[Guitar56]

Greetings geekstogo!

 

I'm a first time poster and not all that computer savvy; but here is what happened and I would like some advice/help on what to do next or do nothing at all...

 

Just bought a newer model Dell Vostro 270 off ebay; got it two days ago. The seller said he reformated and reloaded the Win 7 pro OS and all drivers. The disks/CDs were included with purchase. Initially, the PC worked fine. I could log on to the internet and things were working smooth. The PC had no anti-virus protection so I downloade the free 2014 AVG antivirus (which I was using on my older Win XP machine... which is why I decided to upgrade). I also downloaded the free Foxfire browser because I've heard and read it is better than IE. 

 

So far so good... things working great. Next, I had read about the advantages of additional malware programs along with AVG, so I downloaded the free Malewarebites... this is where the problems started. After I ran the first scan with Malewarebites, it said there were several files that were bad and deleted them; these files were apparently not flagged by AVG. After the reboot, I could not connect to the internet in either Foxfire or IE. The error message said something about the proxy server not accepting/recognizing my log on, or something like that. 

 

Now, irritated and frustrated that I had messed up my new-to-me PC, I started trying to fix the problem. I attempted several "system restore" attempts to no avail. I finally figured out how to disable AVG so I could do the system restore, but it didn't seem to help or the system restore never sucessfully completed.

 

I have a lap top PC that I use sometimes and connected it to my modem, got online and googled the problem about not being able to get on the interned after downloading malewarebites. I read one of the posts that mentioned Combofix and where to download it and how to run it. I downloaded the Combofix on to a flash drive and then run it on my new-to-me PC (that I thought I had ruined) and, that fixed the problem. I can now log on to the internet and it seems to be working like a charm... fast and smooth.

 

After I was able to get back on the internet with my new PC, I ran an AVG scan and it picked up a trogenhorse virus and deleted it. I'm not sure if that was related to the Combofix scan or not. All I know is that my PC seems to be working fine at the moment.

 

After that wordy background (sorry about that:-) here are my questions... What do I do now? Why did this happen when I downloaded malewarebites and ran the malewarebites scan? Do I just leave well enough alone? Should I uninstall the Combofix program and related files? I can post the Combofix report if you think it would help...

 

Thanks so much for any assistance!

 

Guitar56

 

P.S. I forgot to mention that in the process of trying to fix the problem that Malewarebites apparently created, I uninstalled Malewarebites. Don't think I want to download it agian either... for now.

Edited by Guitar56, 11 April 2014 - 10:55 AM.

[Advertisements]

Okay, I may have posted this in the wrong forum... thing is, Geekstogo will not allow me to start a new thread in the other forums.

 

Maybe someone here can help anyway.

 

Thanks!

 

Guitar56

[Guitar56]

Okay, I may have posted this in the wrong forum... thing is, Geekstogo will not allow me to start a new thread in the other forums.

 

Maybe someone here can help anyway.

 

Thanks!

 

Guitar56

[SleepyDude]

Hello Guitar56

 

First a word of WARNING: ComboFix its a very powerful and dangerous tool and should not be run on your own. CF should be used only when requested by a trained Anti-Malware helper.

 

Can you please post the Combofix log?

 

Thanks.

[Guitar56]

Hello and thanks for the welcome!

 

Okay, I will try to post the Combofix log here. Thing is, it is still a mystery why I could not log on to the internet after running the malewarebits scan. Whatever happened, combofix fixed it and I could once again log on to the internet. My AVG antivirus says I have no known threats... but I still don't know what happened and why.

 

Here is the log... (Thanks!)

