Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

cleaning up daughter's laptop [Solved]


  • This topic is locked This topic is locked

#16
briz_dad

briz_dad

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts
OK - thank you, Jasmyne :notworthy:
  • 0

Advertisements


#17
briz_dad

briz_dad

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts

I'm working on my next post for my instructor from these scans and will post it after he has approved it. :)

Is it okay to remove programs while waiting? Or would you rather we complete this process before I remove/uninstall programs?
  • 0

#18
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts

I'm working on my next post for my instructor from these scans and will post it after he has approved it. :)

Is it okay to remove programs while waiting? Or would you rather we complete this process before I remove/uninstall programs?


For the moment, let's go ahead and wait, I have another scan for you.

Download ComboFix from Here or Here to your Desktop.

VERY IMPORTANT !!!
Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
  • Also allow the installation of the recovery console
Posted Image

Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
  • Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  • Do not "re-run" ComboFix. If you have a problem, reply back for further instructions.
  • If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

  • 0

#19
briz_dad

briz_dad

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts

Please include the C:\ComboFix.txt in your next reply.

here it is...

ComboFix 13-07-15.01 - Robyn Bri 07/16/2013 7:02.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2046.811 [GMT -7:00]
Running from: c:\users\Robyn Bri\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\pswi_preloaded.exe
c:\users\Robyn Bri\AppData\Local\Temp\e6d5469d99804037ba5aecde6dc33698\filesys.dll
c:\users\Robyn Bri\AppData\Local\Temp\e6d5469d99804037ba5aecde6dc33698\http.dll
c:\users\ROBYNB~1\AppData\Local\Temp\e6d5469d99804037ba5aecde6dc33698\filesys.dll
c:\users\ROBYNB~1\AppData\Local\Temp\e6d5469d99804037ba5aecde6dc33698\http.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-06-16 to 2013-07-16 )))))))))))))))))))))))))))))))
.
.
2013-07-16 14:10 . 2013-07-16 14:10 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-07-15 21:47 . 2013-07-15 21:47 -------- d-----w- C:\_OTL
2013-07-15 01:12 . 2013-06-12 04:18 7068072 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{89CAE29B-1C7D-476D-8613-30D4BE5DB42B}\mpengine.dll
2013-07-15 00:58 . 2013-07-15 00:59 -------- d-----w- c:\program files\Microsoft Security Client
2013-07-15 00:57 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2013-07-14 03:28 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DD52BD53-CB56-4F2C-98D3-0589375700DB}\mpengine.dll
2013-07-12 01:24 . 2013-06-04 01:50 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-07-12 01:24 . 2013-04-17 10:10 1069056 ----a-w- c:\windows\system32\DWrite.dll
2013-07-12 01:24 . 2013-04-17 10:10 798208 ----a-w- c:\windows\system32\FntCache.dll
2013-07-12 01:24 . 2013-04-17 10:33 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2013-07-12 01:24 . 2013-04-17 11:28 189952 ----a-w- c:\windows\system32\d3d10core.dll
2013-07-12 01:24 . 2013-04-17 11:28 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-07-12 01:24 . 2013-04-17 11:28 1029120 ----a-w- c:\windows\system32\d3d10.dll
2013-07-12 01:24 . 2013-04-17 11:28 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2013-07-12 01:24 . 2013-04-17 10:34 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2013-07-12 01:24 . 2013-04-17 10:14 683008 ----a-w- c:\windows\system32\d2d1.dll
2013-07-12 01:23 . 2013-06-01 04:06 505344 ----a-w- c:\windows\system32\qedit.dll
2013-07-12 01:23 . 2013-05-08 04:04 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-12 01:23 . 2013-04-09 03:51 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-12 01:23 . 2013-04-09 03:52 1218048 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-12 01:23 . 2013-04-09 03:51 983552 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-12 01:23 . 2013-04-09 03:51 964608 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 01:31 . 2013-01-15 01:20 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-12 01:31 . 2011-07-26 03:36 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-08 03:40 . 2013-06-12 15:01 914792 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-08 01:58 . 2013-06-12 15:01 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-05-02 22:03 . 2013-06-12 15:00 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-02 22:03 . 2013-06-12 15:00 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-02 15:28 . 2009-10-05 16:04 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-05-02 04:04 . 2013-06-12 15:01 443904 ----a-w- c:\windows\system32\win32spl.dll
2013-05-02 04:03 . 2013-06-12 15:01 37376 ----a-w- c:\windows\system32\printcom.dll
2013-05-01 10:59 . 2013-05-01 10:59 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2013-05-01 10:59 . 2013-05-01 10:59 69632 ----a-w- c:\windows\system32\QuickTime.qts
2013-04-24 04:00 . 2013-06-12 15:00 985600 ----a-w- c:\windows\system32\crypt32.dll
2013-04-24 04:00 . 2013-06-12 15:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-04-24 04:00 . 2013-06-12 15:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-04-24 04:00 . 2013-06-12 15:00 41984 ----a-w- c:\windows\system32\certenc.dll
