Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Vista Defender Pro..Please Help!


  • Please log in to reply
8 replies to this topic

#1 moon2

moon2

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 25 April 2010 - 07:43 PM

I apologize if this is the wrong forum..please move to the appropriate one if need be.

As the title suggests. I just picked up this nasty tonight. At first I was getting the pop-ups with fake infections,etc. Then I was unable to open ANY program
( antivirus,browser,games,etc) without getting this error "This file does not have a program associated with it for performing this action.Create an association in the Set Association control panel" The only way I could get anything to run was as an administrator.

Since all the sites I googled suggested Malwarebytes, I tried to run it to no avail. I decided to uninstall and reinstall but that didn't work..I kept getting runtime errors. Tried in SafeMode and that didn't work. I rebooted normally and now I can run everything as usual..no weird errors or anything.

I have not removed anything regarding this virus but I can do everything normally. I have read the article on how to remove Vista Defender Pro on this site.

1) Malwarebytes has found NOTHING.

2) Some files and registry keys listed in the article are not present on my computer..however some are.

3) AVG found nothing.

SO what do I do? I know this thing is still on my computer because I can find some of the registry keys. But if my security software isn't finding it then what??

I have some experience in the registry, but nothing like this.

I know I can't leave this virus on my pc even if it seems to not outwardly affect anything.

Pleasehelp !

Thank you.

BC AdBot (Login to Remove)

 


#2 zbd

zbd

  • Members
  • 390 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 25 April 2010 - 09:50 PM

I'd try a system restore to before the problem started.

http://www.bleepingcomputer.com/tutorials/windows-vista-system-restore-guide/

And try superantispyware or malaware bytes again.

http://www.superantispyware.com/

http://www.malwarebytes.org/mbam.php

Edited by zbd, 25 April 2010 - 09:51 PM.


#3 yash61244

yash61244

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 25 April 2010 - 10:06 PM

Same problem here, I tried to click system restore but no windows come up. Also there are annoying pop ups of Windows Defender Pro and i am unable to access any applications, every time i do a pop up comes up saying something about how windows does not know how to open this file so i have to right click the file and say open as administrator

#4 certifiedgeek

certifiedgeek

  • Members
  • 172 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 25 April 2010 - 11:02 PM

Please download ATF Cleaner by Atribune & save it to your desktop.

* Close all open browsers before using, especially FireFox. <-Important!!!
* Double-click ATF-Cleaner.exe to run the program.
* Under Main "Select Files to Delete" choose: Select All.
* Click the Empty Selected button.
* If you use Firefox browser click Firefox at the top and choose: Select All
* Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
* If you use Opera browser click Opera at the top and choose: Select All
* Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
* Click Exit on the Main menu to close the program.

Notes: On Vista, "Windows Temp" is disabled. To empty Temp, ATF-Cleaner must be Run As Administrator.
The Prefetch cleaning feature has been disabled for Vista Users. Tabs for applications that are not installed are grayed out.

Yes, I would run SUPERAntispyware in safe mode without networking after updating it in normal mode. Then make sure MBAM is fully up to date and run another complete scan in normal mode.

Please post the logs afterwards here for us to take a look at.

#5 moon2

moon2
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 25 April 2010 - 11:13 PM

Hi guys, thanks so much for the replies :thumbsup:

Since I had uninstalled Malwarebytes, it had prompted me to reboot to complete the uninstall...which I didn't do because I was too afraid. So perhaps trying to run another installation of the program while the old one wasn't totally gone caused the runtime errors, or maybe it was the virus..who knows.

Anyway, as I mentioned, I rebooted my computer and could run Malwarebytes normally. Initially I ran a quick scan - probably why it didn't find anything. I then ran a full scan, and lo and behold it found 7 infected entries! I removed these infections and everything seems fine now. I checked through the list of registry keys that are supposed to be associated with this virus, and I didn't find any at all.

I'm not getting any weird, fake warnings and everything is running as normal, I'm just wondering..it can't be THAT easy to remove this thing can it?? Is it possible that it's lingering somewhere or did removing these entries ONLY with Malwarebyte's completely obliterate it?

Edited by moon2, 25 April 2010 - 11:16 PM.


#6 certifiedgeek

certifiedgeek

  • Members
  • 172 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 25 April 2010 - 11:54 PM

Could you please post the MBAM log files? You can find them by opening up MBAM, and then click logs, followed by opening the actual log. Then copy and paste it into this post for us to look at.

