Inactive Can only connect to internet via safe mode with networking

L

leonardBullskin

Hello sweet angels. I have been at this for a week and been in DSL support hell for many hours, only to discover on my own that I can connect to the internet via safe mode w/ networking. I would be forever grateful if someone here would look these logs over and help me find the culprit. I don't seem to have any luck, so I am turning to you so save me.

1. Here is my MBR log:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 560
Logical Drives Mask: 0x000000fc

Kernel Drivers (total 150):
0x02655000 \SystemRoot\system32\ntoskrnl.exe
0x0260C000 \SystemRoot\system32\hal.dll
0x00BC3000 \SystemRoot\system32\kdcom.dll
0x00CBC000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D00000 \SystemRoot\system32\PSHED.dll
0x00D14000 \SystemRoot\system32\CLFS.SYS
0x00E81000 \SystemRoot\system32\CI.dll
0x00F41000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00FE5000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00E00000 \SystemRoot\system32\drivers\ACPI.sys
0x00E57000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00E60000 \SystemRoot\system32\drivers\msisadrv.sys
0x00D72000 \SystemRoot\system32\drivers\pci.sys
0x00E6A000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00DA5000 \SystemRoot\System32\drivers\partmgr.sys
0x00DBA000 \SystemRoot\system32\drivers\volmgr.sys
0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00C5C000 \SystemRoot\System32\drivers\mountmgr.sys
0x01093000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x011AF000 \SystemRoot\system32\drivers\amdxata.sys
0x01000000 \SystemRoot\system32\drivers\fltmgr.sys
0x0104C000 \SystemRoot\system32\drivers\fileinfo.sys
0x01060000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x0125B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0146F000 \SystemRoot\System32\Drivers\msrpc.sys
0x014CD000 \SystemRoot\System32\Drivers\ksecdd.sys
0x014E7000 \SystemRoot\System32\Drivers\cng.sys
0x0155A000 \SystemRoot\System32\drivers\pcw.sys
0x0156B000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016B6000 \SystemRoot\system32\drivers\ndis.sys
0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x017A8000 \SystemRoot\system32\drivers\volsnap.sys
0x01575000 \SystemRoot\System32\drivers\rdyboost.sys
0x0168B000 \SystemRoot\System32\Drivers\mup.sys
0x0169D000 \SystemRoot\System32\drivers\hwpolicy.sys
0x015AF000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x015E9000 \SystemRoot\system32\DRIVERS\disk.sys
0x01400000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x0213C000 \SystemRoot\System32\Drivers\Null.SYS
0x02145000 \SystemRoot\System32\Drivers\Beep.SYS
0x0214C000 \SystemRoot\System32\drivers\vga.sys
0x0215A000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0217F000 \SystemRoot\System32\drivers\watchdog.sys
0x0218F000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02198000 \SystemRoot\System32\Drivers\Msfs.SYS
0x021A3000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02801000 \SystemRoot\System32\drivers\tcpip.sys
0x021B4000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01430000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02000000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02ADA000 \SystemRoot\system32\drivers\afd.sys
0x02B63000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02BA8000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02BCE000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x02BE4000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02BED000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02A00000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02A51000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02A5D000 \SystemRoot\System32\Drivers\dfsc.sys
0x02A7B000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x02AA1000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x01200000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02AAE000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x0106C000 \SystemRoot\system32\drivers\HDAudBus.sys
0x02C35000 \SystemRoot\system32\DRIVERS\athrx.sys
