0

This is the part of the story when my brain leaks out my ears, I am electronically challenged.

I just bought myself a netbook, cute and simple. Yeah right!

I've done the Mcaffee full scan, it found nothing...and the damnable pop-ups where popping up the entire time it was running!

If it helps at all, my fiance did admit to some "indiscretions" in his online surfing. Regardless of how we got the problem it's here now. PLEASE PLEASE help me!

4
Contributors
22
Replies
24
Views
7 Years
Discussion Span
Last Post by jholland1964
Featured Replies
  • Registry Cleaners are never recommended. A good malware cleaner, like MBA-M WILL clean infected registry entries if necessary. Using a registry cleaner as a matter of "general course" can be very dangerous itself. The best way to deal with (possibly) registry-related issues is is to thoroughly research the problem and … Read More

0

The weren't Mcaffe, no they were definitely ads. Cell phones and stuff, some of the pop-ups didn't even work right they were the page can't be loadded screen, but in th place with the http:// it would say things like adtastic.com or w/e.

But I will follow your tech guru genius and follow the steps, "I'll be back" LOL

0

If you have looked at pornographic, images video's, it's no worse than looking at a youtube video. McAfee is pathetic, i suggest installing MSE. Turn on the popup blocker. Should easily fix the problem, other wise McAfee should have a similar option.

0

Master Rattley, Let's not get ahead of ourselves here. The computer needs cleaning FIRST before changing anything else and the steps I have recommended are our standard steps to take before doing anything else. When we decide it is clean then I will advise on what other steps need to be taken.

0

I am still scanning with the microsoft malicious destructo bot thing....this has become the day of endless scans.

But yes once cleaned I will put that big bad blocker MSE, but I will cross that bridge when I get there....I already downloaded 3 things today to find the culprit. I only hope that once found I get to hit the "KILL IT" button.

0

Master Rattley, 1st of all rudeness is not allowed here and I have removed your last reply.
2nd. You have contradicted yourself. First you say that McAfee is pathetic and then you say that "McAfee should automatically "clean" the computer for Trojans and what not". You cannot have it both ways. While some trojans "may" be removed by an anti-virus program that is very often NOT the case. I suggest that you read through all the other threads here. McAfee and many other anti-virus programs will not necessarily clean trojans from a computer. Some trojans yes, possibly, but certainly not all. An anti-virus program is just that, a program which cleans off and protects agains viruses, not trojans. A trojan is an entirely different type of infection. For an anti-virus program to be able to clean and protect against all possible infections the program would need to be so large that many computers could not even handle it. Many trojans will render an anti-virus program useless. While it may look like it is scanning, it actually is not. When it says the machine is clean, it may be free of viruses but not trojans. This is why our sticky here relies on other programs, in addition to the posters onboard anti-virus program.
Now, back to business. 2clueless, continue with the steps in the sticky. Do NOT install another anti-virus program until you are given the ok to do so by me. It will not likely be MSE.

Edited by jholland1964: n/a

0

MSE is a simple free program, from personal experience it has a good popup blocker, and virus detection, your looking to far into the problem, it would be something simple. The reason for saying an what not after Trojan was to cover all other types of viruses. Sorry for trying to help.

0

I will state again. Please do not install any other programs until given the OK. It is too early to be recommending installing other programs. One also must bear in mind, McAfee is a paid program. If the poster has paid for this program on this new computer the subscription likely has nearly a year to run. We will give other options, FREE programs, to use in conjunction WITH the McAfee program if this is the case. MSE would NOT be one of them because it too contains an anti-virus program and that is an absolute no-no. The rule is ONE anti-virus program on a computer. Run more than one and protection is compromised.

Edited by jholland1964: n/a

0

Yea i was suggesting getting rid of McAfee altogether, i dislike it but thats just my opinion, wouldn't you think the problem is just perhaps popups have been aloud indefinatly? and you could simply just block them? i'm sure McAfee has that option.

0

jholland you have my word, I have been folowing the instructions on the page you refered me too.

But I am now exhausted (local time near 1 am) the microsoft scan is about to complete, I need sleep to understand all this anyway. I hope it would be alright if I update you with the results tomorrow.

0

That will be fine. I want to caution you however, don't do anything else online until you have completed these scans, posted the results and gotten additional instructions if needed. If there is a trojan or infection on there then just surfing around can allow it to bring in more infected files making clean up that much more difficult. Since you are receiving these pop ups even during scans there is a likely prospect there is "something" on there that isn't supposed to be there.
I understand how frustrating this is but we will get this cleaned up and the new computer running as it should.
Judy

Master Rattley, as far as I know McAfee doesn't block pop-ups. The browser must be configured to block pop-ups. If these are coming with the browser closed then these are more than just pop-ups. This is why all of these scans must be run. AFTER we find out what might be working on there then we can better advise on what to do. Just blocking pop-ups won't remove infections that might be working there.

Edited by jholland1964: n/a

0

clean means no ads, no viruses, no po pups, in fact nothing other than what the machine should run. If the version of McAfee is a 'complete' cleaner anti virus ,and protection then the senior posters are correct.
I would also recommend a registry cleaner, malaware cleaner (if McFee doesn't cover it) and also a check in the start up area to ensure there is no 'phone home ET' type robots!
M

1

Registry Cleaners are never recommended. A good malware cleaner, like MBA-M WILL clean infected registry entries if necessary. Using a registry cleaner as a matter of "general course" can be very dangerous itself. The best way to deal with (possibly) registry-related issues is is to thoroughly research the problem and then use regedit to make any necessary changes and/or deletions (having first set a restore point or created a backup).Registry cleaning does *not* improve perforance.

Votes + Comments
Selfless nature of geeks. :)
0

I am running the microsoft mal-ware scan again on the user that the problem is since running it last night showed nothing but I wasn't getting the problem with that user file anyway. Once that is done I will run the other's and post. (sorry for how long this is taking my account here got corrupted and I amm just now able to post again.

thanks again.

0

Hey no problem. We are going to get this thing cleaned up! I stick with something as long as the poster does. We need to see logs, even if they show clean by the way. All the logs, or all the programs that produce logs.
I would like to see a HiJackThis log asap if you don't mind. Download from here,http://www.trendmicro.com/ftp/products/hijackthis/HijackThis.exe
run a system scan and save the log, copy/paste it here ok?

This will give me something to go through while waiting for the other logs from the Read Me sticky.

0

I got one log from that GMER thing, I tried 3 times to run the second one but my computer keeps freezing and crashing. And a message comes up that mdb.exe had an error and had to close, but nothing closes. And something tried to download.

Anyway here is the log I have so far and I will download that program you want me to use and try to run it.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-07-07 22:05:20
Windows 5.1.2600 Service Pack 3
Running: yptu5p8c.exe; Driver: C:\DOCUME~1\Eugene\LOCALS~1\Temp\kwldrpow.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xA0C3678A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xA0C36821]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xA0C36738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xA0C3674C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xA0C36835]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xA0C36861]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xA0C368CF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xA0C368B9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xA0C367CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xA0C368FB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xA0C3680D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xA0C36710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xA0C36724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xA0C3679E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xA0C36937]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xA0C368A3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xA0C3688D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xA0C3684B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xA0C36923]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xA0C3690F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xA0C36776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xA0C36762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xA0C36877]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xA0C367F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xA0C368E5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xA0C367E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xA0C367B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs mwlPSDFilter.sys (PSD Filter Driver/Egis Incorporated.)
AttachedDevice \FileSystem\Ntfs \Ntfs mwlPSDFilter.sys (PSD Filter Driver/Egis Incorporated.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

0

here's the hijack this log, That was the easiest scan I've done inthe past 2 days!

0

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:57:44 AM, on 7/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\WINDOWS\PLFSetL.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Acer\Acer VCM\Vc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\All Users\Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph06103405l0494wuk5w4412356n
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph06103405l0494wuk5w4412356n
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph06103405l0494wuk5w4412356n
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph06103405l0494wuk5w4412356n
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" //mailurl:mailto:root@amembers.info
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe"
O4 - HKLM\..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe
O4 - HKLM\..\Run: [snp2uvc] rundll32.exe C:\WINDOWS\system32\csnp2uvc.dll,ResetCIDS
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [EWABQAF7KL] C:\DOCUME~1\Eugene\LOCALS~1\Temp\Wbd.exe
O4 - Global Startup: Acer VCM.lnk = ?
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\Acer Games\Acer Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe

--
End of file - 10613 bytes

0

I did that malware scan, and I'm so excited! After 2 days of scans it said it found 5 things! Finally I'm getting somewhere.

Here's the log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4291

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/8/2010 4:31:33 AM
mbam-log-2010-07-08 (04-31-33).txt

Scan type: Full scan (C:\|)
Objects scanned: 247995
Time elapsed: 1 hour(s), 23 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\UBC5AB1IDP (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\EWABQAF7KL (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ewabqaf7kl (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Wsetoa.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\samlib0.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

0

And now I'm going to be because it's 4:47 a.m. here. I will check back tomorrow for further instructions.

0

Ok, that log at least showed me something. Want you to do the following:
Please Download ATF-Cleaner.exe by Atribune
You can put ATF-Cleaner on your Desktop for easy access.
RUN ATF-Cleaner.exe.

• Click on ATF-Cleaner to run it
• Where it says Select Files To Delete, Check the Select All Option
• Click Empty Selected > OK

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

REBOOT after running MBA-M! This is VERY important.

After the reboot run and new HiJackThis scan and save the log. Post back here with the MBA-M log and the new HiJackThis log.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.