Scans shut down my computer

charliebean · January 11, 2014

I found a couple older threads in the forum with the same issue I'm having, and they were told to run ComboFix. I've ran it and I need to know where to go from here. I don't know how to interpret the log, so I'll post it. Thank you.

ComboFix 14-01-08.03 - user 01/10/2014 18:36:57.1.2 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2807.1361 [GMT -5:00]

Running from: c:\users\user\Downloads\ComboFix.exe

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\END

c:\users\user\Documents\~yt8612.tmp

.

((((((((((((((((((((((((( Files Created from 2013-12-10 to 2014-01-10 )))))))))))))))))))))))))))))))

.

2014-01-10 23:44 . 2014-01-10 23:44 -------- d-----w- c:\users\Guest\AppData\Local\temp

2014-01-10 23:44 . 2014-01-10 23:44 -------- d-----w- c:\users\Guest Account\AppData\Local\temp

2014-01-10 23:44 . 2014-01-10 23:44 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-01-10 23:36 . 2014-01-10 23:36 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{074C9223-C88C-4D6F-B264-1673545A3146}\offreg.dll

2014-01-05 01:08 . 2014-01-05 01:08 -------- d-----w- c:\users\user\AppData\Local\MFAData

2014-01-04 02:35 . 2013-11-26 08:35 5769216 ----a-w- c:\windows\system32\jscript9.dll

2014-01-04 02:35 . 2013-11-26 08:16 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll

2013-12-28 22:48 . 2013-09-20 13:50 348160 ------w- c:\windows\SysWow64\msvcr71.dll

2013-12-23 12:08 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe

2013-12-23 12:08 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL

2013-12-23 12:08 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe

2013-12-23 12:08 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL

2013-12-23 12:08 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll

2013-12-23 12:02 . 2013-12-23 12:02 -------- d-----w- c:\windows\Migration

2013-12-23 12:00 . 2013-10-14 23:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE

2013-12-23 11:46 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll

2013-12-23 11:45 . 2013-10-12 02:30 830464 ----a-w- c:\windows\system32\nshwfp.dll

2013-12-14 07:29 . 2013-12-14 07:29 -------- d-----w- c:\users\user\AppData\Local\Apple Computer

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-01-04 02:26 . 2013-03-12 15:06 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-01-04 02:26 . 2013-03-12 15:06 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-12-11 17:16 . 2013-12-11 14:55 9272200 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2013-12-01 19:42 . 2013-04-21 01:43 90708896 ----a-w- c:\windows\system32\MRT.exe

2013-11-19 10:21 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2014-01-07 1815464]

"Mikogo"="c:\users\user\AppData\Roaming\Mikogo 4\mikogo-host.exe" [2013-04-10 6323016]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]

"BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2013-11-08 646744]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Mikogo"="c:\users\user\AppData\Roaming\Mikogo 4\mikogo-host.exe" [2013-04-10 6323016]

.

c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Facebook Messenger.lnk - c:\users\user\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe [2013-3-7 248240]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

2;2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x]

3;4 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]

3;4 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 M4-Service;M4-Service;c:\users\user\AppData\Roaming\Mikogo 4\M4-Service.exe;c:\users\user\AppData\Roaming\Mikogo 4\M4-Service.exe [x]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]

R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]

R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]

R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]

S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe;c:\program files\Tablet\Pen\Pen_Tablet.exe [x]

S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe;c:\program files\Tablet\Pen\Pen_TouchService.exe [x]

S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [x]

S2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe;c:\program files\Tablet\Pen\WTabletServiceCon.exe [x]

S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe;c:\program files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [x]

S3 bpenum;Intel® WiMAX Link Enumerator;c:\windows\system32\DRIVERS\bpenum.sys;c:\windows\SYSNATIVE\DRIVERS\bpenum.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]

S4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]

S4 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]

S4 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]

S4 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - NisDrv

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-01-07 23:49 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.72\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-01-10 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-12 02:26]

.

2014-01-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1704738542-2975121776-925690435-1000Core.job

- c:\users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-13 22:35]

.

2014-01-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1704738542-2975121776-925690435-1000UA.job

- c:\users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-13 22:35]

.

2014-01-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1704738542-2975121776-925690435-1003Core.job

- c:\users\Guest Account\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-19 20:55]

.

2014-01-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1704738542-2975121776-925690435-1003UA.job

- c:\users\Guest Account\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-19 20:55]

.

2014-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-25 06:30]

.

2014-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-25 06:30]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]

"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-03-07 1445888]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\tgdzjid0.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - ExtSQL: 2013-12-07 03:12; giorgio@gilestro.tk; c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\tgdzjid0.default\extensions\giorgio@gilestro.tk.xpi

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-iLivid - c:\users\user\AppData\Local\iLivid\iLivid.exe

Wow6432Node-HKCU-Run-DW7 - c:\program files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe

Wow6432Node-HKLM-Run-DivXMediaServer - c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2014-01-10 18:48:01

ComboFix-quarantined-files.txt 2014-01-10 23:48

.

Pre-Run: 40,532,475,904 bytes free

Post-Run: 49,943,601,152 bytes free

.

- - End Of File - - F490A51193B703BE7C39DEF28E0B7C03

A36C5E4F47E84449FF07ED3517B43A31

CarlosTurco · January 12, 2014

Hello charliebean and :welcome: ,

Please note:

If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Please follow the instructions here and then post your log files in a new reply in this thread:
http://forums.malwar...?showtopic=9573

CarlosTurco · January 15, 2014

Hi,

Do you still need help or can I close this post??

AdvancedSetup · January 16, 2014

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Sign In

Scans shut down my computer

Recommended Posts

charliebean

Link to post

Share on other sites

CarlosTurco

Link to post

Share on other sites

CarlosTurco

Link to post

Share on other sites

AdvancedSetup

Link to post

Share on other sites

Recently Browsing 0 members

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information