Computer is crawling slow

[ptrkptz]

ComboFix 12-07-11.03 - Patrick 07/11/2012 20:33:28.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1029 [GMT -5:00]
Running from: c:\documents and settings\Patrick\My Documents\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 080723-1] *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Patrick\WINDOWS
C:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-12 to 2012-07-12 )))))))))))))))))))))))))))))))
.
.
2012-07-11 23:14 . 2012-07-11 23:14 -------- d-----w- c:\windows\LastGood
2012-07-10 23:26 . 2012-07-10 23:26 -------- d-----w- c:\windows\system32\config\systemprofile\Oracle
2012-07-10 22:55 . 2012-07-10 22:56 -------- d-----w- c:\documents and settings\Patrick\Oracle
2012-07-10 22:53 . 2012-07-10 22:53 -------- d-----w- C:\oraclexe
2012-07-10 02:05 . 2008-07-19 14:33 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-07-10 02:05 . 2008-07-19 14:32 42912 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-10 02:05 . 2008-07-19 14:32 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-07-10 02:05 . 2008-07-19 14:30 94392 ----a-w- c:\windows\system32\AvastSS.scr
2012-07-10 02:05 . 2008-07-19 14:37 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-10 02:05 . 2008-07-19 14:37 94416 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-07-10 02:05 . 2008-07-19 14:35 78416 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-10 02:05 . 2008-01-17 16:34 93264 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-07-10 02:05 . 2008-07-19 14:43 1163960 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-10 02:05 . 2004-01-09 09:13 380928 ----a-w- c:\windows\system32\actskin4.ocx
2012-07-10 02:05 . 2012-07-10 02:05 -------- d-----w- c:\program files\Alwil Software
2012-07-08 18:54 . 2012-07-08 18:54 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-07-08 18:53 . 2012-07-08 18:53 -------- d-----w- c:\program files\Microsoft Sync Framework
2012-07-08 18:53 . 2012-07-08 18:53 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-07-08 18:48 . 2012-07-08 18:48 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2012-07-04 21:02 . 2012-07-04 21:02 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2012-07-02 22:27 . 2012-06-02 20:18 275696 ------w- c:\windows\system32\mucltui.dll
2012-07-02 22:27 . 2012-06-02 20:18 214256 ------w- c:\windows\system32\muweb.dll
2012-07-02 21:56 . 2012-07-02 21:56 -------- d-----w- c:\documents and settings\All Users\Microsoft
2012-07-02 21:52 . 2012-07-02 21:52 -------- d-----w- c:\program files\Microsoft Analysis Services
2012-07-02 21:51 . 2012-07-02 21:51 -------- d-----w- c:\documents and settings\Patrick\Local Settings\Application Data\Microsoft Help
2012-07-02 21:51 . 2012-07-10 22:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2012-06-29 00:36 . 2012-06-29 00:36 426184 ------w- c:\windows\system32\FlashPlayerApp.exe
2012-06-17 21:47 . 2012-05-11 14:42 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2012-06-29 00:36 . 2012-03-17 02:41 70344 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 20:19 . 2007-05-22 18:05 22040 ------w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19 . 2007-05-22 18:05 15384 ------w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19 . 2004-08-31 19:46 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 20:19 . 2004-08-31 19:46 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19 . 2004-08-31 19:46 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 20:19 . 2007-05-22 18:05 15384 ------w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19 . 2005-05-26 09:16 45080 ------w- c:\windows\system32\wups2.dll
2012-06-02 20:19 . 2004-08-31 19:46 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 20:19 . 2004-03-19 22:45 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 20:19 . 2004-03-19 22:34 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 20:19 . 2007-05-22 18:05 17944 ------w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:19 . 2004-08-31 19:46 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 20:19 . 2004-03-19 22:45 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2002-09-23 15:10 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2004-02-06 23:05 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2003-09-25 14:35 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42 . 2004-03-19 22:38 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2004-03-19 22:38 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:16 . 1980-01-01 05:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 1980-01-01 05:00 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2004-03-19 22:42 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-05-05 20:19 . 2012-05-05 20:19 97208 ------w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-11-03 4800512]
"PRISMSVR.EXE"="c:\windows\System32\PRISMSVR.E XE" [2003-11-20 282713]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp. exe" [2008-07-19 78008]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-7-21 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-29 00:34 87352 ------w- c:\windows\SYSTEM32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ------w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-04-04 05:53 35736 ------w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A920]
