Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Combo fix results- what to do next

08 Nov 2012   #1
88gtblack

32 bit
 
 
Combo fix results- what to do next

ran combofix. had google redirect virus which was undetectable by AVG. so i followed all instructions disabled what needed to be and here are my results
Code:
ComboFix 12-11-08.01 - Fran1 11/08/2012   9:08.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3037.2201 [GMT -5:00]
Running from: c:\users\Fran1\Documents\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Fran1\AppData\Local\chromeupdate.crx
c:\users\Fran1\AppData\Local\Diagnostics\Apps\zljxmsmr.dll
c:\users\Fran1\Documents\~WRD0505.tmp
c:\users\Fran1\g2mdlhlpx.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
D:\install.exe
.
.
(((((((((((((((((((((((((   Files Created from 2012-10-08 to 2012-11-08  )))))))))))))))))))))))))))))))
.
.
2012-11-08 14:12 . 2012-11-08 14:12 -------- d-----w- c:\users\Fran1\AppData\Local\temp
2012-11-08 14:12 . 2012-11-08 14:12 -------- d-----w- c:\users\Default\AppData\Local\temp
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 12:26 . 2012-04-19 16:25 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 12:26 . 2011-06-15 15:22 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-24 19:43 . 2012-08-24 19:43 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-08-24 06:59 . 2012-09-25 07:00 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51 . 2012-09-25 07:00 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51 . 2012-09-25 07:00 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47 . 2012-09-25 07:00 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47 . 2012-09-25 07:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43 . 2012-09-25 07:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-22 17:16 . 2012-09-12 12:18 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16 . 2012-09-12 12:18 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16 . 2012-09-12 12:18 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16 . 2012-09-12 12:18 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 20:12 . 2012-09-26 12:22 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"Nuance PDF Reader-reminder"="c:\program files\Nuance\PDF Reader\Ereg\Ereg.exe" [2010-07-05 333088]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]
S2 OECApplicationUpdaterService;OECApplicationUpdaterService;c:\program files\OEConnection\OEConnection Application Update Service\OECUpdaterService.exe [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [x]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ    HPSLPSVC
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 12:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://start.funmoods.com/?f=1&a=fmtoby&chnl=fmtoby&cd=2XzuyEtN2Y1L1QzutDtDtByE0EzztCtAtD0BtAyBzztC0AyCtN0D0Tzu0CtCzzyCtN1L2XzutBtFtCtFtDtFtAtDtC&cr=585841732
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
Trusted Zone: aahassignments.com
Trusted Zone: adpclaims.com
Trusted Zone: audatex.com
Trusted Zone: audatex.us
Trusted Zone: audatexsolutions.com
Trusted Zone: ewfclaims.com
Trusted Zone: fficassignments.com
Trusted Zone: innovation-connect.com
Trusted Zone: processclaims.com
Trusted Zone: reviewestimates.com
Trusted Zone: stateautoclaims.com
Trusted Zone: theshopofchoice.com
Trusted Zone: vehicleassignments.com
Trusted Zone: viewclaim.com
Trusted Zone: viewclaims.com\www
TCP: DhcpNameServer = 71.250.0.12 71.242.0.12 192.168.1.1
DPF: DownloadClientAccessCab - hxxps://www.processclaims.com/web/cab/DownloadClientAccess.CAB
DPF: {5D357AB9-10EA-49A7-B2EB-B8F07C9E1EF4} - hxxp://shopflow.processclaims.com/ShopFlowWeb/WebResource.axd?d=fjvDQRtC_ENzAM_g94SCJk0uDEB_hceuFygq_Zep73djK86g9HzxvPfzaG0etZY4KJUi9GJM3vi612Tf0hfh2gqInRRFeCUOD-LAAZUPnfmcnkO4dezECvzXIqlTgPR3XKB-ikoQRaS34ZBYNEwPwg2&t=634353844148395395
DPF: {6158155F-A946-4971-894B-BD0779BDAD49} - hxxp://www.autopartsbridge.com/APB_Estimate_Integration.cab
DPF: {6B081705-DB09-4C5C-9CD0-F50AE950AB01} - hxxp://caf.oeconnection.com/applications/collisionlink/shopclient/install.cab
DPF: {7B62F6EE-D046-11D3-9C5E-0060082627F7} - hxxps://securemail.1901market.com/messenger/download/TWDownload.cab
DPF: {7BE42306-D1D2-46C2-840B-4D326DEFED7B} - hxxps://www.audatexsolutions.com/Falcon/PrintCtrl.cab
DPF: {9CD0643B-E2DC-405F-A48B-22878D4A1EED} - hxxps://www.audatexsolutions.com/Falcon/PrintCtrl.cab
DPF: {AE592127-175C-4C7D-865D-4096C07A56C9} - hxxps://www.audatexsolutions.com/Falcon/ExportCtrl.cab
DPF: {BB51318B-8A94-46F9-ACB4-81B508FF8BEB} - hxxps://www.audatexsolutions.com/Falcon/ExportCtrl.cab
DPF: {CD782F6B-E07D-41D0-A4C3-EE375EDF461D} - hxxps://www.audatexsolutions.com/Falcon/ExportCtrl.cab
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Weather - c:\program files\AWS\WeatherBug\Weather.exe
HKCU-Run-SPMTray - c:\program files\PC Speed Maximizer\SPMTray.exe
HKCU-Run-Apps - c:\users\Fran1\AppData\Local\Diagnostics\Apps\zljxmsmr.dll
HKLM-Run-cowisr - c:\users\Fran1\AppData\Roaming\cowisr.dll
HKU-Default-Run-Apps - c:\users\Fran1\AppData\Local\Diagnostics\Apps\zljxmsmr.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-08  09:13:33
ComboFix-quarantined-files.txt  2012-11-08 14:13
.
Pre-Run: 447,165,714,432 bytes free
Post-Run: 447,365,644,288 bytes free
.
- - End Of File - - E67A3C72A0F49A33D4436C841D70A4F4



My System SpecsSystem Spec
.
08 Nov 2012   #2
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Download AdWareCleaner AdwCleaner Download to your desktop
1.Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
2.Click on Delete button.
3.Confirm each time with OK.
4.Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.
Note: You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
My System SpecsSystem Spec
08 Nov 2012   #3
88gtblack

32 bit
 
 

AdwCleaner v2.007 - Logfile created 11/08/2012 at 17:00:19
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : Fran1 - FRAN
# Boot Mode : Normal
# Running from : C:\Users\Fran1\Desktop\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
*************************
AdwCleaner[R1].txt - [6085 octets] - [08/11/2012 16:14:02]
AdwCleaner[S2].txt - [6102 octets] - [08/11/2012 16:15:33]
AdwCleaner[S3].txt - [758 octets] - [08/11/2012 16:47:40]
AdwCleaner[S4].txt - [817 octets] - [08/11/2012 16:48:54]
AdwCleaner[S5].txt - [749 octets] - [08/11/2012 17:00:19]
########## EOF - C:\AdwCleaner[S5].txt - [808 octets] ##########
My System SpecsSystem Spec
.

Reply

 Combo fix results- what to do next




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Best Antivirus Combo?
Hi guys, ive been looking for the best protection for my laptop. After some research i found out avast internet security was my best choice but i think its a little heavy for my computer and i heard its better to have separate programs work in their specialty. For example i heard Malwarebytes...
System Security
Combo fix
Why must combofix be renamed before downloading? renamed to what? Thanks
System Security
my combo(CD/DVD Drive) is not working
Hi, I am facing a problem. my CD/DVD Rom is not properly working. When i try to eject CD/DVD drive then it is not responding. When I installed a fresh copy of windows7 then it was working but now not working. please suggest?
Hardware & Devices
Which blu-ray combo drive for around $100?
I'm looking for a blu-ray combo drive that does it all except burn blu-rays (since that generally spikes the price) But need dvd, cd, cdrw etc. I'd like the drives to be as fast as they can, 10x for blu-ray. Also I'd like to stay around $100. What are my options? Any good holiday deals...
Hardware & Devices
CPU/GPU combo chip
Microsoft beats Intel, AMD to market with CPU/GPU combo chip
News
Blu Ray Combo Drive
I found an offer for a new LG UH08LS10 drive for ~$85 shipped, after rebates which I'm considering. I know that the price is good, but I'm wondering how good that particular drive is? Currently, I don't have any Blu Ray disks, so it would only be of future use, and may not get tested in that...
Hardware & Devices


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 02:59.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App