1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Internet super slow, need help I think its malware.

Discussion in 'Virus & Other Malware Removal' started by autoaim, Sep 3, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. autoaim

    autoaim Thread Starter

    Joined:
    Sep 3, 2012
    Messages:
    47
    ComboFix 12-09-11.02 - Spencer 09/11/2012 18:19:48.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3838.2855 [GMT -4:00]
    Running from: c:\users\Spencer\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\programdata\786687y7c168q428n153s8xbl4s1
    c:\windows\SysWow64\wpcap.dll
    .
    Infected copy of c:\windows\system32\Services.exe was found and disinfected
    Restored copy from - c:\windows\system64\services.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-08-12 to 2012-09-12 )))))))))))))))))))))))))))))))
    .
    .
    2012-09-11 22:47 . 2012-09-11 22:47 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-09-05 21:37 . 2012-09-05 21:37 -------- d-----w- c:\users\Spencer\AppData\Roaming\SUPERAntiSpyware.com
    2012-09-05 21:18 . 2012-09-11 16:44 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-09-05 21:18 . 2012-09-05 21:18 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-09-05 21:18 . 2012-09-05 21:18 -------- d-----w- c:\programdata\SUPERSetup
    2012-09-04 02:22 . 2012-09-04 02:22 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
    2012-09-04 02:12 . 2012-09-04 02:12 -------- d-----w- c:\users\Spencer\AppData\Local\Secunia PSI
    2012-09-04 02:09 . 2012-09-04 02:09 -------- d-----w- c:\program files (x86)\Secunia
    2012-09-03 00:56 . 2012-09-03 00:57 -------- d-----w- c:\program files\Microsoft Device Center
    2012-09-03 00:39 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
    2012-09-03 00:39 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
    2012-09-02 23:50 . 2012-09-02 23:50 -------- d-----w- c:\windows\system32\SPReview
    2012-09-02 23:49 . 2012-09-02 23:49 -------- d-----w- c:\windows\system32\EventProviders
    2012-09-02 23:47 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
    2012-09-02 23:47 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
    2012-09-02 23:47 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
    2012-09-02 14:14 . 2012-09-02 14:14 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
    2012-09-01 14:37 . 2010-11-20 13:26 1866240 ----a-w- c:\windows\system32\ExplorerFrame.dll
    2012-09-01 14:36 . 2010-11-20 13:27 1158656 ----a-w- c:\windows\system32\webservices.dll
    2012-09-01 14:35 . 2010-11-20 13:27 40960 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
    2012-09-01 14:34 . 2010-11-20 13:27 128000 ----a-w- c:\windows\system32\srvcli.dll
    2012-09-01 14:33 . 2010-11-20 13:15 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
    2012-09-01 14:32 . 2010-11-20 13:27 5120 ----a-w- c:\windows\system32\msdxm.ocx
    2012-09-01 14:31 . 2010-11-20 12:57 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
    2012-09-01 14:31 . 2010-11-20 13:01 2560 ----a-w- c:\windows\system32\drivers\en-US\rdpwd.sys.mui
    2012-09-01 14:31 . 2010-11-20 13:10 4608 ----a-w- c:\windows\system32\drivers\en-US\kbdclass.sys.mui
    2012-09-01 14:31 . 2010-11-20 13:11 6144 ----a-w- c:\windows\system32\drivers\en-US\IPMIDrv.sys.mui
    2012-09-01 14:31 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
    2012-09-01 14:31 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll
    2012-09-01 14:30 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
    2012-09-01 14:30 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
    2012-09-01 14:28 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
    2012-09-01 12:52 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
    2012-09-01 12:52 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe
    2012-09-01 12:52 . 2011-03-11 04:37 91648 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS
    2012-09-01 12:52 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
    2012-09-01 12:52 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
    2012-09-01 12:52 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
    2012-09-01 12:52 . 2010-11-20 13:25 296960 ----a-w- c:\windows\system32\rstrui.exe
    2012-09-01 12:50 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
    2012-09-01 12:50 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
    2012-09-01 12:50 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
    2012-09-01 12:50 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    2012-09-01 12:48 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
    2012-09-01 12:48 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
    2012-09-01 12:48 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
    2012-09-01 12:48 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
    2012-09-01 12:48 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
    2012-09-01 12:48 . 2011-02-24 06:15 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2012-09-01 12:48 . 2011-02-24 05:38 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
    2012-09-01 12:46 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
    2012-09-01 12:46 . 2010-11-20 13:27 33792 ----a-w- c:\windows\system32\profprov.dll
    2012-09-01 12:46 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-09-01 12:46 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-09-01 12:46 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-09-01 12:42 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
    2012-09-01 12:42 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
    2012-09-01 12:42 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-09-01 12:42 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
    2012-09-01 12:42 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2012-09-01 12:42 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    2012-09-01 12:39 . 2011-07-16 05:37 1162752 ----a-w- c:\windows\system32\kernel32.dll
    2012-09-01 12:39 . 2011-07-16 05:37 421888 ----a-w- c:\windows\system32\KernelBase.dll
    2012-09-01 12:39 . 2011-06-24 05:25 338432 ----a-w- c:\windows\system32\conhost.exe
    2012-09-01 12:34 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
    2012-09-01 12:34 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
    2012-09-01 12:34 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2012-09-01 12:34 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-09-01 11:54 . 2012-09-04 02:17 -------- d-----w- c:\program files (x86)\MSXML 4.0
    2012-09-01 11:54 . 2012-09-01 11:54 -------- d-----w- c:\windows\SysWow64\Wat
    2012-09-01 11:54 . 2012-09-01 11:54 -------- d-----w- c:\windows\system32\Wat
    2012-08-31 17:06 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
    2012-08-31 17:06 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
    2012-08-31 17:06 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
    2012-08-31 17:06 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
    2012-08-31 17:06 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
    2012-08-31 17:06 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
    2012-08-31 17:06 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
    2012-08-31 16:58 . 2012-08-03 08:27 62134624 ----a-w- c:\windows\system32\MRT.exe
    2012-08-31 16:47 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll
    2012-08-31 16:47 . 2011-03-11 06:34 1395712 ----a-w- c:\windows\system32\mfc42.dll
    2012-08-31 16:47 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
    2012-08-31 16:47 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
    2012-08-31 16:41 . 2010-12-23 10:42 961024 ----a-w- c:\windows\system32\CPFilters.dll
    2012-08-31 16:41 . 2010-12-23 05:54 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
    2012-08-31 16:41 . 2010-12-23 10:42 1118720 ----a-w- c:\windows\system32\sbe.dll
    2012-08-31 16:41 . 2010-12-23 10:36 259072 ----a-w- c:\windows\system32\mpg2splt.ax
    2012-08-31 16:41 . 2010-12-23 05:54 850944 ----a-w- c:\windows\SysWow64\sbe.dll
    2012-08-31 16:41 . 2010-12-23 05:50 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax
    2012-08-31 16:41 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
    2012-08-31 16:41 . 2011-05-24 10:39 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
    2012-08-31 16:41 . 2011-05-24 10:37 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
    2012-08-31 16:41 . 2010-11-20 13:25 207872 ----a-w- c:\windows\system32\cfgmgr32.dll
    2012-08-31 16:41 . 2011-05-24 10:40 64512 ----a-w- c:\windows\SysWow64\devobj.dll
    2012-08-31 16:41 . 2011-05-24 10:40 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
    2012-08-31 16:39 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
    2012-08-31 16:29 . 2011-11-17 06:35 395776 ----a-w- c:\windows\system32\webio.dll
    2012-08-31 16:29 . 2011-11-17 05:35 314880 ----a-w- c:\windows\SysWow64\webio.dll
    2012-08-31 16:23 . 2011-06-16 05:49 199680 ----a-w- c:\windows\system32\xmllite.dll
    2012-08-31 16:22 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
    2012-08-31 16:22 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
    2012-08-31 16:18 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
    2012-08-31 16:18 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
    2012-08-31 16:15 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
    2012-08-31 16:15 . 2010-11-20 13:25 974336 ----a-w- c:\windows\system32\WFS.exe
    2012-08-31 16:13 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
    2012-08-31 16:13 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
    2012-08-31 16:13 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
    2012-08-31 16:13 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
    2012-08-31 16:13 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
    2012-08-31 15:54 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
    2012-08-31 15:54 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
    2012-08-31 15:54 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
    2012-08-31 15:54 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
    2012-08-31 15:53 . 2010-11-20 13:24 2164224 ----a-w- c:\program files\Windows Journal\Journal.exe
    2012-08-31 15:53 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
    2012-08-31 15:53 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
    2012-08-31 15:53 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2012-08-31 15:53 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
    2012-08-31 15:53 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
    2012-08-31 15:53 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
    2012-08-31 15:53 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
    2012-08-31 15:53 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-08-31 15:53 . 2010-11-20 13:33 288640 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-08-31 15:52 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-04 02:22 . 2010-09-02 17:38 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-09-04 02:19 . 2012-07-18 04:56 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-09-04 02:19 . 2012-07-18 04:54 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-03 00:00 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
    2012-09-03 00:00 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
    2012-08-21 09:13 . 2011-12-21 18:07 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-08-21 09:13 . 2009-12-23 15:04 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-08-21 09:13 . 2009-12-23 15:04 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-08-21 09:13 . 2012-06-09 19:57 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2012-08-21 09:13 . 2009-12-23 15:04 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-08-21 09:13 . 2009-12-23 15:04 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-08-21 09:12 . 2011-12-21 18:06 41224 ----a-w- c:\windows\avastSS.scr
    2012-08-21 09:12 . 2009-12-23 15:03 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2012-08-21 09:12 . 2011-12-21 18:07 285328 ----a-w- c:\windows\system32\aswBoot.exe
    2012-06-27 01:38 . 2012-06-27 01:38 827728 ----a-w- c:\windows\system32\msvcr100.dll
    2012-06-27 01:38 . 2012-06-27 01:38 770384 ----a-w- c:\windows\SysWow64\msvcr100.dll
    2012-06-27 01:38 . 2012-06-27 01:38 607568 ----a-w- c:\windows\system32\msvcp100.dll
    2012-06-27 01:38 . 2012-06-27 01:38 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
    2012-06-27 01:38 . 2012-06-27 01:38 46176 ----a-w- c:\windows\system32\drivers\point64.sys
    2012-06-27 01:38 . 2012-06-27 01:38 23648 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
    2012-06-25 20:04 . 2012-06-25 20:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-29 39408]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-11 5663616]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
    R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
    R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [2009-06-10 620544]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-01 1255736]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
    R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-04 250568]
    R4 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-09-30 844320]
    R4 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496]
    R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-02 135664]
    R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-02 135664]
    R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
    R4 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-09-24 62720]
    R4 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [x]
    R4 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2007-05-01 52856]
    S1 aswKbd;aswKbd; [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-11 140672]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-30 203264]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
    S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
    S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 47632]
    S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-02-13 292864]
    S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2012-05-28 52320]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-20 317480]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
    S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-09-11 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 02:19]
    .
    2012-09-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3201008034-2131478740-1776008524-1001Core.job
    - c:\users\Spencer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-26 21:59]
    .
    2012-09-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3201008034-2131478740-1776008524-1001UA.job
    - c:\users\Spencer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-26 21:59]
    .
    2012-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-02 15:19]
    .
    2012-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-02 15:19]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-10-09 508472]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-22 295936]
    "Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2009-09-30 823840]
    "IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-27 1464928]
    "IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 2004584]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv53&r=27361209i6c6l03e0z185a48j1x27n
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv53&r=27361209i6c6l03e0z185a48j1x27n
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = 192.168.*.*;*.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.0.1
    FF - ProfilePath - c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\56qi8714.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://www.d2jsp.org/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=867034&p=
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-Locked - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    .
    **************************************************************************
    .
    Completion time: 2012-09-11 20:10:17 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-09-12 00:10
    .
    Pre-Run: 218,916,855,808 bytes free
    Post-Run: 218,402,504,704 bytes free
    .
    - - End Of File - - 1C4FE679294D99121352324D2F7C3C69
     