2013-04-24 01:46 . 2013-06-12 15:00 812544 ----a-w- c:\windows\system32\certutil.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-06-21 19875432]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-25 4489216]
"Skytel"="Skytel.exe" [2007-06-25 1826816]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-01 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-01 8478720]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-01 81920]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2567272]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1637496]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
.
c:\users\Robyn Bri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Audio Filter.lnk - c:\program files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe [2007-9-12 5742136]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-7-3 739880]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-10-22 972064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-07-25 02:26 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^bby^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^2X Client.lnk]
path=c:\users\bby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2X Client.lnk
backup=c:\windows\pss\2X Client.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^bby^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Click to DVD Automatic Mode Launcher.lnk]
path=c:\users\bby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Click to DVD Automatic Mode Launcher.lnk
backup=c:\windows\pss\Click to DVD Automatic Mode Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppMon Utility]
2007-07-12 22:39 534392 ----a-w- c:\program files\Sony\AppMonUtil\AppMonUtility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-22 04:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2011-07-19 13:23 2567272 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-02-12 20:37 174872 ----a-w- c:\program files\intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2007-06-12 01:27 317560 ----a-w- c:\program files\Sony\ISB Utility\ISBMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-05-31 18:56 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-09-01 18:03 8478720 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-09-01 18:03 81920 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2007-09-01 18:06 86016 ----a-w- c:\windows\System32\nvsvc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-06-25 21:41 4489216 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-06-25 21:41 1826816 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Center Access Bar]
2007-06-21 23:54 53248 ----a-w- c:\program files\Sony\VAIO Center Access Bar\VCAB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VWLASU]
2007-07-12 18:31 45056 ----a-w- c:\program files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-291611602-1755704891-1640183286-1002]
"EnableNotificationsRef"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-14 03:31 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-15 01:31]
.
2013-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-20 05:56]
.
2013-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-20 05:56]
.
2013-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-291611602-1755704891-1640183286-1006Core.job
- c:\users\Robyn Bri\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-15 13:57]
.
2013-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-291611602-1755704891-1640183286-1006UA.job
- c:\users\Robyn Bri\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-15 13:57]
.
2013-06-06 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2011-10-06 16:18]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED\Adobe Acrobat Speed Launcher.lnk - (no file)
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED\Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL
Notify-DfLogon - LogonDll.dll
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Acrobat Assistant 8 - c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
MSConfigStartUp-avast5 - c:\progra~1\ALWILS~1\Avast5\avastUI.exe
MSConfigStartUp-cdloader - c:\users\bby\AppData\Roaming\mjusbsp\cdloader2.exe
MSConfigStartUp-Google Update - c:\users\bby\AppData\Local\Google\Update\GoogleUpdate.exe
MSConfigStartUp-IntelliPoint - c:\program files\Microsoft IntelliPoint\ipoint.exe
MSConfigStartUp-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
MSConfigStartUp-Malwarebytes' Anti-Malware - c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
MSConfigStartUp-QuickLaunch - c:\program files\Schwab\StreetSmart Edge\QuickLaunch.exe
MSConfigStartUp-ShopAtHomeWatcher - c:\users\bby\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-ShopAtHome.com Helper - c:\users\bby\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\..\ShopAtHomeHelper\uninst.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1624)
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\windows\system32\stacsv.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Sony\VAIO Media Integrated Server\VMISrv.exe
c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe
c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2013-07-16 07:21:29 - machine was rebooted
ComboFix-quarantined-files.txt 2013-07-16 14:21
.
Pre-Run: 73,058,766,848 bytes free
Post-Run: 72,767,594,496 bytes free
.
- - End Of File - - BEE3DED38635ED4BDA679F4102C56FFB
5C616939100B85E558DA92B899A0FC36
  • 0

