Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Go to first new post Win64/Patched.A help!
Go to first new post Machine supsected of rootkit after error ...
Go to first new post Audio has disappeared
Go to first new post Possible Virus/Toolbar Hidden In My Syst ...
Go to first new post Very slow computer and comboFIX said it ...
Go to first new post Internet Explorer
Go to first new post Google 404 not found. Can't find fix
Go to first new post Strange "Incorrect Password" e ...
Go to first new post Random audio files playing in the backgr ...
Go to first new post Virus
Go to first new post Memory upgrade problems.
Go to first new post What virus could destroy user permission ...
Go to first new post Newish computer needs beefing up.
Go to first new post ClamAV scan results help
Go to first new post Email Hacked! Information compromised he ...
Search Search
Search for:
Tech Support Guy Forums > > >

Solved: Internet super slow, need help I think its malware.


(!)

Reply
Page 2 of 6 1 2 345 Last »
autoaim's Avatar
Member with 47 posts.
THREAD STARTER
  
Join Date: Sep 2012
Experience: Beginner
11-Sep-2012, 08:34 PM #16
ComboFix 12-09-11.02 - Spencer 09/11/2012 18:19:48.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3838.2855 [GMT -4:00]
Running from: c:\users\Spencer\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\786687y7c168q428n153s8xbl4s1
c:\windows\SysWow64\wpcap.dll
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\system64\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-12 to 2012-09-12 )))))))))))))))))))))))))))))))
.
.
2012-09-11 22:47 . 2012-09-11 22:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-05 21:37 . 2012-09-05 21:37 -------- d-----w- c:\users\Spencer\AppData\Roaming\SUPERAntiSpyware.com
2012-09-05 21:18 . 2012-09-11 16:44 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-05 21:18 . 2012-09-05 21:18 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-09-05 21:18 . 2012-09-05 21:18 -------- d-----w- c:\programdata\SUPERSetup
2012-09-04 02:22 . 2012-09-04 02:22 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-04 02:12 . 2012-09-04 02:12 -------- d-----w- c:\users\Spencer\AppData\Local\Secunia PSI
2012-09-04 02:09 . 2012-09-04 02:09 -------- d-----w- c:\program files (x86)\Secunia
2012-09-03 00:56 . 2012-09-03 00:57 -------- d-----w- c:\program files\Microsoft Device Center
2012-09-03 00:39 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-09-03 00:39 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-09-02 23:50 . 2012-09-02 23:50 -------- d-----w- c:\windows\system32\SPReview
2012-09-02 23:49 . 2012-09-02 23:49 -------- d-----w- c:\windows\system32\EventProviders
2012-09-02 23:47 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-09-02 23:47 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-09-02 23:47 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-09-02 14:14 . 2012-09-02 14:14 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-09-01 14:37 . 2010-11-20 13:26 1866240 ----a-w- c:\windows\system32\ExplorerFrame.dll
2012-09-01 14:36 . 2010-11-20 13:27 1158656 ----a-w- c:\windows\system32\webservices.dll
2012-09-01 14:35 . 2010-11-20 13:27 40960 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2012-09-01 14:34 . 2010-11-20 13:27 128000 ----a-w- c:\windows\system32\srvcli.dll
2012-09-01 14:33 . 2010-11-20 13:15 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-09-01 14:32 . 2010-11-20 13:27 5120 ----a-w- c:\windows\system32\msdxm.ocx
2012-09-01 14:31 . 2010-11-20 12:57 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2012-09-01 14:31 . 2010-11-20 13:01 2560 ----a-w- c:\windows\system32\drivers\en-US\rdpwd.sys.mui
2012-09-01 14:31 . 2010-11-20 13:10 4608 ----a-w- c:\windows\system32\drivers\en-US\kbdclass.sys.mui
2012-09-01 14:31 . 2010-11-20 13:11 6144 ----a-w- c:\windows\system32\drivers\en-US\IPMIDrv.sys.mui
2012-09-01 14:31 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2012-09-01 14:31 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll
2012-09-01 14:30 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2012-09-01 14:30 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2012-09-01 14:28 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2012-09-01 12:52 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2012-09-01 12:52 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe
2012-09-01 12:52 . 2011-03-11 04:37 91648 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS
2012-09-01 12:52 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2012-09-01 12:52 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-09-01 12:52 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-09-01 12:52 . 2010-11-20 13:25 296960 ----a-w- c:\windows\system32\rstrui.exe
2012-09-01 12:50 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-09-01 12:50 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-09-01 12:50 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-09-01 12:50 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-09-01 12:48 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-09-01 12:48 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-09-01 12:48 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-09-01 12:48 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-09-01 12:48 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-09-01 12:48 . 2011-02-24 06:15 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-09-01 12:48 . 2011-02-24 05:38 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2012-09-01 12:46 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-09-01 12:46 . 2010-11-20 13:27 33792 ----a-w- c:\windows\system32\profprov.dll
2012-09-01 12:46 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-09-01 12:46 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-09-01 12:46 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-09-01 12:42 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-09-01 12:42 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-09-01 12:42 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-09-01 12:42 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-09-01 12:42 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-09-01 12:42 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-09-01 12:39 . 2011-07-16 05:37 1162752 ----a-w- c:\windows\system32\kernel32.dll
2012-09-01 12:39 . 2011-07-16 05:37 421888 ----a-w- c:\windows\system32\KernelBase.dll
2012-09-01 12:39 . 2011-06-24 05:25 338432 ----a-w- c:\windows\system32\conhost.exe
2012-09-01 12:34 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-09-01 12:34 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-09-01 12:34 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-09-01 12:34 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-01 11:54 . 2012-09-04 02:17 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-09-01 11:54 . 2012-09-01 11:54 -------- d-----w- c:\windows\SysWow64\Wat
2012-09-01 11:54 . 2012-09-01 11:54 -------- d-----w- c:\windows\system32\Wat
2012-08-31 17:06 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-08-31 17:06 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-08-31 17:06 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-31 17:06 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-08-31 17:06 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-08-31 17:06 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-08-31 17:06 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-08-31 16:58 . 2012-08-03 08:27 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-31 16:47 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2012-08-31 16:47 . 2011-03-11 06:34 1395712 ----a-w- c:\windows\system32\mfc42.dll