2003-05-02 23:46 270336 ------w- c:\program files\Dell AIO Printer A920\dlbkbmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2004-07-19 13:51 306688 ------w- c:\program files\Dell Support\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
2002-04-03 06:01 135264 ------w- c:\program files\Creative\SBLive\Diagnostics\diagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 07:10 421160 ------w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2008-08-11 17:41 63048 ------w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2006-01-19 16:06 110592 ------w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
2003-06-18 17:00 200704 ------w- c:\program files\Microsoft Money\System\mnyexpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
2006-06-17 18:29 319488 ------w- c:\program files\Napster\napster.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 16:50 155648 ------w- c:\windows\SYSTEM32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2003-08-27 00:47 204800 ------w- c:\program files\Dell\Media Experience\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ------w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2004-07-22 02:53 26112 ------w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 06:01 110592 ------w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"c:\\Program Files\\Napster\\napster.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [7/9/2012 9:05 PM 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswF sBlk.sys [7/9/2012 9:05 PM 20560]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 6:53 PM 13672]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 12:41 PM 12856]
R2 OracleXETNSListener;OracleXETNSListener;c:\oraclex e\app\oracle\product\11.2.0\server\bin\TNSLSNR.EXE [8/27/2011 10:00 AM 512000]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E [1/9/2010 9:37 PM 4640000]
S1 sensorsview;sensorsview;\??\c:\program files\SensorsViewPro41\drv\sensorsview32.sys --> c:\program files\SensorsViewPro41\drv\sensorsview32.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/31/2010 8:06 AM 136176]
S2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\or acle\product\11.2.0\server\bin\ORACLE.EXE XE --> c:\oraclexe\app\oracle\product\11.2.0\server\bin\O RACLE.EXE XE [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/31/2010 8:06 AM 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [6/12/2011 11:15 AM 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/5/2012 3:19 PM 129976]
S3 sysid;sysid;c:\windows\SYSTEM32\DRIVERS\sysid.sys [1/24/2006 7:23 PM 6336]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oracl exe\app\oracle\product\11.2.0\server\Bin\extjob.ex e XE --> c:\oraclexe\app\oracle\product\11.2.0\server\Bin\e xtjob.exe XE [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
2012-07-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-09 20:20]
.
2012-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-31 13:06]
.
2012-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-31 13:06]
.
2012-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3282942883-3049317573-3453175993-1010Core.job
- c:\documents and settings\Korbin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-31 12:38]
.
2012-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3282942883-3049317573-3453175993-1010UA.job
- c:\documents and settings\Korbin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-31 12:38]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
Trusted Zone: musicmatch.com\online
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
FF - ProfilePath - c:\documents and settings\Patrick\Application Data\Mozilla\Firefox\Profiles\zpm0ile3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: goo.gl lite: goo.gl_lite@matthew.flaschen.gatech.edu - %profile%\extensions\goo.gl_lite@matthew.flaschen. gatech.edu
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Google Update - c:\documents and settings\Patrick\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-11 20:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3282942883-3049317573-3453175993-1006\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{970642B8-1805-C747-BF71-0AD8DF4D07F8}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iagonldnlnglfddekf"=hex:6a,61,6a,70,63,63,62,6a,6 5,66,69,6d,65,6c,68,6a,64,6e,
6f,68,00,00
"hampdobhmioakacf"=hex:69,61,65,70,69,67,69,65,62, 6e,6d,67,66,6f,65,6e,62,65,
00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(660)
c:\windows\system32\LMIinit.dll
.
Completion time: 2012-07-11 20:43:15
ComboFix-quarantined-files.txt 2012-07-12 01:43
.
Pre-Run: 23,154,634,752 bytes free
Post-Run: 23,682,908,160 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Micro soft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - A95D92263852B28F1E8737CA1A31D885

[Jintan]

Be sure to continue to temporarily disable any protective software when running the scan tools we use here.


