MrLS6

Members

View Profile See their activity

Posts
5
Joined
July 27, 2011
Last visited
August 9, 2011

Reputation

0 Neutral

Help cure this laptop. Info and HJT log inside

MrLS6 replied to MrLS6's topic in Resolved Malware Removal Logs

This?? simple. ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK As a note it found one thing it removed, a variant of adaware.speedingupmypc.com. I removed everything but Mcafee from the machine. Should I keep Malwarebytes? Results of screen317's Security Check version 0.99.18 Windows 7 (UAC is enabled) Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! ESET Online Scanner v3 McAfee SecurityCenter WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Java 2 Runtime Environment, SE v1.4.2_19 Adobe Flash Player ```````````````````````````````` Process Check: objlist.exe by Laurent Malwarebytes' Anti-Malware mbamservice.exe Malwarebytes' Anti-Malware mbamgui.exe ``````````End of Log```````````` Everything seems to be working as normal, I'm still missing a few programs in my start menu, stuff like accessories, notepad, wordpad....but as long as it all works it's fine. Thank you very much! Dave
- August 6, 2011
- 10 replies
Help cure this laptop. Info and HJT log inside

MrLS6 replied to MrLS6's topic in Resolved Malware Removal Logs

And the DDS log... . DDS (Ver_2011-06-23.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Daves Restoration at 0:40:14 on 2011-08-04 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2812.942 [GMT -4:00] . AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe C:\Windows\system32\svchost.exe -k netsvcs c:\program files (x86)\common files\logishrd\lvmvfm\LVPrS64H.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe C:\Program Files (x86)\Acer\Registration\GregHSRW.exe C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Acer\Acer Updater\UpdaterService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files (x86)\Uniblue\RegistryBooster\registrybooster.exe C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe C:\Program Files (x86)\Common Files\Logishrd\LComMgr\Communications_Helper.exe C:\Program Files (x86)\Logitech\QuickCam10\QuickCam10.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\LVComSX.exe C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\DllHost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe c:\PROGRA~1\mcafee.com\agent\McUpdate.exe c:\PROGRA~1\mcafee\msc\mcupdmgr.exe C:\Program Files\McAfee\VirusScan\mcods.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.juno.com/ mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27361109d555l0324z145t4822x234 uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110709163235.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [RegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000 mRun: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" mRun: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" mRun: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun: [LogitechCommunicationsManager] "C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" mRun: [LogitechQuickCamRibbon] "C:\Program Files (x86)\Logitech\QuickCam10\QuickCam10.exe" /hide mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL Trusted Zone: internet Trusted Zone: mcafee.com DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab TCP: DhcpNameServer = 68.87.72.134 68.87.77.134 TCP: Interfaces\{25B43BE2-156C-41BE-82C5-21FD7D02B0DA} : DhcpNameServer = 68.87.72.134 68.87.77.134 TCP: Interfaces\{92402D6E-BA3C-4438-B7A2-5E9BED357CE4} : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{92402D6E-BA3C-4438-B7A2-5E9BED357CE4}\8686F6E6F62737 : DhcpNameServer = 12.127.16.67 12.127.17.71 TCP: Interfaces\{92402D6E-BA3C-4438-B7A2-5E9BED357CE4}\96261686E6 : DhcpNameServer = 172.16.2.5 172.18.82.11 4.2.2.1 TCP: Interfaces\{92402D6E-BA3C-4438-B7A2-5E9BED357CE4}\C4F6467656E65647 : DhcpNameServer = 4.2.2.2 4.2.2.1 204.117.214.10 Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll BHO-X64: McAfee Phishing Filter - No File BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110709163235.dll BHO-X64: scriptproxy - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll BHO-X64: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll BHO-X64: Google Dictionary Compression sdch - No File TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll mRun-x64: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" mRun-x64: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" mRun-x64: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun-x64: [LogitechCommunicationsManager] "C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" mRun-x64: [LogitechQuickCamRibbon] "C:\Program Files (x86)\Logitech\QuickCam10\QuickCam10.exe" /hide mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?] R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?] R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?] R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?] R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?] R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-8-21 844320] R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-6-4 1150496] R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-2-6 173344] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-7-18 366640] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2011-5-1 101048] R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-9-2 355440] R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-9-2 355440] R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-9-2 355440] R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-9-2 200056] R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-9-2 245352] R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-9-2 149032] R2 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-8-6 311592] R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-6-17 