2012-08-31 16:47 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2012-08-31 16:47 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2012-08-31 16:41 . 2010-12-23 10:42 961024 ----a-w- c:\windows\system32\CPFilters.dll
2012-08-31 16:41 . 2010-12-23 05:54 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2012-08-31 16:41 . 2010-12-23 10:42 1118720 ----a-w- c:\windows\system32\sbe.dll
2012-08-31 16:41 . 2010-12-23 10:36 259072 ----a-w- c:\windows\system32\mpg2splt.ax
2012-08-31 16:41 . 2010-12-23 05:54 850944 ----a-w- c:\windows\SysWow64\sbe.dll
2012-08-31 16:41 . 2010-12-23 05:50 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2012-08-31 16:41 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2012-08-31 16:41 . 2011-05-24 10:39 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2012-08-31 16:41 . 2011-05-24 10:37 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2012-08-31 16:41 . 2010-11-20 13:25 207872 ----a-w- c:\windows\system32\cfgmgr32.dll
2012-08-31 16:41 . 2011-05-24 10:40 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2012-08-31 16:41 . 2011-05-24 10:40 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2012-08-31 16:39 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-08-31 16:29 . 2011-11-17 06:35 395776 ----a-w- c:\windows\system32\webio.dll
2012-08-31 16:29 . 2011-11-17 05:35 314880 ----a-w- c:\windows\SysWow64\webio.dll
2012-08-31 16:23 . 2011-06-16 05:49 199680 ----a-w- c:\windows\system32\xmllite.dll
2012-08-31 16:22 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
2012-08-31 16:22 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2012-08-31 16:18 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-08-31 16:18 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2012-08-31 16:15 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2012-08-31 16:15 . 2010-11-20 13:25 974336 ----a-w- c:\windows\system32\WFS.exe
2012-08-31 16:13 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-08-31 16:13 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-08-31 16:13 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-08-31 16:13 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-08-31 16:13 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-08-31 15:54 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2012-08-31 15:54 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-08-31 15:54 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2012-08-31 15:54 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-08-31 15:53 . 2010-11-20 13:24 2164224 ----a-w- c:\program files\Windows Journal\Journal.exe
2012-08-31 15:53 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-08-31 15:53 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-08-31 15:53 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-08-31 15:53 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-08-31 15:53 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-08-31 15:53 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-08-31 15:53 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-08-31 15:53 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-31 15:53 . 2010-11-20 13:33 288640 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-31 15:52 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-04 02:22 . 2010-09-02 17:38 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-04 02:19 . 2012-07-18 04:56 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-04 02:19 . 2012-07-18 04:54 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-03 00:00 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-09-03 00:00 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-08-21 09:13 . 2011-12-21 18:07 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2009-12-23 15:04 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2009-12-23 15:04 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-06-09 19:57 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-21 09:13 . 2009-12-23 15:04 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13 . 2009-12-23 15:04 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2011-12-21 18:06 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2009-12-23 15:03 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-08-21 09:12 . 2011-12-21 18:07 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-27 01:38 . 2012-06-27 01:38 827728 ----a-w- c:\windows\system32\msvcr100.dll
2012-06-27 01:38 . 2012-06-27 01:38 770384 ----a-w- c:\windows\SysWow64\msvcr100.dll
2012-06-27 01:38 . 2012-06-27 01:38 607568 ----a-w- c:\windows\system32\msvcp100.dll
2012-06-27 01:38 . 2012-06-27 01:38 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
2012-06-27 01:38 . 2012-06-27 01:38 46176 ----a-w- c:\windows\system32\drivers\point64.sys
2012-06-27 01:38 . 2012-06-27 01:38 23648 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
2012-06-25 20:04 . 2012-06-25 20:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-29 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-11 5663616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCO RE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [2009-06-10 620544]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-01 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-04 250568]
R4 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-09-30 844320]
R4 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-02 135664]
R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-02 135664]
R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R4 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-09-24 62720]
R4 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [x]
R4 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2007-05-01 52856]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-30 203264]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 47632]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-02-13 292864]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2012-05-28 52320]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-20 317480]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 02:19]
.
2012-09-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3201008034-2131478740-1776008524-1001Core.job
- c:\users\Spencer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-26 21:59]
.
2012-09-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3201008034-2131478740-1776008524-1001UA.job
- c:\users\Spencer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-26 21:59]
.
2012-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-02 15:19]
.
2012-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-02 15:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-10-09 508472]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-22 295936]
"Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2009-09-30 823840]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-27 1464928]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 2004584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv53&r=27361209i6c6l03e0z185a48j1x27n
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv53&r=27361209i6c6l03e0z185a48j1x27n
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 192.168.*.*;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\56qi8714.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.d2jsp.org/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=867034&p=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_ 4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
.
**************************************************************************
.
Completion time: 2012-09-11 20:10:17 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-12 00:10
.
Pre-Run: 218,916,855,808 bytes free
Post-Run: 218,402,504,704 bytes free
.
- - End Of File - - 1C4FE679294D99121352324D2F7C3C69
Mark1956's Avatar
Malware Removal Specialist with 8,803 posts.
  
Join Date: May 2011
Location: Spain
Experience: Advanced
11-Sep-2012, 08:54 PM #17
That has replaced a critical system file so you may notice some improvement.

It's getting very late in the night her now so I will leave you with the following scan to run and shall be back in the morning.

Download RogueKiller (by tigzy) and save direct to your Desktop.
On the web page click on this:
  • Quit all running programs
  • Start RogueKiller.exe
  • Wait until Prescan has finished.
  • Ensure all boxes are ticked under "Report" tab.
  • Click on Scan.
  • Click on Report when complete. Copy/paste the contents of the report and paste into your next reply.
  • NOTE: DO NOT attempt to remove anything that the scan detects.
autoaim's Avatar
Member with 47 posts.
THREAD STARTER
  
Join Date: Sep 2012
Experience: Beginner
11-Sep-2012, 10:26 PM #18
RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Spencer [Admin rights]
Mode : Scan -- Date : 09/11/2012 21:50:02

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD32 00BEVT-22ZCT0 SATA Disk Device +++++
--- User ---
[MBR] c00780317214600ded3bfa321c615313
[BSP] 2df630ffdbaeef5453c148c3af20283f : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12000 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24578048 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 24782848 | Size: 293143 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt



Internet seems better, start up still takes forever and a day.
Mark1956's Avatar
Malware Removal Specialist with 8,803 posts.
  
Join Date: May 2011
Location: Spain
Experience: Advanced
12-Sep-2012, 05:24 AM #19
Ok, we will do one more check for infections with a deep on-line scan from Eset, after that we need to start running some of the built in Windows diagnostics.