0x02DA3000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x02DB0000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x02C00000 \SystemRoot\system32\drivers\cdrom.sys
0x02DEE000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x02ABF000 \SystemRoot\system32\drivers\CompositeBus.sys
0x02C2A000 \SystemRoot\system32\drivers\mssmbios.sys
0x0144E000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x011BA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x017F4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x00C76000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x011DE000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x00DCF000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x026E8000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x02702000 \SystemRoot\system32\drivers\termdd.sys
0x02716000 \SystemRoot\system32\drivers\kbdclass.sys
0x02725000 \SystemRoot\system32\drivers\mouclass.sys
0x02734000 \SystemRoot\system32\drivers\swenum.sys
0x02736000 \SystemRoot\system32\drivers\ks.sys
0x02779000 \SystemRoot\system32\drivers\umbus.sys
0x0278B000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x027E5000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x02600000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0200D000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x0260E000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x000E0000 \SystemRoot\System32\win32k.sys
0x02621000 \SystemRoot\System32\drivers\Dxapi.sys
0x004C0000 \SystemRoot\System32\drivers\dxg.sys
0x007F0000 \SystemRoot\System32\TSDDD.dll
0x0262D000 \SystemRoot\system32\drivers\hidusb.sys
0x0263B000 \SystemRoot\system32\drivers\HIDCLASS.SYS
0x02654000 \SystemRoot\system32\drivers\HIDPARSE.SYS
0x0265D000 \SystemRoot\system32\drivers\USBD.SYS
0x0265F000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x0266C000 \SystemRoot\system32\drivers\kbdhid.sys
0x00880000 \SystemRoot\System32\framebuf.dll
0x0267A000 \SystemRoot\system32\drivers\USBSTOR.SYS
0x00B00000 \SystemRoot\System32\ATMFD.DLL
0x02695000 \SystemRoot\system32\drivers\WudfPf.sys
0x04652000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x046A5000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x046B8000 \SystemRoot\system32\DRIVERS\bowser.sys
0x046D6000 \SystemRoot\System32\drivers\mpsdrv.sys
0x046EE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0471B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x04769000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x77B30000 \Windows\System32\ntdll.dll
0x48040000 \Windows\System32\smss.exe
0xFFE50000 \Windows\System32\apisetschema.dll
0xFFE90000 \Windows\System32\autochk.exe
0xFFC30000 \Windows\System32\ole32.dll
0xFFC00000 \Windows\System32\imm32.dll
0xFFB20000 \Windows\System32\advapi32.dll
0xFFAB0000 \Windows\System32\gdi32.dll
0xFF980000 \Windows\System32\rpcrt4.dll
0x77D00000 \Windows\System32\psapi.dll
0x77CF0000 \Windows\System32\normaliz.dll
0xFF8E0000 \Windows\System32\clbcatq.dll
0xFF8D0000 \Windows\System32\lpk.dll
0xFF850000 \Windows\System32\difxapi.dll
0x77A10000 \Windows\System32\kernel32.dll
0xFF800000 \Windows\System32\ws2_32.dll
0xFF780000 \Windows\System32\shlwapi.dll
0xFF760000 \Windows\System32\imagehlp.dll
0xFF740000 \Windows\System32\sechost.dll
0x77800000 \Windows\System32\iertutil.dll
0xFF560000 \Windows\System32\setupapi.dll
0x776A0000 \Windows\System32\wininet.dll
0xFF4C0000 \Windows\System32\comdlg32.dll
0xFF470000 \Windows\System32\Wldap32.dll
0xFF460000 \Windows\System32\nsi.dll
0x77550000 \Windows\System32\urlmon.dll
0x77450000 \Windows\System32\user32.dll
0xFF390000 \Windows\System32\usp10.dll
0xFE600000 \Windows\System32\shell32.dll
0xFE560000 \Windows\System32\msvcrt.dll
0xFE480000 \Windows\System32\oleaut32.dll
0xFE370000 \Windows\System32\msctf.dll
0xFE330000 \Windows\System32\wintrust.dll
0xFE1C0000 \Windows\System32\crypt32.dll
0xFE150000 \Windows\System32\KernelBase.dll
0xFE130000 \Windows\System32\devobj.dll
0xFE090000 \Windows\System32\comctl32.dll
0xFE050000 \Windows\System32\cfgmgr32.dll
0xFE040000 \Windows\System32\msasn1.dll

Processes (total 26):
0 System Idle Process
4 System
288 C:\Windows\System32\smss.exe
360 csrss.exe
396 csrss.exe
420 C:\Windows\System32\wininit.exe
444 C:\Windows\System32\winlogon.exe
488 C:\Windows\System32\services.exe
504 C:\Windows\System32\lsass.exe
512 C:\Windows\System32\lsm.exe
612 C:\Windows\System32\svchost.exe
684 C:\Windows\System32\svchost.exe
744 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
856 C:\Windows\System32\svchost.exe
916 C:\Windows\System32\svchost.exe
960 C:\Windows\System32\svchost.exe
272 C:\Windows\System32\svchost.exe
364 C:\Windows\System32\svchost.exe
320 C:\Windows\System32\svchost.exe
1436 C:\Windows\explorer.exe
1480 C:\Windows\System32\ctfmon.exe
1236 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
1288 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
1708 WmiPrvSE.exe
1188 C:\Users\filan\Desktop\MBRCheck.exe
1128 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`ac000000 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHD103SJ, Rev: 1AJ10001

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 Dell Inspiron MBR code detected
SHA1: AE3E0A945D44C8EA304A19A8F50F69065C34344B


Done!

2. Here is my comboFix log:

ComboFix 11-09-09.01 - filan 09/08/2011 23:23:44.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8157.6918 [GMT -7:00]
Running from: c:\users\filan\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\filan\AppData\Roaming\filanlog.dat
c:\windows\system32\jusched.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-08-09 to 2011-09-09 )))))))))))))))))))))))))))))))
.
.
2011-09-07 08:58 . 2011-09-07 08:58 -------- d-----w- c:\users\filan\AppData\Roaming\Malwarebytes
2011-09-07 08:58 . 2011-09-07 08:58 -------- d-----w- c:\programdata\Malwarebytes
2011-09-07 08:58 . 2011-07-07 02:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-07 08:23 . 2011-09-07 08:23 388096 ----a-r- c:\users\filan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-07 08:23 . 2011-09-07 08:23 -------- d-----w- c:\program files (x86)\Trend Micro
2011-09-07 07:59 . 2011-09-07 08:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-09-07 07:59 . 2011-09-07 08:00 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-09-04 04:45 . 2011-09-04 04:45 -------- d-----w- c:\windows\system32\SPReview
2011-09-04 04:44 . 2011-09-04 04:44 -------- d-----w- c:\windows\system32\EventProviders
2011-09-03 21:32 . 2011-09-03 21:32 -------- d-----w- c:\users\filan\AppData\Local\Microsoft Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-04 05:06 . 2009-07-14 02:36 152064 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-09-04 05:06 . 2009-07-14 02:36 175104 ----a-w- c:\windows\system32\msclmd.dll
2011-07-16 04:32 . 2011-08-10 19:10 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-12 07:22 . 2011-07-12 07:22 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-07-12 07:22 . 2011-07-12 07:22 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-07-12 07:22 . 2011-07-12 07:22 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-07-12 07:22 . 2011-07-12 07:22 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-07-12 07:22 . 2011-07-12 07:22 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-07-12 07:22 . 2011-07-12 07:22 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-07-12 07:22 . 2011-07-12 07:22 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-07-12 07:22 . 2011-07-12 07:22 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-07-12 07:22 . 2011-07-12 07:22 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-07-12 07:22 . 2011-07-12 07:22 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-07-12 07:22 . 2011-07-12 07:22 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-07-12 07:22 . 2011-07-12 07:22 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-07-12 07:22 . 2011-07-12 07:22 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-07-12 07:22 . 2011-07-12 07:22 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-07-12 07:22 . 2011-07-12 07:22 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-07-12 07:22 . 2011-07-12 07:22 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-07-12 07:22 . 2011-07-12 07:22 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-07-12 07:22 . 2011-07-12 07:22 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-07-12 07:22 . 2011-07-12 07:22 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-07-12 07:22 . 2011-07-12 07:22 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-07-12 07:22 . 2011-07-12 07:22 222208 ----a-w- c:\windows\system32\msls31.dll
2011-07-12 07:22 . 2011-07-12 07:22 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-07-12 07:22 . 2011-07-12 07:22 12288 ----a-w- c:\windows\system32\mshta.exe
2011-07-12 07:22 . 2011-07-12 07:22 114176 ----a-w- c:\windows\system32\admparse.dll
2011-07-12 07:22 . 2011-07-12 07:22 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-07-12 07:22 . 2011-07-12 07:22 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-07-12 07:22 . 2011-07-12 07:22 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-07-12 07:22 . 2011-07-12 07:22 448512 ----a-w- c:\windows\system32\html.iec
2011-07-12 07:22 . 2011-07-12 07:22 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-07-12 07:22 . 2011-07-12 07:22 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-07-12 07:22 . 2011-07-12 07:22 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-07-12 07:22 . 2011-07-12 07:22 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-07-12 07:22 . 2011-07-12 07:22 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-07-12 07:22 . 2011-07-12 07:22 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-07-12 07:22 . 2011-07-12 07:22 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-07-12 07:22 . 2011-07-12 07:22 160256 ----a-w- c:\windows\system32\wextract.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"MemoryTriUtils"="c:\windows\diskperfm.exe" [2010-10-26 801792]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-05-28 1038088]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-370838636-802039421-1649616821-1001Core.job
- c:\users\filan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-25 06:06]
.
2011-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-370838636-802039421-1649616821-1001UA.job
- c:\users\filan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-25 06:06]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\filan\AppData\Roaming\Mozilla\Firefox\Profiles\hsyoikz8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-370838636-802039421-1649616821-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-370838636-802039421-1649616821-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Completion time: 2011-09-08 23:32:02 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-09 06:32
.
Pre-Run: 910,304,473,088 bytes free
Post-Run: 909,903,609,856 bytes free
.
- - End Of File - - CCFD3798B40FC913B5675E51A7DEA5BC

Thank you in advance.
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================================================

Never run Combofix on your own.
 

Similar threads

E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
4K
Broni
Broni
Nicki
Solved Must have picked up something... some COVID computer variant???
Replies
9
Views
4K
Broni
Broni
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
3K
Broni
Broni

Latest posts

Back