Infected machine but scan runs clean. [Solved]

[Probzzie]

Hey all how goes the night. I have just got my hands on a friends Toshiba laptop he wants disinfected.
Right now his choice of programs consist with just Norton, and even after countless talking to him he refuses to change to anything but and I'm out breathe, hopefully I can still help.
Okay this system is a Satelite L300 Pentium R T3200 with 3GB of Ram, Running Vista Premium  and upon open it up it seemed infected. The whole system lags especially on start up, hanging on the welcome screen fer nearly ten minutes even when closing the lid and reopening to log back into an open profile on windows.
http://www.prevx.com/filenames/2796813650312372089-X1/CFFNCENABLER+.EXE.html
Is found in my start up objects but Im not quite sure whether this site is credible or not. Alot of other objects in the start up look suspicious too, such as SelectRebates.exe, Chicony Traybar??
I've scanned with malware bytes but itt scanned clean along wit NAV.

Any help would be great, I again apologize in advanced if I should of posted this on Norton, if that's the case I'll just attempt to disinfect myself, I trust and have got to know the professionals here and have had great results.

[DavidR]

I have seen lots of FPs on prevx, so I would suggest that you check it out further. SelectRebates.exe doesn't match what is on the page link you gave for CFFNCENABLER.EXE. See http://www.glaryutilities.com/startuplibrary/cfFncEnabler.exe=.html.

SelectRebates.exe and sounds more like something installed by the user to supposedly help them find goods, services, etc. and may be considered adware or spyware. http://www.techsupportforum.com/forums/f10/selectrebates-exe-541879.html. But it certainly needs further investigation.

Chicony Traybar http://www.system-tray-cleaner.com/systray/programs.php?appid=703E8DD8CEB071CAE4081256E592490200065000

So the suspect file/s should be uploaded to virustotal for scanning:

[Probzzie]

Yes I apologize I forgot to mention CFFNCENABLER.EXE was also in start up items.
Googletoolbarnotifier.exe also will not end process nor will it uninstall. It seems if I try to alter it in anyway I'm not allowed it say: Operation could not be completed :Acess Is Denied:

Also I forgot to mention that  Vista Premium was the 64 bit edition.

Select Rebates was found malicious by four AV's so  i'll be removing that item and Chicony traybar came back clean but will be removing that as well due to the lack of webcam use
cfFncenabler.exe Is not found to analyze which has me worried. I did a full search on my C: harddrive with no results. But its found on my startup items.

[DavidR]

Ensure that the system has show hidden files and folders, etc.

Did you read the link I gave for cfFncEnabler.exe as that would indicate it is legit for a Toshiba, is this system a Toshiba ?

You will have to start using google to gather information on what it is you are trying to deal with or you could well turn the system into a paper weight.

http://www.bleepingcomputer.com/startups/GoogleToolbarNotifier.exe-16278.html

I would also suggest posting the link to VT results so we can see what was found and by whom as 4 out of 43 isn't many.

[Probzzie]

Sorry I didnt notice that link, thank you for that as it helped figure this out.
Im assuming, I thought this machine would run faster then it is but I guess its just a slower system or perhaps its because its low specs and 64 bit aren't combining making fer terrible system speed.

Googlenotifier has been removed, thans for that link as well

[DavidR]

You're welcome.

I don't know much about the Satelite L300 Pentium R T3200 other than general spec on a google search and the T3200 is a low end pentium 2GHz Dual Core processor and with 3GB of RAM it shouldn't be a slouch, but Vista is somewhat of a resource hog.

A major factor is cleaning it and being very selective in what they allow to start on boot, many applications want to start on boot, media players for one, they aren't essential and only need to be run when you open a media file (and file associations does that).