Also, did you run SUPERAntispyware yet? I think it's important to run that too and then post the logs.

I would also do an online scan using BitDefender. Then post the results from that scan too please.

Generally, it's not that easy, but Malwarebytes and SUPERAntispyware do an excellent job considering all the malware they have to keep up with.

#7 moon2

moon2
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 26 April 2010 - 02:49 AM

Ok here are the logs. I'll get back to you with the Super AntiSpyware log soon:

1) This was the MBAM log of the scan that found the threats, I ran a second full scan after removal and nothing was found:


Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4036

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18828

4/25/2010 9:12:44 PM
mbam-log-2010-04-25 (21-12-44).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 254597
Time elapsed: 55 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Melissa\AppData\Local\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Melissa\AppData\Local\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Melissa\AppData\Local\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Melissa\Desktop\stuff\games\New Folder (2)\New Folder (2)\New Folder 2\FFF-ReflexV2\FFF-ReflexV2.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
C:\Users\Melissa\Desktop\stuff\games\New Folder (2)\New Folder (2)\New Folder 2\Games\BigFishUniversal\Wedding_Dash\THETA.nfo.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
C:\Users\Melissa\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Users\Melissa\AppData\Local\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.

2) BitDefender Log:

QuickScan Beta 32-bit v0.9.9.18
-------------------------------

Scan date: Mon Apr 26 03:37:36 2010
Machine ID: D851D711



No infection found.
-------------------



Processes
---------
<unsigned> Acer Empowering Techonology Framework L 2872 C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
<unsigned> Acer eRecovery Management 3084 C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
<unsigned> CyberLink CLMSServer 2432 C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
<unsigned> eRecoveryService 2956 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
<unsigned> MemCheck.Service 2468 C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
<unsigned> Service 3044 C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

<verified> 772 C:\Acer\Empowering Technology\SysMonitor.exe
<verified> Acer eDataSecurity Management 2596 C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
<verified> Acer eDataSecurity Management 2056 C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
<verified> AVG Internet Security 640 C:\Program Files\AVG\AVG9\avgchsvx.exe
<verified> AVG Internet Security 800 C:\Program Files\AVG\AVG9\avgcsrvx.exe
<verified> AVG Internet Security 3560 C:\Program Files\AVG\AVG9\avgcsrvx.exe
<verified> AVG Internet Security 3304 C:\Program Files\AVG\AVG9\avgemc.exe
<verified> AVG Internet Security 3344 C:\Program Files\AVG\AVG9\avgnsx.exe
<verified> AVG Internet Security 648 C:\Program Files\AVG\AVG9\avgrsx.exe
<verified> AVG Internet Security 2172 C:\Program Files\AVG\AVG9\avgtray.exe
<verified> AVG Internet Security 2576 C:\Program Files\AVG\AVG9\avgwdsvc.exe
<verified> Firefox 1644 C:\Program Files\Mozilla Firefox\firefox.exe
<verified> HD Audio Control Panel 1800 C:\Windows\RtHDVCpl.exe
<verified> Microsoft® Windows® Operating System 1096 C:\Windows\Explorer.EXE
<verified> Microsoft® Windows® Operating System 572 C:\Windows\system32\csrss.exe
<verified> Microsoft® Windows® Operating System 632 C:\Windows\system32\csrss.exe
<verified> Microsoft® Windows® Operating System 560 C:\Windows\system32\Dwm.exe
<verified> Microsoft® Windows® Operating System 728 C:\Windows\system32\lsass.exe
<verified> Microsoft® Windows® Operating System 736 C:\Windows\system32\lsm.exe
<verified> Microsoft® Windows® Operating System 1708 C:\Windows\system32\rundll32.exe
<verified> Microsoft® Windows® Operating System 2112 C:\Windows\System32\rundll32.exe
<verified> Microsoft® Windows® Operating System 712 C:\Windows\system32\services.exe
<verified> Microsoft® Windows® Operating System 1628 C:\Windows\system32\SLsvc.exe
<verified> Microsoft® Windows® Operating System 508 C:\Windows\System32\smss.exe
<verified> Microsoft® Windows® Operating System 1984 C:\Windows\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1168 C:\Windows\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 1612 C:\Windows\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1200 C:\Windows\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1116 C:\Windows\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 1004 C:\Windows\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 2804 C:\Windows\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 892 C:\Windows\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1656 C:\Windows\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1828 C:\Windows\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 3904 C:\Windows\system32\wbem\wmiprvse.exe
<verified> Microsoft® Windows® Operating System 620 C:\Windows\system32\wininit.exe
<verified> Microsoft® Windows® Operating System 924 C:\Windows\system32\winlogon.exe
<verified> Microsoft® Windows® Operating System 3836 C:\Windows\system32\wuauclt.exe
<verified> Microsoft® Windows® Operating System 3108 C:\Windows\system32\WUDFHost.exe
<verified> NVIDIA Driver Helper Service, Version 1 976 C:\Windows\system32\nvvsvc.exe
<verified> RichVideo Module 2896 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
<verified> SM56 Helper Win32 Utility 2080 C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe


Network activity
----------------
Process firefox.exe (1644) connected on port 80 (HTTP) --> dc2.122.2o7.net
Process firefox.exe (1644) connected on port 80 (HTTP) --> lga15s02-in-f100.1e100.net
Process firefox.exe (1644) connected on port 80 (HTTP) --> a69-192-213-115.deploy.akamaitechnologies.com

Process wininit.exe (620) listens on ports: 49152 (RPC)
Process services.exe (712) listens on ports: 49157 (RPC)
Process lsass.exe (728) listens on ports: 49154 (RPC)
Process svchost.exe (1004) listens on ports: 135 (RPC)
Process svchost.exe (1116) listens on ports: 49153 (RPC)


Autoruns and critical files
---------------------------
<unsigned> launcher.exe C:\Program Files\Acer Assist\launcher.exe
<unsigned> PCMMediaSharing.exe C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
<unsigned> PowerReg C:\Program Files\Acer Registration\ACE1.exe

<verified> C:\Acer\Empowering Technology\SysMonitor.exe
<verified> Acer eDataSecurity Management C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
<verified> Adobe Acrobat C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
<verified> AVG Internet Security C:\Program Files\AVG\AVG9\avgtray.exe
<verified> AVG Internet Security C:\Windows\System32\avgrsstx.dll
<verified> HD Audio Control Panel C:\Windows\RtHDVCpl.exe
<verified> Java™ Platform SE 6 U17 C:\Program Files\Java\jre6\bin\jusched.exe
<verified> Microsoft® Windows® Operating System C:\Windows\System32\browseui.dll
<verified> Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
<verified> NVIDIA Compatible Windows Vista Display C:\Windows\system32\NvCpl.dll
<verified> NVIDIA Media Center Library C:\Windows\System32\nvmctray.dll
<verified> SM56 Helper Win32 Utility C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
<verified> Windows® Internet Explorer C:\Windows\System32\webcheck.dll


Browser plugins
---------------
<unsigned> RealArcade NS Plugin C:\Program Files\Mozilla Firefox\plugins\npgcplug.dll
<unsigned> Shockwave for Director C:\Windows\system32\Adobe\Director\np32dsw.dll
<unsigned> Zylom Plugin C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
<unsigned> Zylom Plugin C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

<verified> Acer eDataSecurity Management c:\acer\empowering technology\edatasecurity\x86\edstoolbar.dll
<verified> AcroIEHelper Library c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
<verified> ActiveToolBand Module c:\acer\empowering technology\edatasecurity\x86\activetoolband.dll
<verified> AVG Internet Security c:\program files\avg\avg9\avgssie.dll
<verified> BitDefender QuickScan C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\wg034qs7.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
<verified> BitDefender QuickScan C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\wg034qs7.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
<verified> DivX Web Player C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
<verified> IGN Download Manager Plug-in C:\Program Files\Download Manager\npfpdlm.dll
<verified> Java Deployment Toolkit 6.0.170.4 C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
<verified> Java™ Platform SE 6 U17 c:\program files\java\jre6\bin\jp2ssv.dll
<verified> Microsoft® Windows Live Login Helper c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\mswsock.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\NapiNSP.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\pnrpnsp.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
<verified> Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
<verified> NPSWF32.dll C:\Windows\System32\Macromed\Flash\NPSWF32.dll
<verified> Pando Web Installer C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
<verified> RealArcade Mozilla Plugin C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
<verified> RealArcade Mozilla Plugin C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
<verified> Windows Presentation Foundation C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
<verified> Windows® Internet Explorer C:\Windows\System32\ieframe.dll
<verified> Yahoo Application State Plugin C:\Program Files\Yahoo!\Shared\npYState.dll


Missing files
-------------
File not found: C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll
referenced in: HLKM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher\"Path"

File not found: C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\wg034qs7.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}\plugins\npsoe.dll
referenced in: HLKM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3\"Path"


Scan
----
<unsigned> MD5: 9f12a23969b70da24529b34614c33255 C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll
<unsigned> MD5: 712eac3d821551d497df48ee27596205 C:\Acer\Empowering Technology\Acer.Empowering.Framework.Host.dll
<unsigned> MD5: e12df03c38e7e02e26e1dcd0c9f4924e C:\Acer\Empowering Technology\Acer.Empowering.Framework.Interface.dll
<unsigned> MD5: bd2b3f198b432fc58fcc3f2e0910f6f2 C:\Acer\Empowering Technology\Acer.Empowering.Framework.LaunchBarView.dll
<unsigned> MD5: 8e027b6f0ebec8ddc34fd6f12f16dee3 C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll
<unsigned> MD5: f178600d65c14cf63761a2f130b328d2 C:\Acer\Empowering Technology\Acer.Empowering.Framework.Presenter.dll
<unsigned> MD5: 2243e5e1447f96bc4d664848b6090e8e C:\Acer\Empowering Technology\Acer.Empowering.Framework.Shared.dll
<unsigned> MD5: 9c9aaae0527546b8a25d7bd6521675aa C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
<unsigned> MD5: fcec56c5a30b6e1b2076e02d49b7db73 C:\Acer\Empowering Technology\Acer.Empowering.Shared.UI.dll
<unsigned> MD5: dd04b2bb9a0bdd2861851e662c7ca9d2 C:\Acer\Empowering Technology\Acer.Empowering.Windows.Forms.dll
<unsigned> MD5: c0c3474053785611e5d597c706e95cc4 C:\Acer\Empowering Technology\eDataSecurity\x86\eDSop.dll
<unsigned> MD5: 388acbe019c36dd116b647b6cee2af4c C:\Acer\Empowering Technology\ePerformance\ePerformance.Library.dll
<unsigned> MD5: 18ed6558f87539337833dedf54c428e5 C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.dll
<unsigned> MD5: a39f590cf720ec1d6bc6786b6e7b2581 C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.Interface.dll
<unsigned> MD5: c9ac52ac231813f78a2a0e4a40a76bab C:\Acer\Empowering Technology\ePerformance\ePerformance.Plugin.dll
<unsigned> MD5: 004596a30096920d3cf1f8dc2348a76a C:\Acer\Empowering Technology\ePerformance\ePerformance.Presenter.dll
<unsigned> MD5: e91f2444df54e725ddbbddb7fbce71f5 C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
<unsigned> MD5: 4b1b7455d1981e2c5dfe16ea1e2a85c3 C:\Acer\Empowering Technology\ePerformance\MemCheck.Interface.dll
<unsigned> MD5: ab3953395edfabc2aced5c3e43ddee10 C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
<unsigned> MD5: 59fccaf915ba89dd98cadf08da91afee C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
<unsigned> MD5: 3c823779c21d287d0ad0a623e77bd0a7 C:\Acer\Empowering Technology\eRecovery\eRecoveryUI.dll
<unsigned> MD5: dadad303dc0871591997a05caab891ae C:\Acer\Empowering Technology\eRecovery\IERYETF.dll
<unsigned> MD5: d14dcbe29935fb2558912587e4627924 C:\Acer\Empowering Technology\eRecovery\INT15.dll
<unsigned> MD5: 6b46e837ec3ff448a0665dc86c5208dc C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
<unsigned> MD5: 9c45dd21c8a9490f8e7a4d865f30b40d C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll
<unsigned> MD5: 1e0753c4f4c790d46f247e9b715410ed C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll
<unsigned> MD5: a34668c27173cb9b14de3d2c88403ae1 C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll
<unsigned> MD5: 37b951989249b83e7cb30f6b41e8cb80 C:\Acer\Empowering Technology\eSettings\eSettings.View.dll
<unsigned> MD5: a9745687a57cdd71237915859aba8dac C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
<unsigned> MD5: f44723063c89226217fbc0de668f190e C:\Acer\Empowering Technology\eSettings\Service\CPUID.dll
<unsigned> MD5: b47cfc1985ce260bd2fa21dba5629dc8 C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.Computer.dll
<unsigned> MD5: 9c45dd21c8a9490f8e7a4d865f30b40d C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.ComputerInterfaces.dll