144640] R2 psqlWGE;Pervasive PSQL Workgroup Engine;C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe [2007-9-5 455968] R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-8-21 240160] R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?] R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?] R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?] R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?] R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 Pervasive.SQL Workgroup Engine;Pervasive.SQL Workgroup Engine;C:\Windows\SysWOW64\srvany.exe [2009-11-3 8192] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 LVcKap64;Logitech AEC Driver;C:\Windows\system32\DRIVERS\LVcKap64.sys --> C:\Windows\system32\DRIVERS\LVcKap64.sys [?] S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\system32\DRIVERS\lvpopf64.sys --> C:\Windows\system32\DRIVERS\lvpopf64.sys [?] S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?] S3 LVUVC64;QuickCam for Notebooks Deluxe(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?] S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272] S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-6-17 50432] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== File Associations =============== . inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1 VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %* VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %* . =============== Created Last 30 ================ . 2011-08-04 03:34:59 208896 ----a-w- C:\Windows\MBR.exe 2011-08-04 03:34:55 518144 ----a-w- C:\Windows\SWREG.exe 2011-08-04 03:34:55 256000 ----a-w- C:\Windows\PEV.exe 2011-08-04 03:34:54 98816 ----a-w- C:\Windows\sed.exe 2011-08-04 03:34:23 -------- d-----w- C:\ComboFix 2011-08-04 03:19:20 -------- d-----w- C:\ProgramData\Citrix 2011-08-04 03:14:07 -------- d-----w- C:\Program Files (x86)\Citrix 2011-08-04 03:13:43 -------- d-----w- C:\Users\Daves Restoration\AppData\Local\Citrix 2011-08-04 03:13:09 -------- d-----w- C:\Users\Daves Restoration\AppData\Local\Deployment 2011-08-04 03:13:09 -------- d-----w- C:\Users\Daves Restoration\AppData\Local\Apps 2011-08-04 03:04:20 -------- d-----w- C:\Users\Daves Restoration\AppData\Roaming\McAfee 2011-08-04 01:11:53 8578896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{436EAC0A-3C21-46ED-A4D1-6D63F631FDA9}\mpengine.dll 2011-07-27 00:16:23 388096 ----a-r- C:\Users\Daves Restoration\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-07-27 00:16:18 -------- d-----w- C:\Program Files (x86)\Trend Micro 2011-07-26 23:48:50 -------- d-----w- C:\Users\Daves Restoration\AppData\Roaming\Uniblue 2011-07-26 23:48:32 -------- dc----w- C:\ProgramData\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42} 2011-07-26 23:48:32 -------- d-----w- C:\Program Files (x86)\Uniblue 2011-07-26 23:47:38 -------- d-----w- C:\Users\Daves Restoration\AppData\Local\PackageAware 2011-07-19 00:51:46 -------- d-----w- C:\ProgramData\Oberon Media 2011-07-19 00:51:46 -------- d-----w- C:\Program Files (x86)\Oberon Media 2011-07-19 00:51:39 -------- d-----w- C:\Users\Daves Restoration\AppData\Roaming\Oberon Media 2011-07-19 00:51:30 -------- d-----w- C:\Program Files (x86)\Common Files\Oberon Media 2011-07-19 00:50:37 -------- d-----w- C:\Users\Daves Restoration\AppData\Local\Oberon Media 2011-07-13 20:02:45 3137536 ----a-w- C:\Windows\System32\win32k.sys 2011-07-10 20:15:24 8578896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-07-09 18:49:54 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{49CB4516-AD4B-4C1D-A9CC-4A9A8D70E58C}\gapaengine.dll 2011-07-09 18:48:49 270720 ------w- C:\Windows\System32\MpSigStub.exe 2011-07-09 18:45:22 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client 2011-07-09 18:45:08 -------- d-----w- C:\Program Files\Microsoft Security Client 2011-07-09 03:16:12 -------- d-----w- C:\Users\Daves Restoration\AppData\Roaming\Malwarebytes 2011-07-09 03:16:02 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2011-07-09 03:16:01 -------- d-----w- C:\ProgramData\Malwarebytes 2011-07-09 03:15:58 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-07-09 03:15:58 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2011-07-09 03:01:29 -------- d-----w- C:\Users\Daves Restoration\AppData\Roaming\SpeedingUpMyPC 2011-07-09 03:01:29 -------- d-----w- C:\Users\Daves Restoration\AppData\Roaming\RegistryKeys 2011-07-09 03:01:22 -------- d-----w- C:\Program Files (x86)\SpeedingUpMyPC . ==================== Find3M ==================== . 2011-06-14 03:28:06 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2011-06-14 03:28:05 175616 ----a-w- C:\Windows\System32\msclmd.dll 2011-06-03 06:57:45 362496 ----a-w- C:\Windows\System32\wow64win.dll 2011-06-03 06:57:45 243200 ----a-w- C:\Windows\System32\wow64.dll 2011-06-03 06:57:45 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2011-06-03 06:57:44 214528 ----a-w- C:\Windows\System32\winsrv.dll 2011-06-03 06:57:38 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll 2011-06-03 06:53:33 338944 ----a-w- C:\Windows\System32\conhost.exe 2011-06-03 06:00:53 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2011-06-03 05:57:33 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2011-06-03 05:56:12 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2011-06-03 03:53:31 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2011-06-03 03:53:31 2048 ----a-w- C:\Windows\SysWow64\user.exe 2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll 2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll 2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll 2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll 2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe . ============= FINISH: 0:42:05.31 ===============
- August 4, 2011
- 10 replies
Help cure this laptop. Info and HJT log inside

MrLS6 replied to MrLS6's topic in Resolved Malware Removal Logs

ok, here's the log from Combofix. While it was running, it kept popping up a box that said it could not find MIRKMD, make sure you typed it correctly etc. I kept clicking ok, and it kept working. About level 24 my old desktop appeared... ComboFix 11-08-03.03 - Daves Restoration 08/03/2011 23:42:35.1.1 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2812.1414 [GMT -4:00] Running from: C:\Users\Daves Restoration\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Resident AV is active ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Users\Daves Restoration\GoToAssistDownloadHelper.exe ((((((((((((((((((((((((( Files Created from 2011-07-04 to 2011-08-04 ))))))))))))))))))))))))))))))) 2011-08-04 04:17:02 . 2011-08-04 04:17:02 -------- d-----w- C:\Users\Default\AppData\Local\temp 2011-08-04 01:11:53 . 2011-07-13 04:53:08 8578896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{436EAC0A-3C21-46ED-A4D1-6D63F631FDA9}\mpengine.dll 2011-07-27 00:16:23 . 2011-07-27 00:16:25 388096 ----a-r- C:\Users\Daves Restoration\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-07-27 00:16:18 . 2011-07-27 00:16:18 -------- d-----w- C:\Program Files (x86)\Trend Micro 2011-07-26 23:48:50 . 2011-07-26 23:48:50 -------- d-----w- C:\Users\Daves Restoration\AppData\Roaming\Uniblue 2011-07-26 23:48:32 . 2011-07-26 23:48:37 -------- dc-h--w- C:\ProgramData\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42} 2011-07-26 23:48:32 . 2011-07-26 23:48:32 -------- d-----w- C:\Program Files (x86)\Uniblue 2011-07-26 23:47:38 . 2011-07-26 23:47:38 -------- d-----w- C:\Users\Daves Restoration\AppData\Local\PackageAware 2011-07-19 00:51:46 . 2011-07-19 02:57:22 -------- d-----w- C:\Program Files (x86)\Oberon Media 2011-07-19 00:51:46 . 2011-07-19 02:57:14 -------- d-----w- C:\ProgramData\Oberon Media 2011-07-19 00:51:39 . 2011-07-19 02:48:46 -------- d-----w- C:\Users\Daves Restoration\AppData\Roaming\Oberon Media 2011-07-19 00:51:30 . 2011-07-19 00:51:33 -------- d-----w- C:\Program Files (x86)\Common Files\Oberon Media 2011-07-19 00:50:37 . 2011-07-19 00:50:37 -------- d-----w- C:\Users\Daves Restoration\AppData\Local\Oberon Media 2011-07-13 20:02:45 . 2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\system32\win32k.sys 2011-07-10 20:15:24 . 2011-07-13 04:53:08 8578896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-07-09 18:49:54 . 2010-11-30 15:43:54 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{49CB4516-AD4B-4C1D-A9CC-4A9A8D70E58C}\gapaengine.dll 2011-07-09 18:48:49 . 2010-10-19 20:51:33 270720 ------w- C:\Windows\system32\MpSigStub.exe 2011-07-09 18:45:22 . 2011-07-09 18:45:22 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client 2011-07-09 18:45:08 . 2011-07-09 18:45:44 -------- d-----w- C:\Program Files\Microsoft Security Client 2011-07-09 03:16:12 . 2011-07-09 03:16:12 -------- d-----w- C:\Users\Daves Restoration\AppData\Roaming\Malwarebytes 2011-07-09 03:16:02 . 2011-07-06 23:52:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2011-07-09 03:16:01 . 2011-07-09 03:16:01 -------- d-----w- C:\ProgramData\Malwarebytes 2011-07-09 03:15:58 . 2011-07-18 22:48:32 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2011-07-09 03:15:58 . 2011-07-06 23:52:42 25912 ----a-w- C:\Windows\system32\drivers\mbam.sys 2011-07-09 03:01:29 . 2011-07-09 03:01:29 -------- d-----w- C:\Users\Daves Restoration\AppData\Roaming\SpeedingUpMyPC 2011-07-09 03:01:29 . 2011-07-09 03:01:29 -------- d-----w- C:\Users\Daves Restoration\AppData\Roaming\RegistryKeys 2011-07-09 03:01:22 . 2011-07-09 03:01:23 -------- d-----w- C:\Program Files (x86)\SpeedingUpMyPC . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2011-06-14 03:28:06 . 2009-07-14 02:36:51 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2011-06-14 03:28:05 . 2009-07-14 02:36:51 175616 ----a-w- C:\Windows\system32\msclmd.dll 2011-06-03 05:57:52 . 2011-07-13 20:02:17 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2011-05-24 11:42:55 . 2011-06-29 00:18:12 404480 ----a-w- C:\Windows\system32\umpnpmgr.dll 2011-05-24 10:40:05 . 2011-06-29 00:18:11 64512 ----a-w- C:\Windows\SysWow64\devobj.dll 2011-05-24 10:40:05 . 2011-06-29 00:18:11 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll 2011-05-24 10:39:38 . 2011-06-29 00:18:12 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll 2011-05-24 10:37:54 . 