BleepingComputer.com: no internet access after running combo fix

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

no internet access after running combo fix

#1 User is offline   timgman 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 7
  • Joined: 05-January 12

Posted 05 January 2012 - 08:40 PM

Hi

Can I get help, after running Malware, combo fix, I can't get on the internet. Says "can't detect proxy setting" for my wirerless internet. Other computers are working fine on the system so it has to be my unit. I ran DDS and the log is below. combo fix said I had a root kit virus or soemthing similar to that.


DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by TIM at 0:14:19 on 2012-01-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.2157 [GMT -5:00]
.
AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\brsvc01a.exe
C:\Windows\system32\brss01a.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\snuvcdsm.exe
C:\Program Files\ZapShares\ZapSharesProtect.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyServer = http=127.0.0.1:54263
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
mRun: [SNUVCDSM] c:\windows\snuvcdsm.exe
mRun: [ZapShares] "c:\program files\zapshares\ZapSharesProtect.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{28928FC7-FD0C-4986-8CF5-E09B9B32F1EC} : NameServer = 209.183.33.23 209.183.35.23
TCP: Interfaces\{CA33EE9B-2654-4DF1-834B-2AA149E6671A}\46C696E6B6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{CA33EE9B-2654-4DF1-834B-2AA149E6671A}\8686F6E6F62737 : DhcpNameServer = 12.127.16.67 12.127.17.71
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-3-24 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-3-24 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-3-24 66616]
R2 BRA_Scheduler;Brother BRAdminPro Scheduler;c:\program files\brother\bradmin professional 3\bratimer.exe [2012-1-2 65536]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-4-22 365952]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-3-26 6755840]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-6-14 166912]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-3-26 167936]
S2 Appinfo32;Application Information ;c:\windows\system32\miguiresource32.exe --> c:\windows\system32\miguiresource32.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-27 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-4-22 228408]
S3 DrmRAudio;DrmRAudio;c:\windows\system32\drivers\DrmRAudio.sys [2011-1-4 23608]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-27 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-6-26 1124848]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-8 52224]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-17 1343400]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2011-8-5 268512]
.
=============== Created Last 30 ================
.
2012-01-05 03:00:48 -------- d-----w- C:\$RECYCLE.BIN
2012-01-05 02:59:06 -------- d-----w- c:\users\tim\appdata\local\temp
2012-01-05 01:59:39 -------- d-----w- C:\ComboFix
2012-01-03 05:07:40 302592 ----a-w- c:\windows\system32\cmd.execf
2012-01-03 04:06:27 57344 ----a-w- c:\windows\system32\BRSVC01A.EXE
2012-01-03 04:06:27 45056 ----a-w- c:\windows\system32\BRSS01A.EXE
2012-01-02 03:55:52 -------- d-----w- c:\program files\iPod
2012-01-02 03:55:51 -------- d-----w- c:\program files\iTunes
2012-01-02 03:54:50 -------- d-----w- c:\program files\Bonjour
2012-01-02 03:10:08 -------- d-----w- c:\users\tim\appdata\local\AT&T
2011-12-31 22:51:41 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-12-31 22:51:41 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-12-31 22:50:46 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-12-31 22:49:55 -------- d-----w- c:\users\tim\appdata\local\Apple
2011-12-30 00:42:23 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-30 00:42:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-29 18:13:52 -------- d-----w- c:\windows\pss
2011-12-24 21:33:03 -------- d-----w- c:\programdata\Big Fish Games
2011-12-24 21:31:29 -------- d-----w- C:\BigFishGamesCache
2011-12-17 19:06:16 -------- d-----w- c:\users\tim\appdata\roaming\SuperNZB
2011-12-16 23:20:08 -------- d-----w- c:\users\tim\appdata\local\SanctionedMedia
2011-12-16 00:29:24 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-12-16 00:29:16 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-16 00:29:04 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-16 00:29:03 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-16 00:28:56 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-16 00:28:55 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
==================== Find3M ====================
.
2011-11-16 01:38:37 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 0:16:41.44 ===============

I am watching other postings with similar problem and listed below my aswMBR log to hopefully help solve my problem. Any Help?????


aswMBR version 0.9.9.1156 Copyright© 2011 AVAST Software
Run date: 2012-01-05 19:14:38
-----------------------------
19:14:38.003 OS Version: Windows 6.1.7601 Service Pack 1
19:14:38.003 Number of processors: 2 586 0x170A
19:14:38.003 ComputerName: TIM-LAPTOP UserName: TIM
19:14:39.142 Initialize success
19:14:53.510 AVAST engine download error: 0
19:14:59.453 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:14:59.453 Disk 0 Vendor: ST932032 0005 Size: 305245MB BusType: 3
19:14:59.453 Disk 0 MBR read successfully
19:14:59.469 Disk 0 MBR scan
19:14:59.469 Disk 0 unknown MBR code
19:14:59.484 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 294058 MB offset 2048
19:14:59.516 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11183 MB offset 602232832
19:14:59.516 Disk 0 scanning sectors +625135616
19:14:59.625 Disk 0 scanning C:\Windows\system32\drivers
19:15:17.237 Service scanning
19:15:19.796 Service AFD C:\Windows\system32\drivers\afd.sys **LOCKED** 5
19:15:21.122 Modules scanning
19:15:36.519 Disk 0 trace - called modules:
19:15:36.550 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
19:15:36.550 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86c75258]
19:15:36.566 3 CLASSPNP.SYS[8b77659e] -> nt!IofCallDriver -> [0x85e5f868]
19:15:36.566 5 ACPI.sys[8b09d3d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85e27028]
19:15:36.581 Scan finished successfully
19:15:46.487 Disk 0 MBR has been saved successfully to "C:\Users\TIM\Desktop\MBR.dat"
19:15:46.503 The log file has been saved successfully to "C:\Users\TIM\Desktop\aswMBR.txt"

This post has been edited by Budapest: 05 January 2012 - 08:41 PM
Reason for edit: Moved from Win7 ~Budapest

#2 User is offline   timgman 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 7
  • Joined: 05-January 12

Posted 05 January 2012 - 09:24 PM

Sorry originally placed in wrong forum hope it got moved to the correct forum

#3 User is offline   timgman 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 7
  • Joined: 05-January 12

Posted 05 January 2012 - 10:54 PM

Just adding more scan info that I am seeing requested in other topics


Farbar Service Scanner
Ran by TIM (administrator) on 05-01-2012 at 22:56:01
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
The start type of bfe service is set to Demand. The default start type is Auto.
The ImagePath of bfe: "NADA".
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.

mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.


Firewall Disabled Policy:
==================


System Restore:
============
VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2011-06-16 00:17] - [2011-04-24 21:18] - 0338944 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#4 User is offline   timgman 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 7
  • Joined: 05-January 12

Posted 05 January 2012 - 11:09 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 23:09 on 05/01/2012 by TIM
Administrator - Elevation successful

========== filefind ==========

Searching for "afd.sys"
C:\Windows\System32\drivers\afd.sys --a---- 338944 bytes [05:17 16/06/2011] [02:18 25/04/2011] (Unable to calculate MD5)
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys --a---- 338944 bytes [23:12 13/07/2009] [23:12 13/07/2009] DDC040FDB01EF1712A6B13E52AFB104C
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys --a---- 338944 bytes [05:17 16/06/2011] [02:35 25/04/2011] 0DB7A48388D54D154EBEC120461A0FCD
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys --a---- 338944 bytes [05:17 16/06/2011] [02:27 25/04/2011] C114AB7A1550D42EA1700FFD4179CF5A
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys --a---- 338944 bytes [22:53 08/06/2011] [08:40 20/11/2010] 1151FD4FB0216CFED887BFDE29EBD516
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys --a---- 338944 bytes [05:17 16/06/2011] [02:18 25/04/2011] (Unable to calculate MD5)
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys --a---- 338944 bytes [05:17 16/06/2011] [03:24 25/04/2011] C427F91A748CD342A2B3F9278D9FD6A5

-= EOF =-

#5 User is offline   timgman 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 7
  • Joined: 05-January 12

Posted 06 January 2012 - 05:59 PM

still needing help

#6 User is offline   timgman 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 7
  • Joined: 05-January 12