<unsigned> MD5: 2457491b4bd439e3d7b628e9db4715d9 C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.Library.dll
<unsigned> MD5: 7bad6c236bec1bcb31e18748918e430b C:\Acer\Empowering Technology\eSettings\Service\ITEIO.dll
<unsigned> MD5: 4b1b7455d1981e2c5dfe16ea1e2a85c3 C:\Acer\Empowering Technology\MemCheck.Interface.dll
<unsigned> MD5: a52f5b7cbb80acaaa898383c9511b3ac C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMediaFormat.dll
<unsigned> MD5: 517d30057c726c797764bfd70a55d82a C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
<unsigned> MD5: 33dcfa425c2a584dd8cf13beaf995e83 C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLSchRecordMonitor.dll
<unsigned> MD5: 78ee5ebf58ab1ae727214faacbbaf6b2 C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaServer.dll
<unsigned> MD5: 37728f6db0a8d31b0a1c49a7228e1d34 C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
<unsigned> MD5: f9e2c7373c92b6cd9c398b30e85d126e C:\Program Files\Acer Assist\launcher.exe
<unsigned> MD5: 213345608b35b2c603cd46e7e4292275 C:\Program Files\Acer Registration\ACE1.exe
<unsigned> MD5: 62be2f433743cd6b5e7cf25cb6fe9079 C:\Program Files\Mozilla Firefox\freebl3.dll
<unsigned> MD5: fd681c2136ef9fe31e529693084b215e C:\Program Files\Mozilla Firefox\nssdbm3.dll
<unsigned> MD5: 99d306ccdb1fc1fe2a9a3098e3cad21e C:\Program Files\Mozilla Firefox\plugins\npgcplug.dll
<unsigned> MD5: c7cec8a86e977c56023fe849a960c804 C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
<unsigned> MD5: d1b52536361ff56b6577dab14cb4324c C:\Program Files\Mozilla Firefox\softokn3.dll
<unsigned> MD5: 3fa8c2e18b9e9ac74a4a701c3f38a1ce C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
<unsigned> MD5: 8d180f995cdd5fee6eac0307d2ebab85 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
<unsigned> MD5: da40953da8bdfcd6a8a91510487a5420 C:\Program Files\WinRAR\RarExt.dll
<unsigned> MD5: c7cec8a86e977c56023fe849a960c804 C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
<unsigned> MD5: 09841a0302bbbd24b95bb3f8b34a73e7 C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\17f572b09facdc5fda9431558eb7a26e\mscorlib.ni.dll
<unsigned> MD5: d2ea82ea48e894ccf65c9c14af7ecb6c C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e6001d416f7c468334934a2c6a41c631\System.Configuration.ni.dll
<unsigned> MD5: 7c3772c642cd2b2681883c8d62c957b1 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6312464f64727a2a50d5ce3fd73ad1bb\System.Drawing.ni.dll
<unsigned> MD5: a5da7c90aca4d5879ac9692633590ba0 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\22e348e7fee20fcb2013d3dfe016ae8e\System.Management.ni.dll
<unsigned> MD5: ac10a6a2bc1ff9772ed400a0d94ccf40 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\23281812ddf7a1fab881b5322e577ac4\System.Runtime.Remoting.ni.dll
<unsigned> MD5: 95ea8f63f63e39c2f9d94cc7a96053bd C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ae77b2b91367f11d340cf3bf2428af59\System.ServiceProcess.ni.dll
<unsigned> MD5: a51ab9ab026a8363a97a9dbde3ca694a C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03858406f9a9514402888707e8b93abe\System.Web.ni.dll
<unsigned> MD5: 2de827b10e32883c79c44980e2eeeab1 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1941d7639299344ae28fb6b23da65247\System.Windows.Forms.ni.dll
<unsigned> MD5: e5bf83c6f9d1412c8fd2ca27d9e6c335 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\7208ffa39630e9b923331f9df0947a12\System.Xml.ni.dll
<unsigned> MD5: fbdb72dd5eedb1d4a308716b68911e77 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\52e1ea3c7491e05cda766d7b3ce3d559\System.ni.dll
<unsigned> MD5: 32a783fe8d78db883368ca851e274dbe C:\Windows\system32\Adobe\Director\np32dsw.dll
<unsigned> MD5: 3e9a33113d663d8bd5ed38858e669652 C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.dll
<unsigned> MD5: 686b224b4987c22b153fbb545fee9657 C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\mfc80u.dll
<unsigned> MD5: d8584c7fb9a1ba8480f9000c1ca1b415 C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096\mfc80ENU.dll


