Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

ATTN: godawgs - Ex-gaming laptop won't play any games [Solved]


  • This topic is locked This topic is locked

#46
Jules4me

Jules4me

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts
Results of screen317's Security Check version 0.99.50
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.62.0.1300
CCleaner
Java 7 Update 7
Adobe Flash Player 11.4.402.265
Adobe Reader X (10.1.4)
Mozilla Firefox (15.0.1)
Google Chrome 21.0.1180.79
Google Chrome 21.0.1180.89
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Spybot Teatimer.exe is disabled!
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
  • 0

Advertisements


#47
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Jules,

The Security Check log looks good but I spoke prematurely when I said you were clean. I thought we had done the scans for malware remnants but we haven't. I got sidetracked by the problem with the browsers. Also the ComboFix has a designator in the log that I'm asking the developer to clarify.

In the meantime we'll do the scans for malware remnants and I want to look at the registry keys that show information missing.

Since you are not going to keep MalwareBytes running realtime protection but it is still showing that it is running, let's uninstall MalwareBytes and run the MBAM cleanup tool to clear the registry entries that didn't get removed when the trial period expired. Then download a new copy of MalwareBytes to do the scan, but don't activate the free trial, and you should keep it to do on demand scans in the future.


Step-1.

Program uninstalls

1. Please click the Start Orb, click Control Panel. Under the Programs heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

Malwarebytes Anti-Malware version 1.62.0.1300

3. Click on each program to highlight it and click Change/Remove. (Vista/7 users: right click the program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

C:\Program Files\Malwarebytes' Anti-Malware

2. Close Windows Explorer.


MBAM CleanUp Tool

1.Download and save MBAM Cleanup Utility to your Computer.

2.Run the tool, this utility asks you to restart your computer to complete the uninstall process.

Posted Image

3.Reboot your Computer, Malwarebytes’ anti-malware will be completely removed from your Computer.


Posted ImageMalwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Once downloaded, close all programs and browsers on your computer.

Double Click the mbam-setup.exe file to install the application. (Windows Vista/7 users will need to right click on the file and click Run As Administrator, then click the Continue button on the UAC window.)
  • When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings.
  • When the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan.
  • As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program as shown below.

    NOTE: When the program loads, Decline the Malwarebytes' Anti-Malware Trial

    Posted Image
  • On the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer.
  • MBAM will now start scanning your computer for malware. This process can take quite a while, so I suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.

    Posted Image
  • When the scan is finished a message box will appear as shown in the image below.

    Posted Image
    You should click on the OK button to close the message box and continue with the removal process.
  • You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
  • A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

    Posted Image
  • Make sure that everything is checked, and click Remove Selected.<---Very Important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

I would suggest that you keep this antimalware program. Run a Quick Scan frequently and a Full Scan every week or so. Update the definition files before running a scan. Click the Update tab and update from there.


Step-2.

Run ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Uncheck the box beside Remove Found Threats
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
  • When completed DO NOT select Uninstall application on close make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


Step-3.

Posted Image OTL Custom Scan

1. Please copy the text in the code box below and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the code box, right click the mouse and click Copy.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SkypeUpdate
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AdobeFlashPlayerUpdateSvc
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MozillaMaintenance
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RdpVideoMiniport
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Synth3dVsc
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TsUsbFlt
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\tsusbhub
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VGPU
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WatAdminSvc
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswSnx
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswSP
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\vwififlt
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AdobeARMservice
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswFsBlk
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswMonFlt
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MBAMService
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RoxioNow Service
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SBSDWSCService
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\UMVPFSrv
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MBAMProtector
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SrvHsfHDA
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SrvHsfV92
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SrvHsfWinac
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\vwifimp
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\yukonw7

2. Re-open OTL on the desktop. To do that:
  • Double click on the Posted Image OTL icon to run it. (Vista / 7 Users:Right click on the icon and click Run as Administrator)
    Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Click the greyed out None button at the top of the console
  • Make sure the Output box at the top is set to Standard Output.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.


Step-4.

Things For Your Next Post:
1. the MBAM log
2. The ESET scan log
3. The new OTL.txt log
  • 0

#48
Jules4me

Jules4me

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts
MBAM found no infections:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.10.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Dell 1525 :: PINKDELL1525-PC [administrator]

9/10/2012 11:59:22 AM
mbam-log-2012-09-10 (11-59-22).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 416993
Time elapsed: 2 hour(s), 47 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#49
Jules4me

