Jump to content

charliebean

Members
  • Posts

    1
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I found a couple older threads in the forum with the same issue I'm having, and they were told to run ComboFix. I've ran it and I need to know where to go from here. I don't know how to interpret the log, so I'll post it. Thank you. ComboFix 14-01-08.03 - user 01/10/2014 18:36:57.1.2 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2807.1361 [GMT -5:00] Running from: c:\users\user\Downloads\ComboFix.exe SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\END c:\users\user\Documents\~yt8612.tmp . . ((((((((((((((((((((((((( Files Created from 2013-12-10 to 2014-01-10 ))))))))))))))))))))))))))))))) . . 2014-01-10 23:44 . 2014-01-10 23:44 -------- d-----w- c:\users\Guest\AppData\Local\temp 2014-01-10 23:44 . 2014-01-10 23:44 -------- d-----w- c:\users\Guest Account\AppData\Local\temp 2014-01-10 23:44 . 2014-01-10 23:44 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-01-10 23:36 . 2014-01-10 23:36 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{074C9223-C88C-4D6F-B264-1673545A3146}\offreg.dll 2014-01-05 01:08 . 2014-01-05 01:08 -------- d-----w- c:\users\user\AppData\Local\MFAData 2014-01-04 02:35 . 2013-11-26 08:35 5769216 ----a-w- c:\windows\system32\jscript9.dll 2014-01-04 02:35 . 2013-11-26 08:16 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll 2013-12-28 22:48 . 2013-09-20 13:50 348160 ------w- c:\windows\SysWow64\msvcr71.dll 2013-12-23 12:08 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe 2013-12-23 12:08 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL 2013-12-23 12:08 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe 2013-12-23 12:08 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL 2013-12-23 12:08 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll 2013-12-23 12:02 . 2013-12-23 12:02 -------- d-----w- c:\windows\Migration 2013-12-23 12:00 . 2013-10-14 23:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE 2013-12-23 11:46 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll 2013-12-23 11:45 . 2013-10-12 02:30 830464 ----a-w- c:\windows\system32\nshwfp.dll 2013-12-14 07:29 . 2013-12-14 07:29 -------- d-----w- c:\users\user\AppData\Local\Apple Computer . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-01-04 02:26 . 2013-03-12 15:06 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-01-04 02:26 . 2013-03-12 15:06 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-12-11 17:16 . 2013-12-11 14:55 9272200 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2013-12-01 19:42 . 2013-04-21 01:43 90708896 ----a-w- c:\windows\system32\MRT.exe 2013-11-19 10:21 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2014-01-07 1815464] "Mikogo"="c:\users\user\AppData\Roaming\Mikogo 4\mikogo-host.exe" [2013-04-10 6323016] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888] "BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2013-11-08 646744] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Mikogo"="c:\users\user\AppData\Roaming\Mikogo 4\mikogo-host.exe" [2013-04-10 6323016] . c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Facebook Messenger.lnk - c:\users\user\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe [2013-3-7 248240] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . 2;2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x] 3;4 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x] 3;4 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 M4-Service;M4-Service;c:\users\user\AppData\Roaming\Mikogo 4\M4-Service.exe;c:\users\user\AppData\Roaming\Mikogo 4\M4-Service.exe [x] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x] R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x] R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x] S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe;c:\program files\Tablet\Pen\Pen_Tablet.exe [x] S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe;c:\program files\Tablet\Pen\Pen_TouchService.exe [x] S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [x] S2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe;c:\program files\Tablet\Pen\WTabletServiceCon.exe [x] S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe;c:\program files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [x] S3 bpenum;Intel® WiMAX Link Enumerator;c:\windows\system32\DRIVERS\bpenum.sys;c:\windows\SYSNATIVE\DRIVERS\bpenum.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x] S4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x] S4 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x] S4 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x] S4 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x] . . --- Other Services/Drivers In Memory --- . *Deregistered* - NisDrv . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-01-07 23:49 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.72\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-01-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-12 02:26] . 2014-01-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1704738542-2975121776-925690435-1000Core.job - c:\users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-13 22:35] . 2014-01-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1704738542-2975121776-925690435-1000UA.job - c:\users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-13 22:35] . 2014-01-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1704738542-2975121776-925690435-1003Core.job - c:\users\Guest Account\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-19 20:55] . 2014-01-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1704738542-2975121776-925690435-1003UA.job - c:\users\Guest Account\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-19 20:55] . 2014-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-25 06:30] . 2014-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-25 06:30] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560] "IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-03-07 1445888] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\tgdzjid0.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - ExtSQL: 2013-12-07 03:12; giorgio@gilestro.tk; c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\tgdzjid0.default\extensions\giorgio@gilestro.tk.xpi . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-iLivid - c:\users\user\AppData\Local\iLivid\iLivid.exe Wow6432Node-HKCU-Run-DW7 - c:\program files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe Wow6432Node-HKLM-Run-DivXMediaServer - c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2014-01-10 18:48:01 ComboFix-quarantined-files.txt 2014-01-10 23:48 . Pre-Run: 40,532,475,904 bytes free Post-Run: 49,943,601,152 bytes free . - - End Of File - - F490A51193B703BE7C39DEF28E0B7C03 A36C5E4F47E84449FF07ED3517B43A31
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.