• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.   EDIT: I have asked our hosting service to do the restore at 9 PM Central time and it looks like it will go forward at that time.  Please prepare whatever you need to prepare so that we can restore your topics when the forum is stable again.
Sign in to follow this  
Followers 0
brabirschorr

Compaq laptop very sluggish

19 posts in this topic

Hi – thanks in advance for your help. I have read the posting instructions and FAQs, and run the requested logs (posted below). Here is a brief description of the problem:

My daughter has a three year old Compaq Presario CQ60-210US laptop running Vista. Computer is sluggish. Sometimes it takes a very long time to start up, and then it's slow to launch programs. She ran the Malwarebytes program and detected/cleaned one trojan. The next day, she restarted computer after she closed out of a game because the computer was freezing up. She got an update for Adobe, and when the "allow?" prompt came up, the computer started freaking out, flashing between a "run" box and a dialogue box saying that some program she didn't recognize but that Google said is a spyware remover (ComboFix) had failed or couldn't launch. When she got that to close (it came back at least once, maybe twice, so she had to go through the closing process a couple of times, which was tricky with it freaking out and flashing back and forth), she tried to open Chrome so that she could look up the program, and ended up having to look it up on her iPod), and it wouldn't launch and gave her a failed to launch dialogue box (actually there were a few boxes, but she couldn't close any of them, so she could only see the one on top) which she took a picture of on her iPod. She was unable to close any of those boxes (and every so often another Chrome fail dialogue box would pop up, so she clicked it more than once), and had to do a hard shutdown. Today, the computer was slow at start up and sometimes when launching programs, but not as bad as what she had been experiencing the other day.

 

Malwarebytes scan:

 

 

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

 

Database version: v2012.12.27.03

 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 8.0.6001.19393

Ashley :: ALEC [administrator]

 

12/28/2012 6:36:03 PM

mbam-log-2012-12-28 (18-36-03).txt

 

Scan type: Full scan (C:\|D:\|E:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 548153

Time elapsed: 5 hour(s), 4 minute(s), 14 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

DDS log:

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.19393 BrowserJavaVersion: 10.7.2

Run by Ashley at 23:47:25 on 2012-12-28

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1790.771 [GMT -5:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Kaspersky Anti-Virus *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}

SP: Kaspersky Anti-Virus *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\SMINST\BLService.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Program Files\SafeConnect\scManager.sys

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\mobsync.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\SafeConnect\scClient.exe

C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Users\Ashley\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Ashley\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Ashley\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Ashley\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Ashley\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Ashley\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Ashley\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Ashley\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Ashley\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtblfs.exe

C:\Users\Ashley\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Ashley\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Ashley\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Ashley\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Ashley\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Ashley\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Ashley\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Ashley\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxps://www.google.com/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\ievkbd.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\klwtbbho.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [Google Update] "c:\users\ashley\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [Facebook Update] "c:\users\ashley\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver

uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent

uRun: [GameXN GO] "c:\programdata\gamexn\GameXNGO.exe" /startup

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"

mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe

mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\safeco~1.lnk - c:\program files\safeconnect\scClient.exe

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000

IE: Free YouTube to MP3 Converter - c:\users\ashley\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm

IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\ievkbd.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\klwtbbho.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://avatar.mabinogi.com:88/renderer/mabiweb.2009.4.9.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: NameServer = 192.168.2.1

TCP: Interfaces\{B628C769-CFE3-4DE8-8D6B-7E6EF68CCF9D} : DHCPNameServer = 158.65.8.11 158.65.3.66

TCP: Interfaces\{E6816D0A-6EE1-4CDD-9809-2F863C71F035} : DHCPNameServer = 192.168.2.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Notify: klogon - c:\windows\system32\klogon.dll

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\ashley\appdata\roaming\mozilla\firefox\profiles\9anuc329.default\

FF - component: c:\program files\kaspersky lab\kaspersky anti-virus 2012\ffext\linkfilter@kaspersky.ru\components\ff6\kavlinkfilter6.dll

FF - component: c:\program files\kaspersky lab\kaspersky anti-virus 2012\ffext\linkfilter@kaspersky.ru\components\kavlinkfilter.dll

FF - component: c:\program files\kaspersky lab\kaspersky anti-virus 2012\ffext\virtualkeyboard@kaspersky.ru\components\ff6\ffvkplugin6.dll

FF - component: c:\program files\kaspersky lab\kaspersky anti-virus 2012\ffext\virtualkeyboard@kaspersky.ru\components\ffvkplugin.dll

FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll

FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll

FF - plugin: c:\users\ashley\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll

FF - plugin: c:\users\ashley\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: c:\users\ashley\appdata\roaming\facebook\npfbplugin_1_0_0.dll

FF - plugin: c:\users\ashley\appdata\roaming\move networks\plugins\npqmp071503000010.dll

FF - plugin: c:\users\ashley\appdata\roaming\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\users\ashley\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll

FF - plugin: c:\windows\system32\npDeployJava1.dll

FF - plugin: c:\windows\system32\npmproxy.dll

FF - ExtSQL: !HIDDEN! 2009-07-14 16:05; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - ExtSQL: !HIDDEN! 2011-01-26 09:35; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-8-25 738504]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-8-25 361032]

R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]

R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2011-3-10 23856]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-8-25 21256]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-8-25 58680]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19984]

.

=============== Created Last 30 ================

.

2012-12-28 06:57:30 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ff6a6e47-a537-47c3-bc08-00e9f02c50e4}\mpengine.dll

2012-12-27 06:57:35 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-27 06:57:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-12-21 21:51:56 293376 ----a-w- c:\windows\system32\atmfd.dll

2012-12-21 21:51:55 34304 ----a-w- c:\windows\system32\atmlib.dll

2012-12-18 22:09:37 -------- d-----w- c:\program files\iPod

2012-12-18 22:09:33 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1

2012-12-18 22:09:33 -------- d-----w- c:\program files\iTunes

2012-12-14 08:07:57 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-12-14 08:07:42 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-12-14 08:07:42 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-12-14 08:07:41 16896 ----a-w- c:\windows\system32\winusb.dll

2012-12-14 08:07:39 73216 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-12-14 08:07:38 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-12-14 08:07:37 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-12-14 08:07:36 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-12-14 08:07:27 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-12-14 08:07:25 196608 ----a-w- c:\windows\system32\WUDFHost.exe

2012-12-14 08:07:24 613888 ----a-w- c:\windows\system32\WUDFx.dll

2012-12-13 09:08:59 71680 ----a-w- c:\windows\system32\iesetup.dll

2012-12-13 09:08:59 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-12-13 09:08:59 197632 ----a-w- c:\program files\internet explorer\IEShims.dll

2012-12-13 09:08:59 109056 ----a-w- c:\windows\system32\iesysprep.dll

2012-12-13 09:08:57 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2012-12-13 09:08:39 2048 ----a-w- c:\windows\system32\tzres.dll

2012-12-10 21:44:45 -------- d-----w- c:\program files\SystemRequirementsLab

.

==================== Find3M ====================

.

2012-12-05 16:05:12 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-12-05 16:05:11 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-11-13 01:36:35 2048000 ----a-w- c:\windows\system32\win32k.sys

2012-11-09 10:42:46 916992 ----a-w- c:\windows\system32\wininet.dll

2012-11-09 10:36:43 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-11-09 09:01:43 385024 ----a-w- c:\windows\system32\html.iec

2012-11-09 07:13:56 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2012-11-02 10:18:17 376320 ----a-w- c:\windows\system32\dpnet.dll

2012-11-02 08:26:06 23040 ----a-w- c:\windows\system32\dpnsvr.exe

2012-10-30 23:51:58 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-10-30 23:51:57 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-10-30 23:51:07 41224 ----a-w- c:\windows\avastSS.scr

2012-10-25 08:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-10-25 08:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts

2012-10-04 09:07:43 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-10-04 09:07:18 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-10-04 09:07:18 746984 ----a-w- c:\windows\system32\deployJava1.dll

2009-08-20 08:13:26 9815040 ----a-w- c:\program files\openofficeorg31.msi

2002-03-11 09:06:30 1822520 ----a-w- c:\program files\instmsiw.exe

2002-03-11 08:45:04 1708856 ----a-w- c:\program files\instmsia.exe

.

============= FINISH: 23:49:37.32 ===============

 

Security Check log:

 

 

Results of screen317's Security Check version 0.99.56

Windows Vista Service Pack 2 x86 (UAC is enabled)

Internet Explorer 8 Out of date!

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

avast! Antivirus

Kaspersky Anti-Virus

Antivirus up to date! (On Access scanning disabled!)

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.65.1.1000

Java 6 Update 26

Java 7 Update 7

Java version out of Date!

Adobe Flash Player 11.4.402.287

Adobe Reader 10.1.4 Adobe Reader out of Date!

Mozilla Firefox 11.0 Firefox out of Date!