Posted 06 January 2012 - 08:20 PM

combofix run: rootkit activity found restart computer. log below

ComboFix 12-01-03.07 - TIM 01/06/2012 20:01:04.7.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.2431 [GMT -5:00]
Running from: c:\users\TIM\Desktop\ComboFix.exe
Command switches used :: F:\CFscript.txt
AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB62280$ . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-12-07 to 2012-01-07 )))))))))))))))))))))))))))))))
.
.
2012-01-07 01:12 . 2012-01-07 01:14 -------- d-----w- c:\users\TIM\AppData\Local\temp
2012-01-07 01:12 . 2012-01-07 01:12 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-01-07 01:12 . 2012-01-07 01:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-07 00:24 . 2009-07-13 23:11 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-01-03 05:07 . 2012-01-04 01:56 302592 ----a-w- c:\windows\system32\cmd.execf
2012-01-03 04:06 . 2002-04-12 05:00 57344 ----a-w- c:\windows\system32\BRSVC01A.EXE
2012-01-03 04:06 . 2001-12-13 05:01 45056 ----a-w- c:\windows\system32\BRSS01A.EXE
2012-01-02 03:55 . 2012-01-02 03:55 -------- d-----w- c:\program files\iPod
2012-01-02 03:55 . 2012-01-02 03:56 -------- d-----w- c:\program files\iTunes
2012-01-02 03:55 . 2012-01-02 03:55 -------- d-----w- c:\program files\Apple Software Update
2012-01-02 03:54 . 2012-01-02 03:54 -------- d-----w- c:\program files\Bonjour
2012-01-02 03:54 . 2012-01-02 03:55 -------- d-----w- c:\program files\Common Files\Apple
2012-01-02 03:10 . 2012-01-02 03:10 -------- d-----w- c:\users\TIM\AppData\Local\AT&T
2011-12-31 22:51 . 2011-12-31 22:51 -------- dc----w- c:\windows\system32\DRVSTORE
2011-12-31 22:51 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-12-31 22:51 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-12-31 22:50 . 2011-12-31 22:51 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-12-31 22:50 . 2011-12-31 22:50 -------- d-----w- c:\programdata\Apple Computer
2011-12-31 22:49 . 2011-12-31 22:49 -------- d-----w- c:\users\TIM\AppData\Local\Apple
2011-12-31 22:49 . 2011-12-31 22:49 -------- d-----w- c:\programdata\Apple
2011-12-30 00:42 . 2011-12-30 00:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-30 00:42 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-24 21:33 . 2012-01-02 03:35 -------- d-----w- c:\programdata\Big Fish Games
2011-12-24 21:31 . 2012-01-02 03:35 -------- d-----w- C:\BigFishGamesCache
2011-12-17 19:06 . 2011-12-17 19:08 -------- d-----w- c:\users\TIM\AppData\Roaming\SuperNZB
2011-12-16 23:20 . 2011-12-16 23:20 -------- d-----w- c:\users\TIM\AppData\Local\SanctionedMedia
2011-12-16 00:29 . 2011-11-24 04:25 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-12-16 00:29 . 2011-11-05 04:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-16 00:29 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-16 00:29 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-16 00:28 . 2011-10-26 04:47 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-16 00:28 . 2011-10-26 04:47 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-16 01:38 . 2011-10-10 02:30 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 16:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-06-13 23:10 2734688 ----a-w- c:\program files\Vuze_Remote\tbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-06-13 2734688]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-06-13 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SNUVCDSM"="c:\windows\snuvcdsm.exe" [2009-08-10 27184]
"ZapShares"="c:\program files\ZapShares\ZapSharesProtect.exe" [2010-06-18 1081032]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 16:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-02 04:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsWnd]
2009-08-19 18:41 3618104 ------w- c:\program files\Brownie\BrStsWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2009-07-14 01:14 8704 ----a-w- c:\windows\System32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Disc Tool]
2009-06-19 02:46 494064 ----a-w- c:\program files\Roxio\Roxio Burn\RoxioBurnLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-03-18 03:06 136176 ----atw- c:\users\TIM\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2008-09-30 23:56 972080 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 06:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-06-09 17:16 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2011-12-24 22:50 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetL]
2008-07-03 11:58 94208 ----a-w- c:\windows\PLFSetL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2009-06-24 18:57 320056 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2009-06-24 02:34 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reader Library Launcher]
2010-07-13 06:34 906648 ----a-w- c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-01-22 13:29 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-05-31 02:52 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 13:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WirelessAssistant]
2009-05-11 19:19 513080 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
R0 inworruq;inworruq;c:\windows\System32\drivers\gcbb.sys [x]
R2 Appinfo32;Application Information ;c:\windows\system32\miguiresource32.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-28 135664]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 DrmRAudio;DrmRAudio;c:\windows\system32\drivers\DrmRAudio.sys [2010-12-05 23608]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-28 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1343400]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 268512]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 BRA_Scheduler;Brother BRAdminPro Scheduler;c:\program files\Brother\BRAdmin Professional 3\bratimer.exe [2010-09-15 65536]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-07-16 35088]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-29 112128]
S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-03-27 6755840]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-06-14 166912]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-27 167936]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - avgntflt
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-28 04:55]
.
2012-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-28 04:55]
.
2012-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3958947576-3142239785-254900042-1000Core.job
- c:\users\TIM\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-28 03:06]
.
2012-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3958947576-3142239785-254900042-1000UA.job
- c:\users\TIM\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-28 03:06]
.
2011-12-27 c:\windows\Tasks\HPCeeScheduleForTIM.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 08:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyServer = http=127.0.0.1:54263
uInternet Settings,ProxyOverride = *.local
TCP: Interfaces\{28928FC7-FD0C-4986-8CF5-E09B9B32F1EC}: NameServer = 209.183.33.23 209.183.35.23
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE]
"ImagePath"="NADA"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DbgagD\1*]
"value"="?\09\00\19\0f*\17?"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\brss01a.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\conhost.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-01-06 20:20:01 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-07 01:20
ComboFix2.txt 2012-01-05 03:07
ComboFix3.txt 2012-01-04 04:25
ComboFix4.txt 2010-12-31 13:43
ComboFix5.txt 2012-01-07 00:06
.
Pre-Run: 52,777,177,088 bytes free
Post-Run: 52,703,744,000 bytes free
.
- - End Of File - - E7B987EE440DC9B04A1829A5B76E8870

#7 User is offline   Queen-Evie 

  • Official Bleepin' Bama Belle
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Moderator
  • Posts: 4,563
  • Joined: 24-February 07
  • Gender:Not Telling
  • Location:Tuscaloosa, Alabama

Posted 07 January 2012 - 02:31 PM

timgman, You posted a topic that indicated your issue has been solved. Based on that post, I am closing this topic as it appears you no longer need help getting your internet connection back.

If you do still need help with this, pm me and I will re-open this topic.

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users