  2. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    That has replaced a critical system file so you may notice some improvement.

    It's getting very late in the night her now so I will leave you with the following scan to run and shall be back in the morning.

    Download RogueKiller (by tigzy) and save direct to your Desktop.
    On the web page click on this: [​IMG]
    • Quit all running programs
    • Start RogueKiller.exe
    • Wait until Prescan has finished.
    • Ensure all boxes are ticked under "Report" tab.
    • Click on Scan.
    • Click on Report when complete. Copy/paste the contents of the report and paste into your next reply.
    • NOTE: DO NOT attempt to remove anything that the scan detects.
    [​IMG]
     
  3. autoaim

    autoaim Thread Starter

    Joined:
    Sep 3, 2012
    Messages:
    47
    RogueKiller V8.0.2 [08/31/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Spencer [Admin rights]
    Mode : Scan -- Date : 09/11/2012 21:50:02

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 9 ¤¤¤
    [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
    [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
    [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD32 00BEVT-22ZCT0 SATA Disk Device +++++
    --- User ---
    [MBR] c00780317214600ded3bfa321c615313
    [BSP] 2df630ffdbaeef5453c148c3af20283f : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12000 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24578048 | Size: 100 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 24782848 | Size: 293143 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[1].txt >>
    RKreport[1].txt



    Internet seems better, start up still takes forever and a day.
     
  4. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Ok, we will do one more check for infections with a deep on-line scan from Eset, after that we need to start running some of the built in Windows diagnostics.


    Eset online scan instructions.
    IMPORTANT ---> Please make sure you follow the instruction to uncheck the box next to Remove found threats. Eset will detect anything that looks even remotely suspicious, this can include legitimate program files. If you do not uncheck the box, as instructed, Eset will automatically remove all suspect files which could leave some of your software inoperative. If you make a mistake these files can be restored from quarantine, but it would be preferable not to add any extra work to the clean up of your system.
    • Disable your existing Anti Virus following these instructions.
    • Please go here to use the Eset Online Scanner.
    • When the web page opens click on this button [​IMG]
    • If you are not using Internet Explorer you will see a message box open asking you to to download the ESET Smart Installer, click on the link and allow it to download and then run it. Accept the Terms of use and click on Start. The required components will download.
    • If using Internet Explorer the Terms of use box will open immediately, accept it and click on Start.
    • After the download is complete the Computer scan settings window will open, IMPORTANT ----> uncheck the box next to Remove found threats and click on Start. The virus signature database will then download which may take some time depending on the speed of your internet connection. The scan will automatically start when the download is complete.
    • This is a very thorough scan and may take several hours to complete depending on how much data you have on your hard drive. Do not interrupt it, be patient and let it finish.
    • A Scan Results window will appear at the end of the scan. If it lists any number of Infected Files click on List of found threats. Click on Copy to clipboard, come back to this thread and right click on the message box. Select Paste and the report will appear, add any comments you have and post the reply.
    • Back on the Eset window, click the Back button and then click on Finish.
     
  5. autoaim

    autoaim Thread Starter

    Joined:
    Sep 3, 2012
    Messages:
    47
    No infected files found.
     
  6. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Ok, I sent that last post when a bit tired, there is another scan to do with Combofix which will be done a little different to remove some orphan entries. Also a scan on the Master Boot Record.

    We are now going to run ComboFix a different way.
    Open Notepad by clicking on [​IMG] and in the Search box
    type: Notepad.exe and hit Enter.
    Copy and paste everything in the code box below into it.
    -- Note: Make sure Word Wrap is unchecked in Notepad by clicking on Format in the top menu.
    Code:
    KillAll::
     
    DDS::
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670}
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB}
    BHO-X64: 0x1
    BHO-X64: AcroIEHelperStub
    BHO-X64: AIM Toolbar Loader
    BHO-X64: Ask Toolbar BHO
    ClearJavaCache::
    Reboot::
    
    
    • Save the file as CFScript.txt by choosing Save As... in the File Menu, and save it to your Desktop where the ComboFix icon
      is also located.
    • Close your browser and disconnect from the Internet.
    • Now use your mouse to drag, then drop the CFScript.txt file on top of ComboFix.exe as seen in the image below.
      [​IMG]
    • This will start ComboFix again and launch the script.
    • ComboFix may reboot your system when it finishes. This is normal.
    • A log will be created just as before and saved to C:\ComboFix.txt. Please copy and paste the contents of ComboFix.txt in your next
      reply.
    • Be sure to re-enable your anti-virus and other security programs after the scan is complete.
    • NOTE: if you see a message like this when you attempt to open anything after the reboot "Illegal
      Operation attempted on a registry key that has been marked for deletion" please reboot the system again and the warning should not return.
    ______________________________________________________________

    Please download aswMBR.exe and save it to your Desktop.
    • Double click on aswMBR.exe to run it. Vista/Windows 7 users right-click and select Run As Administrator.
    • You will be asked if you wish to download the latest Avast Virus Definitions, please select Yes. It may take several minutes to complete.
    • Click the Scan button to start scan.
      [​IMG]
    • On completion of the scan, click the Save log button and save it to your Desktop.
    • Do not select any Fix options at this time.
    • Copy and paste the contents of that log in your next reply.
    -- Important note: Upon the first run, aswMBR will back up the MBR and save it to the Desktop as MBR.dat. Do not delete this file unless advised.
    NOTE: Right-click on MBR.dat and select Send To and then Compressed (zipped) file. Attach that zipped file to your next reply as well.
    • Below the Message Box click on Go Advanced. Then scroll down until you see a button, Manage Attachments. Click on that and a new window opens.
    • Click on the Browse button, find the zip folder you made earlier and doubleclick on it.
    • Now click on the Upload button. Wait for the Upload to complete, it will appear just below the Browse box.
    • When done, click on the Close this window button at the bottom of the page.
    • Enter your message-text in the message box, then click on Submit Message/Reply.
     
  7. autoaim

    autoaim Thread Starter

    Joined:
    Sep 3, 2012
    Messages:
    47
    Did the 2nd combo fix with the notepad file.. internet doesn't work. I tried to reboot and manually restore it but that didn't work either. Ill go ahead and do the 2nd scan while I wait for your response. I'm on windows 7 sp 1 as well.

    e/ Guess I have to wait to do the 2nd scan so I can update the virus definitions.
     
  8. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    With aswMBR decline the updates then run it and post the log. You will have to transfer the log to a working PC to send it here.

    Please run this and post the log.


    Please download Farbar Service Scanner and run it on the computer with the issue.
    Make sure the following options are checked:
    • Internet Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
     
  9. autoaim

    autoaim Thread Starter

    Joined:
    Sep 3, 2012
    Messages:
    47
    aswMBR is running now, heres the logs you asked for beside that. I disabled windows defender(I think that may have caused the internet issue looking at other people's threads) and i'll re run combofix after aswMBR is done.

    Farbar Service Scanner Version: 06-08-2012
    Ran by Spencer (administrator) on 12-09-2012 at 16:49:47
    Running from "C:\Users\Spencer\Desktop\Cleaner"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    There is no connection to network.
    Google IP is accessible.
    Attempt to access Google.com returned error: Other errors
    Yahoo IP is accessible.
    Attempt to access Yahoo.com returned error: Other errors


