Confirmation on virus protecting logs

[themitchguy]

I have followed through with the 8-step process, and still I'm a bit skeptical that all is right with it. I still have problems with browsers, i.e. i can download updates and such, yet i can't view any web pages in any browser. Also, privleges still haven't come back to my account. Please look through these logs and see if all is well with my computer, I have the Malwarebyte's, superspyware anti-virus, and the HJT logs. Much appreciated!

 

[rf6647]

Welcome to TS. More progress is needed. Your logs show found but unanswered items. For your case, we will supplement our guide with a special scan / tool.

Observations & Recommended Action:

• ‘Delete on Reboot’ are appearing in the log, requires that you react to the message & restart the computer after exit from the scan.
• ComboFix is a very effective tool that scans / fixes hard to clean infections. Additionally, it includes diagnostic information.
• Uninstall old copy of ComboFix

Supplement to guide. Successive scans used to uncover additional infections.

• Update both MBAM & SAS. Rerun them both.
  
  
• This effort is complete when logs report NO infections/threats, or reporting something it can not clean.
  
  
• Follow ComboFix instructions referenced below.
  
  
• Scan with HJT. (part of instructions for ComboFix)
  
  
• Posts logs. Report progress & what changes are observed. Include logs that found infections.
  

Uninstall Combofix
* Click START then RUN
* Now type Combofix /u in the runbox
* Make sure there's a space between Combofix and /u
* Then hit Enter.

*The above procedure will:
* Delete the following: ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

Disable all realtime protection before running combofix by right clicking it in the system tray and unchecking the real time monitoring

Combofix

• Download Combofix to your desktop.
• Double click combofix.exe & follow the prompts.
• A window will open with a warning.
• When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.
• How-to-use instructions

Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

Combofix will automatically save the log file to C:\combofix.txt
Also attach a fresh hijackthis scan ran afterwards

 

[Bobbye]

A note: You are running two security suites. Decide which you want to keep and remove the other:
Avast:

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

CA Security Suite:

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

Plus Services running for both:
Avast:

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

CA:

O23 - Service: CaCCProvSP (caccprovsp) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe (caisafe) - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

The Services for the program you do not want to keep need to be disabled,