Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Issues after Virus Removal


  • This topic is locked This topic is locked
13 replies to this topic

#1 ptad

ptad

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 15 December 2011 - 01:19 AM

Hi,

Recently I've been having virus issues after avoiding them for years. Ran into the Win 2012 AntiSpyware virus, but I believe I cleared that up, but yet still had many issues with slow laptop and random popups during internet browsing. I ran malware antispyware and spybot as the usual and still did not solve the issue. Then, without researching enough (coming here), I did the unthinkable and one of the biggest mistakes of my computing career and attempted to use ComboFix to fix the problem. It identified a Rootkit.ZeroAccess and went through its processes. Now however I am unable to get on the internet, and I am not convinced that I solved the issue. I am running Windows 7 32 Bit and tried to follow the directions on manually resetting the internet connection but that did not work. I'm not convinced I've solved the problem, or if the problem is actually what is now stopping the internet. I attempted to System Restore after realizing I messed up using ComboFix (like I said did not come here before using to read about how dangerous it was), but it could not complete. I have also restarted my laptop.

I would much appreciate any help or guidance, but I definitely do understand if I cannot be helped due to violating a cardinal rule around here. I accidently posted in the logs forum unsure of where my post belonged since I mainly feel it is an internet issue but if it needs to be put back let me know!

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:35 AM

Posted 15 December 2011 - 02:53 AM

Please download Farbar Service Scanner

http://download.bleepingcomputer.com/farbar/FSS.exe

and run it on the computer with the issue.

* Make sure "Include All Files" option remains checked.
* Press "Scan".
* It will create a log (FSS.txt) in the same directory the tool is run.
* Please copy and paste the log to your reply.

Someone will help you soon :)

#3 ptad

ptad
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 15 December 2011 - 01:53 PM

Farbar Service Scanner
Ran by Pat (administrator) on 15-12-2011 at 13:50:59
Microsoft Windows 7 Professional Service Pack 1 (X86)
********************************************************

Service Check:
==============

File Check:
===========
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2011-06-16 03:10] - [2011-04-24 21:18] - 0338944 ____A () 331F94519685F23447A5C4C62A29F9E4

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit

Connection Status:
==================
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Yahoo IP is accessible.

**** End of log ****

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:35 AM

Posted 15 December 2011 - 02:40 PM

Launch Farbar service scanner again

Type

afd.sys in the BOX and click on search files

Please post the log here

#5 ptad

ptad
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 15 December 2011 - 02:54 PM

arbar Service Scanner
Ran by Pat (administrator) on 15-12-2011 at 14:52:24
Windows 7 Professional Service Pack 1 (X86)

************************************************
================== Search: "afd.sys" ===================

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys
[2011-06-16 03:10] - [2011-04-24 22:24] - 0338944 ____A (Microsoft Corporation) C427F91A748CD342A2B3F9278D9FD6A5

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys
[2011-06-16 03:10] - [2011-04-24 21:18] - 0338944 ____A () 331F94519685F23447A5C4C62A29F9E4

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys
[2011-06-22 22:17] - [2010-11-20 03:40] - 0338944 ____A (Microsoft Corporation) 1151FD4FB0216CFED887BFDE29EBD516

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys
[2011-06-16 03:10] - [2011-04-24 21:27] - 0338944 ____A (Microsoft Corporation) C114AB7A1550D42EA1700FFD4179CF5A

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys
[2011-06-16 03:10] - [2011-04-24 21:35] - 0338944 ____A (Microsoft Corporation) 0DB7A48388D54D154EBEC120461A0FCD

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys
[2009-07-13 18:12] - [2009-07-13 18:12] - 0338944 ____A (Microsoft Corporation) DDC040FDB01EF1712A6B13E52AFB104C

C:\Windows\System32\drivers\afd.sys
[2011-06-16 03:10] - [2011-04-24 21:18] - 0338944 ____A () 331F94519685F23447A5C4C62A29F9E4

====== End Of Search ======

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:35 AM

Posted 15 December 2011 - 03:47 PM

Hi

I guess you still have combofix on your desktop

Open a notepad and copy the script

FCopy::
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys | C:\WINDOWS\system32\drivers\afd.sys


Save the notepad as CFScript.txt on the desktop

Now drag the text file into combofix.exe

Allow combofix to generate log file


Post the contents here

Restart your computer and see if you can connect now

Edited by narenxp, 15 December 2011 - 03:47 PM.