#20
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
Any programs you'd like to uninstall you can go ahead and do so when you'd like now. A few more scans to make sure everything is gone.

Step 1 - MalwareBytes Scan

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 2 - ESET Online Scan

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan

Step 3 - Security Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

~~~~~~~~~~~~~~~~~~~~ Things Needed for Your Next Post ~~~~~~~~~~~~~~~~~~~~
1. MalwareBytes Log
2. ESET Online Scan Log
3. Security Check Log (checkup.txt)
4. How is your computer running?
  • 0

#21
briz_dad

briz_dad

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts
OK... Thank you, Jasmyne. This next step might take me about a day to get back with you.

FYI,
briz_dad
  • 0

#22
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
That's fine. I'll be watching for it, thanks for letting me know.

Jasmyne
  • 0

#23
briz_dad

briz_dad

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts

1. MalwareBytes Log

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.17.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Robyn Bri :: MARGIE [administrator]

7/16/2013 9:29:37 PM
mbam-log-2013-07-16 (21-29-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 269988
Time elapsed: 10 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#24
briz_dad

briz_dad

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts

2. ESET Online Scan Log

Nothing detected; nothing to remove
no log file in folder
  • 0

#25
briz_dad

briz_dad

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts

3. Security Check Log (checkup.txt)

Results of screen317's Security Check version 0.99.69
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java™ 6 Update 26
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Adobe Reader 10.1.7 Adobe Reader out of Date!
Mozilla Firefox (3.6.20) Firefox out of Date!
Google Chrome 28.0.1500.71
Google Chrome 28.0.1500.72
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
  • 0

Advertisements


#26
briz_dad

briz_dad

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts

4. How is your computer running?

running smooth right now... i deleted a lot of programs; i can't remove "EuroTalk Talk Now Plus".

I get the following error message:
Wise Uninstall
Could not open INSTALL.LOG file.

Other than that - things are looking good... and my daughter understands the need to watch movies in theaters or other legitimate sources... ;-)
  • 0

#27
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
A few things and I think we're good to go!

and my daughter understands the need to watch movies in theaters or other legitimate sources... ;-)

I've been through the same thing with my teenage son so I know exactly what you're going through there!

i can't remove "EuroTalk Talk Now Plus".

I get the following error message:
Wise Uninstall
Could not open INSTALL.LOG file.


Download Revo Uninstaller here. You can use it to uninstall programs, even if the program is corrupt and will not uninstall properly.

-Update Programs-

Several programs on the computer are out of date and malware writers love to exploit weaknesses in outdated software.

-Java-

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to disable Java in your web browser and How to unplug Java from the browser)

-Adobe Flash Player
The latest version of Adobe Flash can be downloaded here.
Don't forget to uncheck "Yes, install McAfee Security Scan Plus - optional" before downloading.

-Adobe Reader-
The latest version of Adobe Reader can be downloaded here.
Don't forget to uncheck "Yes, install McAfee Security Scan Plus - optional" before downloading.

-Mozilla Firefox-
The latest version of Mozilla Firefox can be downloaded here

Now for the best part...

Congratulations and Good Work, It looks like your log is clean. :thumbsup:

Now for some final "housekeeping" procedures.
Step 1 Clear Old Restore Points

Create a new, clean System Restore point:
  • Right click on Computer and select Properties >> System protection >> Create.
  • Give this restore point a descriptive name and click Create.
  • When the new restore point is created click on OK >> close the System Properties window.
Note: Do not clear infected/old System Restore points before creating a new System Restore point first!

Flush Old System Restore points:

  • Next click Start (Windows 7 Orb) >> Run (or the Windows key and R together) to bring up the Run box and and copy and paste in:
    cleanmgr
  • in the box and press OK.
  • Select the system drive, C >> OK.
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Click on Clean up system files >> Select the system drive, C >> OK.
  • Now click on the More Options tab.
  • Under:
System Restore and Shadow Copies
  • Click on Clean up... >> Delete >> OK >> Delete Files.

Step 2 Remove ComboFix

  • Delete the current copy of ComboFix on your desktop
  • Download a fresh copy from here to your desktop
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Step 3 OTL Cleanup
  • Open OTL
  • Click the CleanUp button at the top, it will ask to reboot your PC, please allow it to do so