 

ComboFix 14-04-09.02 - Temp 04/10/2014  21:49:31.2.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3968.2623 [GMT -4:00]
Running from: E:\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\END
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-11 to 2014-04-11  )))))))))))))))))))))))))))))))
.
.
2014-04-11 01:51 . 2014-04-11 01:51    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-04-10 21:45 . 2014-04-10 22:37    119512    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-10 21:45 . 2014-04-11 03:58    --------    d-----w-    c:\programdata\Malwarebytes
2014-04-10 03:36 . 2013-05-10 05:56    12625920    ----a-w-    c:\windows\system32\wmploc.DLL
2014-04-10 03:36 . 2013-05-10 04:56    12625408    ----a-w-    c:\windows\SysWow64\wmploc.DLL
2014-04-10 03:36 . 2013-05-10 04:30    167424    ----a-w-    c:\program files\Windows Media Player\wmplayer.exe
2014-04-10 03:36 . 2013-05-10 03:48    164864    ----a-w-    c:\program files (x86)\Windows Media Player\wmplayer.exe
2014-04-10 03:36 . 2013-05-10 05:56    14631424    ----a-w-    c:\windows\system32\wmp.dll
2014-04-10 03:20 . 2012-07-26 04:47    2560    ----a-w-    c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2014-04-10 03:08 . 2012-07-26 02:26    87040    ----a-w-    c:\windows\system32\drivers\WUDFPf.sys
2014-04-10 03:08 . 2012-07-26 02:26    198656    ----a-w-    c:\windows\system32\drivers\WUDFRd.sys
2014-04-10 03:08 . 2012-07-26 03:08    229888    ----a-w-    c:\windows\system32\WUDFHost.exe
2014-04-10 03:08 . 2012-07-26 03:08    84992    ----a-w-    c:\windows\system32\WUDFSvc.dll
2014-04-10 03:08 . 2012-07-26 03:08    744448    ----a-w-    c:\windows\system32\WUDFx.dll
2014-04-10 03:08 . 2012-07-26 03:08    45056    ----a-w-    c:\windows\system32\WUDFCoinstaller.dll
2014-04-10 03:08 . 2012-07-26 03:08    194048    ----a-w-    c:\windows\system32\WUDFPlatform.dll
2014-04-10 03:05 . 2012-03-01 06:46    23408    ----a-w-    c:\windows\system32\drivers\fs_rec.sys
2014-04-10 03:05 . 2012-03-01 06:28    5120    ----a-w-    c:\windows\system32\wmi.dll
2014-04-10 03:05 . 2012-03-01 05:29    5120    ----a-w-    c:\windows\SysWow64\wmi.dll
2014-04-10 03:03 . 2014-04-10 03:03    --------    d-----w-    c:\users\Default\AppData\Local\Microsoft Help
2014-04-10 02:27 . 2014-04-10 02:27    70832    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-10 02:27 . 2014-04-10 02:27    692400    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-10 02:27 . 2014-04-11 00:42    --------    d-----w-    c:\windows\system32\Macromed
2014-04-10 02:27 . 2014-04-11 00:42    --------    d-----w-    c:\windows\SysWow64\Macromed
2014-04-10 02:00 . 2014-04-11 00:42    --------    d-----w-    c:\program files (x86)\Microsoft Works
2014-04-10 02:00 . 2014-04-11 00:42    --------    d-----w-    c:\program files (x86)\Microsoft.NET
2014-04-10 02:00 . 2014-04-10 02:00    --------    d-----w-    c:\windows\PCHEALTH
2014-04-10 01:58 . 2014-04-11 03:58    --------    d-----w-    c:\program files\Microsoft Office
2014-04-10 01:58 . 2014-04-11 00:42    --------    d-----w-    c:\program files (x86)\Microsoft Visual Studio 8
