charliebean Posted January 11, 2014 ID:776498 Share Posted January 11, 2014 I found a couple older threads in the forum with the same issue I'm having, and they were told to run ComboFix. I've ran it and I need to know where to go from here. I don't know how to interpret the log, so I'll post it. Thank you. ComboFix 14-01-08.03 - user 01/10/2014 18:36:57.1.2 - x64Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2807.1361 [GMT -5:00]Running from: c:\users\user\Downloads\ComboFix.exeSP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..C:\ENDc:\users\user\Documents\~yt8612.tmp..((((((((((((((((((((((((( Files Created from 2013-12-10 to 2014-01-10 )))))))))))))))))))))))))))))))..2014-01-10 23:44 . 2014-01-10 23:44 -------- d-----w- c:\users\Guest\AppData\Local\temp2014-01-10 23:44 . 2014-01-10 23:44 -------- d-----w- c:\users\Guest Account\AppData\Local\temp2014-01-10 23:44 . 2014-01-10 23:44 -------- d-----w- c:\users\Default\AppData\Local\temp2014-01-10 23:36 . 2014-01-10 23:36 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{074C9223-C88C-4D6F-B264-1673545A3146}\offreg.dll2014-01-05 01:08 . 2014-01-05 01:08 -------- d-----w- c:\users\user\AppData\Local\MFAData2014-01-04 02:35 . 2013-11-26 08:35 5769216 ----a-w- c:\windows\system32\jscript9.dll2014-01-04 02:35 . 2013-11-26 08:16 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll2013-12-28 22:48 . 2013-09-20 13:50 348160 ------w- c:\windows\SysWow64\msvcr71.dll2013-12-23 12:08 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe2013-12-23 12:08 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL2013-12-23 12:08 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe2013-12-23 12:08 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL2013-12-23 12:08 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll2013-12-23 12:02 . 2013-12-23 12:02 -------- d-----w- c:\windows\Migration2013-12-23 12:00 . 2013-10-14 23:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE2013-12-23 11:46 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll2013-12-23 11:45 . 2013-10-12 02:30 830464 ----a-w- c:\windows\system32\nshwfp.dll2013-12-14 07:29 . 2013-12-14 07:29 -------- d-----w- c:\users\user\AppData\Local\Apple Computer...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-01-04 02:26 . 2013-03-12 15:06 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2014-01-04 02:26 . 2013-03-12 15:06 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-12-11 17:16 . 2013-12-11 14:55 9272200 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe2013-12-01 19:42 . 2013-04-21 01:43 90708896 ----a-w- c:\windows\system32\MRT.exe2013-11-19 10:21 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Steam"="c:\program files (x86)\Steam\Steam.exe" [2014-01-07 1815464]"Mikogo"="c:\users\user\AppData\Roaming\Mikogo 4\mikogo-host.exe" [2013-04-10 6323016]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]"BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2013-11-08 646744]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"Mikogo"="c:\users\user\AppData\Roaming\Mikogo 4\mikogo-host.exe" [2013-04-10 6323016].c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk - c:\users\user\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe [2013-3-7 248240].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).2;2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x]3;4 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]3;4 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 M4-Service;M4-Service;c:\users\user\AppData\Roaming\Mikogo 4\M4-Service.exe;c:\users\user\AppData\Roaming\Mikogo 4\M4-Service.exe [x]R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe;c:\program files\Tablet\Pen\Pen_Tablet.exe [x]S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe;c:\program files\Tablet\Pen\Pen_TouchService.exe [x]S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [x]S2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe;c:\program files\Tablet\Pen\WTabletServiceCon.exe [x]S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe;c:\program files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [x]S3 bpenum;Intel® WiMAX Link Enumerator;c:\windows\system32\DRIVERS\bpenum.sys;c:\windows\SYSNATIVE\DRIVERS\bpenum.sys [x]S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]S4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]S4 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]S4 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]S4 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]..--- Other Services/Drivers In Memory ---.*Deregistered* - NisDrv.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-01-07 23:49 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.72\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-01-10 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-12 02:26].2014-01-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1704738542-2975121776-925690435-1000Core.job- c:\users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-13 22:35].2014-01-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1704738542-2975121776-925690435-1000UA.job- c:\users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-13 22:35].2014-01-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1704738542-2975121776-925690435-1003Core.job- c:\users\Guest Account\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-19 20:55].2014-01-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1704738542-2975121776-925690435-1003UA.job- c:\users\Guest Account\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-19 20:55].2014-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-25 06:30].2014-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-25 06:30]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-03-07 1445888].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000TCP: DhcpNameServer = 75.75.75.75 75.75.76.76FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\tgdzjid0.default\FF - prefs.js: browser.search.selectedEngine - GoogleFF - ExtSQL: 2013-12-07 03:12; giorgio@gilestro.tk; c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\tgdzjid0.default\extensions\giorgio@gilestro.tk.xpi.- - - - ORPHANS REMOVED - - - -.Wow6432Node-HKCU-Run-iLivid - c:\users\user\AppData\Local\iLivid\iLivid.exeWow6432Node-HKCU-Run-DW7 - c:\program files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exeWow6432Node-HKLM-Run-DivXMediaServer - c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exeHKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2014-01-10 18:48:01ComboFix-quarantined-files.txt 2014-01-10 23:48.Pre-Run: 40,532,475,904 bytes freePost-Run: 49,943,601,152 bytes free.- - End Of File - - F490A51193B703BE7C39DEF28E0B7C03A36C5E4F47E84449FF07ED3517B43A31 Link to post Share on other sites More sharing options...
CarlosTurco Posted January 12, 2014 ID:776995 Share Posted January 12, 2014 Hello charliebean and , Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.Please follow the instructions here and then post your log files in a new reply in this thread:http://forums.malwar...?showtopic=9573 Link to post Share on other sites More sharing options...
CarlosTurco Posted January 15, 2014 ID:778233 Share Posted January 15, 2014 Hi, Do you still need help or can I close this post?? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 16, 2014 Root Admin ID:778621 Share Posted January 16, 2014 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts