Suspected infected Notebook

Hi I have just installed Avast Antivirus on both my PC and Notebook after having too many problems with McAfee Total Protection. The problem I was having was that McAfee real time scanning & firewall kept shutting down and their techs could not resolve this problem after many tries. Avast is running just fine on both systems but, my web browsing and notebook seems to run slower than normal even with DSL. With the finding of zero access on my PC on an earlier post I believe my notebook might be infected as well. I’ve attached the first 4 logs from the assist in cleaning malware topic page. Any help would be appreciated. THX

Here is the aswMBR log too.

i see you are using software from IObit

here is some info in case you want to reconcider
http://www.malwarebytes.org/forums/index.php?showtopic=29681
http://www.malwarebytes.org/forums/index.php?showtopic=30989
http://www.malwarebytes.org/forums/index.php?showtopic=33217

malware removers are notified. it may take hours beforenone arrive so be patient

No apparent zero access there just a few orphans to remove

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:OTL
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121016170245.dll File not found
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121016170246.dll File not found
O15 - HKU\S-1-5-21-1858528761-950694829-1421272782-1001\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1858528761-950694829-1421272782-1001\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1858528761-950694829-1421272782-1001\..Trusted Domains: salliemae.com ([webinterface] https in Trusted sites)
[2012/10/26 16:15:16 | 000,000,000 | ---D | C] -- C:\Users\Sheldon\AppData\Local\Avg2013

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THX essexboy, just wanted to be sure this notebook shares a network with my PC that was infected and was showing similar characteristics. i had to run OTL in safe mode because it keep freezing up my notebook, here is the newly ran scan log after the fix. Thx again for the help.

Thanks for this info Pondus . I read all the links you gave me I was unaware of theses happenings and have elected to remove this product after I fix my virus situation. I found the IObit product clean up utility http://www.t-tools.nl/bitremoveren.php a very helpful idea . THX

your welcome…

OBS…and if you need removal tools :wink: http://singularlabs.com/uninstallers/

THX for the heads up!

There may be a bit of an overkill there as well, in addition to IOBit I can see Sunbelt which runs low level drivers and I believe the version I can see also has an Antivirus element

I’m not familiar with Sunbelt nor did I ever install it. It may have came pre-installed in the notebook but I never use it or know where its listed at to delete it? I’m in the process of deleting IOBit too so maybe that will speed things up. Other than that does my system look clean now? Thx for your help essexboy .

It does, I would recommend that you uninstall Sunbelt it may be entered as (GFI Software)

essexboy, I have no programs listed Sunbelt or GFI. I looked in control panel and searched my nootbook from the start menu and found nothing. Maybe I deleted it already and it’s just left overs? I will check better later still getting rid of IOBit. If you have any sugestions please let me know. THX

I can use OTL to remove the drivers if you wish

Yes, Please do. THX

Can you clean up all the left overs from iobit with OTL too?

For sure, run a fresh OTL quick scan and select all users

THX, here’s the new log.

Let me know how it is on completion of this

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:OTL
DRV:64bit: - [2011/12/19 11:44:24 | 000,060,536 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:64bit: - [2011/11/29 05:59:46 | 000,074,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2011/10/26 13:23:36 | 000,057,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbredrv.sys -- (SBRE)
DRV - [2011/10/26 13:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)
O2:64bit: - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2:64bit: - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Thanks again essexboy, I hope all is well now, everything seems to be running at top notch now. I also rescaned all users with OTL and attached that log too. I noticed McAfee still in the log. I removed that software with their removal utility. Is that something I should be conserned about? THX

They are firefox addons so they can be deleted from within firefox

Let me know when you are happy and I will remove my rubbish