Google Chrome 21.0.1180.83

Google Chrome 21.0.1180.89

Google Chrome 22.0.1229.79

Google Chrome 22.0.1229.92

Google Chrome 22.0.1229.94

Google Chrome 23.0.1271.64

Google Chrome 23.0.1271.91

Google Chrome 23.0.1271.95

Google Chrome 23.0.1271.97

````````Process Check: objlist.exe by Laurent````````

Kaspersky Lab Kaspersky Anti-Virus 2012 klwtblfs.exe

AVAST Software Avast AvastSvc.exe

AVAST Software Avast AvastUI.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0 %

````````````````````End of Log``````````````````````

 

 

Many thanks for your help!

Share this post


Link to post
Share on other sites

Hi brabirschorr, and welcome back.

 

I suggest printing out each set of instructions and reading the entire post before proceeding. It will make following them easier. Please follow the directions in the order listed, and please don't install any programs other than those I request until the system is cleaned.

 

I have a few questions for you. You mention ComboFix, is that something that you or your daughter tried to run on your own? It's not designed to be run by a user except under the guidance of a trained Helper. It's a powerful tool that in untrained hands can result in an unbootable system. If she did try to run it, please also post the log that it would have created at C:\combofix.txt.

 

It appears that you are running two different antivirus programs, Kaspersky Antivirus and Avast!. It is never recommended to run more than one antivirus program resident, as they can conflict with each other, and you actually end up with less protection, not more. You should decide which you want to keep, and completely uninstall the other. Kaspersky Antivirus was the 2012 version. Do you have a still valid key for that? If you do, all you have to do to update it to the current version is to uninstall it (be very sure you leave all the optional uninstalls such as settings and license/key intact), and reinstall the current version, and it will keep your current license until it expires. You can download the current version from here - http://www.kaspersky.com/anti-virus-latest-versions.

 

If your license to Kaspersky is expired, which may be the case and I see it is not currently enabled, then you would be best to uninstall it and keep Avast! as that is updated.

 

Please let me know which you chose to do.

 

I also have a question on these entries:

TCP: Interfaces\{B628C769-CFE3-4DE8-8D6B-7E6EF68CCF9D} : DHCPNameServer = 158.65.8.11 158.65.3.66

TCP: Interfaces\{E6816D0A-6EE1-4CDD-9809-2F863C71F035} : DHCPNameServer = 192.168.2.1

 

That address resolves to Keene State College in NH. Is that a legitimate entry?

 

Next, your Malwarebytes' Anti-Malware is outdated. Please start the program, click the update tab, and when it offers to install the current version go ahead and do that and then run a new scan and post the log in your next reply.

 

This will require access to an uninfected, properly working system.

The Kaspersky Rescue Disk is a bootable CD based version of Kaspersky Antivirus.

The download is in ISO format.

If you are not sure how to burn an image, please read How to write a CD/DVD image or ISO. If you need a FREE utility to burn the ISO image, download and use ImgBurn.

 

Download the Kaspersky Rescue Disk:

http://support.kaspe...edisk#downloads

  • You can find these instructions with graphics at:
    http://support.kaspersky.com/8093
  • Burn the Kaspersky Rescue Disk ISO image to CD.
  • Insert the Kaspersky Rescue Disk CD into your CD/DVD drive and boot the computer (you may need to change the boot sequence in your system's BIOS to boot from the CD/DVD drive).
  • Once the program starts, you will be prompted to press any key to enter the menu.
  • Select your language.
  • Press "1" to accept the End User License Agreement
  • Select Kaspersky Rescue Disk. Graphic Mode
  • If you have more than one bootable drive, you may be asked to select your operating system, then click OK.
  • In the "Scan your computer" menu that opens, click the "My Update Center" tab.
  • Click "Start Update" (it may take a while to complete updating the database).
  • When the update is finished, click the "Objects Scan" tab.
  • Select all the hard drives available (Disk boot sectors and Hidden startup objects will already be selected by default).
  • Click the "Start Objects Scan" button
  • When finished (you may need to let it run overnight), click "Report" at the top of the window.
  • Click the "Detailed report" button.
  • Click the "Save" button, and in the "Save As" window select a drive to save the report to, enter KRD.txt as the file name, and click "Save".
  • Close the Detailed Report window, click "Close" again, select Exit, and click "Yes" to confirm.
  • Click the "K" in the far left of the toolbar at the bottom of the screen and click "Restart" and "Yes" to confirm to reboot your system.
  • Please post the contents of KRD.txt in your next reply.

Please post the new log from your updated MBAM, the log from Kaspersky Rescue Disk, and answer the questions from above:

Was ComboFix previously run? If so, when, and post the log in a separate reply as it's long.

Is the DHCPNameServer entry above legitimate?

What did you chose to do with your two antivirus programs.

Share this post


Link to post
Share on other sites

Dear Joker:

 

Thanks for your prompt response. My daughter did not run ComboFix recently, at least not intentionally. There is a ComboFix log dated 8/22/11 on the machine that I’ve posted below. We had another issue with this laptop that we addressed through this forum so it’s possible we were instructed to run it then and that’s why the log is still on the computer (I don’t remember the date but a year and a half ago sounds about right). I don’t see the actual program on the machine.

 

She did not install Kaspersky intentionally and thinks it may have been bundled with a browser (Firefox?) she installed some time ago. I have now uninstalled it.

 

She is a student at Keene State College so I’m guessing the entries you reference are legit.

 

We are currently running the updated MBAM scan and will post that in our next message. Now that Kaspersky has been removed, do you still want me to download and run the Kaspersky Rescue Disk?

 

Thanks

 

ComboFix log (dated 8/22/11):

 

 

ComboFix 11-08-22.04 - Ashley 08/22/2011 18:12:39.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1790.986 [GMT -4:00]

Running from: c:\users\Ashley\Desktop\ComboFix.exe

AV: Kaspersky Anti-Virus *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}

SP: Kaspersky Anti-Virus *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Ashley\AppData\Local\{E2A56351-7333-47AD-9112-712C11217AB8}

c:\users\Ashley\AppData\Local\{E2A56351-7333-47AD-9112-712C11217AB8}\chrome.manifest

c:\users\Ashley\AppData\Local\{E2A56351-7333-47AD-9112-712C11217AB8}\chrome\content\_cfg.js

c:\users\Ashley\AppData\Local\{E2A56351-7333-47AD-9112-712C11217AB8}\chrome\content\overlay.xul

c:\users\Ashley\AppData\Local\{E2A56351-7333-47AD-9112-712C11217AB8}\install.rdf

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.

.

((((((((((((((((((((((((( Files Created from 2011-07-22 to 2011-08-22 )))))))))))))))))))))))))))))))

.

.

2011-08-21 02:22 . 2011-08-21 02:22 97859 ----a-w- c:\windows\system32\drivers\klick.dat

2011-08-21 02:22 . 2011-08-21 02:22 115369 ----a-w- c:\windows\system32\drivers\klin.dat

2011-08-21 02:20 . 2011-08-22 21:59 -------- d-----w- c:\programdata\Kaspersky Lab

2011-08-21 02:20 . 2011-08-21 02:20 -------- d-----w- c:\program files\Kaspersky Lab

2011-08-20 18:52 . 2011-08-20 18:52 388096 ----a-r- c:\users\Ashley\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-08-20 18:52 . 2011-08-20 18:52 -------- d-----w- c:\program files\Trend Micro

2011-08-20 15:56 . 2011-08-20 15:56 -------- d-----w- c:\users\Dad\AppData\Roaming\HP

2011-08-20 03:36 . 2011-08-16 12:48 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{30EB9B93-E4CA-4280-9AB3-F688927E0FDC}\mpengine.dll

2011-08-18 19:54 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll

2011-08-18 19:54 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-08-18 19:54 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys

2011-08-18 19:52 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-08-18 19:52 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-08-18 19:52 . 2011-06-17 20:13 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-20 16:51 . 2011-06-03 23:19 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-24 23:14 . 2009-10-04 00:51 222080 ------w- c:\windows\system32\MpSigStub.exe

2009-08-20 08:13 . 2009-08-20 08:13 9815040 ----a-w- c:\program files\openofficeorg31.msi

2002-03-11 09:06 . 2002-03-11 09:06 1822520 ----a-w- c:\program files\instmsiw.exe

2002-03-11 08:45 . 2002-03-11 08:45 1708856 ----a-w- c:\program files\instmsia.exe

2009-09-13 03:05 . 2009-09-13 03:05 124240 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll

2009-09-13 03:06 . 2009-09-13 03:06 13136 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2009-09-13 03:06 . 2009-09-13 03:06 70488 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2009-09-13 03:06 . 2009-09-13 03:06 91480 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2009-09-13 03:06 . 2009-09-13 03:06 22360 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll

2009-09-13 03:07 . 2009-09-13 03:07 255312 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2009-09-13 03:06 . 2009-09-13 03:06 31064 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2009-09-13 03:06 . 2009-09-13 03:06 40280 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2009-08-14 17:33 . 2009-08-14 17:33 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2009-09-13 03:06 . 2009-09-13 03:06 23896 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]

"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SafeConnect.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SafeConnect.lnk

backup=c:\windows\pss\SafeConnect.lnk.Commonstartup

backupExtension=.Commonstartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-06-12 09:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]

2009-09-13 03:09 103768 ----a-w- c:\program files\Citrix\ICA Client\concentr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

2008-06-09 17:16 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]

2010-03-30 21:50 2937528 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]

2008-08-01 23:14 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]

2008-06-14 01:11 210216 ------w- c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]

2008-06-14 01:11 210216 ------w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDIRShortCut]

2008-06-14 01:11 210216 ------w- c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]

2008-10-07 03:42 210216 ------w- c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [x]

R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]

R3 dump_wmimmc;dump_wmimmc;c:\program files\Gpotato\Flyff\GameGuard\dump_wmimmc.sys [x]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-06-02 3623304]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 65584]

S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11352]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 23856]

S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]

S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 19984]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-09 43040]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-18 c:\windows\Tasks\HPCeeScheduleForAshley.job

- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-25 18:34]

.

2011-08-22 c:\windows\Tasks\User_Feed_Synchronization-{2C768013-B72B-45DA-B1A8-AB30CC5514D2}.job

- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\9anuc329.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru

FF - Ext: Kaspersky Virtual Keyboard: virtualKeyboard@kaspersky.ru - c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru

FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF - Ext: New Tab Homepage: {66E978CD-981F-47DF-AC42-E3CF417C1467} - %profile%\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}

FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Ashley\AppData\Roaming\Move Networks

FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-EPSON NX110 Series - c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIFBA.EXE

MSConfigStartUp-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe

MSConfigStartUp-McAfeeUpdaterUI - c:\program files\McAfee\Common Framework\UdaterUI.exe

MSConfigStartUp-mpnonet - c:\users\Ashley\AppData\Local\Temp\icacings.dll

MSConfigStartUp-ShStatEXE - c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-08-22 18:26

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\windows\system32\nvvsvc.exe

c:\windows\system32\WLANExt.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\program files\CyberLink\Shared files\RichVideo.exe

c:\windows\system32\DRIVERS\xaudio.exe

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe

c:\program files\Hewlett-Packard\Shared\HpqToaster.exe

c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe

.

**************************************************************************

.

Completion time: 2011-08-22 18:32:56 - machine was rebooted

ComboFix-quarantined-files.txt 2011-08-22 22:32

.

Pre-Run: 141,251,424,256 bytes free

Post-Run: 141,696,413,696 bytes free

.

- - End Of File - - 69A57C85AA1CFB99F84CD8658C4674CC

Share this post


Link to post
Share on other sites
There is a ComboFix log dated 8/22/11 on the machine that I’ve posted below. We had another issue with this laptop that we addressed through this forum so it’s possible we were instructed to run it then and that’s why the log is still on the computer

 

It's good that it wasn't run without being under supervision and is simply a leftover that wasn't deleted. It looks like when that log was created, Kaspersky Antivirus was the installed antivirus at that time and Avast! hadn't been installed yet.

 

She is a student at Keene State College so I’m guessing the entries you reference are legit.

Excellent.

 

Now that Kaspersky has been removed, do you still want me to download and run the Kaspersky Rescue Disk?

 

Yes, Kaspersky Rescue Disk doesn't actually install onto the computer, the system boots from the CD/DVD, updates its signatures, and then scans the system, but it doesn't install software onto the computer. Depending on the size of the hard disk, it may take several hours to complete the scan. No antivirus program detects everything, and it may find something that your installed version of Avast! didn't find.

 

Once you post the new MBAM log and the log from Kaspersky Rescue Disk, we will proceed from there.

Share this post


Link to post
Share on other sites

Hi Joker:

 

Ran Kaspersky Rescue Disk scan. Ran for about 7 hours and I got report. When I tried to save, there were limited options to select disk to save to. I tried to save to Computer and to Root. I saw that it saved but when I exited KRD I couldn't find KRD.txt anywhere on the computer. Did I do something wrong?

 

Thanks

Share this post


Link to post
Share on other sites

Not sure why it didn't seem to save. Do you recall what the report said, did it find and remove anything? If so, do you recall what it said was removed?

 

Do you have the new MBAM log after updating the program and database?