2014-04-10 01:57 . 2014-04-11 00:42    --------    d-----w-    c:\programdata\Microsoft Help
2014-04-10 01:57 . 2014-04-11 03:57    --------    d-----r-    C:\MSOCache
2014-04-10 01:41 . 2014-04-11 04:05    --------    d-----w-    c:\program files\Common Files\EPSON
2014-04-10 01:40 . 2014-04-10 01:40    --------    d-----w-    c:\program files (x86)\Epson America Inc
2014-04-10 01:40 . 2014-04-11 00:42    --------    d-----w-    c:\program files (x86)\Common Files\InstallShield
2014-04-10 01:40 . 2014-04-11 03:58    --------    d-----w-    c:\program files\EPSON
2014-04-10 01:40 . 2008-11-11 14:00    118784    ----a-w-    c:\windows\system32\E_ILMHLA.DLL
2014-04-10 01:39 . 2009-09-30 14:01    88064    ----a-w-    c:\windows\system32\E_IBCBHLA.DLL
2014-04-10 01:39 . 2014-04-11 03:58    --------    d-----w-    c:\programdata\EPSON
2014-04-10 01:39 . 2014-04-11 03:57    --------    d-----w-    c:\program files (x86)\Epson Software
2014-04-10 01:38 . 2009-12-09 07:00    464384    ----a-w-    c:\windows\system32\esxw2ud.dll
2014-04-10 01:38 . 2009-10-16 07:00    13824    ----a-w-    c:\windows\system32\esxcdev.dll
2014-04-10 01:38 . 2009-10-16 07:00    132560    ----a-w-    c:\windows\system32\esdevapp.exe
2014-04-10 01:38 . 2014-04-11 03:57    --------    d-----w-    c:\program files (x86)\epson
2014-04-10 00:33 . 2014-02-24 02:34    9074688    ----a-w-    c:\windows\system32\mshtml.dll
2014-04-10 00:32 . 2013-09-28 01:09    497152    ----a-w-    c:\windows\system32\drivers\afd.sys
2014-04-10 00:31 . 2013-06-25 22:55    785624    ----a-w-    c:\windows\system32\drivers\Wdf01000.sys
2014-04-10 00:30 . 2011-04-29 03:06    467456    ----a-w-    c:\windows\system32\drivers\srv.sys
2014-04-10 00:29 . 2013-08-29 02:17    5549504    ----a-w-    c:\windows\system32\ntoskrnl.exe
2014-04-10 00:28 . 2012-06-16 05:15    911360    ----a-w-    c:\windows\system32\jscript.dll
2014-04-10 00:27 . 2014-01-24 02:37    1684928    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2014-04-10 00:16 . 2011-11-19 14:58    77312    ----a-w-    c:\windows\system32\packager.dll
2014-04-10 00:16 . 2011-11-19 14:01    67072    ----a-w-    c:\windows\SysWow64\packager.dll
2014-04-10 00:10 . 2012-02-17 06:38    1031680    ----a-w-    c:\windows\system32\rdpcore.dll
2014-04-10 00:10 . 2012-02-17 05:34    826880    ----a-w-    c:\windows\SysWow64\rdpcore.dll
2014-04-10 00:10 . 2012-02-17 04:57    23552    ----a-w-    c:\windows\system32\drivers\tdtcp.sys
2014-04-10 00:06 . 2012-06-02 22:19    2428952    ----a-w-    c:\windows\system32\wuaueng.dll
2014-04-10 00:06 . 2012-06-02 22:19    57880    ----a-w-    c:\windows\system32\wuauclt.exe
2014-04-10 00:06 . 2012-06-02 22:19    44056    ----a-w-    c:\windows\system32\wups2.dll
2014-04-10 00:06 . 2012-06-02 22:15    2622464    ----a-w-    c:\windows\system32\wucltux.dll
2014-04-10 00:06 . 2012-06-02 22:19    38424    ----a-w-    c:\windows\system32\wups.dll
2014-04-10 00:06 . 2012-06-02 22:19    701976    ----a-w-    c:\windows\system32\wuapi.dll