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****

    ComboFix 12-09-12.03 - Spencer 09/12/2012 15:28:27.2.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3838.2394 [GMT -4:00]
    Running from: c:\users\Spencer\Desktop\ComboFix.exe
    Command switches used :: c:\users\Spencer\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-08-12 to 2012-09-12 )))))))))))))))))))))))))))))))
    .
    .
    2012-09-12 19:36 . 2012-09-12 19:36 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-09-12 15:28 . 2012-08-28 05:49 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{52E824AE-9D54-43AD-8896-321116DE80E5}\mpengine.dll
    2012-09-12 14:01 . 2012-09-12 14:01 -------- d-----w- c:\program files (x86)\Common Files\Skype
    2012-09-12 14:01 . 2012-09-12 14:01 -------- d-----r- c:\program files (x86)\Skype
    2012-09-05 21:37 . 2012-09-05 21:37 -------- d-----w- c:\users\Spencer\AppData\Roaming\SUPERAntiSpyware.com
    2012-09-05 21:18 . 2012-09-11 16:44 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-09-05 21:18 . 2012-09-05 21:18 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-09-05 21:18 . 2012-09-05 21:18 -------- d-----w- c:\programdata\SUPERSetup
    2012-09-04 02:12 . 2012-09-04 02:12 -------- d-----w- c:\users\Spencer\AppData\Local\Secunia PSI
    2012-09-04 02:09 . 2012-09-04 02:09 -------- d-----w- c:\program files (x86)\Secunia
    2012-09-03 00:56 . 2012-09-03 00:57 -------- d-----w- c:\program files\Microsoft Device Center
    2012-09-03 00:39 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
    2012-09-03 00:39 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
    2012-09-02 23:50 . 2012-09-02 23:50 -------- d-----w- c:\windows\system32\SPReview
    2012-09-02 23:49 . 2012-09-02 23:49 -------- d-----w- c:\windows\system32\EventProviders
    2012-09-02 23:47 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
    2012-09-02 23:47 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
    2012-09-02 23:47 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
    2012-09-02 14:14 . 2012-09-02 14:14 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
    2012-09-01 14:37 . 2010-11-20 13:26 1866240 ----a-w- c:\windows\system32\ExplorerFrame.dll
    2012-09-01 14:36 . 2010-11-20 13:27 1158656 ----a-w- c:\windows\system32\webservices.dll
    2012-09-01 14:35 . 2010-11-20 13:27 40960 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
    2012-09-01 14:34 . 2010-11-20 13:27 128000 ----a-w- c:\windows\system32\srvcli.dll
    2012-09-01 14:33 . 2010-11-20 13:15 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
    2012-09-01 14:32 . 2010-11-20 13:27 5120 ----a-w- c:\windows\system32\msdxm.ocx
    2012-09-01 14:31 . 2010-11-20 12:57 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
    2012-09-01 14:31 . 2010-11-20 13:01 2560 ----a-w- c:\windows\system32\drivers\en-US\rdpwd.sys.mui
    2012-09-01 14:31 . 2010-11-20 13:10 4608 ----a-w- c:\windows\system32\drivers\en-US\kbdclass.sys.mui
    2012-09-01 14:31 . 2010-11-20 13:11 6144 ----a-w- c:\windows\system32\drivers\en-US\IPMIDrv.sys.mui
    2012-09-01 14:31 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
    2012-09-01 14:30 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
    2012-09-01 14:28 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
    2012-09-01 12:52 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
    2012-09-01 12:52 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe
    2012-09-01 12:52 . 2011-03-11 04:37 91648 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS
    2012-09-01 12:52 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
    2012-09-01 12:52 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
    2012-09-01 12:52 . 2010-11-20 13:25 296960 ----a-w- c:\windows\system32\rstrui.exe
    2012-09-01 12:50 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
    2012-09-01 12:50 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
    2012-09-01 12:48 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
    2012-09-01 12:48 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
    2012-09-01 12:48 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
    2012-09-01 12:48 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
    2012-09-01 12:48 . 2011-02-24 06:15 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2012-09-01 12:46 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
    2012-09-01 12:46 . 2010-11-20 13:27 33792 ----a-w- c:\windows\system32\profprov.dll
    2012-09-01 12:46 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-09-01 12:45 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys
    2012-09-01 12:45 . 2011-04-29 03:05 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
    2012-09-01 12:45 . 2011-04-29 03:05 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2012-09-01 12:45 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
    2012-09-01 12:45 . 2010-11-20 13:24 288256 ----a-w- c:\windows\system32\MSNP.ax
    2012-09-01 12:45 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
    2012-09-01 12:45 . 2010-11-20 13:24 104960 ----a-w- c:\windows\system32\Mpeg2Data.ax
    2012-09-01 12:45 . 2010-11-20 13:24 75776 ----a-w- c:\windows\system32\MSDvbNP.ax
    2012-09-01 12:42 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
    2012-09-01 12:42 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
    2012-09-01 12:42 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-09-01 12:42 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
    2012-09-01 12:42 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2012-09-01 12:42 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    2012-09-01 12:39 . 2011-07-16 05:37 1162752 ----a-w- c:\windows\system32\kernel32.dll
    2012-09-01 12:39 . 2011-07-16 05:37 421888 ----a-w- c:\windows\system32\KernelBase.dll
    2012-09-01 12:39 . 2011-06-24 05:25 338432 ----a-w- c:\windows\system32\conhost.exe
    2012-09-01 12:34 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
    2012-09-01 12:34 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-09-01 11:54 . 2012-09-04 02:17 -------- d-----w- c:\program files (x86)\MSXML 4.0
    2012-09-01 11:54 . 2012-09-01 11:54 -------- d-----w- c:\windows\system32\Wat
    2012-08-31 17:06 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
    2012-08-31 17:06 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
    2012-08-31 17:06 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
    2012-08-31 17:06 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
    2012-08-31 17:06 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
    2012-08-31 16:58 . 2012-08-03 08:27 62134624 ----a-w- c:\windows\system32\MRT.exe
    2012-08-31 16:47 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll
    2012-08-31 16:47 . 2011-03-11 06:34 1395712 ----a-w- c:\windows\system32\mfc42.dll
    2012-08-31 16:41 . 2010-12-23 10:42 961024 ----a-w- c:\windows\system32\CPFilters.dll
    2012-08-31 16:41 . 2010-12-23 05:54 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
    2012-08-31 16:41 . 2010-12-23 10:42 1118720 ----a-w- c:\windows\system32\sbe.dll
    2012-08-31 16:41 . 2010-12-23 10:36 259072 ----a-w- c:\windows\system32\mpg2splt.ax
    2012-08-31 16:41 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
    2012-08-31 16:41 . 2011-05-24 10:39 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
    2012-08-31 16:41 . 2011-05-24 10:37 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
    2012-08-31 16:41 . 2010-11-20 13:25 207872 ----a-w- c:\windows\system32\cfgmgr32.dll
    2012-08-31 16:41 . 2011-05-24 10:40 64512 ----a-w- c:\windows\SysWow64\devobj.dll
    2012-08-31 16:41 . 2011-05-24 10:40 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
    2012-08-31 16:39 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
    2012-08-31 16:29 . 2011-11-17 06:35 395776 ----a-w- c:\windows\system32\webio.dll
    2012-08-31 16:23 . 2011-06-16 05:49 199680 ----a-w- c:\windows\system32\xmllite.dll
    2012-08-31 16:22 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
    2012-08-31 16:22 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
    2012-08-31 16:18 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
    2012-08-31 16:15 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
    2012-08-31 16:15 . 2010-11-20 13:25 974336 ----a-w- c:\windows\system32\WFS.exe
    2012-08-31 16:13 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
    2012-08-31 16:13 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
    2012-08-31 16:13 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
    2012-08-31 16:13 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
    2012-08-31 15:54 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
    2012-08-31 15:54 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
    2012-08-31 15:53 . 2010-11-20 13:24 2164224 ----a-w- c:\program files\Windows Journal\Journal.exe
    2012-08-31 15:53 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
    2012-08-31 15:53 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
    2012-08-31 15:53 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2012-08-31 15:53 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
    2012-08-31 15:53 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
    2012-08-31 15:53 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
    2012-08-31 15:53 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-08-31 15:53 . 2010-11-20 13:33 288640 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-08-31 15:52 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
    2012-08-31 15:52 . 2010-11-20 13:27 39424 ----a-w- c:\windows\system32\Spool\prtprocs\x64\winprint.dll
    2012-08-31 15:52 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-08-31 15:52 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
    2012-08-31 15:52 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
    2012-08-31 15:52 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
    2012-08-31 15:52 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
    2012-08-31 15:34 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-08-31 15:34 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-08-31 15:34 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-08-31 15:34 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-08-31 15:34 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-08-31 15:34 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-08-31 15:34 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-08-31 15:34 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-04 02:22 . 2012-09-04 02:22 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
    2012-09-04 02:22 . 2010-09-02 17:38 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-09-04 02:19 . 2012-07-18 04:56 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-09-04 02:19 . 2012-07-18 04:54 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-03 00:00 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
    2012-09-03 00:00 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
    2012-08-31 17:17 . 2012-08-31 17:17 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2012-08-31 17:17 . 2012-08-31 17:17 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2012-08-31 17:17 . 2012-08-31 17:17 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2012-08-31 17:17 . 2012-08-31 17:17 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2012-08-31 17:17 . 2012-08-31 17:17 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2012-08-31 17:17 . 2012-08-31 17:17 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-08-31 17:17 . 2012-08-31 17:17 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2012-08-31 17:17 . 2012-08-31 17:17 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2012-08-31 17:17 . 2012-08-31 17:17 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2012-08-31 17:17 . 2012-08-31 17:17 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2012-08-31 17:17 . 2012-08-31 17:17 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-08-21 09:13 . 2011-12-21 18:07 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-08-21 09:13 . 2009-12-23 15:04 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-08-21 09:13 . 2009-12-23 15:04 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-08-21 09:13 . 2012-06-09 19:57 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2012-08-21 09:13 . 2009-12-23 15:04 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-08-21 09:13 . 2009-12-23 15:04 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-08-21 09:12 . 2011-12-21 18:06 41224 ----a-w- c:\windows\avastSS.scr
    2012-08-21 09:12 . 2009-12-23 15:03 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2012-08-21 09:12 . 2011-12-21 18:07 285328 ----a-w- c:\windows\system32\aswBoot.exe
    2012-06-27 01:38 . 2012-06-27 01:38 827728 ----a-w- c:\windows\system32\msvcr100.dll
    2012-06-27 01:38 . 2012-06-27 01:38 770384 ----a-w- c:\windows\SysWow64\msvcr100.dll
    2012-06-27 01:38 . 2012-06-27 01:38 607568 ----a-w- c:\windows\system32\msvcp100.dll
    2012-06-27 01:38 . 2012-06-27 01:38 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
    2012-06-27 01:38 . 2012-06-27 01:38 46176 ----a-w- c:\windows\system32\drivers\point64.sys
    2012-06-27 01:38 . 2012-06-27 01:38 23648 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
    2012-06-25 20:04 . 2012-06-25 20:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-29 39408]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-11 5663616]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
    R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
    R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [2009-06-10 620544]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-01 1255736]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
    R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-04 250568]
    R4 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-09-30 844320]
    R4 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496]
    R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-02 135664]
    R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-02 135664]
    R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
    R4 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-09-24 62720]
    R4 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [x]
    R4 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2007-05-01 52856]
    S1 aswKbd;aswKbd; [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-11 140672]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-30 203264]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
    S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
    S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 47632]
    S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-02-13 292864]
    S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2012-05-28 52320]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-20 317480]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
    S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-09-12 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 02:19]
    .
    2012-09-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3201008034-2131478740-1776008524-1001Core.job
    - c:\users\Spencer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-26 21:59]
    .
    2012-09-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3201008034-2131478740-1776008524-1001UA.job
    - c:\users\Spencer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-26 21:59]
    .
    2012-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-02 15:19]
    .
    2012-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-02 15:19]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-10-09 508472]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-22 295936]
    "Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2009-09-30 823840]
    "IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-27 1464928]
    "IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 2004584]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv53&r=27361209i6c6l03e0z185a48j1x27n
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv53&r=27361209i6c6l03e0z185a48j1x27n
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = 192.168.*.*;*.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.0.1
    FF - ProfilePath - c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\56qi8714.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://www.d2jsp.org/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=867034&p=
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    .
    **************************************************************************
    .
    Completion time: 2012-09-12 15:48:02 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-09-12 19:48
    ComboFix2.txt 2012-09-12 00:10
    .
    Pre-Run: 227,220,221,952 bytes free
    Post-Run: 227,081,175,040 bytes free
    .
    - - End Of File - - 0927CFA89614053D1F94579B601C59A3
     
  10. autoaim

    autoaim Thread Starter

    Joined:
    Sep 3, 2012
    Messages:
    47
    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-09-12 16:51:04
    -----------------------------
    16:51:04.628 OS Version: Windows x64 6.1.7601 Service Pack 1
    16:51:04.628 Number of processors: 2 586 0x602
    16:51:04.644 ComputerName: SPENCER-PC UserName: Spencer
    16:51:07.826 Initialize success
    16:51:07.998 AVAST engine defs: 12091200
    16:53:10.524 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000065
    16:53:10.540 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 11
    16:53:10.587 Disk 0 MBR read successfully
    16:53:10.587 Disk 0 MBR scan
    16:53:10.587 Disk 0 Windows VISTA default MBR code
    16:53:10.587 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12000 MB offset 2048
    16:53:10.618 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 24578048
    16:53:10.633 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 293143 MB offset 24782848
    16:53:10.696 Disk 0 scanning C:\Windows\system32\drivers
    16:53:22.131 Service scanning
    16:53:47.621 Modules scanning
    16:53:47.621 Disk 0 trace - called modules:
    16:53:47.668 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys ACPI.sys storport.sys hal.dll amdsata.sys
    16:53:48.183 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80046b4060]
    16:53:48.183 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa80046a3740]
    16:53:48.183 5 amdxata.sys[fffff880010698b9] -> nt!IofCallDriver -> [0xfffffa80046a3e10]
    16:53:48.198 7 ACPI.sys[fffff88000f437a1] -> nt!IofCallDriver -> \Device\00000065[0xfffffa800469f3b0]
    16:53:50.460 AVAST engine scan C:\Windows
    16:53:55.796 AVAST engine scan C:\Windows\system32
    16:56:54.790 AVAST engine scan C:\Windows\system32\drivers
    16:57:09.719 AVAST engine scan C:\Users\Spencer
    17:00:39.431 AVAST engine scan C:\ProgramData
    17:03:35.415 Scan finished successfully
    17:13:42.490 Disk 0 MBR has been saved successfully to "C:\Users\Spencer\Desktop\Cleaner\MBR.dat"
    17:13:42.490 The log file has been saved successfully to "C:\Users\Spencer\Desktop\Cleaner\aswMBR.txt"


    Im going to rerun combofix with the cfscript.txt now.
     

    Attached Files:

    • MBR.zip
      File size:
      563 bytes
      Views:
      1
  11. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Tha combofix log in post 16 shows that Windows Defender was already disabled as it should be when there is an Anti Virus program installed. I have never seen an instance of Defender casing an issue with Internet connection, it is included and installed on every PC running Windows.

    I have had a run of Internet connection being lost when using Combofix, this has happened in the past and corrected with further updates. Combofix gets updates frequently and sometimes the updates cause problems on some PC's.

    Let me know how things are when you post the aswMBR log.
     
  12. autoaim

    autoaim Thread Starter

    Joined:
    Sep 3, 2012
    Messages:
    47
    Aswmbr log is right above your last post along with the zip file. I meant that i thought with defender on it affected the scan and lost my internet. The first time i ran combofix i had no issue. It started when i used the CFScript.txt file
     
  13. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Yup, I see the log, our posts crossed over.

    Please delete the Combofix icon on your desktop, use the link in the original instructions to download a fresh copy and just run a scan with it. See if that brings back the internet after a reboot.
     
  14. autoaim

    autoaim Thread Starter

    Joined:
    Sep 3, 2012
    Messages:
    47
    Internet still is a no go. Full 5 bars, just no internet connection wired or wireless.
     
  15. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    We just crossed posts again, try what I said in post 28.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1067622