#7 ptad

ptad
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 15 December 2011 - 04:47 PM

Restarted the computer and can connect now! Much thanks to you for fixing my major computing mistake. Here is the combofix log though as requested. I'll check back later incase there is anything else noted from the log. Thanks again!


ComboFix 11-12-13.03 - Pat 12/15/2011 16:33:53.3.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2042.922 [GMT -5:00]
Running from: c:\users\Pat\Desktop\ComboFix.exe
Command switches used :: c:\users\Pat\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys --> c:\windows\system32\drivers\afd.sys
.
((((((((((((((((((((((((( Files Created from 2011-11-15 to 2011-12-15 )))))))))))))))))))))))))))))))
.
.
2011-12-15 21:39 . 2011-12-15 21:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-15 03:24 . 2011-12-15 04:09 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3976915A-2D90-43E3-81CE-B8CB40C8CAE0}\offreg.dll
2011-12-15 01:54 . 2011-12-15 21:39 -------- d-----w- c:\users\Pat\AppData\Local\temp
2011-12-15 00:53 . 2009-07-13 23:11 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-12-14 20:28 . 2011-12-14 20:28 -------- d-----w- c:\program files\iPod
2011-12-14 07:07 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3976915A-2D90-43E3-81CE-B8CB40C8CAE0}\mpengine.dll
2011-12-01 01:23 . 2011-12-01 01:23 -------- d-----w- c:\users\Pat\AppData\Local\HP
2011-11-18 04:06 . 2011-11-18 04:06 -------- d-----w- c:\program files\SystemRequirementsLab
2011-11-18 04:06 . 2011-11-18 04:06 -------- d-----w- c:\users\Pat\AppData\Roaming\SystemRequirementsLab
2011-11-17 04:30 . 2011-12-14 20:35 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-11-17 04:30 . 2011-11-17 04:56 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-11-16 00:34 . 2011-11-16 00:34 -------- d-----w- c:\program files\uTorrent
2011-11-16 00:33 . 2011-11-18 06:19 -------- d-----w- c:\users\Pat\AppData\Roaming\uTorrent
2011-11-16 00:33 . 2011-11-16 00:33 -------- d-----w- c:\users\Pat\AppData\Local\uTorrent
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-15 21:28 . 2011-06-10 17:17 29 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2011-11-21 10:47 . 2010-09-14 15:28 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-21 19:21 . 2011-06-21 20:12 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-14 16:17 . 2011-10-14 16:17 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-10-14 16:17 . 2011-10-14 16:17 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-10-14 16:17 . 2011-10-14 16:17 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-10-14 16:17 . 2011-10-14 16:17 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-10-14 16:17 . 2011-10-14 16:17 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-10-14 16:17 . 2011-10-14 16:17 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-10-14 16:17 . 2011-10-14 16:17 367104 ----a-w- c:\windows\system32\html.iec
2011-10-14 16:17 . 2011-10-14 16:17 161792 ----a-w- c:\windows\system32\msls31.dll
2011-10-14 16:17 . 2011-10-14 16:17 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-10-14 16:17 . 2011-10-14 16:17 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-10-14 16:17 . 2011-10-14 16:17 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-10-14 16:17 . 2011-10-14 16:17 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-10-14 16:17 . 2011-10-14 16:17 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-10-14 16:17 . 2011-10-14 16:17 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-14 16:17 . 2011-10-14 16:17 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-10-14 16:17 . 2011-10-14 16:17 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-10-14 16:17 . 2011-10-14 16:17 152064 ----a-w- c:\windows\system32\wextract.exe
2011-10-14 16:17 . 2011-10-14 16:17 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-10-14 16:17 . 2011-10-14 16:17 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-10-14 16:17 . 2011-10-14 16:17 11776 ----a-w- c:\windows\system32\mshta.exe
2011-10-14 16:17 . 2011-10-14 16:17 101888 ----a-w- c:\windows\system32\admparse.dll
