Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ComboFix: connecting to internet/Windows 7


  • This topic is locked This topic is locked
3 replies to this topic

#1 DanW1967

DanW1967

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:11 AM

Posted 15 June 2012 - 05:02 PM

Hi, I'm new here. Hello everyone. Please forgive me if I'm doing something incorrectly.
I need your help. I will provide whatever is necessary to help you help me!
I appreciate whoever helps in advance!

I have a windows 7 machine. I disabled Norton on my laptop before running combofix because I had some
kind of spyware that kept popping up various boxes on my laptop wanting me to purchase some virus
software because I was infected.

After running combofix, the spyware seems to be removed, however I'm not sure since I cannot connect
to the internet. I've tried researching the problem and have tried various things to no avail.

Can someone help? Log is below.

Thanks very much!
ComboFix 12-06-15.03 - Ryan 06/15/2012 12:41:47.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3037.1830 [GMT -5:00]
Running from: c:\users\Ryan\Documents\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Search Toolbar
c:\program files\Search Toolbar\SearchToolbar.dll
c:\programdata\PCDr\5907\Downloads\288d198f-eb50-4316-9b17-4269c8487bf7.dll
c:\programdata\PCDr\5907\Downloads\d2475db4-153a-4cdd-a84a-1f6c794325f4.dll
c:\users\Ryan\AppData\Roaming\Protector-ogci.exe
c:\users\Ryan\AppData\Roaming\Protector-pqkk.exe
c:\users\Ryan\AppData\Roaming\result.db
c:\users\Ryan\GoToAssistDownloadHelper.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-15 to 2012-06-15 )))))))))))))))))))))))))))))))
.
.
2012-06-15 17:55 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AA108A1B-113F-4C21-BA65-CDE3549CDF97}\mpengine.dll
2012-06-15 17:52 . 2012-06-15 17:52 -------- d-----w- c:\users\RA Media Server\AppData\Local\temp
2012-06-15 17:52 . 2012-06-15 17:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-15 17:52 . 2012-06-15 17:52 -------- d-----w- c:\users\Jason.Wolterink-LT\AppData\Local\temp
2012-06-15 17:52 . 2012-06-15 17:52 -------- d-----w- c:\users\Dan\AppData\Local\temp
2012-06-15 17:52 . 2012-06-15 17:52 -------- d-----w- c:\users\Dan.Wolterink-LT\AppData\Local\temp
2012-06-15 17:52 . 2012-06-15 17:52 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-06-15 17:52 . 2012-06-15 17:52 -------- d-----w- c:\users\Barb.Wolterink-LT\AppData\Local\temp
2012-06-15 14:47 . 2012-06-15 16:34 -------- d-----w- C:\BACKUP
2012-06-15 13:50 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-15 13:49 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-15 13:49 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-15 13:49 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-15 13:47 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A305920-7BEE-4679-A6AC-2D91A6D2E588}\mpengine.dll
2012-05-29 16:01 . 2012-05-29 16:01 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-17 22:35 . 2012-06-15 17:12 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:24 . 2012-06-15 17:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-15 01:05 . 2012-06-15 13:50 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-05-01 04:44 . 2012-06-15 13:50 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-04-26 04:45 . 2012-06-15 13:50 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 04:45 . 2012-06-15 13:50 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 04:41 . 2012-06-15 13:50 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-07 11:26 . 2012-06-15 13:50 2342400 ----a-w- c:\windows\system32\msi.dll
2012-03-31 04:39 . 2012-05-08 20:40 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-08 20:40 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 10:23 . 2012-05-08 20:40 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn5\yt.dll" [2011-10-06 2015544]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-07-12 226904]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-08-22 6276408]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2009-01-30 1347584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-12-22 483420]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-07-17 196608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-02-19 438403]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-18 68592]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-01-14 132392]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2009-05-12 842816]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"dlebmon.exe"="c:\program files\Dell P513w\dlebmon.exe" [2011-01-24 770728]
"EzPrint"="c:\program files\Dell P513w\ezprint.exe" [2011-01-24 139944]
.
c:\users\Barb.Wolterink-LT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
c:\users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
c:\users\Dan.Wolterink-LT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
c:\users\Jason.Wolterink-LT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-7-9 1616976]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2011-12-03 19:40 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Users^Ryan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]
backup=c:\windows\pss\Dell Dock.lnk.Startup
backupExtension=.Startup
path=c:\users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2011-05-13 22:03 4283256 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"DpAgent"=c:\program files\DigitalPersona\Bin\dpagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 Apache2.2;Remote Access Media Server;c:\programdata\SingleClick Systems\apache\bin\httpd.exe [2007-09-21 15872]
R2 dlebCATSCustConnectService;dlebCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\dlebserv.exe [2010-05-21 193192]
R2 dsl-fs-sync;Remote Access File Sync Service;c:\programdata\SingleClick Systems\Remote Access File Sync Service\dsl_fs_sync.exe [2008-09-30 173296]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 135664]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 45736]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 135664]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2012-04-10 21744]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-26 1343400]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008030.006\SYMEFA.SYS [2009-08-22 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\NIS\1008030.006\BHDrvx86.sys [2009-08-22 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NIS\1008030.006\ccHPx86.sys [2011-10-11 467592]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20120613.007\IDSvix86.sys [2012-04-28 368248]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_61cf005dca0fb599\aestsrv.exe [2008-12-22 81920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-03-06 20376]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2008-10-16 1668344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 dleb_device;dleb_device;c:\windows\system32\dlebcoms.exe [2010-05-21 598696]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-24 155648]
S2 dsl-db;Remote Access DB;c:\programdata\SingleClick Systems\MySQL\bin\mysqld.exe [2007-09-14 5730304]
S2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [2011-09-22 117648]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2008-10-16 482176]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 40320]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-16 106656]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2010-07-13 65640]
S3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2008-11-26 133472]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2008-12-26 279488]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NIS\1008030.006\SYMNDISV.SYS [2011-09-22 48760]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - CO_Mon
*Deregistered* - SPBBCDrv
*Deregistered* - SYMDNS
*Deregistered* - SYMREDRV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 19:43]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 19:43]
.
2012-05-31 c:\windows\Tasks\Norton Security Scan for Ryan.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-17 16:04]
.
2012-05-18 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 05:40]
.
2012-05-23 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 05:40]
.
2012-06-15 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 05:40]
.
2012-06-15 c:\windows\Tasks\User_Feed_Synchronization-{20B41687-21D5-4393-804A-9062D33AB546}.job
- c:\windows\system32\msfeedssync.exe [2011-06-28 18:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - (no file)
WebBrowser-{B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} - (no file)
HKLM-Run-dellsupportcenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.3.6\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(532)
c:\windows\system32\DPPWDFLT.DLL
.
- - - - - - - > 'Explorer.exe'(5288)
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
c:\program files\DigitalPersona\Bin\DpoSet.dll
c:\program files\Pure Networks\Network Magic\nmrsrc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_61cf005dca0fb599\STacSV.exe
c:\windows\system32\atieclxx.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\system32\CTsvcCDA.exe
c:\programdata\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\windows\system32\conhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\sppsvc.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Completion time: 2012-06-15 13:02:32 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-15 18:02
.
Pre-Run: 154,606,145,536 bytes free
Post-Run: 155,411,673,088 bytes free
.
- - End Of File - - C5670907CAEF0F4ABFF4ECD2FD5BF390

Edit: Moved topic from AntiVirus, Firewall and Privacy Products and Protection Methods to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:10:11 AM

Posted 18 June 2012 - 09:06 AM

Hi DanW1967,

:welcome: to Bleeping Computer.

My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.

Some things to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please do not attach logs or put logs in code boxes (unless explicitly asked to)
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can also help.
  • Do not run anything while running a fix.
  • If you don't understand a step, please ask for clarification before continuing with any future steps.

Click on the Watch Topic button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

 

If you still can't access the Internet, please download anything asked for to a USB flashdrive and copy/paste it to the desktop of your infected computer.

:step1: Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

:step2: Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

In your next reply, please include:
  • MiniToolBox log
  • FSS log

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#3 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:10:11 AM

Posted 21 June 2012 - 01:15 PM

Hi DanW1967,

It has been three days since my last post. Do you still need help?

If you do, please follow my previous instructions. :thumbup2:
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#4 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:10:11 AM

Posted 23 June 2012 - 08:15 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users