No file uploaded.

Scan finished - communication took 1 sec
Total traffic - 0.02 MB sent, 0.24 KB recvd
Scanned 924 files and modules - 4 seconds

#8 moon2

moon2
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 26 April 2010 - 03:23 AM

SuperAntiSpyware log: Only tracking cookies were found. Not entirely sure how malicious tracking cookies are to be honest.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/26/2010 at 04:15 AM

Application Version : 4.35.1002

Core Rules Database Version : 4850
Trace Rules Database Version: 2662

Scan type : Complete Scan
Total Scan Time : 00:30:05

Memory items scanned : 626
Memory threats detected : 0
Registry items scanned : 7289
Registry threats detected : 0
File items scanned : 23961
File threats detected : 37

Adware.Tracking Cookie
C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Cookies\melissa@content.yieldmanager[5].txt
C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Cookies\melissa@richmedia.yahoo[2].txt
C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Cookies\melissa@realmedia[2].txt
C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Cookies\melissa@casalemedia[1].txt
C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Cookies\melissa@tribalfusion[2].txt
C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Cookies\melissa@doubleclick[1].txt
C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Cookies\melissa@adserver.adtechus[2].txt
C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Cookies\melissa@mediaplex[3].txt
C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Cookies\melissa@atdmt[1].txt
C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Cookies\melissa@invitemedia[1].txt
C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Cookies\melissa@revsci[2].txt
C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Cookies\melissa@ad.yieldmanager[1].txt
C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Cookies\melissa@perf.overture[1].txt
C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Cookies\melissa@media6degrees[2].txt
C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Cookies\melissa@azjmp[2].txt
C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Cookies\melissa@bellcan.adbureau[3].txt
C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Cookies\melissa@apmebf[2].txt
C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Cookies\melissa@realmedia[1].txt
C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Cookies\melissa@azjmp[1].txt
C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Cookies\melissa@bellcan.adbureau[2].txt
C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Cookies\melissa@adcentriconline[2].txt
C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Cookies\melissa@mediaplex[1].txt
C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Cookies\melissa@atdmt[2].txt
C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Cookies\melissa@doubleclick[2].txt
C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Cookies\melissa@zedo[2].txt
C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Cookies\melissa@richmedia.yahoo[1].txt
C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Cookies\melissa@revsci[1].txt
C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Cookies\melissa@tribalfusion[1].txt
C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Cookies\melissa@adbrite[1].txt
C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Cookies\melissa@media6degrees[1].txt
C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Cookies\melissa@apmebf[1].txt
C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Cookies\melissa@ad.yieldmanager[2].txt
C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Cookies\melissa@content.yieldmanager[1].txt
C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Cookies\melissa@content.yieldmanager[3].txt
C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Cookies\melissa@adserver.adtechus[1].txt
C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Cookies\melissa@casalemedia[2].txt
C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Cookies\melissa@msnportal.112.2o7[1].txt

#9 certifiedgeek

certifiedgeek

  • Members
  • 172 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 26 April 2010 - 09:43 AM

Ok it seems to look pretty good from where I'm standing, but I believe you can never be too safe so let' do a couple more things.

Are you able to browse the web without any redirects? Try searching for "free av" and then clicking on the first couple of links that come up in Google. All good?

Are you able to do windows updates or update your AVG software? Make sure you do all important windows updates, update AVG and then run full AVG scan.

Follow this with a complete scan in safe mode using Dr.Web CureIt

Of course, please post the logs for Dr.Web CureIt

Edited by certifiedgeek, 26 April 2010 - 09:44 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users