Share this post


Link to post
Share on other sites

The KRD scan picked up a number of items - I'm going to say 11 or 12 but I didn't record them because I was able to save within the program and I thought I'd be able to get it off the laptop once I exited KRD. I'll try again tonight.

 

In the meantime, here is the MBAM log after update:

 

 

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

 

Database version: v2013.01.01.04

 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 8.0.6001.19393

Ashley :: ALEC [administrator]

 

1/1/2013 8:52:57 PM

mbam-log-2013-01-01 (20-52-57).txt

 

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 542641

Time elapsed: 4 hour(s), 42 minute(s), 58 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

Share this post


Link to post
Share on other sites

OK - was finally able to retrieve the KRD.txt file I saved last night and save it to a location I could access. Log is below. See previous post for updated MBAM log. Thanks.

 

KRD.txt:

 

 

Objects Scan: malfunction (events: 1, objects: 1, time: Unknown)

1/2/13 6:28 PM Task started

Objects Scan: malfunction (events: 1, objects: 1, time: Unknown)

1/2/13 7:04 PM Task started

Objects Scan: completed 15708 days ago (events: 15, objects: 2462023, time: 05:55:45)

1/3/13 1:44 AM Task completed

1/3/13 12:53 AM Processing error /mnt/MountedDevices/PD-2D900954-0000000000007E00/Users/Ashley/Documents/Downloads/PWI_v166_Vista.part1.exe Read error

1/2/13 11:53 PM Processing error sda1/Users/Ashley/Documents/Downloads/PWI_v166_Vista.part1.exe Read error

1/2/13 10:35 PM Processing error sda1/Program Files/InstallShield Installation Information/{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}/1.42.130/data1.cab Read error

1/2/13 10:35 PM Processing error sda1/Program Files/InstallShield Installation Information/{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}/1.42.130/data2.cab Read error

1/2/13 10:35 PM Processing error sda1/Program Files/InstallShield Installation Information/{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}/1.42.130/data1.hdr Read error

1/2/13 10:32 PM Processing error sda1/Program Files/InstallShield Installation Information/{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}/ISSetup.dll/PE_Patch.PECompact/PecBundle Read error

1/2/13 10:32 PM Processing error sda1/Program Files/InstallShield Installation Information/{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}/data1.hdr/isrt.dll/PE_Patch.PECompact/PecBundle Read error

1/2/13 10:32 PM Processing error sda1/Program Files/InstallShield Installation Information/{DC24971E-1946-445D-8A82-CE685433FA7D}/ISSetup.dll Read error

1/2/13 10:32 PM Processing error sda1/Program Files/InstallShield Installation Information/{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}/1.42.130/data2.cab/DeltaBuild0.package Read error

1/2/13 10:32 PM Processing error sda1/Program Files/InstallShield Installation Information/{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}/1.42.130/data1.cab/DeltaBuild0.package Read error

1/2/13 10:32 PM Processing error sda1/Program Files/InstallShield Installation Information/{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}/1.42.130/data1.hdr/DeltaBuild0.package Read error

1/2/13 9:41 PM Processing error /mnt/MountedDevices/PD-2D900954-0000000000007E00/Users/Ashley/Documents/Downloads/PWI_v166_Vista.part1.exe Read error

1/2/13 8:48 PM Processing error /mnt/MountedDevices/PD-2D900954-0000000000007E00/Users/Ashley/Documents/Downloads/PWI_v166_Vista.part1.exe Read error

1/2/13 7:48 PM Task started

Share this post


Link to post
Share on other sites

I don't see any obvious malware.

 

Please download AdwCleaner by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

 

Your version of Adobe Reader is out of date and vulnerable.

Go to Start > Control Panel > Programs and Features, and uninstall your current Adobe Reader X

Download the current version from http://get.adobe.com/reader/ (be sure to uncheck the box for the optional toolbar or you will have a potentially unwanted toolbar installed)), save it to your Desktop or another convenient location, and double-click the file to install it.

 

Your Java is outdated and vulnerable.

Updating Java:

  • Download the latest version of Java Runtime Environment (JRE) 7.
  • In the box labeled "Java Platform, Standard Edition", click the "Download JRE" button to the right.
  • In the Window that opens, click the "Accept License Agreement" button
  • Download the file for Windows x86 Offline (jre-7u9-windows-i586.exe) and save to your Desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add or Remove Programs and remove all older versions of Java.
    • Java™ 6 Update 26
    • Java 7 Update 7
    • Any other version listed

    [*]Then from your Desktop double-click on the new version you downloaded and install it.

 

Your version of Mozilla Firefox is also outdated and should be updated. In Firefox, go to Help > About Firefox, and click the Check for Updates button to start the update process.

 

Please post the log from AdwCleaner and note any errors encountered.

Share this post


Link to post
Share on other sites

I've updated Adobe Reader, Java and Firefox.

 

I have a question about the KRD report I posted. Does the format of the report look like what you expected? The reason I ask is because there are numerous references to malfunctions and errors and it made me wonder if the scan ran properly. I forgot to mention that within "My Update Center", the "Start Update" didn't seem to work. I tried it multiple times and gave it plenty of time to work but it kept telling me it was out of date (only seemed to be a couple days based on the date it gave me). Anyway, let me know if you have concerns about the KRD scan.

 

Here is the AdwCleaner log: Thanks again!

 

 

# AdwCleaner v2.104 - Logfile created 01/04/2013 at 05:50:10

# Updated 29/12/2012 by Xplode

# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)

# User : Ashley - ALEC

# Boot Mode : Normal

# Running from : C:\Users\Ashley\Desktop\adwcleaner.exe

# Option [search]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

File Found : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll

File Found : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt

File Found : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll

File Found : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

Folder Found : C:\Program Files\Common Files\Software Update Utility

Folder Found : C:\ProgramData\Viewpoint

 

***** [Registry] *****

 

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}

Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE

Key Found : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}

Key Found : HKLM\SOFTWARE\Classes\dnUpdate

Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser

Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1

Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController

Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1

Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager

Key Found : HKLM\Software\Viewpoint

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v8.0.6001.19393

 

[OK] Registry is clean.

 

-\\ Mozilla Firefox v11.0 (en-US)

 

File : C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\9anuc329.default\prefs.js

 

[OK] File is clean.

 

-\\ Google Chrome v23.0.1271.97

 

File : C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

[OK] File is clean.

 

-\\ Opera v12.1.1532.0

 

File : C:\Users\Ashley\AppData\Roaming\Opera\Opera\operaprefs.ini

 

[OK] File is clean.

 

*************************

 

AdwCleaner[R1].txt - [3291 octets] - [04/01/2013 05:50:10]

 

########## EOF - C:\AdwCleaner[R1].txt - [3351 octets] ##########

Share this post


Link to post
Share on other sites
I have a question about the KRD report I posted. Does the format of the report look like what you expected? The reason I ask is because there are numerous references to malfunctions and errors and it made me wonder if the scan ran properly.

 

I think it did. There were 13 read errors, but 4 of those look like partial archive files of Perfect World. The scanner couldn't open the archive either because it didn't understand the compression program that compressed the archive and broke it into parts, or all the parts weren't there so it couldn't be opened. Think of it as a multi-part zip file with one part missing. Without the full archive, it can't be opened successfully. Another reason a file sometimes can't be opened for scanning is because it's password protected. I'm not sure why some of those files couldn't be scanned, but I don't think it's a problem.

 

I forgot to mention that within "My Update Center", the "Start Update" didn't seem to work. I tried it multiple times and gave it plenty of time to work but it kept telling me it was out of date (only seemed to be a couple days based on the date it gave me).

 

There may have been a problem fully downloading the signature update, but that wouldn't be a malware related problem as you booted your system from the Rescue Disk, so there was no potential for any malware to have been loaded and active.

 

Let's try another scanner.

 

Please scan your system with ESET Online Scanner

  • Click the "Run ESET Online Scanner" button.
    • For browsers other then Internet Explorer such as Firefox, Chrome, or Opera (Microsoft Internet Explorer users can skip this step) another page will open to download the ESET Smart Installer
    • Click on esetsmartinstaller_enu.exe
    • Save it to your desktop, and double-click to run it.

    [*]Check "YES, I accept the Terms of Use."

    [*]Click the Start button.

    [*]Accept any security warnings from your browser.

    [*]Under scan settings, check "Scan Archives" and "Remove found threats"

    [*]Click Advanced settings and select the following:

    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology

    [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

    [*]When the scan completes, click List Threats

    [*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

    [*]Click the Back button.

    [*]Click the Finish button.

Please post the log from ESET Online Scanner you saved to the Desktop, and note any errors encountered.

Share this post


Link to post
Share on other sites

No, that was fine. It's good that ESET didn't find anything. AdwCleaner will though, as I see one item in the DDS log you posted that I believe it detects.

Share this post


Link to post
Share on other sites
AdwCleaner will though, as I see one item in the DDS log you posted that I believe it detects.