Open notepad (go to Start, Run, type notepad and press Enter) and copy/paste the text in the codebox below into it:

Code:

KillAll::
Driver::
Dcpsecastmm
RegNull::
[HKEY_USERS\S-1-5-21-3282942883-3049317573-3453175993-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{970642B8-1805-C747-BF71-0AD8DF4D07F8}*]

Save this to your desktop as CFScript.txt


You should now have both ComboFix and that CFScript.txt on the desktop. Just left click/hold on the CFScript.txt file, and drag it into ComboFix to start the scan.

ComboFix will now run as it did before. Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.

[ptrkptz]

does ComboFix reset the default web browser, this is the second time this has happened in the last week?

here is the log... thanks again

ComboFix 12-07-11.03 - Patrick 07/15/2012 21:44:25.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.802 [GMT -5:00]
Running from: c:\documents and settings\Patrick\My Documents\Downloads\ComboFix.exe
Command switches used :: F:\CFScript.txt
AV: avast! antivirus 4.8.1229 [VPS 080723-1] *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Dcpsecastmm
.
.
((((((((((((((((((((((((( Files Created from 2012-06-16 to 2012-07-16 )))))))))))))))))))))))))))))))
.
.
2012-07-10 23:26 . 2012-07-10 23:26 -------- d-----w- c:\windows\system32\config\systemprofile\Oracle
2012-07-10 22:55 . 2012-07-10 22:56 -------- d-----w- c:\documents and settings\Patrick\Oracle
2012-07-10 22:53 . 2012-07-10 22:53 -------- d-----w- C:\oraclexe
2012-07-10 02:05 . 2008-07-19 14:33 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-07-10 02:05 . 2008-07-19 14:32 42912 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-10 02:05 . 2008-07-19 14:32 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-07-10 02:05 . 2008-07-19 14:30 94392 ----a-w- c:\windows\system32\AvastSS.scr
2012-07-10 02:05 . 2008-07-19 14:37 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-10 02:05 . 2008-07-19 14:37 94416 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-07-10 02:05 . 2008-07-19 14:35 78416 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-10 02:05 . 2008-01-17 16:34 93264 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-07-10 02:05 . 2008-07-19 14:43 1163960 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-10 02:05 . 2004-01-09 09:13 380928 ----a-w- c:\windows\system32\actskin4.ocx
2012-07-10 02:05 . 2012-07-10 02:05 -------- d-----w- c:\program files\Alwil Software
2012-07-08 18:54 . 2012-07-08 18:54 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-07-08 18:53 . 2012-07-08 18:53 -------- d-----w- c:\program files\Microsoft Sync Framework
2012-07-08 18:53 . 2012-07-08 18:53 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-07-08 18:48 . 2012-07-08 18:48 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2012-07-04 21:02 . 2012-07-04 21:02 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2012-07-02 22:27 . 2012-06-02 20:18 275696 ------w- c:\windows\system32\mucltui.dll
2012-07-02 22:27 . 2012-06-02 20:18 214256 ------w- c:\windows\system32\muweb.dll
2012-07-02 21:56 . 2012-07-02 21:56 -------- d-----w- c:\documents and settings\All Users\Microsoft
2012-07-02 21:52 . 2012-07-02 21:52 -------- d-----w- c:\program files\Microsoft Analysis Services
2012-07-02 21:51 . 2012-07-02 21:51 -------- d-----w- c:\documents and settings\Patrick\Local Settings\Application Data\Microsoft Help
2012-07-02 21:51 . 2012-07-12 08:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2012-06-29 00:36 . 2012-06-29 00:36 426184 ------w- c:\windows\system32\FlashPlayerApp.exe
2012-06-17 21:47 . 2012-05-11 14:42 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2012-06-29 00:36 . 2012-03-17 02:41 70344 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:19 . 2003-09-25 14:35 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-07-28 22:52 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-03-19 22:40 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-03-30 01:48 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 20:19 . 2007-05-22 18:05 22040 ------w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19 . 2007-05-22 18:05 15384 ------w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19 . 2004-08-31 19:46 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 20:19 . 2004-08-31 19:46 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19 . 2004-08-31 19:46 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 20:19 . 2007-05-22 18:05 15384 ------w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19 . 2005-05-26 09:16 45080 ------w- c:\windows\system32\wups2.dll
2012-06-02 20:19 . 2004-08-31 19:46 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 20:19 . 2004-03-19 22:45 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 20:19 . 2004-03-19 22:34 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 20:19 . 2007-05-22 18:05 17944 ------w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:19 . 2004-08-31 19:46 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 20:19 . 2004-03-19 22:45 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2002-09-23 15:10 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2004-02-06 23:05 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2004-03-19 22:38 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2004-03-19 22:38 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:16 . 1980-01-01 05:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 1980-01-01 05:00 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2004-03-19 22:42 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-05-05 20:19 . 2012-05-05 20:19 97208 ------w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-11-03 4800512]
"PRISMSVR.EXE"="c:\windows\System32\PRISMSVR.E XE" [2003-11-20 282713]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp. exe" [2008-07-19 78008]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-7-21 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-29 00:34 87352 ------w- c:\windows\SYSTEM32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ------w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-04-04 05:53 35736 ------w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A920]
2003-05-02 23:46 270336 ------w- c:\program files\Dell AIO Printer A920\dlbkbmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2004-07-19 13:51 306688 ------w- c:\program files\Dell Support\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
2002-04-03 06:01 135264 ------w- c:\program files\Creative\SBLive\Diagnostics\diagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 07:10 421160 ------w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2008-08-11 17:41 63048 ------w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2006-01-19 16:06 110592 ------w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
2003-06-18 17:00 200704 ------w- c:\program files\Microsoft Money\System\mnyexpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
2006-06-17 18:29 319488 ------w- c:\program files\Napster\napster.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 16:50 155648 ------w- c:\windows\SYSTEM32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2003-08-27 00:47 204800 ------w- c:\program files\Dell\Media Experience\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ------w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2004-07-22 02:53 26112 ------w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 06:01 110592 ------w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"c:\\Program Files\\Napster\\napster.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [7/9/2012 9:05 PM 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswF sBlk.sys [7/9/2012 9:05 PM 20560]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 6:53 PM 13672]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 12:41 PM 12856]
R2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\or acle\product\11.2.0\server\bin\ORACLE.EXE XE --> c:\oraclexe\app\oracle\product\11.2.0\server\bin\O RACLE.EXE XE [?]
R2 OracleXETNSListener;OracleXETNSListener;c:\oraclex e\app\oracle\product\11.2.0\server\bin\TNSLSNR.EXE [8/27/2011 10:00 AM 512000]
S1 sensorsview;sensorsview;\??\c:\program files\SensorsViewPro41\drv\sensorsview32.sys --> c:\program files\SensorsViewPro41\drv\sensorsview32.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/31/2010 8:06 AM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/31/2010 8:06 AM 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [6/12/2011 11:15 AM 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/5/2012 3:19 PM 129976]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E [1/9/2010 9:37 PM 4640000]
S3 sysid;sysid;c:\windows\SYSTEM32\DRIVERS\sysid.sys [1/24/2006 7:23 PM 6336]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oracl exe\app\oracle\product\11.2.0\server\Bin\extjob.ex e XE --> c:\oraclexe\app\oracle\product\11.2.0\server\Bin\e xtjob.exe XE [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
2012-07-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-09 20:20]
.
2012-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-31 13:06]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-31 13:06]
.
2012-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3282942883-3049317573-3453175993-1010Core.job
- c:\documents and settings\Korbin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-31 12:38]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3282942883-3049317573-3453175993-1010UA.job
- c:\documents and settings\Korbin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-31 12:38]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\Patrick\Application Data\Mozilla\Firefox\Profiles\zpm0ile3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: goo.gl lite: goo.gl_lite@matthew.flaschen.gatech.edu - %profile%\extensions\goo.gl_lite@matthew.flaschen. gatech.edu
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-15 22:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(676)
c:\windows\system32\LMIinit.dll
.
- - - - - - - > 'explorer.exe'(2064)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\of fice.odf
c:\progra~1\MICROS~4\Office14\1033\GrooveIntlResou rce.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\System32\nvsvc32.exe
c:\oraclexe\app\oracle\product\11.2.0\server\bin\O RACLE.EXE
c:\windows\System32\MsPMSPSv.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
.
************************************************** ************************
.
Completion time: 2012-07-15 22:07:25 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-16 03:07
ComboFix2.txt 2012-07-13 00:46
ComboFix3.txt 2012-07-12 01:43
.
Pre-Run: 23,683,383,296 bytes free
Post-Run: 23,530,041,344 bytes free
.
- - End Of File - - 18133930D64A3744914C8382C4A3D04C