Jules4me

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts
C:\Windows.old\Documents and Settings\Dell Inspiron 1525\Downloads\asc-setup.exe a variant of Win32/Toolbar.Widgi application
C:\Windows.old\Documents and Settings\Dell Inspiron 1525\Downloads\driverperformer_849.exe a variant of Win32/InstallIQ application
C:\Windows.old\Documents and Settings\Dell Inspiron 1525\Downloads\imf-setup(1).exe a variant of Win32/Toolbar.Widgi application
C:\Windows.old\Documents and Settings\Dell Inspiron 1525\Downloads\imf-setup.exe a variant of Win32/Toolbar.Widgi application
C:\Windows.old\Program Files\FreeApps\FreeApps.exe probably a variant of Win32/FreeNew application
C:\Windows.old\Users\Dell Inspiron 1525\Downloads\asc-setup.exe a variant of Win32/Toolbar.Widgi application
C:\Windows.old\Users\Dell Inspiron 1525\Downloads\driverperformer_849.exe a variant of Win32/InstallIQ application
C:\Windows.old\Users\Dell Inspiron 1525\Downloads\imf-setup(1).exe a variant of Win32/Toolbar.Widgi application
C:\Windows.old\Users\Dell Inspiron 1525\Downloads\imf-setup.exe a variant of Win32/Toolbar.Widgi application
  • 0

#50
Jules4me

Jules4me

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts
OTL logfile created on: 9/10/2012 7:25:01 PM - Run 7
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Dell 1525\Desktop
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 71.02% Memory free
6.98 Gb Paging File | 5.97 Gb Available in Paging File | 85.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94.60 Gb Total Space | 20.65 Gb Free Space | 21.83% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 13.70 Gb Free Space | 93.53% Space Free | Partition Type: NTFS

Computer Name: PINKDELL1525-PC | User Name: Dell 1525 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SkypeUpdate >
"Type" = 16
"Start" = 2
"ErrorControl" = 0
"ImagePath" = "C:\Program Files\Skype\Updater\Updater.exe" -- [2012/07/13 14:14:14 | 000,160,944 | R--- | M] (Skype Technologies)
"DisplayName" = Skype Updater
"DependOnService" = RpcSs [binary data] -- [2010/11/20 07:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation)
"ObjectName" = LocalSystem
"Description" = Enables the detection, download and installation of updates for Skype.
"RequiredPrivileges" = [Binary data over 100 bytes]

< HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AdobeFlashPlayerUpdateSvc >
"Type" = 16
"Start" = 3
"ErrorControl" = 1
"ImagePath" = C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- [2012/09/07 22:03:08 | 000,250,568 | ---- | M] (Adobe Systems Incorporated)
"DisplayName" = Adobe Flash Player Update Service
"ObjectName" = LocalSystem
"Description" = This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes.

< HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MozillaMaintenance >
"Type" = 16
"Start" = 3
"ErrorControl" = 1
"ImagePath" = "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" -- [2012/09/05 20:26:40 | 000,114,144 | ---- | M] (Mozilla Foundation)
"DisplayName" = Mozilla Maintenance Service
"ObjectName" = LocalSystem
"Description" = The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled.

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MozillaMaintenance\Security]

< HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RdpVideoMiniport >
"DisplayName" = Remote Desktop Video Miniport Driver
"ErrorControl" = 1
"ImagePath" = System32\drivers\rdpvideominiport.sys -- [2010/11/20 05:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation)
"Start" = 3
"Type" = 1

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RdpVideoMiniport\Security]

< HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Synth3dVsc >
"DisplayName" =
"ErrorControl" = 1
"ImagePath" = System32\drivers\synth3dvsc.sys
"Start" = 3
"Type" = 1

< HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TsUsbFlt >
"DisplayName" = @%SystemRoot%\system32\drivers\tsusbflt.sys,-1
"ErrorControl" = 1
"ImagePath" = System32\drivers\tsusbflt.sys -- [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation)
"Start" = 3
"Type" = 1
"Description" = @%SystemRoot%\system32\drivers\tsusbflt.sys,-2
"Group" = base

< HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\tsusbhub >
"DisplayName" = @%SystemRoot%\system32\drivers\tsusbhub.sys,-1
"ErrorControl" = 1
"ImagePath" = system32\drivers\tsusbhub.sys
"Start" = 3
"Type" = 1
"Description" = @%SystemRoot%\system32\drivers\tsusbhub.sys,-2

< HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VGPU >
"DisplayName" =
"ErrorControl" = 1
"ImagePath" = System32\drivers\rdvgkmd.sys
"Start" = 3
"Type" = 1

< HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WatAdminSvc >
"Type" = 16
"Start" = 3
"ErrorControl" = 1
"ImagePath" = %SystemRoot%\system32\Wat\WatAdminSvc.exe -- [2011/10/04 22:56:54 | 001,343,400 | ---- | M] (Microsoft Corporation)
"DisplayName" = @%SystemRoot%\system32\Wat\WatUX.exe,-601
"ObjectName" = LocalSystem
"Description" = @%SystemRoot%\system32\Wat\WatUX.exe,-602
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WatAdminSvc\Security]

< HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswSnx >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"DisplayName" = aswSnx
"Group" = FSFilter Virtualization
"DependOnService" = FltMgr [binary data]
"Description" = avast! virtualization driver (aswSnx)
"Tag" = 2

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswSnx\Instances]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswSnx\Parameters]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswSnx\Enum]

< HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswSP >
"Type" = 1
"Start" = 1
"ErrorControl" = 1
"DisplayName" = aswSP
"Description" = avast! Self Protection

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswSP\Parameters]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswSP\Enum]

< HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\vwififlt >
"Type" = 1
"Start" = 1
"ErrorControl" = 1
"Tag" = 24
"ImagePath" = system32\DRIVERS\vwififlt.sys -- [2009/07/13 18:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation)
"DisplayName" = Virtual WiFi Filter Driver
"Group" = NDIS
"Description" = Virtual WiFi Filter Driver
"NdisMajorVersion" = 6
"NdisMinorVersion" = 20

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\vwififlt\Parameters]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\vwififlt\Enum]

< HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AdobeARMservice >
"Type" = 16
"Start" = 2
"ErrorControl" = 0
"ImagePath" = "C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe" -- [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated)
"DisplayName" = Adobe Acrobat Update Service
"ObjectName" = LocalSystem
"Description" = Adobe Acrobat Updater keeps your Adobe software up to date.

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AdobeARMservice\Security]

< HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswFsBlk >
"Type" = 2
"Start" = 2
"ErrorControl" = 1
"DisplayName" = aswFsBlk
"Group" = FSFilter Activity Monitor
"DependOnService" = FltMgr [binary data]
"Description" = avast! mini-filter driver (aswFsBlk)
"Tag" = 2

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswFsBlk\Instances]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswFsBlk\Enum]

< HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswMonFlt >
"Type" = 2
"Start" = 2
"ErrorControl" = 1
"ImagePath" = \??\C:\Windows\system32\drivers\aswMonFlt.sys -- [2012/07/03 11:21:53 | 000,057,656 | ---- | M] (AVAST Software)
"DisplayName" = aswMonFlt
"Group" = FSFilter Anti-Virus
"DependOnService" = FltMgr [binary data]
"Description" = avast! mini-filter driver (aswMonFlt)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswMonFlt\Instances]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswMonFlt\Enum]

< HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MBAMService >

< HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RoxioNow Service >
"Type" = 272
"Start" = 2
"ErrorControl" = 1
"ImagePath" = C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe -- [2011/08/02 21:37:50 | 000,400,368 | ---- | M] (Rovi Corporation)
"DisplayName" = RoxioNow Service
"ObjectName" = LocalSystem

< HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SBSDWSCService >
"DependOnService" = wscsvc [binary data] -- [2009/07/13 20:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation)
"Type" = 16
"Start" = 2
"ErrorControl" = 1
"ImagePath" = C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.)
"DisplayName" = SBSD Security Center Service
"ObjectName" = LocalSystem

< HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\UMVPFSrv >
"Type" = 16
"Start" = 2
"ErrorControl" = 1
"ImagePath" = C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- [2011/08/19 09:26:50 | 000,450,848 | ---- | M] (Logitech Inc.)
"Group" = AudioGroup
"ObjectName" = LocalSystem
"Description" = UMVPF is a user mode Logitech driver

< HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MBAMProtector >

< HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SrvHsfHDA >
"Type" = 1
"Start" = 3
"ErrorControl" = 0
"ImagePath" = system32\DRIVERS\VSTAZL3.SYS -- [2009/07/13 17:13:45 | 000,207,360 | ---- | M] (Conexant Systems, Inc.)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SrvHsfHDA\Enum]

< HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SrvHsfV92 >
"Type" = 1
"Start" = 3
"ErrorControl" = 0
"ImagePath" = system32\DRIVERS\VSTDPV3.SYS -- [2009/07/13 17:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SrvHsfV92\Enum]

< HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SrvHsfWinac >
"Type" = 1
"Start" = 3
"ErrorControl" = 0
"ImagePath" = system32\DRIVERS\VSTCNXT3.SYS -- [2009/07/13 17:13:45 | 000,661,504 | ---- | M] (Conexant Systems, Inc.)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SrvHsfWinac\Enum]

< HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\vwifimp >
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"Tag" = 26
"ImagePath" = system32\DRIVERS\vwifimp.sys -- [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation)
"DisplayName" = Microsoft Virtual WiFi Miniport Service
"Group" = NDIS
"TextModeFlags" = 1
"NdisMajorVersion" = 6
"NdisMinorVersion" = 20

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\vwifimp\Enum]

< HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\yukonw7 >
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"Tag" = 22
"ImagePath" = system32\DRIVERS\yk62x86.sys -- [2009/09/28 09:22:00 | 000,315,392 | ---- | M] ()
"DisplayName" = NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller
"Group" = NDIS
"NdisMajorVersion" = 6
"NdisMinorVersion" = 20
"BootFlags" = 1

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\yukonw7\Enum]

< End of report >
  • 0

#51
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Jules,

Are you sure you posted the entire ESET scan? It usually has a header. See the ESET log you posted when we were working on your first computer here
The part that you did post shows that the Vista installation had some malware.