Joker - I'm not sure what you mean or whether there is anything else I should be doing at this time. Thanks

Share this post


Link to post
Share on other sites

Sorry, I overlooked the AdwCleaner log you posted.

 

Now please have AdwCleaner remove everything it found.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

How much RAM does the system have?

Share this post


Link to post
Share on other sites

The system has 2 GB RAM.

 

AdwCleaner[s1].txt:

 

 

# AdwCleaner v2.104 - Logfile created 01/06/2013 at 19:27:37
# Updated 29/12/2012 by Xplode
# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)
# User : Ashley - ALEC
# Boot Mode : Normal
# Running from : C:\Users\Ashley\Desktop\adwcleaner.exe
# Option [Delete]
***** [services] *****
***** [Files / Folders] *****
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Folder Deleted : C:\Program Files\Common Files\Software Update Utility
Folder Deleted : C:\ProgramData\Viewpoint
***** [Registry] *****
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager
Key Deleted : HKLM\Software\Viewpoint
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
***** [internet Browsers] *****
-\\ Internet Explorer v8.0.6001.19393
[OK] Registry is clean.
-\\ Mozilla Firefox v17.0.1 (en-US)
File : C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\9anuc329.default\prefs.js
C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\9anuc329.default\user.js ... Deleted !
[OK] File is clean.
-\\ Google Chrome v23.0.1271.97
File : C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
-\\ Opera v12.1.1532.0
File : C:\Users\Ashley\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [3420 octets] - [04/01/2013 05:50:10]
AdwCleaner[s1].txt - [3512 octets] - [06/01/2013 19:27:37]
########## EOF - C:\AdwCleaner[s1].txt - [3572 octets] ##########

Share this post


Link to post
Share on other sites
The system has 2 GB RAM.

You may see an improvement if you added an additional 1 GB of RAM, but depending on your laptop's configuration, if you had to replace your current RAM to do that (for example, if you had no empty RAM slots available) the potential gain would need to be weighed against the added cost of totally replacing your RAM. It would be a simpler decision if you had the slots and could simply add more RAM, but even then you would need to check your manual to see what your memory requirements were. Memory is cheap these days, but it gets more expensive if your memory slots are all full and the only way to add more is to replace them.

 

Another possibility is to see what unneccessary programs you have running at startup and see if the system improves with them disabled. Malwarebytes makes a great utility for this, StartUpLite, available here:

http://www.malwarebytes.org/products/startuplite/

 

 

Now we need to do some cleanup.

 

Go to start > run and copy and paste the next command in the field:

ComboFix /uninstall

 

Make sure there's a space between ComboFix and /

Then hit enter.

 

This will uninstall ComboFix, implement some cleanup procedures, and reset System Restore points.

 

If you don't see the Run option, you can access Run by holding down the Windows key on the keyboard and pressing R. To enable the Run option if you want it to appear permanently in the Start menu, right-click on Start (the Windows Orb), select Properties, click the Customize button, place a checkmark in the box for Run command, and click OK

 

You can now delete the copies of the following programs you downloaded, and any of their logs:

DDS

Security Check

AdwCleaner

Kaspersky Rescue Disk

 

I recommend you keep Malwarebytes Anti-Malware and periodically update it and scan your system.

 

To help keep malware off your system:

  • Keep your other applications updated, there are vulnerabilities that rely on exploits through other programs like Java, Microsoft Office, Adobe Reader, Flash, and others.
  • Run a program like Secunia Online Software Inspector or FileHippo Update Checker to see what programs need to be updated.
  • Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety.
  • Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware.
  • Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety.
  • Don't click on links received in instant message programs.
  • In place of Internet Explorer, browse with Firefox with the NoScript and AdBlock Plus add-ons.
  • A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available at http://www.mvps.org/winhelp2002/hosts.htm
  • A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster. For real-time protection, there is SpywareGuard. Both are available at http://www.javacoolsoftware.com/products.html
  • I recommend reading Tony Klein's article So How did I get Infected in the First Place? at http://www.spywareinfoforum.com/index.php?showtopic=60955
Does your problem appear resolved?

Share this post


Link to post
Share on other sites

I will do the things you suggest and have her read the recommended material. Will let you know how we make out. Thanks very much for all of your time, effort, and expertise. It's much appreciated!! Thanks as well to the rest of your group that keeps this forum going - it's been a tremendous help to us on more than one occasion.

Best,

Brabirschorr

WebRep
Overall rating
This site has no rating
(not enough votes)

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0