2014-04-10 00:06 . 2012-06-02 22:15    99840    ----a-w-    c:\windows\system32\wudriver.dll
2014-04-10 00:06 . 2012-06-02 22:19    186752    ----a-w-    c:\windows\system32\wuwebv.dll
2014-04-10 00:06 . 2012-06-02 22:15    36864    ----a-w-    c:\windows\system32\wuapp.exe
2014-04-09 23:50 . 2014-04-11 00:42    --------    d-----w-    c:\program files (x86)\File Type Helper
2014-04-09 23:22 . 2014-04-11 04:05    --------    d-----w-    c:\programdata\AVG2014
2014-04-09 23:22 . 2014-04-09 23:22    --------    d-----w-    C:\$AVG
2014-04-09 23:22 . 2014-04-11 03:57    --------    d-----w-    c:\program files (x86)\AVG
2014-04-09 23:16 . 2014-04-11 00:42    --------    d-----w-    c:\programdata\MFAData
2014-04-09 23:16 . 2014-04-09 23:16    --------    d--h--w-    c:\programdata\Common Files
2014-04-02 02:24 . 2014-04-02 01:29    --------    d-----w-    c:\windows\Panther
2014-04-02 02:23 . 2014-04-02 02:23    --------    d-----w-    C:\Hotfix
2014-04-02 02:23 . 2014-04-02 02:23    --------    d-----w-    C:\Drivers
2014-04-02 02:23 . 2014-04-02 01:28    --------    d-----w-    c:\windows\system32\OEM
2014-04-02 01:46 . 2011-08-24 04:57    74272    ----a-w-    c:\windows\system32\RtNicProp64.dll
2014-04-02 01:46 . 2011-08-24 04:57    565352    ----a-w-    c:\windows\system32\drivers\Rt64win7.sys
2014-04-02 01:46 . 2011-08-24 04:57    107552    ----a-w-    c:\windows\system32\RTNUninst64.dll
2014-04-02 01:46 . 2014-04-11 03:58    --------    d-----w-    c:\program files (x86)\Realtek
2014-04-02 01:41 . 2014-04-11 03:57    --------    d-----w-    c:\program files (x86)\Cisco
2014-04-02 01:41 . 2014-04-11 04:05    --------    d-----w-    c:\program files (x86)\Dell Wireless
2014-04-02 01:41 . 2014-04-02 01:41    --------    d-----w-    c:\windows\system32\nn-NO
2014-04-02 01:41 . 2011-11-29 16:52    60416    ----a-w-    c:\windows\system32\athihvui.dll
2014-04-02 01:41 . 2011-11-29 16:51    439808    ----a-w-    c:\windows\system32\athihvs.dll
2014-04-02 01:41 . 2011-11-23 06:13    2796544    ----a-w-    c:\windows\system32\drivers\athrx.sys
2014-04-02 01:41 . 2011-11-23 06:13    2796544    ----a-w-    c:\windows\system32\athrx.sys
2014-04-02 01:40 . 2014-04-02 01:41    --------    d-----w-    c:\programdata\Dell
2014-04-02 01:40 . 2012-02-17 08:31    41984    ----a-w-    c:\windows\system32\drivers\USB3Ver.dll
2014-04-02 01:39 . 2014-04-11 00:42    --------    d--h--w-    c:\program files (x86)\InstallShield Installation Information
2014-04-02 01:39 . 2012-01-27 09:39    787736    ----a-w-    c:\windows\system32\drivers\iusb3xhc.sys
2014-04-02 01:39 . 2012-01-27 09:39    356120    ----a-w-    c:\windows\system32\drivers\iusb3hub.sys
2014-04-02 01:39 . 2012-01-27 09:39    16152    ----a-w-    c:\windows\system32\drivers\iusb3hcs.sys
2014-04-02 01:39 . 2009-07-14 21:21    1721576    ----a-w-    c:\windows\system32\WdfCoInstaller01009.dll
2014-04-02 01:39 . 2011-12-16 17:40    15128    ----a-w-    c:\windows\system32\drivers\IntelMEFWVer.dll
2014-04-02 01:39 . 2014-04-02 01:39    --------    d-----w-    c:\programdata\Intel
2014-04-02 01:39 . 2014-04-11 03:58    --------    d-----w-    c:\program files\Intel
