Jump to content

juliegabby

Members
  • Posts

    19
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Remove_Temp_Files.txtHKLM_Restore_Default_Permissions_Error_Log.txt_Windows_Repair_Log.txtRepair_WMI.txtRepair_Windows_Updates.txtRepair_Windows_Firewall.txtRepair_Volume_Shadow_Copy_Service.txtRepair_Performance_Counters.txtRepair_Network.txtRepair_MSI_Windows_Installer.txtRepair_Icons.txt Tweaking.com repair logs. backup_info.txt Log_Backup.txt sddl.txt
  2. Still freezes up on facebook WSOP for no apparent reason, only place it does this.. Also ran msert showed around 5 infections during scan but concluded there were none. Thanks. AdwCleaner[C04].txt FRST.txt Addition.txt malwaarebytes scan.txt
  3. I was organizing my desktop on Win 10. Suddenly a file/folder changed or popped up as an laccdb icon with red lock. This is an access database lock file. When I opened it there was an icon for a file that I had to click (in access) that took me to a screen to grant permission, which I did. When I went back to the access file list an icon appeared unkn.pdf.accdb was present. When I clicked it access gave a warning it had active content. I contacted microsoft and some idiot told me to try to open it, and there was nothing in there despite showing a size of around 560k. The lock file on the desktop showed around 64k size. So, suspecting it was a pdf file that was converted into something else I wanted to restore the desktop file to its prior state. Nothing doing, so I downloaded FoxDF Accdb to PDF Converter 3.0. Installing it appeared suspicious in that the installation screens were not crisp appearing and a truncation appeared to occur, so I tried it again. I wanted to get whatever I had back. The FoxPDF converter did not work, and I don't know what it did. Here are my concerns, I have never used access and do not use it, so I did not create a locked database. The reason for locking it is to keep others out of it, in my case the other was me. Today I tried to download Fox PDF Converter again but Malwarebytes blocked it as a Trojan. Don't know why Malwarebytes did not catch it yesterday afternoon. So having deleted it I could not send it to VirusTotal. I request help in (1) correcting whatever payload, system changed and damage occurred from downloadind by Fox ,and (2) recovering whatever data or file or folder was converted to the laccdb icon on my desktop, and (3) if this program harvested data and sent it somewhere where it went. SECOND PROBLEM Lately, whenever on Facebook to play WSOP (free poker game) my computer starts to freeze up and the hard drive goes very fast. This does not happen on Facebook otherwise, and it doesn't happen elsewhere. The only way to cool down the hard drive is to disconnect from the internet, so again it seems someone is hacking while in the play of WSOP to cheat, or is using WSOP in facebook as a method to gain unauthorized access to the computer for other purposes (such as looking for confidential or account information). Also when this happens you lose your WSOP chips and have to buy more. It happens dozens of times per session I've run several scans none of which have detected the cause of this. Help solving these problems would be appreciated.
  4. Problem list: sfc/scannow - comes up with problems it cant fix and files it can't replace;and \Device\HarddiskVolume3\Windows\SysWOW64\drivers\PMEMNT.SYS because file hash could not be found on the system. System very slow to get going. Also constant problem with network adapter lately,, have to run the fix every time. Have run various scans mostly without identifying the problem. There was a backdoor, password cracking and other malware which may or may not have been removed. Would appreciate help getting my system files corrected without losing any data and eliminating all malware. Ran updated Malwarebytes scan. Result.txt
  5. Have attached hijack this log. Has a bunch of entries starting "@" and some ending "file missing" the Spybot scan came up with "no administrator in acl" on the screen shots above. Have not yet figured out where all data may be on computer. If I use the last step you suggested (not done yet) will that wipe out any data or programs? If so will take a few days to get the data and programs backed up elsewhere. Please take a look at the hijack this log and let me know if it is safe to proceed with your last step before backing up data/programs. Thanks Gringo.
  6. Hijack this log may hold some clues lots of entries starting @ and ending file missing. Have not had a chance to back up or do last step yet. Will last step delete data or legit programs?