Eset online scan instructions.
IMPORTANT ---> Please make sure you follow the instruction to uncheck the box next to Remove found threats. Eset will detect anything that looks even remotely suspicious, this can include legitimate program files. If you do not uncheck the box, as instructed, Eset will automatically remove all suspect files which could leave some of your software inoperative. If you make a mistake these files can be restored from quarantine, but it would be preferable not to add any extra work to the clean up of your system.
  • Disable your existing Anti Virus following these instructions.
  • Please go here to use the Eset Online Scanner.
  • When the web page opens click on this button
  • If you are not using Internet Explorer you will see a message box open asking you to to download the ESET Smart Installer, click on the link and allow it to download and then run it. Accept the Terms of use and click on Start. The required components will download.
  • If using Internet Explorer the Terms of use box will open immediately, accept it and click on Start.
  • After the download is complete the Computer scan settings window will open, IMPORTANT ----> uncheck the box next to Remove found threats and click on Start. The virus signature database will then download which may take some time depending on the speed of your internet connection. The scan will automatically start when the download is complete.
  • This is a very thorough scan and may take several hours to complete depending on how much data you have on your hard drive. Do not interrupt it, be patient and let it finish.
  • A Scan Results window will appear at the end of the scan. If it lists any number of Infected Files click on List of found threats. Click on Copy to clipboard, come back to this thread and right click on the message box. Select Paste and the report will appear, add any comments you have and post the reply.
  • Back on the Eset window, click the Back button and then click on Finish.
autoaim's Avatar
Member with 47 posts.
THREAD STARTER
  
Join Date: Sep 2012
Experience: Beginner
12-Sep-2012, 12:26 PM #20
No infected files found.
Mark1956's Avatar
Malware Removal Specialist with 8,803 posts.
  
Join Date: May 2011
Location: Spain
Experience: Advanced
12-Sep-2012, 02:31 PM #21
Ok, I sent that last post when a bit tired, there is another scan to do with Combofix which will be done a little different to remove some orphan entries. Also a scan on the Master Boot Record.

We are now going to run ComboFix a different way.
Open Notepad by clicking on and in the Search box
type: Notepad.exe and hit Enter.
Copy and paste everything in the code box below into it.
-- Note: Make sure Word Wrap is unchecked in Notepad by clicking on Format in the top menu.
Code:
KillAll::
 
DDS::
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670}
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB}
BHO-X64: 0x1
BHO-X64: AcroIEHelperStub
BHO-X64: AIM Toolbar Loader
BHO-X64: Ask Toolbar BHO
ClearJavaCache::
Reboot::
  • Save the file as CFScript.txt by choosing Save As... in the File Menu, and save it to your Desktop where the ComboFix icon
    is also located.
  • Close your browser and disconnect from the Internet.
  • Now use your mouse to drag, then drop the CFScript.txt file on top of ComboFix.exe as seen in the image below.
  • This will start ComboFix again and launch the script.
  • ComboFix may reboot your system when it finishes. This is normal.
  • A log will be created just as before and saved to C:\ComboFix.txt. Please copy and paste the contents of ComboFix.txt in your next
    reply.
  • Be sure to re-enable your anti-virus and other security programs after the scan is complete.
  • NOTE: if you see a message like this when you attempt to open anything after the reboot "Illegal
    Operation attempted on a registry key that has been marked for deletion" please reboot the system again and the warning should not return.
______________________________________________________________

Please download aswMBR.exe and save it to your Desktop.
  • Double click on aswMBR.exe to run it. Vista/Windows 7 users right-click and select Run As Administrator.
  • You will be asked if you wish to download the latest Avast Virus Definitions, please select Yes. It may take several minutes to complete.
  • Click the Scan button to start scan.
  • On completion of the scan, click the Save log button and save it to your Desktop.
  • Do not select any Fix options at this time.
  • Copy and paste the contents of that log in your next reply.
-- Important note: Upon the first run, aswMBR will back up the MBR and save it to the Desktop as MBR.dat. Do not delete this file unless advised.
NOTE: Right-click on MBR.dat and select Send To and then Compressed (zipped) file. Attach that zipped file to your next reply as well.
  • Below the Message Box click on Go Advanced. Then scroll down until you see a button, Manage Attachments. Click on that and a new window opens.
  • Click on the Browse button, find the zip folder you made earlier and doubleclick on it.
  • Now click on the Upload button. Wait for the Upload to complete, it will appear just below the Browse box.
  • When done, click on the Close this window button at the bottom of the page.
  • Enter your message-text in the message box, then click on Submit Message/Reply.
Last edited by Mark1956; 12-Sep-2012 at 02:40 PM..
autoaim's Avatar
Member with 47 posts.
THREAD STARTER
  
Join Date: Sep 2012
Experience: Beginner
12-Sep-2012, 04:22 PM #22
Did the 2nd combo fix with the notepad file.. internet doesn't work. I tried to reboot and manually restore it but that didn't work either. Ill go ahead and do the 2nd scan while I wait for your response. I'm on windows 7 sp 1 as well.

e/ Guess I have to wait to do the 2nd scan so I can update the virus definitions.
Mark1956's Avatar
Malware Removal Specialist with 8,803 posts.
  
Join Date: May 2011
Location: Spain
Experience: Advanced
12-Sep-2012, 04:42 PM #23
With aswMBR decline the updates then run it and post the log. You will have to transfer the log to a working PC to send it here.

Please run this and post the log.


Please download Farbar Service Scanner and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
autoaim's Avatar
Member with 47 posts.
THREAD STARTER
  
Join Date: Sep 2012
Experience: Beginner
12-Sep-2012, 04:56 PM #24
aswMBR is running now, heres the logs you asked for beside that. I disabled windows defender(I think that may have caused the internet issue looking at other people's threads) and i'll re run combofix after aswMBR is done.

Farbar Service Scanner Version: 06-08-2012
Ran by Spencer (administrator) on 12-09-2012 at 16:49:47
Running from "C:\Users\Spencer\Desktop\Cleaner"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Attempt to access Google.com returned error: Other errors
Yahoo IP is accessible.
Attempt to access Yahoo.com returned error: Other errors


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

ComboFix 12-09-12.03 - Spencer 09/12/2012 15:28:27.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3838.2394 [GMT -4:00]
Running from: c:\users\Spencer\Desktop\ComboFix.exe
Command switches used :: c:\users\Spencer\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-12 to 2012-09-12 )))))))))))))))))))))))))))))))
.
.
2012-09-12 19:36 . 2012-09-12 19:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-12 15:28 . 2012-08-28 05:49 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{52E824AE-9D54-43AD-8896-321116DE80E5}\mpengine.dll
2012-09-12 14:01 . 2012-09-12 14:01 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-09-12 14:01 . 2012-09-12 14:01 -------- d-----r- c:\program files (x86)\Skype
2012-09-05 21:37 . 2012-09-05 21:37 -------- d-----w- c:\users\Spencer\AppData\Roaming\SUPERAntiSpyware.com
2012-09-05 21:18 . 2012-09-11 16:44 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-05 21:18 . 2012-09-05 21:18 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-09-05 21:18 . 2012-09-05 21:18 -------- d-----w- c:\programdata\SUPERSetup
2012-09-04 02:12 . 2012-09-04 02:12 -------- d-----w- c:\users\Spencer\AppData\Local\Secunia PSI
2012-09-04 02:09 . 2012-09-04 02:09 -------- d-----w- c:\program files (x86)\Secunia
2012-09-03 00:56 . 2012-09-03 00:57 -------- d-----w- c:\program files\Microsoft Device Center
2012-09-03 00:39 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-09-03 00:39 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-09-02 23:50 . 2012-09-02 23:50 -------- d-----w- c:\windows\system32\SPReview
2012-09-02 23:49 . 2012-09-02 23:49 -------- d-----w- c:\windows\system32\EventProviders
2012-09-02 23:47 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-09-02 23:47 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-09-02 23:47 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-09-02 14:14 . 2012-09-02 14:14 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-09-01 14:37 . 2010-11-20 13:26 1866240 ----a-w- c:\windows\system32\ExplorerFrame.dll
2012-09-01 14:36 . 2010-11-20 13:27 1158656 ----a-w- c:\windows\system32\webservices.dll
2012-09-01 14:35 . 2010-11-20 13:27 40960 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2012-09-01 14:34 . 2010-11-20 13:27 128000 ----a-w- c:\windows\system32\srvcli.dll
2012-09-01 14:33 . 2010-11-20 13:15 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-09-01 14:32 . 2010-11-20 13:27 5120 ----a-w- c:\windows\system32\msdxm.ocx
2012-09-01 14:31 . 2010-11-20 12:57 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2012-09-01 14:31 . 2010-11-20 13:01 2560 ----a-w- c:\windows\system32\drivers\en-US\rdpwd.sys.mui
2012-09-01 14:31 . 2010-11-20 13:10 4608 ----a-w- c:\windows\system32\drivers\en-US\kbdclass.sys.mui
2012-09-01 14:31 . 2010-11-20 13:11 6144 ----a-w- c:\windows\system32\drivers\en-US\IPMIDrv.sys.mui
2012-09-01 14:31 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2012-09-01 14:30 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2012-09-01 14:28 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2012-09-01 12:52 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2012-09-01 12:52 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe
2012-09-01 12:52 . 2011-03-11 04:37 91648 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS
2012-09-01 12:52 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2012-09-01 12:52 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-09-01 12:52 . 2010-11-20 13:25 296960 ----a-w- c:\windows\system32\rstrui.exe
2012-09-01 12:50 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-09-01 12:50 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-09-01 12:48 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-09-01 12:48 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-09-01 12:48 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-09-01 12:48 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-09-01 12:48 . 2011-02-24 06:15 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-09-01 12:46 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-09-01 12:46 . 2010-11-20 13:27 33792 ----a-w- c:\windows\system32\profprov.dll
2012-09-01 12:46 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-09-01 12:45 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2012-09-01 12:45 . 2011-04-29 03:05 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
2012-09-01 12:45 . 2011-04-29 03:05 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
2012-09-01 12:45 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-09-01 12:45 . 2010-11-20 13:24 288256 ----a-w- c:\windows\system32\MSNP.ax
2012-09-01 12:45 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2012-09-01 12:45 . 2010-11-20 13:24 104960 ----a-w- c:\windows\system32\Mpeg2Data.ax
2012-09-01 12:45 . 2010-11-20 13:24 75776 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-09-01 12:42 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-09-01 12:42 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-09-01 12:42 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-09-01 12:42 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-09-01 12:42 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-09-01 12:42 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-09-01 12:39 . 2011-07-16 05:37 1162752 ----a-w- c:\windows\system32\kernel32.dll
2012-09-01 12:39 . 2011-07-16 05:37 421888 ----a-w- c:\windows\system32\KernelBase.dll
2012-09-01 12:39 . 2011-06-24 05:25 338432 ----a-w- c:\windows\system32\conhost.exe
2012-09-01 12:34 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-09-01 12:34 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-01 11:54 . 2012-09-04 02:17 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-09-01 11:54 . 2012-09-01 11:54 -------- d-----w- c:\windows\system32\Wat
2012-08-31 17:06 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-08-31 17:06 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-08-31 17:06 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-08-31 17:06 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-08-31 17:06 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-08-31 16:58 . 2012-08-03 08:27 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-31 16:47 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2012-08-31 16:47 . 2011-03-11 06:34 1395712 ----a-w- c:\windows\system32\mfc42.dll
2012-08-31 16:41 . 2010-12-23 10:42 961024 ----a-w- c:\windows\system32\CPFilters.dll
2012-08-31 16:41 . 2010-12-23 05:54 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2012-08-31 16:41 . 2010-12-23 10:42 1118720 ----a-w- c:\windows\system32\sbe.dll
2012-08-31 16:41 . 2010-12-23 10:36 259072 ----a-w- c:\windows\system32\mpg2splt.ax
2012-08-31 16:41 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2012-08-31 16:41 . 2011-05-24 10:39 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2012-08-31 16:41 . 2011-05-24 10:37 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2012-08-31 16:41 . 2010-11-20 13:25 207872 ----a-w- c:\windows\system32\cfgmgr32.dll
2012-08-31 16:41 . 2011-05-24 10:40 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2012-08-31 16:41 . 2011-05-24 10:40 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2012-08-31 16:39 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-08-31 16:29 . 2011-11-17 06:35 395776 ----a-w- c:\windows\system32\webio.dll
2012-08-31 16:23 . 2011-06-16 05:49 199680 ----a-w- c:\windows\system32\xmllite.dll
2012-08-31 16:22 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
2012-08-31 16:22 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2012-08-31 16:18 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-08-31 16:15 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2012-08-31 16:15 . 2010-11-20 13:25 974336 ----a-w- c:\windows\system32\WFS.exe
2012-08-31 16:13 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-08-31 16:13 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-08-31 16:13 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-08-31 16:13 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-08-31 15:54 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2012-08-31 15:54 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-08-31 15:53 . 2010-11-20 13:24 2164224 ----a-w- c:\program files\Windows Journal\Journal.exe
2012-08-31 15:53 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-08-31 15:53 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-08-31 15:53 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-08-31 15:53 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-08-31 15:53 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-08-31 15:53 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-08-31 15:53 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-31 15:53 . 2010-11-20 13:33 288640 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-31 15:52 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-31 15:52 . 2010-11-20 13:27 39424 ----a-w- c:\windows\system32\Spool\prtprocs\x64\winprint.dll
2012-08-31 15:52 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-31 15:52 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-08-31 15:52 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-08-31 15:52 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-08-31 15:52 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-08-31 15:34 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-08-31 15:34 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-08-31 15:34 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-08-31 15:34 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-08-31 15:34 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-08-31 15:34 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-08-31 15:34 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-08-31 15:34 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-04 02:22 . 2012-09-04 02:22 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-04 02:22 . 2010-09-02 17:38 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-04 02:19 . 2012-07-18 04:56 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-04 02:19 . 2012-07-18 04:54 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-03 00:00 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-09-03 00:00 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-08-31 17:17 . 2012-08-31 17:17 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-08-31 17:17 . 2012-08-31 17:17 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-08-31 17:17 . 2012-08-31 17:17 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-08-31 17:17 . 2012-08-31 17:17 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-08-31 17:17 . 2012-08-31 17:17 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-31 17:17 . 2012-08-31 17:17 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-31 17:17 . 2012-08-31 17:17 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-08-31 17:17 . 2012-08-31 17:17 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-08-31 17:17 . 2012-08-31 17:17 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-08-31 17:17 . 2012-08-31 17:17 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-08-31 17:17 . 2012-08-31 17:17 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-21 09:13 . 2011-12-21 18:07 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2009-12-23 15:04 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2009-12-23 15:04 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-06-09 19:57 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-21 09:13 . 2009-12-23 15:04 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13 . 2009-12-23 15:04 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2011-12-21 18:06 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2009-12-23 15:03 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-08-21 09:12 . 2011-12-21 18:07 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-27 01:38 . 2012-06-27 01:38 827728 ----a-w- c:\windows\system32\msvcr100.dll
2012-06-27 01:38 . 2012-06-27 01:38 770384 ----a-w- c:\windows\SysWow64\msvcr100.dll
2012-06-27 01:38 . 2012-06-27 01:38 607568 ----a-w- c:\windows\system32\msvcp100.dll
2012-06-27 01:38 . 2012-06-27 01:38 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
2012-06-27 01:38 . 2012-06-27 01:38 46176 ----a-w- c:\windows\system32\drivers\point64.sys
2012-06-27 01:38 . 2012-06-27 01:38 23648 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
2012-06-25 20:04 . 2012-06-25 20:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-29 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-11 5663616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCO RE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [2009-06-10 620544]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-01 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-04 250568]
R4 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-09-30 844320]
R4 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-02 135664]
R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-02 135664]
R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R4 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-09-24 62720]
R4 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [x]
R4 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2007-05-01 52856]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-30 203264]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 47632]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-02-13 292864]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2012-05-28 52320]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-20 317480]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 02:19]
.
2012-09-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3201008034-2131478740-1776008524-1001Core.job
- c:\users\Spencer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-26 21:59]
.
2012-09-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3201008034-2131478740-1776008524-1001UA.job
- c:\users\Spencer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-26 21:59]
.
2012-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-02 15:19]
.
2012-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-02 15:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-10-09 508472]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-22 295936]
"Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2009-09-30 823840]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-27 1464928]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 2004584]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv53&r=27361209i6c6l03e0z185a48j1x27n
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv53&r=27361209i6c6l03e0z185a48j1x27n
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 192.168.*.*;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\56qi8714.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.d2jsp.org/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=867034&p=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_ 4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
.
**************************************************************************
.
Completion time: 2012-09-12 15:48:02 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-12 19:48
ComboFix2.txt 2012-09-12 00:10
.
Pre-Run: 227,220,221,952 bytes free
Post-Run: 227,081,175,040 bytes free
.
- - End Of File - - 0927CFA89614053D1F94579B601C59A3
autoaim's Avatar
Member with 47 posts.
THREAD STARTER
  
Join Date: Sep 2012
Experience: Beginner
12-Sep-2012, 05:19 PM #25
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-12 16:51:04
-----------------------------
16:51:04.628 OS Version: Windows x64 6.1.7601 Service Pack 1
16:51:04.628 Number of processors: 2 586 0x602
16:51:04.644 ComputerName: SPENCER-PC UserName: Spencer
16:51:07.826 Initialize success
16:51:07.998 AVAST engine defs: 12091200
16:53:10.524 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000065
16:53:10.540 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 11
16:53:10.587 Disk 0 MBR read successfully
16:53:10.587 Disk 0 MBR scan
16:53:10.587 Disk 0 Windows VISTA default MBR code
16:53:10.587 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12000 MB offset 2048
16:53:10.618 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 24578048
16:53:10.633 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 293143 MB offset 24782848
16:53:10.696 Disk 0 scanning C:\Windows\system32\drivers
16:53:22.131 Service scanning
16:53:47.621 Modules scanning
16:53:47.621 Disk 0 trace - called modules:
16:53:47.668 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys ACPI.sys storport.sys hal.dll amdsata.sys
16:53:48.183 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80046b4060]
16:53:48.183 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa80046a3740]
16:53:48.183 5 amdxata.sys[fffff880010698b9] -> nt!IofCallDriver -> [0xfffffa80046a3e10]
16:53:48.198 7 ACPI.sys[fffff88000f437a1] -> nt!IofCallDriver -> \Device\00000065[0xfffffa800469f3b0]
16:53:50.460 AVAST engine scan C:\Windows
16:53:55.796 AVAST engine scan C:\Windows\system32
16:56:54.790 AVAST engine scan C:\Windows\system32\drivers
16:57:09.719 AVAST engine scan C:\Users\Spencer
17:00:39.431 AVAST engine scan C:\ProgramData
17:03:35.415 Scan finished successfully
17:13:42.490 Disk 0 MBR has been saved successfully to "C:\Users\Spencer\Desktop\Cleaner\MBR.dat"
17:13:42.490 The log file has been saved successfully to "C:\Users\Spencer\Desktop\Cleaner\aswMBR.txt"


Im going to rerun combofix with the cfscript.txt now.
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
Mark1956's Avatar
Malware Removal Specialist with 8,803 posts.
  
Join Date: May 2011
Location: Spain
Experience: Advanced
12-Sep-2012, 05:22 PM #26
Tha combofix log in post 16 shows that Windows Defender was already disabled as it should be when there is an Anti Virus program installed. I have never seen an instance of Defender casing an issue with Internet connection, it is included and installed on every PC running Windows.

I have had a run of Internet connection being lost when using Combofix, this has happened in the past and corrected with further updates. Combofix gets updates frequently and sometimes the updates cause problems on some PC's.

Let me know how things are when you post the aswMBR log.
autoaim's Avatar
Member with 47 posts.
THREAD STARTER
  
Join Date: Sep 2012
Experience: Beginner
12-Sep-2012, 05:28 PM #27
Aswmbr log is right above your last post along with the zip file. I meant that i thought with defender on it affected the scan and lost my internet. The first time i ran combofix i had no issue. It started when i used the CFScript.txt file
Mark1956's Avatar
Malware Removal Specialist with 8,803 posts.
  
Join Date: May 2011
Location: Spain
Experience: Advanced
12-Sep-2012, 05:38 PM #28
Yup, I see the log, our posts crossed over.

Please delete the Combofix icon on your desktop, use the link in the original instructions to download a fresh copy and just run a scan with it. See if that brings back the internet after a reboot.
autoaim's Avatar
Member with 47 posts.
THREAD STARTER
  
Join Date: Sep 2012
Experience: Beginner
12-Sep-2012, 05:39 PM #29
Internet still is a no go. Full 5 bars, just no internet connection wired or wireless.
Mark1956's Avatar
Malware Removal Specialist with 8,803 posts.
  
Join Date: May 2011
Location: Spain
Experience: Advanced
12-Sep-2012, 05:42 PM #30
We just crossed posts again, try what I said in post 28.
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply
Page 2 of 6 1 2 345 Last »
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join Today!

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


TECH SUPPORT GUY
WELCOME
FOLLOW US
 
You Are Using: Server ID
All times are GMT -4. The time now is 07:25 PM.
Advertisements do not imply our endorsement of that product or service.
Copyright © 1996 - 2013 TechGuy, Inc. All rights reserved. Privacy & Terms.

VigLink badge
Trusted Website Back to the Top ↑