2011-10-11 21:03 . 2011-10-11 21:04 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9E54417F-23C1-4B10-BF3C-6F58FB07139E}\gapaengine.dll
2011-09-29 16:03 . 2011-11-09 13:50 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-29 03:37 . 2011-11-09 13:50 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-10 23:19 . 2011-04-29 14:58 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-10-19 4615552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R1 MpKsl15414997;MpKsl15414997;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{91CC2ACD-9F92-439F-B108-420211D84D68}\MpKsl15414997.sys [x]
R1 MpKsl168dedc2;MpKsl168dedc2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F16ADADA-8EFD-4665-97A8-EE7C90A90760}\MpKsl168dedc2.sys [x]
R1 MpKsl3293ee02;MpKsl3293ee02;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E6DD1EBA-57C8-40A2-99AF-443452DC3485}\MpKsl3293ee02.sys [x]
R1 MpKsl34882c3e;MpKsl34882c3e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AEA27E7E-0E01-4F93-A985-CCEC14AD8F1D}\MpKsl34882c3e.sys [x]
R1 MpKsl3bc88933;MpKsl3bc88933;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{29396B95-5EDB-4593-9408-AE01BDA86164}\MpKsl3bc88933.sys [x]
R1 MpKsl3d854585;MpKsl3d854585;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D0005A5F-7BDA-4CD0-B7A1-6EB3080BD65B}\MpKsl3d854585.sys [x]
R1 MpKsl43d1f055;MpKsl43d1f055;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F33BA9BE-88A3-41D2-BE78-EAEA47281757}\MpKsl43d1f055.sys [x]
R1 MpKsl49d2ed14;MpKsl49d2ed14;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E6DD1EBA-57C8-40A2-99AF-443452DC3485}\MpKsl49d2ed14.sys [x]
R1 MpKsl4fc51bc1;MpKsl4fc51bc1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A59314C5-BAE9-40D4-A857-24D56E2967E6}\MpKsl4fc51bc1.sys [x]
R1 MpKsl551a7224;MpKsl551a7224;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3976915A-2D90-43E3-81CE-B8CB40C8CAE0}\MpKsl551a7224.sys [x]
R1 MpKsl57868932;MpKsl57868932;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A87ADE56-7DE4-4B60-9D9F-CB4DFF5C7515}\MpKsl57868932.sys [x]
R1 MpKsl654ce7e9;MpKsl654ce7e9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8B87DF59-FD1D-4A78-83F3-6A318C77BD7F}\MpKsl654ce7e9.sys [x]
R1 MpKsl7762d3a5;MpKsl7762d3a5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6D3D8FF1-1F22-46C9-86E4-354CEC3AE988}\MpKsl7762d3a5.sys [x]
R1 MpKsl7c1f51f7;MpKsl7c1f51f7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FC56A1CE-498C-46C4-9FA3-84B1BC988C6E}\MpKsl7c1f51f7.sys [x]
R1 MpKsl7e2fc4b8;MpKsl7e2fc4b8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BEFE60A2-C0A8-42CC-BC85-B64DF28A979F}\MpKsl7e2fc4b8.sys [x]
R1 MpKsl8160810c;MpKsl8160810c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A6C78B05-74DC-4EB4-99CE-44CE17260D1B}\MpKsl8160810c.sys [x]
R1 MpKsl8479611b;MpKsl8479611b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{347D76FD-88F6-4D4E-89E5-A41A88A04108}\MpKsl8479611b.sys [x]
R1 MpKsl8af40470;MpKsl8af40470;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D079609D-D093-4780-93A3-79A97F160BEF}\MpKsl8af40470.sys [x]
R1 MpKsl8eeadc2a;MpKsl8eeadc2a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C22715AA-A79B-4922-8395-62B0FA6C6765}\MpKsl8eeadc2a.sys [x]
R1 MpKsl90867ab8;MpKsl90867ab8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{435C0401-912F-44E7-82F9-6226E0D3EAEE}\MpKsl90867ab8.sys [x]
R1 MpKsl97d308b6;MpKsl97d308b6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8B8416EA-D987-41E3-A5E1-803B68EB809D}\MpKsl97d308b6.sys [x]
R1 MpKsl9b066ffc;MpKsl9b066ffc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AEA27E7E-0E01-4F93-A985-CCEC14AD8F1D}\MpKsl9b066ffc.sys [x]
R1 MpKsla8525c20;MpKsla8525c20;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D0005A5F-7BDA-4CD0-B7A1-6EB3080BD65B}\MpKsla8525c20.sys [x]
R1 MpKslb337f1d4;MpKslb337f1d4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{136E8E9D-AE9D-4C3D-AA1F-0EF2C2660FD1}\MpKslb337f1d4.sys [x]
R1 MpKslb7edc61f;MpKslb7edc61f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B52BFE10-64FC-4DDB-9A82-A99C0373D7CA}\MpKslb7edc61f.sys [x]
R1 MpKslbc75321f;MpKslbc75321f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C78AFC63-93EB-423A-8A86-173440D3AF5F}\MpKslbc75321f.sys [x]
