

  • Full Member
  • Pip
  • 70 posts

Posted 03 January 2013 - 04:18 AM

Hi Joker:

Ran Kaspersky Rescue Disk scan. Ran for about 7 hours and I got report. When I tried to save, there were limited options to select disk to save to. I tried to save to Computer and to Root. I saw that it saved but when I exited KRD I couldn't find KRD.txt anywhere on the computer. Did I do something wrong?

Thanks

#6 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 13,569 posts

Posted 03 January 2013 - 07:26 AM

Not sure why it didn't seem to save. Do you recall what the report said, did it find and remove anything? If so, do you recall what it said was removed?

Do you have the new MBAM log after updating the program and database?

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#7 brabirschorr

brabirschorr

    Member

  • Full Member
  • Pip
  • 70 posts

Posted 03 January 2013 - 06:26 PM

The KRD scan picked up a number of items - I'm going to say 11 or 12 but I didn't record them because I was able to save within the program and I thought I'd be able to get it off the laptop once I exited KRD. I'll try again tonight.

In the meantime, here is the MBAM log after update:


Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.01.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19393
Ashley :: ALEC [administrator]

1/1/2013 8:52:57 PM
mbam-log-2013-01-01 (20-52-57).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 542641
Time elapsed: 4 hour(s), 42 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#8 brabirschorr

brabirschorr

    Member

  • Full Member
  • Pip
  • 70 posts

Posted 03 January 2013 - 07:10 PM

OK - was finally able to retrieve the KRD.txt file I saved last night and save it to a location I could access. Log is below. See previous post for updated MBAM log. Thanks.

KRD.txt:


Objects Scan: malfunction (events: 1, objects: 1, time: Unknown)
1/2/13 6:28 PM Task started
Objects Scan: malfunction (events: 1, objects: 1, time: Unknown)
1/2/13 7:04 PM Task started
Objects Scan: completed 15708 days ago (events: 15, objects: 2462023, time: 05:55:45)
1/3/13 1:44 AM Task completed
1/3/13 12:53 AM Processing error /mnt/MountedDevices/PD-2D900954-0000000000007E00/Users/Ashley/Documents/Downloads/PWI_v166_Vista.part1.exe Read error
1/2/13 11:53 PM Processing error sda1/Users/Ashley/Documents/Downloads/PWI_v166_Vista.part1.exe Read error
1/2/13 10:35 PM Processing error sda1/Program Files/InstallShield Installation Information/{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}/1.42.130/data1.cab Read error
1/2/13 10:35 PM Processing error sda1/Program Files/InstallShield Installation Information/{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}/1.42.130/data2.cab Read error
1/2/13 10:35 PM Processing error sda1/Program Files/InstallShield Installation Information/{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}/1.42.130/data1.hdr Read error
1/2/13 10:32 PM Processing error sda1/Program Files/InstallShield Installation Information/{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}/ISSetup.dll/PE_Patch.PECompact/PecBundle Read error
1/2/13 10:32 PM Processing error sda1/Program Files/InstallShield Installation Information/{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}/data1.hdr/isrt.dll/PE_Patch.PECompact/PecBundle Read error
1/2/13 10:32 PM Processing error sda1/Program Files/InstallShield Installation Information/{DC24971E-1946-445D-8A82-CE685433FA7D}/ISSetup.dll Read error
1/2/13 10:32 PM Processing error sda1/Program Files/InstallShield Installation Information/{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}/1.42.130/data2.cab/DeltaBuild0.package Read error
1/2/13 10:32 PM Processing error sda1/Program Files/InstallShield Installation Information/{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}/1.42.130/data1.cab/DeltaBuild0.package Read error
1/2/13 10:32 PM Processing error sda1/Program Files/InstallShield Installation Information/{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}/1.42.130/data1.hdr/DeltaBuild0.package Read error
1/2/13 9:41 PM Processing error /mnt/MountedDevices/PD-2D900954-0000000000007E00/Users/Ashley/Documents/Downloads/PWI_v166_Vista.part1.exe Read error
1/2/13 8:48 PM Processing error /mnt/MountedDevices/PD-2D900954-0000000000007E00/Users/Ashley/Documents/Downloads/PWI_v166_Vista.part1.exe Read error
1/2/13 7:48 PM Task started

#9 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 13,569 posts

Posted 03 January 2013 - 09:48 PM

I don't see any obvious malware.

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

Your version of Adobe Reader is out of date and vulnerable.
Go to Start > Control Panel > Programs and Features, and uninstall your current Adobe Reader X
Download the current version from http://get.adobe.com/reader/ (be sure to uncheck the box for the optional toolbar or you will have a potentially unwanted toolbar installed)), save it to your Desktop or another convenient location, and double-click the file to install it.

Your Java is outdated and vulnerable.
Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 7.
  • In the box labeled "Java Platform, Standard Edition", click the "Download JRE" button to the right.
  • In the Window that opens, click the "Accept License Agreement" button
  • Download the file for Windows x86 Offline (jre-7u9-windows-i586.exe) and save to your Desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add or Remove Programs and remove all older versions of Java.
    • Javaô 6 Update 26
    • Java 7 Update 7
    • Any other version listed
  • Then from your Desktop double-click on the new version you downloaded and install it.

Your version of Mozilla Firefox is also outdated and should be updated. In Firefox, go to Help > About Firefox, and click the Check for Updates button to start the update process.

Please post the log from AdwCleaner and note any errors encountered.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#10 brabirschorr

brabirschorr

    Member

  • Full Member
  • Pip
  • 70 posts

Posted 04 January 2013 - 06:55 AM

I've updated Adobe Reader, Java and Firefox.

I have a question about the KRD report I posted. Does the format of the report look like what you expected? The reason I ask is because there are numerous references to malfunctions and errors and it made me wonder if the scan ran properly. I forgot to mention that within "My Update Center", the "Start Update" didn't seem to work. I tried it multiple times and gave it plenty of time to work but it kept telling me it was out of date (only seemed to be a couple days based on the date it gave me). Anyway, let me know if you have concerns about the KRD scan.

Here is the AdwCleaner log: Thanks again!


# AdwCleaner v2.104 - Logfile created 01/04/2013 at 05:50:10
# Updated 29/12/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Ashley - ALEC
# Boot Mode : Normal
# Running from : C:\Users\Ashley\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Folder Found : C:\Program Files\Common Files\Software Update Utility
Folder Found : C:\ProgramData\Viewpoint

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : HKLM\SOFTWARE\Classes\dnUpdate
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager
Key Found : HKLM\Software\Viewpoint
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19393

[OK] Registry is clean.

-\\ Mozilla Firefox v11.0 (en-US)

File : C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\9anuc329.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.1.1532.0

File : C:\Users\Ashley\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3291 octets] - [04/01/2013 05:50:10]

########## EOF - C:\AdwCleaner[R1].txt - [3351 octets] ##########

#11 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 13,569 posts

Posted 04 January 2013 - 11:32 PM

I have a question about the KRD report I posted. Does the format of the report look like what you expected? The reason I ask is because there are numerous references to malfunctions and errors and it made me wonder if the scan ran properly.


I think it did. There were 13 read errors, but 4 of those look like partial archive files of Perfect World. The scanner couldn't open the archive either because it didn't understand the compression program that compressed the archive and broke it into parts, or all the parts weren't there so it couldn't be opened. Think of it as a multi-part zip file with one part missing. Without the full archive, it can't be opened successfully. Another reason a file sometimes can't be opened for scanning is because it's password protected. I'm not sure why some of those files couldn't be scanned, but I don't think it's a problem.

I forgot to mention that within "My Update Center", the "Start Update" didn't seem to work. I tried it multiple times and gave it plenty of time to work but it kept telling me it was out of date (only seemed to be a couple days based on the date it gave me).


There may have been a problem fully downloading the signature update, but that wouldn't be a malware related problem as you booted your system from the Rescue Disk, so there was no potential for any malware to have been loaded and active.

Let's try another scanner.

Please scan your system with ESET Online Scanner
  • Click the "Run ESET Online Scanner" button.
    • For browsers other then Internet Explorer such as Firefox, Chrome, or Opera (Microsoft Internet Explorer users can skip this step) another page will open to download the ESET Smart Installer
    • Click on esetsmartinstaller_enu.exe
    • Save it to your desktop, and double-click to run it.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Please post the log from ESET Online Scanner you saved to the Desktop, and note any errors encountered.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#12 brabirschorr

brabirschorr

    Member

  • Full Member
  • Pip
  • 70 posts

Posted 05 January 2013 - 03:09 PM

Hi Joker:

 

Completed ESET scan.  No threats detected.  

 

Should I have disabled Avast before scan?  I did not.

 

Thanks



#13 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 13,569 posts

Posted 05 January 2013 - 03:36 PM

No, that was fine. It's good that ESET didn't find anything. AdwCleaner will though, as I see one item in the DDS log you posted that I believe it detects.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#14 brabirschorr

brabirschorr

    Member

  • Full Member
  • Pip
  • 70 posts

Posted 06 January 2013 - 07:39 AM

AdwCleaner will though, as I see one item in the DDS log you posted that I believe it detects.

