Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Combo fix results- what to do next

08 Nov 2012   #1
88gtblack

32 bit
 
 
Combo fix results- what to do next

ran combofix. had google redirect virus which was undetectable by AVG. so i followed all instructions disabled what needed to be and here are my results
Code:
ComboFix 12-11-08.01 - Fran1 11/08/2012   9:08.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3037.2201 [GMT -5:00]
Running from: c:\users\Fran1\Documents\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Fran1\AppData\Local\chromeupdate.crx
c:\users\Fran1\AppData\Local\Diagnostics\Apps\zljxmsmr.dll
c:\users\Fran1\Documents\~WRD0505.tmp
c:\users\Fran1\g2mdlhlpx.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
D:\install.exe
.
.
(((((((((((((((((((((((((   Files Created from 2012-10-08 to 2012-11-08  )))))))))))))))))))))))))))))))
.
.
2012-11-08 14:12 . 2012-11-08 14:12 -------- d-----w- c:\users\Fran1\AppData\Local\temp
2012-11-08 14:12 . 2012-11-08 14:12 -------- d-----w- c:\users\Default\AppData\Local\temp
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 12:26 . 2012-04-19 16:25 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 12:26 . 2011-06-15 15:22 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-24 19:43 . 2012-08-24 19:43 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-08-24 06:59 . 2012-09-25 07:00 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51 . 2012-09-25 07:00 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51 . 2012-09-25 07:00 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47 . 2012-09-25 07:00 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47 . 2012-09-25 07:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43 . 2012-09-25 07:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-22 17:16 . 2012-09-12 12:18 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16 . 2012-09-12 12:18 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16 . 2012-09-12 12:18 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16 . 2012-09-12 12:18 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 20:12 . 2012-09-26 12:22 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"Nuance PDF Reader-reminder"="c:\program files\Nuance\PDF Reader\Ereg\Ereg.exe" [2010-07-05 333088]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]
S2 OECApplicationUpdaterService;OECApplicationUpdaterService;c:\program files\OEConnection\OEConnection Application Update Service\OECUpdaterService.exe [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [x]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ    HPSLPSVC
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 12:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://start.funmoods.com/?f=1&a=fmtoby&chnl=fmtoby&cd=2XzuyEtN2Y1L1QzutDtDtByE0EzztCtAtD0BtAyBzztC0AyCtN0D0Tzu0CtCzzyCtN1L2XzutBtFtCtFtDtFtAtDtC&cr=585841732
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
Trusted Zone: aahassignments.com
Trusted Zone: adpclaims.com
Trusted Zone: audatex.com
Trusted Zone: audatex.us
Trusted Zone: audatexsolutions.com
Trusted Zone: ewfclaims.com
Trusted Zone: fficassignments.com
Trusted Zone: innovation-connect.com
Trusted Zone: processclaims.com
Trusted Zone: reviewestimates.com
Trusted Zone: stateautoclaims.com
Trusted Zone: theshopofchoice.com
Trusted Zone: vehicleassignments.com
Trusted Zone: viewclaim.com
Trusted Zone: viewclaims.com\www
TCP: DhcpNameServer = 71.250.0.12 71.242.0.12 192.168.1.1
DPF: DownloadClientAccessCab - hxxps://www.processclaims.com/web/cab/DownloadClientAccess.CAB
DPF: {5D357AB9-10EA-49A7-B2EB-B8F07C9E1EF4} - hxxp://shopflow.processclaims.com/ShopFlowWeb/WebResource.axd?d=fjvDQRtC_ENzAM_g94SCJk0uDEB_hceuFygq_Zep73djK86g9HzxvPfzaG0etZY4KJUi9GJM3vi612Tf0hfh2gqInRRFeCUOD-LAAZUPnfmcnkO4dezECvzXIqlTgPR3XKB-ikoQRaS34ZBYNEwPwg2&t=634353844148395395
DPF: {6158155F-A946-4971-894B-BD0779BDAD49} - hxxp://www.autopartsbridge.com/APB_Estimate_Integration.cab
DPF: {6B081705-DB09-4C5C-9CD0-F50AE950AB01} - hxxp://caf.oeconnection.com/applications/collisionlink/shopclient/install.cab
DPF: {7B62F6EE-D046-11D3-9C5E-0060082627F7} - hxxps://securemail.1901market.com/messenger/download/TWDownload.cab
DPF: {7BE42306-D1D2-46C2-840B-4D326DEFED7B} - hxxps://www.audatexsolutions.com/Falcon/PrintCtrl.cab
DPF: {9CD0643B-E2DC-405F-A48B-22878D4A1EED} - hxxps://www.audatexsolutions.com/Falcon/PrintCtrl.cab
DPF: {AE592127-175C-4C7D-865D-4096C07A56C9} - hxxps://www.audatexsolutions.com/Falcon/ExportCtrl.cab
DPF: {BB51318B-8A94-46F9-ACB4-81B508FF8BEB} - hxxps://www.audatexsolutions.com/Falcon/ExportCtrl.cab
DPF: {CD782F6B-E07D-41D0-A4C3-EE375EDF461D} - hxxps://www.audatexsolutions.com/Falcon/ExportCtrl.cab
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Weather - c:\program files\AWS\WeatherBug\Weather.exe
HKCU-Run-SPMTray - c:\program files\PC Speed Maximizer\SPMTray.exe
HKCU-Run-Apps - c:\users\Fran1\AppData\Local\Diagnostics\Apps\zljxmsmr.dll
HKLM-Run-cowisr - c:\users\Fran1\AppData\Roaming\cowisr.dll
HKU-Default-Run-Apps - c:\users\Fran1\AppData\Local\Diagnostics\Apps\zljxmsmr.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-08  09:13:33
ComboFix-quarantined-files.txt  2012-11-08 14:13
.
Pre-Run: 447,165,714,432 bytes free
Post-Run: 447,365,644,288 bytes free
.
- - End Of File - - E67A3C72A0F49A33D4436C841D70A4F4



My System SpecsSystem Spec
08 Nov 2012   #2
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Download AdWareCleaner AdwCleaner Download to your desktop
1.Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
2.Click on Delete button.
3.Confirm each time with OK.
4.Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.
Note: You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
My System SpecsSystem Spec
08 Nov 2012   #3
88gtblack

32 bit
 
 

AdwCleaner v2.007 - Logfile created 11/08/2012 at 17:00:19
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : Fran1 - FRAN
# Boot Mode : Normal
# Running from : C:\Users\Fran1\Desktop\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
*************************
AdwCleaner[R1].txt - [6085 octets] - [08/11/2012 16:14:02]
AdwCleaner[S2].txt - [6102 octets] - [08/11/2012 16:15:33]
AdwCleaner[S3].txt - [758 octets] - [08/11/2012 16:47:40]
AdwCleaner[S4].txt - [817 octets] - [08/11/2012 16:48:54]
AdwCleaner[S5].txt - [749 octets] - [08/11/2012 17:00:19]
########## EOF - C:\AdwCleaner[S5].txt - [808 octets] ##########
My System SpecsSystem Spec
Reply

 Combo fix results- what to do next




Thread Tools



Similar help and support threads for2: Combo fix results- what to do next
Thread Forum
Best Antivirus Combo? System Security
Solved Combo fix System Security
Motherboard/Processor Combo Hardware & Devices
Which blu-ray combo drive for around $100? Hardware & Devices
CPU/GPU combo chip News
Blu Ray Combo Drive Hardware & Devices

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 11:28 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App