Solved: Virus

computernoob1 · 09-Sep-2012, 10:19 AM **#46**

that was the hole log
and here is the one about the internet connection log
Farbar Service Scanner Version: 06-08-2012
Ran by scott #1 (administrator) on 09-09-2012 at 15:17:41
Running from "C:\Users\scott #1\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Attempt to access Google.com returned error: Other errors
Yahoo IP is accessible.
Attempt to access Yahoo.com returned error: Other errors

Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to open SharedAccess registry key. The service key does not exist.

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Mark1956 · 11:12 AM

Ok, something went wrong when Combofix was creating its log as that is not complete, the last line should read something like this:

- - End Of File - - 995C3E3322F7D26FC19B938E30797B65

Have another look and make sure you are scrolling to the bottom, if there is no more of it then please run it again and post the next log. Please make sure you disable MSE before you run it. Click on the icon in your toolbar and click on OPEN when it appears, click on the Settings tab and then Realtime protection in the left pane then uncheck the box in the right pane and close the window.

Now to try and fix your internet connection.

Please download the attached zip file and transfer it to the faulty PC and save it to the desktop. Right click on it and select WinZip > Extract Here. Then double click on the extracted file and select Run, accept any prompts to allow it to merge with the Registry, reboot and see how the internet is now, if still not back on-line run run the Farbar Service Scanner again and post the new log.

computernoob1 · 09-Sep-2012, 02:09 PM **#48**

the sharred access said error accessing the registry and heres the new combo fix 1
ComboFix 12-09-06.01 - scott #1 09/09/2012 17:38:29.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.5735.4284 [GMT 1:00]
Running from: c:\users\scott #1\Downloads\ComboFix.exe
Command switches used :: c:\users\scott #1\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Outdated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Outdated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\CodecC\bhoclass.dll
.
---- Previous Run -------
.
c:\programdata\CodecC\bhoclass.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-08-09 to 2012-09-09 )))))))))))))))))))))))))))))))
.
.
2012-09-09 16:55 . 2012-09-09 16:55 -------- d-----w- c:\users\scottttt\AppData\Local\temp
2012-09-09 16:55 . 2012-09-09 16:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-09 16:55 . 2012-09-09 16:55 -------- d-----w- c:\users\dad\AppData\Local\temp
2012-09-09 11:43 . 2012-09-09 11:43 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-09-09 11:43 . 2012-09-09 11:43 -------- d-----w- c:\program files\Microsoft Security Client
2012-09-09 11:33 . 2012-09-09 11:33 -------- d-s---w- c:\windows\SysWow64\Microsoft
2012-09-09 11:27 . 2012-09-09 11:28 -------- d-----w- c:\program files (x86)\CheckPoint
2012-09-09 11:10 . 2012-09-09 11:10 -------- d-----w- c:\users\scott #1\AppData\Roaming\Tunngle
2012-09-08 19:07 . 2012-09-08 19:07 -------- d-----w- c:\users\scott #1\AppData\Local\ApplicationHistory
2012-09-02 12:27 . 2012-09-02 12:27 -------- d-----w- c:\users\scott #1\New folder
2012-09-01 20:52 . 2012-09-01 20:52 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2012-09-01 20:50 . 2012-09-01 20:50 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-09-01 20:50 . 2012-09-01 20:52 -------- d-----w- c:\program files (x86)\Real
2012-08-17 17:44 . 2012-08-17 17:44 328704 ----a-w- c:\windows\system32\services.exe.F1C598EDD8F802F7
2012-08-16 14:36 . 2012-08-17 21:55 -------- d-----w- c:\windows\system32\MpEngineStore
2012-08-16 06:40 . 2012-08-16 06:40 328704 ----a-w- c:\windows\system32\services.exe.9EEB48A02EB57BC2
2012-08-12 09:25 . 2012-08-12 09:25 -------- d-----w- c:\programdata\Battle.net
2012-08-12 08:54 . 2012-08-12 09:43 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-08-12 08:54 . 2012-08-13 13:27 -------- d-----w- c:\program files (x86)\StarCraft II
2012-08-11 21:03 . 2012-08-12 02:55 -------- d-----w- c:\users\scott #1\SC2-WingsOfLiberty-enGB-Installer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-01 20:50 . 2003-02-21 04:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-08-26 15:33 . 2012-04-07 19:46 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-26 15:33 . 2011-12-19 21:06 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 02:03 . 2011-12-23 01:08 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 18:09 . 2012-06-10 14:48 21840 ----atw- c:\windows\SysWow64\SIntfNT.dll
2012-07-03 18:09 . 2012-06-10 14:48 17212 ----atw- c:\windows\SysWow64\SIntf32.dll
2012-07-03 18:09 . 2012-06-10 14:48 12067 ----atw- c:\windows\SysWow64\SIntf16.dll
2012-06-12 03:08 . 2012-07-12 02:11 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-09_12.06.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-09-09 16:58 79116 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-09 16:34 62106 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-01-29 22:04 . 2012-09-09 16:34 17824 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-794785944-1427257573-3050441696-1004_UserData.bin
- 2011-12-11 15:27 . 2012-09-06 17:00 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
+ 2011-12-11 15:27 . 2012-09-09 12:42 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
+ 2011-12-11 15:27 . 2012-09-09 12:42 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
- 2011-12-11 15:27 . 2012-09-06 17:00 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-09 12:42 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-09-06 17:00 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2012-09-09 16:56 . 2012-09-09 16:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-09-09 12:05 . 2012-09-09 12:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-09 16:56 . 2012-09-09 16:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-09-09 12:05 . 2012-09-09 12:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-09-09 12:04 386720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-09-09 16:55 386720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-09-21 20:06 . 2012-09-09 12:04 3499360 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-09-21 20:06 . 2012-09-09 15:25 3499360 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-01-29 22:17 . 2012-09-09 16:55 11805624 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-794785944-1427257573-3050441696-1004-8192.dat
- 2012-01-29 22:17 . 2012-09-09 12:04 11805624 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-794785944-1427257573-3050441696-1004-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e9df9360-97f8-4690-afe6-996c80790da4}"= "c:\program files (x86)\uTorrentControl\prxtbuToerror.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{e9df9360-97f8-4690-afe6-996c80790da4}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3EC9FE54-C6BD-4C5A-B7F5-A50433C87C0F}]
c:\programdata\CodecC\bhoclass.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{56FD8D70-0AA2-443F-A549-A4651A8D0AA7}]
c:\programdata\CodecC\bhoclass.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}]
c:\program files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 19:40 1492456 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{e9df9360-97f8-4690-afe6-996c80790da4}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\uTorrentControl\prxtbuToerror.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-05-17 1492456]
"{A531D99C-5A22-449b-83DA-872725C6D0ED}"= "c:\program files (x86)\alotappbar\bin\ALOTHelper.dll" [BU]
"{e9df9360-97f8-4690-afe6-996c80790da4}"= "c:\program files (x86)\uTorrentControl\prxtbuToerror.dll" [2011-05-09 176936]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{a531d99c-5a22-449b-83da-872725c6d0ed}]
.
[HKEY_CLASSES_ROOT\clsid\{e9df9360-97f8-4690-afe6-996c80790da4}]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
"Hide IP Easy"="c:\program files (x86)\HideIPEasy\HideIPEasy.exe" [BU]
"Auto Hide IP"="c:\program files (x86)\AutoHideIP\AutoHideIP.exe" [BU]
"Super Hide IP"="c:\program files (x86)\SuperHideIP\SuperHideIP.exe" [BU]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-04 1353080]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-03 39408]
"Spotify"="c:\users\scott AAEEDE4C142BDF3BE599F2420CD531128EBB1ED1\AppData\Roaming\Spotify\Spotify.ex e" [2012-08-26 5576408]
"Spotify Web Helper"="c:\users\scott B0BC86120588D517ACD0BE21A31590B8BB4CBF67\AppData\Roaming\Spotify\Data\Spoti fyWebHelper.exe" [2012-08-26 1193176]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2011-04-01 80840]
"TSleepSrv"="%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe" [BU]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-05-17 395240]
"Reader Library Launcher"="c:\program files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-07-13 906648]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"ROC_roc_ssl_v12"="c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" [BU]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-09-01 296096]
"ROC_ROC_JULY_P1"="c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" [BU]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2011-5-9 2750376]
Toshiba Places Icon Utility.lnk - c:\program files\Toshiba\TOSHIBA Places Icon Utility\TosDIMonitor.exe [2011-8-3 1492352]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSv c]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 136176]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-26 250056]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984]
R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [2010-11-30 307304]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-07-01 828856]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-12 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-28 204288]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-12-08 267192]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-06-28 9371136]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-06-28 309760]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-24 116752]
S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-18 42096]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-02-09 77424]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-08 38096]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2009-06-15 12800]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-06-05 34872]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 15:35]
.
2012-09-02 c:\windows\Tasks\Driver Robot.job
- c:\program files (x86)\Driver Robot\Driver Robot.lnk [2012-07-30 19:49]
.
2012-09-06 c:\windows\Tasks\DriverUpdate Startup.job
- c:\program files (x86)\DriverUpdate\DriverUpdate.exe [2012-07-02 14:12]
.
2012-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd603c7bcd7c55.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 03:56]
.
2012-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 03:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2011-08-03 150992]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to TOSHIBA Bulletin Board - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Search the Web - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {{97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E9DF9360-97F8-4690-AFE6-996C80790DA4} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-794785944-1427257573-3050441696-1004\Software\SecuROM\License information*]
"datasecu"=hex:32,fa,45,99,b2,5f,36,9c,4f,67,cc,c3,03,6a,b6,9f,a6,b7,e8,02, ba,
77,cd,e8,7c,13,30,46,1d,59,a5,aa,d6,dd,16,9e,27,42,98,64,8c,2f,e7,9a,92,7f, \
"rkeysecu"=hex:c5,c2,ec,be,43,f5,91,58,1f,aa,d6,96,7d,84,a8,41
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00, 79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00, \
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-09 18:06:46 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-09 17:06
.
Pre-Run: 42,168,127,488 bytes free
Post-Run: 42,066,604,032 bytes free
.
- - End Of File - - 6DAD704407E31208531E12FB1A4EE9F9

Mark1956 · 09-Sep-2012, 05:58 PM **#49**

Download this and save it to the desktop: Windows Repair
Run the tool and click on the Step 3 tab to run the System File Checker.

When complete click on the tab Start Repairs, leave all the items in the list selected and click on the Start button. You will see quite a lot of activity, don't interfere with it in any way and leave it to complete and reboot the system.

Once the above is completed try to use the registry fix again.

computernoob1 · 12-Sep-2012, 01:26 PM **#50**

i did wat u said but still no internet

Mark1956 · 12-Sep-2012, 02:58 PM **#51**

Did you do this

Quote:

Once the above is completed try to use the registry fix again.

if not please do it and if it failed again please tell me exactly what the error message says, try it again if you need to and take a note of the error.

computernoob1 · 12-Sep-2012, 04:18 PM **#52**

it did not fail there was no error messager but i still dont have any internet

Mark1956 · 12-Sep-2012, 04:36 PM **#53**

Please run the Farbar Service Scanner again with the following options checked:

Internet Services
Windows Firewall
System Restore
Security Center
Windows Update
Windows Defender
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Mark1956 · 13-Sep-2012, 06:16 AM **#54**

In addition to the above also try this:

Winsock repair.

Click on Start and type cmd into the search box.
When the menu pops up right click on CMD and then click on Run as Administrator.
The Command Prompt box will open. Copy and Paste this command at the flashing cursor and hit the Enter key:
netsh winsock reset
You should see confirmation that the Winsock Catalog has been reset, if not please post what you do see.
Close the window and reboot the PC and check for internet connection.

computernoob1 · 13-Sep-2012, 11:05 AM **#55**

all it says is spacific folder can not be fund as the flashing curser is infront of c:/windows/system32>

computernoob1 · 13-Sep-2012, 11:07 AM **#56**

no sorry the system cannot find the file specified

computernoob1 · 13-Sep-2012, 11:11 AM **#57**

this is far bar log
Farbar Service Scanner Version: 06-08-2012
Ran by scott #1 (administrator) on 13-09-2012 at 16:09:10
Running from "C:\Users\scott #1\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Attempt to access Google.com returned error: Other errors
Yahoo IP is accessible.
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============
Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Mark1956 · 13-Sep-2012, 05:22 PM **#58**

Well, looks like the Shared Access fix worked, but the log shows there is a problem with the BITS service and reports it as not running.

Click on Start and then type services.msc into the search box and hit the Enter key.

Scroll down the list and double click on Background Intelligent Transfer Service.

When the box opens check that the Start Type is set to Automatic, if it isn't, change it and click on Apply.

Reboot the PC and run the same scan again with Farbar Service Scanner and post the log, also let me know if your Internet is still off.

computernoob1 · 13-Sep-2012, 05:37 PM **#59**

SORRY but i could nt find the Background Intelligent Transfer Service. it wasnt in the list there was only 1 for services.msc and it wasnt in services

Mark1956 · 13-Sep-2012, 07:59 PM **#60**

Download this: BITS Reg fix and save it to the dektop.
Double click on the file and select Run, accept any warnings. Once done reboot the PC.
Check to see if the service is now there.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Solved: Virus

Find the solution to your computer problem!

Find the solution to your
computer problem!