  7. Did uninstall and reinstall and it still shows 6 physical drive mbs numbered 0,1,2,3,4,5 in its rootkit checker, and then it finds what appears to be some possibly brother printer files and a recovery file all of which it says "no admniistrator in Acl" on its deeper scan. So what shall we do next to get to the rootkits or partitions or whatever it is ? Thanks.
  8. RogueKiller V8.6.2 _x64_ [Jul 2 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : off0810sd [Admin rights] Mode : Scan -- Date : 07/08/2013 10:51:03 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 0 ¤¤¤ ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST3750528AS +++++ --- User --- [MBR] 3bd46e12986a2114733a860ddbe99de6 [bSP] e38d02d105c9fcba0bf7e3d362d6c927 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 12318 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 25309184 | Size: 703045 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_07082013_105103.txt >> RKreport[0]_D_07082013_104313.txt;RKreport[0]_H_07082013_104808.txt;RKreport[0]_S_07082013_104151.txt RKreport[0]_S_07082013_104731.txt;RKreport[0]_S_07082013_104922.txt ------------------------------------------------------------------------ can't find tdskiller report machine is win 7 it showed 3 entries and something called pmem. could not copy and paste from report screen. please advise. spybot still showing numerous mbrs.
  9. when computer boots up it repeatedly flashes files need to be saved to a disc, and also ctrl alt del doesn't always work, locks
  10. ComboFix 13-07-06.03 - off0810sd 07/06/2013 11:09:44.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6109.4840 [GMT -5:00] Running from: c:\users\off0810sd\Downloads\ComboFix.exe AV: Lavasoft Ad-Aware *Disabled/Outdated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7} FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC} SP: Lavasoft Ad-Aware *Disabled/Outdated* {5BB89C30-6480-BC7C-9F17-199BD76F557A} SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\WinPCap c:\program files (x86)\WinPCap\install.log . . ((((((((((((((((((((((((( Files Created from 2013-06-06 to 2013-07-06 ))))))))))))))))))))))))))))))) . . 2013-07-06 16:14 . 2013-07-06 16:14 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-07-02 20:09 . 2013-07-02 20:09 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-07-01 06:08 . 2013-07-01 06:08 -------- d-----w- c:\users\administrator0225\AppData\Local\Microsoft Games 2013-07-01 05:38 . 2013-07-01 05:38 73728 ----a-r- c:\users\administrator0225\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2013-07-01 05:38 . 2013-07-01 05:38 73728 ----a-r- c:\users\administrator0225\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2013-07-01 05:38 . 2013-07-01 05:38 73728 ----a-r- c:\users\administrator0225\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe 2013-07-01 05:38 . 2013-07-01 05:38 -------- d-----w- c:\program files (x86)\Sophos 2013-06-30 23:20 . 2013-06-30 23:20 -------- d-----w- C:\Sophos 2013-06-30 23:13 . 2013-06-17 07:10 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7BE3550D-9058-4A78-B5AE-2555D03C9704}\mpengine.dll 2013-06-30 22:28 . 2013-07-01 05:38 -------- d-----w- c:\programdata\Sophos 2013-06-30 22:26 . 2013-07-01 11:42 -------- d-----w- C:\scss_10 2013-06-30 06:33 . 2013-06-30 06:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-06-30 06:33 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-06-30 05:39 . 2013-06-30 05:39 36680 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2013-06-30 05:22 . 2013-06-30 05:22 -------- d-----w- c:\windows\ERUNT 2013-06-30 05:22 . 2013-07-05 21:21 -------- d-----w- C:\JRT 2013-06-27 03:30 . 2013-02-27 20:37 53248 ----a-w- c:\windows\SysWow64\CSVer.dll 2013-06-27 03:25 . 2013-06-27 03:25 -------- d-----w- c:\program files (x86)\SystemRequirementsLab 2013-06-27 03:24 . 2013-06-27 03:24 -------- d-----w- c:\users\off0810sd\AppData\Roaming\SystemRequirementsLab 2013-06-25 22:54 . 2013-06-25 22:33 106112 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2013-06-25 22:46 . 2013-06-25 22:32 771096 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2013-06-25 22:43 . 2013-06-25 22:34 177680 ----a-w- c:\windows\system32\mfevtps.exe 2013-06-25 22:18 . 2013-06-25 22:48 -------- d-----w- c:\program files\stinger 2013-06-20 01:14 . 2013-06-20 01:14 -------- d-----w- c:\programdata\Trend Micro 2013-06-13 14:48 . 2009-10-20 08:24 724608 ----a-w- c:\windows\system32\bmutil.dll 2013-06-13 14:48 . 2009-10-20 08:24 39552 ----a-w- c:\windows\system32\drivers\tcpipBM.sys 2013-06-13 14:48 . 2009-10-20 08:24 312448 ----a-w- c:\windows\system32\bminstall.dll 2013-06-13 14:48 . 