R1 MpKslcb136786;MpKslcb136786;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{761FF5E3-140D-4B8A-AA8D-B216196FA3C1}\MpKslcb136786.sys [x]
R1 MpKsld156f713;MpKsld156f713;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{578517DA-6A9E-453C-A318-92F2C95BBEDD}\MpKsld156f713.sys [x]
R1 MpKsle69e41fb;MpKsle69e41fb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7F155350-E33B-4EB1-965C-202D9A04F610}\MpKsle69e41fb.sys [x]
R1 MpKslea6c12c0;MpKslea6c12c0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3976915A-2D90-43E3-81CE-B8CB40C8CAE0}\MpKslea6c12c0.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 XMLProvS;Network ProService;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2010-04-17 22416]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 RICOH SmartCard Reader;RICOH SmartCard Reader;c:\windows\system32\DRIVERS\rismc32.sys [2009-07-20 49152]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-30 1343400]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-02-15 19968]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 26168]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-12-03 625224]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 45736]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [2009-06-13 221912]
S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2011-05-10 6758912]
S3 rismc32;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismc32.sys [2009-07-20 49152]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - uwldapow
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
xmlpros REG_MULTI_SZ XMLProvS
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2151597958-2523263111-3118920348-1000Core.job
- c:\users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-27 02:26]
.
2011-12-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2151597958-2523263111-3118920348-1000UA.job
- c:\users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-27 02:26]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\0h2hwxou.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.7is7.com/otto/countdown.html
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:c8,37,a7,a5,85,b1,cc,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-15 16:42:27
ComboFix-quarantined-files.txt 2011-12-15 21:42
ComboFix2.txt 2011-12-15 01:59
ComboFix3.txt 2011-12-15 01:09
.
Pre-Run: 174,557,491,200 bytes free
Post-Run: 174,121,160,704 bytes free
.
- - End Of File - - E4F7DD7323D360ABE0C093F25D343694

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:35 AM

Posted 15 December 2011 - 05:15 PM

:thumbup2:

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:35 PM

Posted 17 December 2011 - 07:43 AM

I have moved this topic to the malware removal forum. At BC we do not allow any members to recommend Combofix usage because this is a very powerful tool. We only allow trained helpers to instruct others in its usage to prevent damage to the computer of the one looking for help.

Since the tool was run, please let me know how things stand at this point. Are you still having internet issues and are there any other problems?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 ptad

ptad
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 17 December 2011 - 01:09 PM

My internet is working fine now!

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:35 PM

Posted 17 December 2011 - 01:35 PM

Good to hear that! Do you have any other problem at this point?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 ptad

ptad
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 17 December 2011 - 02:23 PM

No, much thanks for all the help from the BleepingComputer community. Especially narenxp, appreciate the quick turnover!

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:35 PM

Posted 17 December 2011 - 02:46 PM

I'm glad to hear everything is running okay! Please be sure to uninstall Combofix. To do this, right click on combofix.exe and select Rename. Rename the file to uninstall.exe and run it like that. This should remove Combofix from your system and reset certain settings.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:35 PM

Posted 06 January 2012 - 06:33 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users