Are you having any problems with the Avast antivirus program?
  • 0

#52
Jules4me

Jules4me

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts
When ESET finished, I thought there should be more information. Do you want me to run it again?

I don't think I am having any problems with Avast. What in particular are you thinking? I haven't used this computer much at all since I last checked the browsers loading. I have only done the scans and such that you ask for.
  • 0

#53
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Yes, run ESET again and see if you get a different report. Remember to disable your antivirus.

Speaking of Avast....when you ran ComboFix the following showed up:
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

Those are Avast services and drivers. They should load at system start up but the file names are missing for the first three and the file name for the last one shows what looks like unicode characters in it. So the first three aren't loading and the last one probably isn't loading. We will deal with that after we've dealt with the other things in the ComboFix log. I should have an answer from the tool developer today.
  • 0

#54
Jules4me

Jules4me

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts
I will run it again. I am certain I disabled my antivirus the first time. I believe it asked me if I wanted to scan C: and D: (at least some program we ran did.) Do I choose both?
  • 0

#55
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
The D drive should just be the restore partition on the hard drive. You don't need to check it unless the D drive is actually a second physical hard drive.
  • 0

Advertisements


#56
Jules4me

Jules4me

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts
Yes, D: drive is the restore partition. I just didn't know if something could be resident there that would be pertinent to our end goal.

Edited by Jules4me, 11 September 2012 - 11:55 AM.

  • 0

#57
Jules4me

Jules4me

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts
Ah, interesting. I had just finished checkmarking the sections under advanced settings and right there it says, "Another antivirus software was detected. This may affect the performance and quality of the scan." I clicked the show details button. The problematic antivirus is Windows Defender.

I have disabled it this way: Start>defender> click Windows Defender. Click tools, options, administrator, unclick Use this Program. Double checked in Task Manager, Services and WinDefend says STOPPED. Then I restarted the computer, disabled Avast, and started ESET over. However, ESET still says another antivirus was detected and it still says it is Windows Defender.
  • 0

#58
Jules4me

Jules4me

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts
Now ESET has given me an error. It says under initialization: Unexpected Error. ESET online scanner has already been run on this computer in the past. Only files necessary to update to the current version will be downloaded. And then there is a back button and no continue button. I will wait to hear from you.
  • 0

#59
Jules4me

Jules4me

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts
I was able to do the scan anyway. Isn't a log supposed to pop up when the scan is over? There isn't one and wasn't the last time, either. On the screen where it says Threats Found, it has a place to click to see the found threats and once that is opened, there is an option to copy to clipboard. This is what I did yesterday. I knew something didn't seem right, but if no log pops up, then what am I to do?
  • 0

#60
Jules4me

Jules4me

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts
I did an online search for why a log wouldn't be produced and lo and behold, I found that ESET saves a log to the ESET file in Program Files. For some reason, I did not see that in the instructions you gave. I am so sorry. So here it is.


[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8631f8030e313b4cae6780edd78ac5bf
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-09-10 11:36:31
# local_time=2012-09-10 06:36:31 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 0 98852591 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=339497
# found=9
# cleaned=0
# scan_time=12392
C:\Windows.old\Documents and Settings\Dell Inspiron 1525\Downloads\asc-setup.exe a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Windows.old\Documents and Settings\Dell Inspiron 1525\Downloads\driverperformer_849.exe a variant of Win32/InstallIQ application (unable to clean) 00000000000000000000000000000000 I
C:\Windows.old\Documents and Settings\Dell Inspiron 1525\Downloads\imf-setup(1).exe a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Windows.old\Documents and Settings\Dell Inspiron 1525\Downloads\imf-setup.exe a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Windows.old\Program Files\FreeApps\FreeApps.exe probably a variant of Win32/FreeNew application (unable to clean) 00000000000000000000000000000000 I
C:\Windows.old\Users\Dell Inspiron 1525\Downloads\asc-setup.exe a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Windows.old\Users\Dell Inspiron 1525\Downloads\driverperformer_849.exe a variant of Win32/InstallIQ application (unable to clean) 00000000000000000000000000000000 I
C:\Windows.old\Users\Dell Inspiron 1525\Downloads\imf-setup(1).exe a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Windows.old\Users\Dell Inspiron 1525\Downloads\imf-setup.exe a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
esets_scanner_update returned -1 esets_gle=53251

Edited by Jules4me, 11 September 2012 - 09:18 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP