Can only connect to internet via safe mode with networking

Inactive
By leonardBullskin
Sep 9, 2011
Topic Status:
Not open for further replies.
  1. Hello sweet angels. I have been at this for a week and been in DSL support hell for many hours, only to discover on my own that I can connect to the internet via safe mode w/ networking. I would be forever grateful if someone here would look these logs over and help me find the culprit. I don't seem to have any luck, so I am turning to you so save me.

    1. Here is my MBR log:

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: Dell Inc.
    BIOS Manufacturer: Dell Inc.
    System Manufacturer: Dell Inc.
    System Product Name: Inspiron 560
    Logical Drives Mask: 0x000000fc

    Kernel Drivers (total 150):
    0x02655000 \SystemRoot\system32\ntoskrnl.exe
    0x0260C000 \SystemRoot\system32\hal.dll
    0x00BC3000 \SystemRoot\system32\kdcom.dll
    0x00CBC000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00D00000 \SystemRoot\system32\PSHED.dll
    0x00D14000 \SystemRoot\system32\CLFS.SYS
    0x00E81000 \SystemRoot\system32\CI.dll
    0x00F41000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00FE5000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00E00000 \SystemRoot\system32\drivers\ACPI.sys
    0x00E57000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x00E60000 \SystemRoot\system32\drivers\msisadrv.sys
    0x00D72000 \SystemRoot\system32\drivers\pci.sys
    0x00E6A000 \SystemRoot\system32\drivers\vdrvroot.sys
    0x00DA5000 \SystemRoot\System32\drivers\partmgr.sys
    0x00DBA000 \SystemRoot\system32\drivers\volmgr.sys
    0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00C5C000 \SystemRoot\System32\drivers\mountmgr.sys
    0x01093000 \SystemRoot\system32\DRIVERS\iaStor.sys
    0x011AF000 \SystemRoot\system32\drivers\amdxata.sys
    0x01000000 \SystemRoot\system32\drivers\fltmgr.sys
    0x0104C000 \SystemRoot\system32\drivers\fileinfo.sys
    0x01060000 \SystemRoot\System32\Drivers\PxHlpa64.sys
    0x0125B000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x0146F000 \SystemRoot\System32\Drivers\msrpc.sys
    0x014CD000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x014E7000 \SystemRoot\System32\Drivers\cng.sys
    0x0155A000 \SystemRoot\System32\drivers\pcw.sys
    0x0156B000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x016B6000 \SystemRoot\system32\drivers\ndis.sys
    0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x017A8000 \SystemRoot\system32\drivers\volsnap.sys
    0x01575000 \SystemRoot\System32\drivers\rdyboost.sys
    0x0168B000 \SystemRoot\System32\Drivers\mup.sys
    0x0169D000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x015AF000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x015E9000 \SystemRoot\system32\DRIVERS\disk.sys
    0x01400000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x0213C000 \SystemRoot\System32\Drivers\Null.SYS
    0x02145000 \SystemRoot\System32\Drivers\Beep.SYS
    0x0214C000 \SystemRoot\System32\drivers\vga.sys
    0x0215A000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x0217F000 \SystemRoot\System32\drivers\watchdog.sys
    0x0218F000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x02198000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x021A3000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x02801000 \SystemRoot\System32\drivers\tcpip.sys
    0x021B4000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01430000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x02000000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x02ADA000 \SystemRoot\system32\drivers\afd.sys
    0x02B63000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x02BA8000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x02BCE000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x02BE4000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x02BED000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x02A00000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x02A51000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x02A5D000 \SystemRoot\System32\Drivers\dfsc.sys
    0x02A7B000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x02AA1000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x01200000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x02AAE000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x0106C000 \SystemRoot\system32\drivers\HDAudBus.sys
    0x02C35000 \SystemRoot\system32\DRIVERS\athrx.sys
    0x02DA3000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x02DB0000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
    0x02C00000 \SystemRoot\system32\drivers\cdrom.sys
    0x02DEE000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x02ABF000 \SystemRoot\system32\drivers\CompositeBus.sys
    0x02C2A000 \SystemRoot\system32\drivers\mssmbios.sys
    0x0144E000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x011BA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x017F4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x00C76000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x011DE000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x00DCF000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x026E8000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x02702000 \SystemRoot\system32\drivers\termdd.sys
    0x02716000 \SystemRoot\system32\drivers\kbdclass.sys
    0x02725000 \SystemRoot\system32\drivers\mouclass.sys
    0x02734000 \SystemRoot\system32\drivers\swenum.sys
    0x02736000 \SystemRoot\system32\drivers\ks.sys
    0x02779000 \SystemRoot\system32\drivers\umbus.sys
    0x0278B000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x027E5000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x02600000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x0200D000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0x0260E000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x000E0000 \SystemRoot\System32\win32k.sys
    0x02621000 \SystemRoot\System32\drivers\Dxapi.sys
    0x004C0000 \SystemRoot\System32\drivers\dxg.sys
    0x007F0000 \SystemRoot\System32\TSDDD.dll
    0x0262D000 \SystemRoot\system32\drivers\hidusb.sys
    0x0263B000 \SystemRoot\system32\drivers\HIDCLASS.SYS
    0x02654000 \SystemRoot\system32\drivers\HIDPARSE.SYS
    0x0265D000 \SystemRoot\system32\drivers\USBD.SYS
    0x0265F000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x0266C000 \SystemRoot\system32\drivers\kbdhid.sys
    0x00880000 \SystemRoot\System32\framebuf.dll
    0x0267A000 \SystemRoot\system32\drivers\USBSTOR.SYS
    0x00B00000 \SystemRoot\System32\ATMFD.DLL
    0x02695000 \SystemRoot\system32\drivers\WudfPf.sys
    0x04652000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x046A5000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x046B8000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x046D6000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x046EE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x0471B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x04769000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x77B30000 \Windows\System32\ntdll.dll
    0x48040000 \Windows\System32\smss.exe
    0xFFE50000 \Windows\System32\apisetschema.dll
    0xFFE90000 \Windows\System32\autochk.exe
    0xFFC30000 \Windows\System32\ole32.dll
    0xFFC00000 \Windows\System32\imm32.dll
    0xFFB20000 \Windows\System32\advapi32.dll
    0xFFAB0000 \Windows\System32\gdi32.dll
    0xFF980000 \Windows\System32\rpcrt4.dll
    0x77D00000 \Windows\System32\psapi.dll
    0x77CF0000 \Windows\System32\normaliz.dll
    0xFF8E0000 \Windows\System32\clbcatq.dll
    0xFF8D0000 \Windows\System32\lpk.dll
    0xFF850000 \Windows\System32\difxapi.dll
    0x77A10000 \Windows\System32\kernel32.dll
    0xFF800000 \Windows\System32\ws2_32.dll
    0xFF780000 \Windows\System32\shlwapi.dll
    0xFF760000 \Windows\System32\imagehlp.dll
    0xFF740000 \Windows\System32\sechost.dll
    0x77800000 \Windows\System32\iertutil.dll
    0xFF560000 \Windows\System32\setupapi.dll
    0x776A0000 \Windows\System32\wininet.dll
    0xFF4C0000 \Windows\System32\comdlg32.dll
    0xFF470000 \Windows\System32\Wldap32.dll
    0xFF460000 \Windows\System32\nsi.dll
    0x77550000 \Windows\System32\urlmon.dll
    0x77450000 \Windows\System32\user32.dll
    0xFF390000 \Windows\System32\usp10.dll
    0xFE600000 \Windows\System32\shell32.dll
    0xFE560000 \Windows\System32\msvcrt.dll
    0xFE480000 \Windows\System32\oleaut32.dll
    0xFE370000 \Windows\System32\msctf.dll
    0xFE330000 \Windows\System32\wintrust.dll
    0xFE1C0000 \Windows\System32\crypt32.dll
    0xFE150000 \Windows\System32\KernelBase.dll
    0xFE130000 \Windows\System32\devobj.dll
    0xFE090000 \Windows\System32\comctl32.dll
    0xFE050000 \Windows\System32\cfgmgr32.dll
    0xFE040000 \Windows\System32\msasn1.dll

    Processes (total 26):
    0 System Idle Process
    4 System
    288 C:\Windows\System32\smss.exe
    360 csrss.exe
    396 csrss.exe
    420 C:\Windows\System32\wininit.exe
    444 C:\Windows\System32\winlogon.exe
    488 C:\Windows\System32\services.exe
    504 C:\Windows\System32\lsass.exe
    512 C:\Windows\System32\lsm.exe
    612 C:\Windows\System32\svchost.exe
    684 C:\Windows\System32\svchost.exe
    744 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    856 C:\Windows\System32\svchost.exe
    916 C:\Windows\System32\svchost.exe
    960 C:\Windows\System32\svchost.exe
    272 C:\Windows\System32\svchost.exe
    364 C:\Windows\System32\svchost.exe
    320 C:\Windows\System32\svchost.exe
    1436 C:\Windows\explorer.exe
    1480 C:\Windows\System32\ctfmon.exe
    1236 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    1288 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    1708 WmiPrvSE.exe
    1188 C:\Users\filan\Desktop\MBRCheck.exe
    1128 C:\Windows\System32\conhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`ac000000 (NTFS)

    PhysicalDrive0 Model Number: SAMSUNGHD103SJ, Rev: 1AJ10001

    Size Device Name MBR Status
    --------------------------------------------
    931 GB \\.\PhysicalDrive0 Dell Inspiron MBR code detected
    SHA1: AE3E0A945D44C8EA304A19A8F50F69065C34344B


    Done!

    2. Here is my comboFix log:

    ComboFix 11-09-09.01 - filan 09/08/2011 23:23:44.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8157.6918 [GMT -7:00]
    Running from: c:\users\filan\Desktop\ComboFix.exe
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\filan\AppData\Roaming\filanlog.dat
    c:\windows\system32\jusched.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-08-09 to 2011-09-09 )))))))))))))))))))))))))))))))
    .
    .
    2011-09-07 08:58 . 2011-09-07 08:58 -------- d-----w- c:\users\filan\AppData\Roaming\Malwarebytes
    2011-09-07 08:58 . 2011-09-07 08:58 -------- d-----w- c:\programdata\Malwarebytes
    2011-09-07 08:58 . 2011-07-07 02:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-09-07 08:23 . 2011-09-07 08:23 388096 ----a-r- c:\users\filan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-09-07 08:23 . 2011-09-07 08:23 -------- d-----w- c:\program files (x86)\Trend Micro
    2011-09-07 07:59 . 2011-09-07 08:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-09-07 07:59 . 2011-09-07 08:00 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
    2011-09-04 04:45 . 2011-09-04 04:45 -------- d-----w- c:\windows\system32\SPReview
    2011-09-04 04:44 . 2011-09-04 04:44 -------- d-----w- c:\windows\system32\EventProviders
    2011-09-03 21:32 . 2011-09-03 21:32 -------- d-----w- c:\users\filan\AppData\Local\Microsoft Games
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-09-04 05:06 . 2009-07-14 02:36 152064 ----a-w- c:\windows\SysWow64\msclmd.dll
    2011-09-04 05:06 . 2009-07-14 02:36 175104 ----a-w- c:\windows\system32\msclmd.dll
    2011-07-16 04:32 . 2011-08-10 19:10 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2011-07-12 07:22 . 2011-07-12 07:22 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2011-07-12 07:22 . 2011-07-12 07:22 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2011-07-12 07:22 . 2011-07-12 07:22 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2011-07-12 07:22 . 2011-07-12 07:22 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2011-07-12 07:22 . 2011-07-12 07:22 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2011-07-12 07:22 . 2011-07-12 07:22 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2011-07-12 07:22 . 2011-07-12 07:22 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2011-07-12 07:22 . 2011-07-12 07:22 367104 ----a-w- c:\windows\SysWow64\html.iec
    2011-07-12 07:22 . 2011-07-12 07:22 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2011-07-12 07:22 . 2011-07-12 07:22 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2011-07-12 07:22 . 2011-07-12 07:22 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2011-07-12 07:22 . 2011-07-12 07:22 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2011-07-12 07:22 . 2011-07-12 07:22 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2011-07-12 07:22 . 2011-07-12 07:22 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2011-07-12 07:22 . 2011-07-12 07:22 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2011-07-12 07:22 . 2011-07-12 07:22 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2011-07-12 07:22 . 2011-07-12 07:22 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-07-12 07:22 . 2011-07-12 07:22 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2011-07-12 07:22 . 2011-07-12 07:22 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2011-07-12 07:22 . 2011-07-12 07:22 49664 ----a-w- c:\windows\system32\imgutil.dll
    2011-07-12 07:22 . 2011-07-12 07:22 222208 ----a-w- c:\windows\system32\msls31.dll
    2011-07-12 07:22 . 2011-07-12 07:22 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-07-12 07:22 . 2011-07-12 07:22 12288 ----a-w- c:\windows\system32\mshta.exe
    2011-07-12 07:22 . 2011-07-12 07:22 114176 ----a-w- c:\windows\system32\admparse.dll
    2011-07-12 07:22 . 2011-07-12 07:22 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-07-12 07:22 . 2011-07-12 07:22 76800 ----a-w- c:\windows\system32\tdc.ocx
    2011-07-12 07:22 . 2011-07-12 07:22 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2011-07-12 07:22 . 2011-07-12 07:22 448512 ----a-w- c:\windows\system32\html.iec
    2011-07-12 07:22 . 2011-07-12 07:22 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2011-07-12 07:22 . 2011-07-12 07:22 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2011-07-12 07:22 . 2011-07-12 07:22 85504 ----a-w- c:\windows\system32\iesetup.dll
    2011-07-12 07:22 . 2011-07-12 07:22 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2011-07-12 07:22 . 2011-07-12 07:22 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-07-12 07:22 . 2011-07-12 07:22 603648 ----a-w- c:\windows\system32\vbscript.dll
    2011-07-12 07:22 . 2011-07-12 07:22 165888 ----a-w- c:\windows\system32\iexpress.exe
    2011-07-12 07:22 . 2011-07-12 07:22 160256 ----a-w- c:\windows\system32\wextract.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
    "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
    "AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    "MemoryTriUtils"="c:\windows\diskperfm.exe" [2010-10-26 801792]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-05-28 1038088]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-370838636-802039421-1649616821-1001Core.job
    - c:\users\filan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-25 06:06]
    .
    2011-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-370838636-802039421-1649616821-1001UA.job
    - c:\users\filan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-25 06:06]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208]
    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\users\filan\AppData\Roaming\Mozilla\Firefox\Profiles\hsyoikz8.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
    FF - prefs.js: browser.startup.homepage - about:blank
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    SafeBoot-mcmscsvc
    SafeBoot-MCODS
    Toolbar-Locked - (no file)
    ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-370838636-802039421-1649616821-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-370838636-802039421-1649616821-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    .
    **************************************************************************
    .
    Completion time: 2011-09-08 23:32:02 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-09-09 06:32
    .
    Pre-Run: 910,304,473,088 bytes free
    Post-Run: 909,903,609,856 bytes free
    .
    - - End Of File - - CCFD3798B40FC913B5675E51A7DEA5BC

    Thank you in advance.
  2. Broni

    Broni Malware Annihilator Posts: 46,341   +252

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ================================================================

    Never run Combofix on your own.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.