2014-04-02 01:39 . 2014-04-11 00:42    --------    d-sh--w-    c:\windows\Installer
2014-04-02 01:39 . 2014-04-11 03:57    --------    d-----w-    c:\program files (x86)\Common Files\postureAgent
2014-04-02 01:39 . 2011-11-10 08:04    60184    ----a-w-    c:\windows\system32\drivers\HECIx64.sys
2014-04-02 01:38 . 2011-12-06 22:55    53248    ----a-w-    c:\windows\SysWow64\CSVer.dll
2014-04-02 01:36 . 2014-04-11 03:58    --------    d-----w-    c:\program files\Common Files\Intel
2014-04-02 01:36 . 2014-04-11 03:57    --------    d-----w-    c:\program files (x86)\Common Files\Intel
2014-04-02 01:36 . 2014-04-11 03:57    --------    d-----w-    c:\program files (x86)\Intel
2014-04-02 01:36 . 2014-04-02 01:36    --------    d-----w-    C:\Intel
2014-04-02 01:31 . 2014-04-11 03:58    --------    d-----w-    c:\program files\CONEXANT
2014-04-02 01:31 . 2011-08-31 18:53    530048    ----a-w-    c:\windows\system32\UCI64A84.dll
2014-04-02 01:31 . 2011-12-14 21:40    1568384    ----a-w-    c:\windows\system32\CX64AP53.dll
2014-04-02 01:31 . 2011-11-29 17:07    1577600    ----a-w-    c:\windows\system32\drivers\CHDRT64.sys
2014-04-02 01:31 . 2014-04-11 03:57    --------    d-----w-    C:\Dell
2014-04-02 01:29 . 2014-04-11 00:42    --------    d-----w-    c:\users\Temp
2014-04-02 01:29 . 2014-04-02 01:29    --------    d-----w-    C:\Recovery
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-04 09:17 . 2014-04-10 00:28    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-17 291608]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-03-20 4971024]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
.
c:\users\Temp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Epson all-in-one Registration.lnk - c:\users\Temp\AppData\Roaming\Leadertech\PowerRegister\Epson all-in-one Registration.exe /remind /language=ENU /PRNM="01024" /PRIN="all-in-one" [2011-3-22 2561024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 CxUtilSvc;CxUtilSvc;c:\program files\Conexant\SA3\CxUtilSvc.exe;c:\program files\Conexant\SA3\CxUtilSvc.exe [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUDFPF
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-10 02:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-12-15 564352]
"SmartAudio"="c:\program files\CONEXANT\SA3\SACpl.exe" [2011-09-09 1628288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-12-22 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-12-22 398104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-12-22 440600]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-12-20 11406608]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
uInternet Settings,ProxyServer = http=127.0.0.1:49204;https=127.0.0.1:49204;
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1 205.152.37.23
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-04-10  21:52:49
ComboFix-quarantined-files.txt  2014-04-11 01:52
.
Pre-Run: 445,631,696,896 bytes free
Post-Run: 445,509,787,648 bytes free
.
- - End Of File - - 579A210916D3948952E7913B3D91FAD5
A36C5E4F47E84449FF07ED3517B43A31

[SleepyDude]

Hi,

 

Can you open the folder c:\Qoobox and attach all the files  combofix*.txt and ComboFix-quarantined-files.txt inside?

[Guitar56]

Thanks for the reply, SleepyDude!

 

I'm at work now, but I will be back home in a few hours... I will try to copy and paste the files you requested. Since I'm not as computer savvy as I'd like to be, what is the best way to do this? The files search function?

 

Thanks!

 

G56

[SleepyDude]

Thanks for the reply, SleepyDude!

 

I'm at work now, but I will be back home in a few hours... I will try to copy and paste the files you requested. Since I'm not as computer savvy as I'd like to be, what is the best way to do this? The files search function?

 

Thanks!

 

G56

 

Hi,

 

No problem take your time.

 

To locate the files simply open the C: Drive, using the My Computer icon then locate the Qoobox folder and open it, inside you will see the files that I mentioned.

[Guitar56]

Okay, here are files in the "ComboFix-quarantined-files.txt" folder.

 

2014-04-11 01:43:49 . 2014-04-11 01:50:58            5,190 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2014-04-11 01:41:16 . 2014-04-11 01:49:02              102 ----a-w-  C:\Qoobox\Quarantine\catchme.log
2014-04-09 23:50:44 . 2014-04-09 23:50:47                2 ----a-w-  C:\Qoobox\Quarantine\C\END.vir

 

I do not see a sub-folder called "combofix*.txt" in the C:\Qoobox folder. I tried to post a screenshot of the contents of the C:\Qoobox folder but the post window would not allow it...

 

Here are contents of the C:\Qoobox folder:

 

Folder: BackEnv

Folder: Quarantine

Txt: Add-Remove Programs

Txt: Combofox Quarantine files

 

Here are the contents of the Quarantine folder in C:\Qoobox:

Folder: C

Folder: Registry_backups

Txt:Catchme

File: MBR_hardisk0.mbr

 

What next?

 

Thanks!!

 

G56

[Guitar56]

Hey SleepyDude, I want to thank you for your assistance...

 

Since the computer was new-to-me and I had not transfered my personal files/data yet, and since I had the original Windows 7 reinstall disk and drivers CD, I decided to wipe the hard drive and start over with a clean install of the OS. I had to get up the courage to do it since I had never done it before, but there were some good YT videos and instructions on the web. The process went okay, but the drivers CD was not a "plug-n-play" and I had to manually install each of the drivers from the CD to the computer. Maybe this is normal, I don't know.

 

Anyway, I feel more confident about the safety and security of the machine. I've read that some stubborn viruses and trojans can survive a hdd reformat, but it seems to be clean at the moment. I decided to download the latest edition of Microsoft Security Eccentials antivirus instead of AVG. And, although I haven't done it yet, I plan to download and run the Malewarebites program again (even though that is what started the issues before).

 

I do have another question though... someone else told me that Foxfire could possibly infect a PC with viruses/trojans; is this true? I wouldn't think so, but you never know in this day and time.

 

If the moderators choose, they can lock/close this thread.

 

Thanks again Geekstogo!!!!

 

G56

[SleepyDude]

Hi,
 
Sorry for my late reply.
 
Based in the logs you provided most likely Malwarebytes removed some malware and it didn't damage you internet connection. The problem is that some malware make changes to windows settings and when the AV programs remove them they usually don't restore the changed windows settings leaving you with all sort of problems. It seems Combofix identified some bad changes on the TCP/IP configuration (the protocol used to access internet)  and automatically remove them for you.
 
About the Antivirus program you choose, Microsoft publicly admitted that Microsoft Security Essentials will only provide basic protection... we at GeeksToGo recommend Avast Antivirus Free instead because it provides a more high protection level. Avast is free but you need to register by providing a valid e-mail address to activate the program, and repeat this process every year and carefully choose the free version.

 

I don't know Foxfire do you mean Firefox?

Firefox is considered a secure browser and is the one I use, it allows you to add extra features using Add-ons, get it from the link above.

[Guitar56]

Thanks again, SleepyDude!

 

Yes, I will uninstall the MSSE antivirus and install Avast, per your recommendation. And, I think you probably hit the nail on the head, (as we say here in the south) regarding the issues with my PC. :-) I hope I can uninstall the MSSE antivirus without it leaving a lot of bits and pieces of files hanging around. Wish I had downloaded the Avast first. (And, yes, I meant FireFox and not FoxFire... it's early yet:-)

 

Thanks agian! Geekstogo is great! :-)

 

G56

Edited by Guitar56, 16 April 2014 - 06:46 AM.

[SleepyDude]

Thanks again, SleepyDude!
 
Yes, I will uninstall the MSSE antivirus and install Avast, per your recommendation. And, I think you probably hit the nail on the head, (as we say here in the south) regarding the issues with my PC. :-) I hope I can uninstall the MSSE antivirus without it leaving a lot of bits and pieces of files hanging around. Wish I had downloaded the Avast first. (And, yes, I meant FireFox and not FoxFire... it's early yet:-)

 
Usually MSSE antivirus will not leave pieces around. Let me know if you have any trouble removing it.
 

Thanks agian! Geekstogo is great! :-)

 

Thanks, you're welcome.