[Jintan]

Not sure on that browser issue - it is being reset from what to what please?

On that topic, please go ahead and uninstall Mozilla Maintenance Service. Firefox has been sliding this into their updates lately, and it seems to cause issues - it is only for crash reporting anyway.


Be sure to continue to temporarily disable any protective software when running the scan tools we use here.

Download the latest version of Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup-1.62.0.1300.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform quick scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.

----------

Disable your antivirus program and click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file to run the scanner.

If you accept the Terms of Use, check the box and click Start. It will take a couple minutes for the scanner to get ready. When the Computer scan settings display shows, check the following boxes:

Remove found threats
Scan unwanted applications

Next to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives).

Then click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

Click Start. This scan may take a while, so please be patient.

If infection is found, at the end of the scan click "List of found threats".

In that display, at the bottom, select the option to save the results as a text file, and save that to your desktop. Post that back here please.

Post that log and the Malwarebytes log please.

[ptrkptz]

Sorry it has been so long, but I keep trying to run 'Eset' and have no success, the 'downloading virus signature database' get to 53% and then stalls and then times out. I have been randomly trying it since you posted this and have no success in completing.

[Jintan]

Quote:

does ComboFix reset the default web browser, this is the second time this has happened in the last week?

No, but malware running the browser in the background may choose that setting, and block Eset as well. Avast was completely disabled? As I recall the steps, right click the Taskbar icon, choose some shields option, then permanently disable all shields (just meaning you have to manually re-enable them). Sorry. I need to ask that before we move forward.

[ptrkptz]

Thanks Jintan
I completely understand, due diligence!!
I actually thought the same thing (anti-virus running), so I actually uninstalled avast, but still no success!!

[Jintan]

Try the two scan in Safe Mode - their results may help I.D. something we have not seen yet.


At startup tap the F8 key about once per half-second, then select Safe Mode with Networking from the menu that will appear.

[ptrkptz]

No luck, tried in safe mode, tried rebooting the router, and releasing the ip address that the machine and the router were holding...

[Jintan]

See if you can download and transfer over the Avast uninstalled. If it left NDIS filter drivers behind, those will interfere. But then so could an active rootkit.


Go here and download the avast! aswClear.exe uninstaller to your desktop, then click that to remove avast!. Be sure to temporarily disable all security software while it runs, and reboot after it completes the uninstall.

Then try net access.

[ptrkptz]

Thanks for all the help, but I got to the point where I could not do anything on this computer, so I reformatted the hard drive and reinstallled the OS.

[Jintan]

I appreciate you taking the time to let me know. Thanks.