~~~~~~~~~~~~~~~~~~~~Anti Malware Protection ~~~~~~~~~~~~~~~~~~~~


MalwareBytes Anti-Malware This is an excellent Anti-Malware product. It offers free malware scanning, free malware removal, and free updates. It is recommended to periodically run a Quick Scan to keep your PC as clean as possible. Remember to check for updates before running a scan, so click the Update tab along the top, then click Check for Updates.

~~~~~~~~~~~~~~~~~~~~Free Antivirus Protection ~~~~~~~~~~~~~~~~~~~~

Always make sure you have an antivirus program! If for some reason in the future you'd like to switch programs here are some recomendations: Microsoft Security Essentials or Avast! Antivirus both are FREE to use. Please remember that you can only have one Antivirus installed at a time.

~~~~~~~~~~~~~~~~~~~~Free Firewall Programs ~~~~~~~~~~~~~~~~~~~~


If for some reason in the future you'd like to switch, Comodo Personal Firewall and Sunbelt Personal Firewall are two good options for a FREE firewall to help protect your computer from any unwanted intruders.

~~~~~~~~~~~~~~~~~~~~Staying Updated ~~~~~~~~~~~~~~~~~~~~


Keeping your PC updated is important to protect yourself against future infections. There are many infections which will exploit loopholes within Windows itself, Java and Adobe Reader. Keeping these updated is a very good habit to get into.

Automatic Updates Updates to your Operating System are vital in closing loopholes and fixing bugs which some infections exploit. To keep your Windows updated, ensure that 'Automatic Updates' is enabled on your PC so updates are downloaded and installed automatically. Click here to find out how.

File Hippo Download and install FileHippo update checker and run it monthly it will show you which programs on your system need updating and give a download link.

~~~~~~~~~~~~~~~~~~~~Alternate Browsers ~~~~~~~~~~~~~~~~~~~~


Using an alternative web browser can help protect your PC from infections which exploit security holes within Internet Explorer. They can also be quicker to load pages and offer more tools and features such as Firefox's huge add-on list.

Firefox - My personal choice, easy to use and has a large number of excellent add-ons that can be installed to help keep you away from malicious sites and reduce advertisements and popups etc. AdBlockPlus and WOT are very useful add-ons that are worth having installed.

Google Chrome - Is another browser that's easy to use and is worth trying if you want to test out new browsers.

Happy surfing! :wave:
  • 0

#28
briz_dad

briz_dad

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts

Happy surfing! :wave:

Thank you, Jasmyne - it has been a pleasure to work with you and I really appreciate you and the community her at "geekstogo"!

may the forces be with you! :thumbsup:
  • 0

#29
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts

Happy surfing! :wave:

Thank you, Jasmyne - it has been a pleasure to work with you and I really appreciate you and the community her at "geekstogo"!

may the forces be with you! :thumbsup:


You're welcome!
  • 0

#30
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP