TechSpot

Certain of malware on HP laptop, Windows 7

Solved
By cableman
Jan 25, 2013
Topic Status:
Not open for further replies.
  1. cableman

    cableman TS Enthusiast Topic Starter Posts: 175

    I was able to uninstall the remnants of those games but tune up utilities has advised me that the "SBRE" device is not working properly. And also "X6XSEx_Pr143" is not working properly. I am unsure how to fix this. I will look in device manager to check drivers needing updating. I will probably still need advice please if you can.

    Checked into it and these devices are stopped and the files for these cannot be found to enable them. I do not know how important they are or the effect they will have by not working. I wait on your advice before proceeding.
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Did you have any products from Sunbelt, like Viper or CounterSpy in the past or currently? (Sunbelt is now GFI Software)

    This: X6XSEx_Pr143 - is part of EXTender player.

    Use SystemLook again, here's the script:


    :regfind
    X6XSEx_Pr143

    :filefind
    X6XSEx_Pr143

    :folderfind
    X6XSEx_Pr143
  3. cableman

    cableman TS Enthusiast Topic Starter Posts: 175

    Yes, I used to have Vipre. My sister talked me into getting it saying how good it was but that is what started all my troubles. I hate vipre and want no part of it in my computer. I have posted the log results for you.

    SystemLook 30.07.11 by jpshortstuff
    Log created at 06:57 on 10/02/2013 by Administrator
    Administrator - Elevation successful

    ========== regfind ==========

    Searching for "X6XSEx_Pr143"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_X6XSEX_PR143]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_X6XSEX_PR143\0000]
    "Service"="X6XSEx_Pr143"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_X6XSEX_PR143\0000]
    "DeviceDesc"="X6XSEx_Pr143"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6XSEx_Pr143]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6XSEx_Pr143]
    "ImagePath"="\??\C:\Program Files\Free Ride Games\X6XSEx_Pr143.Sys"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6XSEx_Pr143]
    "DisplayName"="X6XSEx_Pr143"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6XSEx_Pr143\Enum]
    "0"="Root\LEGACY_X6XSEX_PR143\0000"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_X6XSEX_PR143]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_X6XSEX_PR143\0000]
    "Service"="X6XSEx_Pr143"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_X6XSEX_PR143\0000]
    "DeviceDesc"="X6XSEx_Pr143"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\X6XSEx_Pr143]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\X6XSEx_Pr143]
    "ImagePath"="\??\C:\Program Files\Free Ride Games\X6XSEx_Pr143.Sys"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\X6XSEx_Pr143]
    "DisplayName"="X6XSEx_Pr143"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_X6XSEX_PR143]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_X6XSEX_PR143\0000]
    "Service"="X6XSEx_Pr143"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_X6XSEX_PR143\0000]
    "DeviceDesc"="X6XSEx_Pr143"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\X6XSEx_Pr143]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\X6XSEx_Pr143]
    "ImagePath"="\??\C:\Program Files\Free Ride Games\X6XSEx_Pr143.Sys"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\X6XSEx_Pr143]
    "DisplayName"="X6XSEx_Pr143"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\X6XSEx_Pr143\Enum]
    "0"="Root\LEGACY_X6XSEX_PR143\0000"

    ========== filefind ==========

    Searching for "X6XSEx_Pr143"
    No files found.

    ========== folderfind ==========

    Searching for "X6XSEx_Pr143"
    No folders found.

    -= EOF =-

    I still see "Free Ride Games" remnants in there too. I don't know how that ever got in but I didn't want it and it doesn't seem to want to leave too easily.
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    OTL Fix

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
    • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
      Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)
  5. cableman

    cableman TS Enthusiast Topic Starter Posts: 175

    That completely took care of it!! Have we finally got it cleaned out? Log:

    All processes killed
    ========== SERVICES/DRIVERS ==========
    Error: No service named LEGACY_X6XSEX_PR143 was found to stop!
    Service\Driver key LEGACY_X6XSEX_PR143 not found.
    Service X6XSEx_Pr143 stopped successfully!
    Service X6XSEx_Pr143 deleted successfully!
    Service SBRE stopped successfully!
    Service SBRE deleted successfully!
    ========== FILES ==========
    File\Folder C:\Program Files\Free Ride Games not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 4997294 bytes
    ->Temporary Internet Files folder emptied: 167505 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 7603345 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 492 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: user
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 66016 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 12.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 02112013_231911

    Files\Folders moved on Reboot...
    File move failed. C:\windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

    To manually create a new Restore Point
    • Go to Control Panel and select System and Maintenance
    • Select System
    • On the left select Advanced System Settings and accept the warning if you get one
    • Select System Protection Tab
    • Select Create at the bottom
    • Type in a name I.e. Clean
    • Select Create


    Remove tools, temp files, old Restore Points

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL sometimes hides your Desktop and Start menu so the cleanup can be completed. Do not be alerted, as this is normal.
    • It may open a log for you, but I don't need that.

    To remove all of the tools we used and the files and folders they created do the following:
    Double click OTL.exe.
    • Click the CleanUp button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.


    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  7. cableman

    cableman TS Enthusiast Topic Starter Posts: 175

    Clean Restore Point made. All programs/tools used while fixing my system have been removed. Think it is OK especially if you say so. Here is the log you requested and thanks from my heart for your help. I don't have much but I may try to give you what I can as a donation. I know the rules; it is not payment it is a donation. Let me know if we are finally clean and clear, thanks. Log:


    Results of screen317's Security Check version 0.99.57
    Windows 7 Service Pack 1 x86 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    avast! Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.70.0.1100
    TuneUp Utilities 2012
    TuneUp Utilities Language Pack (en-US)
    Java(TM) 6 Update 26
    Java Card Security for HP ProtectTools
    Java version out of Date!
    Adobe Flash Player 11.4.402.278
    Adobe Reader 8 Adobe Reader out of Date!
    Mozilla Firefox (18.0.2)
    Google Chrome 16.0.912.77
    Google Chrome 21.0.1180.89
    Google Chrome 22.0.1229.79
    Google Chrome 22.0.1229.92
    Google Chrome 22.0.1229.94
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 1%
    ````````````````````End of Log``````````````````````


    Is it OK to update my Java and Adobe Reader?
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Java Update!

    Please download the newest version of Java from Java.com.

    Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

    Once old versions are gone, please install the newest version.

    Read more about Java exploit problems


    Adobe Reader Update!

    Please download the newest version of Adobe Acrobat Reader from Adobe.com

    Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

    Once old versions are gone, please install the newest version.


    Personal Tips on Preventing Malware

    See this page for more info about malware and prevention.


    Any other questions before I mark this topic solved?
  9. cableman

    cableman TS Enthusiast Topic Starter Posts: 175

    I uninstalled all adobe products. It would let me uninstall (The 8.2.0 version) It still has adobe air but it may have updated it because it updated all the plug-ins. I cannot uninstall "Java Security for HP Protect Tools" and I don't see any J2Se Runtime Enviroment so I downloaded the latest version. Before installing it removed all older versions. I now have the newest versions of adobe and java. Seems like all is well.
  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Great. Topic solved. :)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.