2011-06-29 00:18:12 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-08-06 17:18:12 120104 ---ha-w- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-22 02:17:00 39408] "RegistryBooster"="C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" [2011-07-12 06:47:29 67456] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "EgisTecLiveUpdate"="C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 05:09:34 199464] "Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 08:44:43 35760] "NortonOnlineBackupReminder"="C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 23:31:08 588648] "LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe" [2009-07-28 00:50:32 1157128] "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 05:20:52 98304] "ArcadeDeluxeAgent"="C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-08-01 00:29:12 128296] "PlayMovie"="C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-08-05 04:45:00 181480] "Acer Assist Launcher"="C:\Program Files (x86)\Acer\Acer Assist\launcher.exe" [2007-11-19 22:17:40 1261568] "mcui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2011-04-05 15:50:44 1486392] "LogitechCommunicationsManager"="C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 05:12:48 488984] "LogitechQuickCamRibbon"="C:\Program Files (x86)\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 05:13:48 774168] "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 18:37:40 932288] "Malwarebytes' Anti-Malware"="C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 23:52:38 449584] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 18:16:28 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 19:27:14 138576] R2 Pervasive.SQL Workgroup Engine;Pervasive.SQL Workgroup Engine;C:\Windows\SysWOW64\srvany.exe [2006-05-10 19:08:29 8192] R3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 17:59:12 206072] R3 LVcKap64;Logitech AEC Driver;C:\Windows\system32\DRIVERS\LVcKap64.sys [x] R3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\system32\DRIVERS\lvpopf64.sys [x] R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys [x] R3 LVUVC64;QuickCam for Notebooks Deluxe(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys [x] R3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys [x] R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 21:21:18 288272] R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 00:31:46 50432] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys [x] R3 RtsUIR;Realtek IR Driver;C:\Windows\system32\DRIVERS\Rts516xIR.sys [x] R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [x] S0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys [x] S1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys [x] S1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys [x] S1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [x] S1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [x] S1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 16:03:18 169312] S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [x] S2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-06 04:30:58 844320] S2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 13:04:50 1150496] S2 LVPrcS64;Process Monitor;c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [2007-02-06 21:44:02 173344] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 23:52:38 366640] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [2011-02-16 19:49:08 101048] S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 14:14:44 355440] S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 14:14:44 355440] S2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 18:01:38 245352] S2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-04-14 18:01:38 149032] S2 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-06 17:18:54 311592] S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 00:31:58 144640] S2 psqlWGE;Pervasive PSQL Workgroup Engine;C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe [2007-09-05 16:25:56 455968] S2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 01:47:12 240160] S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys [x] S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [x] S3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys [x] S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys [x] S3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys [x] --- Other Services/Drivers In Memory --- *Deregistered* - mfeavfk01 Contents of the 'Scheduled Tasks' folder 2011-08-04 C:\Windows\Tasks\RegistryBooster.job - C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2011-07-26 23:48:42 . 2011-07-12 06:47:29] --------- x86-64 ----------- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-08-06 17:19:54 137512 ---ha-w- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 13:14:20 7982112] "Acer ePower Management"="C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-06 04:30:58 828960] "mwlDaemon"="C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-08-06 17:18:42 349480] "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe" [2011-06-15 18:35:24 1436736] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 ------- Supplementary Scan ------- uStart Page = hxxp://www.juno.com/ uLocal Page = C:\Windows\system32\blank.htm mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27361109d555l0324z145t4822x234 mLocal Page = C:\Windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 Trusted Zone: internet Trusted Zone: mcafee.com TCP: DhcpNameServer = 68.87.72.134 68.87.77.134 - - - - ORPHANS REMOVED - - - - Toolbar-Locked - (no file) Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
- August 4, 2011
- 10 replies
Help cure this laptop. Info and HJT log inside

MrLS6 replied to MrLS6's topic in Resolved Malware Removal Logs

Thanks, I've been busy and finally got to this.... Can't find the scan log to post, so here's cut and paste. Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7350 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 8/1/2011 7:52:29 PM mbam-log-2011-08-01 (19-52-29).txt Scan type: Quick scan Objects scanned: 172827 Time elapsed: 9 minute(s), 50 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) I was able to post the DDS file though. Thanks in advance, Dave DDS.txt
- August 2, 2011
- 10 replies
Help cure this laptop. Info and HJT log inside

MrLS6 posted a topic in Resolved Malware Removal Logs

Hello, I somehow got the Windows7fix virus. Between google and Malwarebytes, I've been able to get my laptop back to where I can use it. I still think there's stuff on it, as it is slow as molasses now. I've ran a few other programs such as Speeding up my PC, Malwarebytes, and HiJackTHis. Attached is my log from HJT. Any help is much appreciated! Thanks, Dave hijackthis.log
- July 27, 2011
- 10 replies

Sign In

MrLS6

Posts

Joined

Last visited

Reputation

Help cure this laptop. Info and HJT log inside

Help cure this laptop. Info and HJT log inside

Help cure this laptop. Info and HJT log inside

Help cure this laptop. Info and HJT log inside

Help cure this laptop. Info and HJT log inside

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information