Joker - I'm not sure what you mean or whether there is anything else I should be doing at this time.  Thanks



#15 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 13,569 posts

Posted 06 January 2013 - 10:19 AM

Sorry, I overlooked the AdwCleaner log you posted.

Now please have AdwCleaner remove everything it found.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

How much RAM does the system have?

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#16 brabirschorr

brabirschorr

    Member

  • Full Member
  • Pip
  • 70 posts

Posted 06 January 2013 - 07:38 PM

The system has 2 GB RAM.  

 

AdwCleaner[S1].txt:

 

 

# AdwCleaner v2.104 - Logfile created 01/06/2013 at 19:27:37
# Updated 29/12/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Ashley - ALEC
# Boot Mode : Normal
# Running from : C:\Users\Ashley\Desktop\adwcleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Folder Deleted : C:\Program Files\Common Files\Software Update Utility
Folder Deleted : C:\ProgramData\Viewpoint
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager
Key Deleted : HKLM\Software\Viewpoint
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v8.0.6001.19393
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v17.0.1 (en-US)
 
File : C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\9anuc329.default\prefs.js
 
C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\9anuc329.default\user.js ... Deleted !
 
[OK] File is clean.
 
-\\ Google Chrome v23.0.1271.97
 
File : C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
-\\ Opera v12.1.1532.0
 
File : C:\Users\Ashley\AppData\Roaming\Opera\Opera\operaprefs.ini
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [3420 octets] - [04/01/2013 05:50:10]
AdwCleaner[S1].txt - [3512 octets] - [06/01/2013 19:27:37]
 
########## EOF - C:\AdwCleaner[S1].txt - [3572 octets] ##########
 


#17 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 13,569 posts

Posted 06 January 2013 - 08:53 PM

The system has 2 GB RAM.
 
You may see an improvement if you added an additional 1 GB of RAM, but depending on your laptop's configuration, if you had to replace your current RAM to do that (for example, if you had no empty RAM slots available) the potential gain would need to be weighed against the added cost of totally replacing your RAM. It would be a simpler decision if you had the slots and could simply add more RAM, but even then you would need to check your manual to see what your memory requirements were. Memory is cheap these days, but it gets more expensive if your memory slots are all full and the only way to add more is to replace them.

Another possibility is to see what unneccessary programs you have running at startup and see if the system improves with them disabled. Malwarebytes makes a great utility for this, StartUpLite, available here:
http://www.malwareby...ts/startuplite/
 

Now we need to do some cleanup.

Go to start > run and copy and paste the next command in the field:
ComboFix /uninstall

Make sure there's a space between ComboFix and /
Then hit enter.

This will uninstall ComboFix, implement some cleanup procedures, and reset System Restore points.

If you don't see the Run option, you can access Run by holding down the Windows key on the keyboard and pressing R. To enable the Run option if you want it to appear permanently in the Start menu, right-click on Start (the Windows Orb), select Properties, click the Customize button, place a checkmark in the box for Run command, and click OK

You can now delete the copies of the following programs you downloaded, and any of their logs:
DDS
Security Check
AdwCleaner
Kaspersky Rescue Disk

I recommend you keep Malwarebytes Anti-Malware and periodically update it and scan your system.

To help keep malware off your system:
  • Keep your other applications updated, there are vulnerabilities that rely on exploits through other programs like Java, Microsoft Office, Adobe Reader, Flash, and others.
  • Run a program like Secunia Online Software Inspector or FileHippo Update Checker to see what programs need to be updated.
  • Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety.
  • Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware.
  • Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety.
  • Don't click on links received in instant message programs.
  • In place of Internet Explorer, browse with Firefox with the NoScript and AdBlock Plus add-ons.
  • A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available at http://www.mvps.org/...p2002/hosts.htm
  • A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster. For real-time protection, there is SpywareGuard. Both are available at http://www.javacools...m/products.html
  • I recommend reading Tony Klein's article So How did I get Infected in the First Place? at http://www.spywarein...showtopic=60955
Does your problem appear resolved?

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#18 brabirschorr

brabirschorr

    Member

  • Full Member
  • Pip
  • 70 posts

Posted 09 January 2013 - 08:14 PM

I will do the things you suggest and have her read the recommended material.  Will let you know how we make out.  Thanks very much for all of your time, effort, and expertise.  It's much appreciated!!  Thanks as well to the rest of your group that keeps this forum going - it's been a tremendous help to us on more than one occasion.

Best,

Brabirschorr

WebRep
 
Overall rating
 
 
This site has no rating
(not enough votes)
 
 
 
 
 
 
 
 
 
 
 


#19 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 13,569 posts

Posted 11 January 2013 - 02:54 PM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button