2009-10-20 08:24 16512 ----a-w- c:\windows\system32\drivers\BMLoad.sys 2013-06-13 14:45 . 2013-06-13 08:13 15983616 ----a-w- c:\users\off0810sd\Cricket Broadband Setup-v1.0 (build 1950).msi 2013-06-12 19:47 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll 2013-06-12 19:47 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll 2013-06-12 19:47 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-06-12 19:46 . 2013-06-12 19:46 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared 2013-06-12 19:37 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll 2013-06-12 19:37 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-06-12 19:37 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll 2013-06-12 19:37 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll 2013-06-12 19:31 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe 2013-06-12 19:31 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe 2013-06-12 19:31 . 2013-05-13 05:51 1464320 ----a-w- c:\windows\system32\crypt32.dll 2013-06-12 19:31 . 2013-05-13 05:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2013-06-12 19:31 . 2013-05-13 05:51 139776 ----a-w- c:\windows\system32\cryptnet.dll 2013-06-12 19:31 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll 2013-06-12 19:31 . 2013-05-13 04:45 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2013-06-12 19:31 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll 2013-06-12 19:31 . 2013-05-13 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2013-06-12 19:31 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll 2013-06-12 19:30 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll 2013-06-12 19:30 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll 2013-06-12 18:15 . 2013-06-12 18:15 -------- d-----w- c:\programdata\Symantec 2013-06-12 18:15 . 2013-06-12 20:47 -------- d-----w- c:\programdata\Norton 2013-06-12 17:29 . 2013-06-12 18:07 -------- d-----w- c:\programdata\HitmanPro 2013-06-12 17:14 . 2013-06-12 17:14 -------- d-----w- c:\users\administrator0225\AppData\Local\Google 2013-06-12 17:13 . 2013-06-12 17:13 -------- d-----w- c:\users\administrator0225\AppData\Roaming\ControlCenter4 2013-06-06 17:19 . 2013-06-06 17:44 -------- d-----w- c:\program files (x86)\SmartDraw 2014 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-05 20:47 . 2013-02-26 20:17 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2013-07-05 20:46 . 2013-02-26 20:16 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2013-07-05 20:45 . 2013-02-26 20:13 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2013-07-05 20:45 . 2013-02-28 08:15 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2013-07-04 20:56 . 2013-02-23 10:26 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll 2013-07-04 20:56 . 2013-02-23 10:22 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2013-07-04 20:54 . 2013-02-23 10:14 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2013-07-03 20:43 . 2013-02-23 10:14 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2013-07-02 20:09 . 2013-01-15 04:57 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2013-07-02 20:09 . 2010-07-06 00:23 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-06-12 20:50 . 2010-09-01 15:35 75825640 ----a-w- c:\windows\system32\MRT.exe 2013-06-12 19:20 . 2013-01-14 05:12 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-12 19:20 . 2013-01-14 05:12 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-05-02 07:06 . 2013-01-27 07:03 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-04-13 05:49 . 2013-05-15 20:02 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49 . 2013-05-15 20:02 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49 . 2013-05-15 20:02 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49 . 2013-05-15 20:02 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45 . 2013-05-15 20:02 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45 . 2013-05-15 20:02 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-04-12 14:45 . 2013-04-24 11:24 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-11 16:06 . 2013-02-23 02:27 39504 ----a-w- c:\windows\system32\drivers\gfiark.sys 2013-04-10 06:01 . 2013-05-15 20:02 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-04-10 06:01 . 2013-05-15 20:02 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-04-10 03:30 . 2013-05-15 20:00 3153920 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032] "Akamai NetSession Interface"="c:\users\off0810sd\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X] "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160] "SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176] "ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2012-09-07 143360] "BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2012-06-06 3076096] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . c:\users\administrator0225\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-12-15 1324384] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoDevMgrUpdate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoEncryptOnMove"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDevMgrUpdate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoEncryptOnMove"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "DisableLocalMachineRun"= 0 (0x0) "DisableLocalMachineRunOnce"= 0 (0x0) "DisableCurrentUserRun"= 0 (0x0) "DisableCurrentUserRunOnce"= 0 (0x0) "NoFile"= 0 (0x0) "HideClock"= 0 (0x0) "NoDevMgrUpdate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoEncryptOnMove"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service] @="Ad-Aware Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled] "HPAIO_PrintFolderMgr"=c:\windows\system32\spool\DRIVERS\x64\hpoopm07.exe "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] R3 ATMFFLT;A600 USB Modem Installation CD;c:\windows\system32\DRIVERS\ATMFFLT.sys;c:\windows\SYSNATIVE\DRIVERS\ATMFFLT.sys [x] R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x] R3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x] R3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x] S2 MSSQL$ACCUCHEK360;SQL Server (ACCUCHEK360);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe;c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [x] S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x] S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [x] S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys;c:\windows\SYSNATIVE\DRIVERS\sbapifs.sys [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x] S3 ATMFBUS;A600 USB Composite Device Driver;c:\windows\system32\DRIVERS\ATMFBUS.sys;c:\windows\SYSNATIVE\DRIVERS\ATMFBUS.sys [x] S3 ATMFCVsp;A600 Cricket CM Port;c:\windows\system32\DRIVERS\ATMFCVsp.sys;c:\windows\SYSNATIVE\DRIVERS\ATMFCVsp.sys [x] S3 ATMFMdm;A600 Cricket EVDO Modem;c:\windows\system32\DRIVERS\ATMFMdm.sys;c:\windows\SYSNATIVE\DRIVERS\ATMFMdm.sys [x] S3 ATMFNET;A600 Cricket EVDO Network Adapter;c:\windows\system32\DRIVERS\ATMFNET.sys;c:\windows\SYSNATIVE\DRIVERS\ATMFNET.sys [x] S3 ATMFNVsp;A600 Cricket NMEA Port Serial Port;c:\windows\system32\DRIVERS\ATMFNVsp.sys;c:\windows\SYSNATIVE\DRIVERS\ATMFNVsp.sys [x] S3 ATMFVsp;A600 Cricket Diagnostics Port;c:\windows\system32\DRIVERS\ATMFVsp.sys;c:\windows\SYSNATIVE\DRIVERS\ATMFVsp.sys [x] S3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrSerIb.sys [x] S3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrUsbSIb.sys [x] S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x] S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys;c:\windows\SYSNATIVE\drivers\gfiark.sys [x] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - GFIARK . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-06-25 00:33 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-07-06 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-14 19:20] . 2013-07-05 c:\windows\Tasks\GlaryInitialize.job - c:\program files (x86)\Glary Utilities\initialize.exe [2013-03-10 22:24] . 2013-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-18 06:48] . 2013-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-18 06:48] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-11-14 163360] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-11-14 387616] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-11-14 418336] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\system32\blank.htm IE: Open with PDF Viewer Plus - c:\program files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm Trusted Zone: dell.com TCP: Interfaces\{3ABD7F22-CD3B-4E99-8140-0B60202F52D7}: NameServer = 10.133.20.11 10.132.20.11 . . ------- File Associations ------- . inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1 JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %* txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Notify-SDWinLogon - SDWinLogon.dll HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-07-06 11:16:37 ComboFix-quarantined-files.txt 2013-07-06 16:16 . Pre-Run: 675,702,198,272 bytes free Post-Run: 675,287,203,840 bytes free . - - End Of File - - E62978EDC23431465122B8F20EEEA31E CDB4DE4BBD714F152979DA2DCBEF57EB
  11. It has some type of radio type program running that is broadcasting computer related stories. But I don't have any idea why.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.