Jump to content

Dovahkiin

Members
  • Posts

    5
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Okay, after one more scan, it SEEMS this computer is clean. Here is the latest log: Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8235 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 11/27/2011 12:17:21 AM mbam-log-2011-11-27 (00-17-21).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 343693 Time elapsed: 37 minute(s), 35 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  2. Okay thank you for all your help Mr. C. Here is the latest MBAM log. Somehow another file was infected but MBAM quarantined and deleted it. About to run another scan to see if it's gone for good. Here's the MBAM log: ComboFix 11-11-26.04 - Kim 11/26/2011 22:51:34.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.2407 [GMT -5:00] Running from: c:\users\Kim\Desktop\ComboFix.exe Command switches used :: c:\users\Kim\Desktop\CFScript.txt AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: PC Tools Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F} SP: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\SysWow64\iWY8u4QD.com" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Kim\AppData\Roaming\9102F c:\users\Kim\AppData\Roaming\a7fE9gTZqY c:\users\Kim\AppData\Roaming\bZqjYCwkIrO c:\users\Kim\AppData\Roaming\CE091 c:\users\Kim\AppData\Roaming\CE091\102F.E09 c:\users\Kim\AppData\Roaming\cS11iibD3 c:\users\Kim\AppData\Roaming\cTTXXwjjUClIBzN c:\users\Kim\AppData\Roaming\cTTXXwjjUClIBzN\AV Security 2012.ico c:\users\Kim\AppData\Roaming\eTTXqjjUCekIrzN c:\users\Kim\AppData\Roaming\eTTXqjjUCekIrzN\AV Security 2012.ico c:\users\Kim\AppData\Roaming\IaQH6sWK7 c:\users\Kim\AppData\Roaming\IeeelOOBt c:\users\Kim\AppData\Roaming\j2oobbF3pm c:\users\Kim\AppData\Roaming\JG55ssQJ6dEKfR9 c:\users\Kim\AppData\Roaming\OUVelOBtz0c1v2n c:\users\Kim\AppData\Roaming\oVrzONtxAuS c:\users\Kim\AppData\Roaming\qWWWJ77fEL8gZqY c:\users\Kim\AppData\Roaming\sxP0ucS1iDo c:\users\Kim\AppData\Roaming\UgRZqhYXwUeOtPy c:\users\Kim\AppData\Roaming\UrzONtxA0c2b3n c:\users\Kim\AppData\Roaming\v4aQH6sWKf c:\users\Kim\AppData\Roaming\v4aQH6sWKf\AV Security 2012.ico c:\users\Kim\AppData\Roaming\xQH6dWK7fLg c:\users\Kim\AppData\Roaming\y4pmH5sQJdKgZh c:\users\Kim\AppData\Roaming\y4pmH5sQJdKgZh\AV Security 2012.ico c:\users\Kim\AppData\Roaming\zXqjYCekIrOtAuS c:\users\Kim\AppData\Roaming\zXqjYCekIrOtAuS\AV Security 2012.ico c:\windows\SysWow64\iWY8u4QD.com . . ((((((((((((((((((((((((( Files Created from 2011-10-27 to 2011-11-27 ))))))))))))))))))))))))))))))) . . 2011-11-27 03:56 . 2011-11-27 03:56 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-27 03:56 . 2011-11-27 03:56 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2011-11-20 04:12 . 2011-11-20 04:12 -------- d-----w- C:\found.000 2011-11-17 02:33 . 2011-11-17 02:33 -------- d-----w- c:\users\Kim\AppData\Roaming\Malwarebytes 2011-11-17 02:32 . 2011-11-17 02:32 -------- d-----w- c:\programdata\Malwarebytes 2011-11-17 02:32 . 2011-11-17 02:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-11-17 02:32 . 2011-08-31 22:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-17 02:24 . 2011-11-17 03:13 -------- d-----w- c:\program files (x86)\9102F 2011-11-16 17:10 . 2011-09-28 18:14 70760 ----a-w- c:\windows\system32\drivers\PCTBD64.sys 2011-11-16 17:10 . 2011-10-25 18:38 149456 ----a-w- c:\windows\SGDetectionTool.dll 2011-11-16 17:10 . 2011-10-25 18:38 767952 ----a-w- c:\windows\BDTSupport.dll 2011-11-16 17:10 . 2011-10-25 18:38 2291664 ----a-w- c:\windows\PCTBDCore.dll 2011-11-16 17:10 . 2011-10-25 18:38 1681360 ----a-w- c:\windows\PCTBDRes.dll 2011-11-16 17:10 . 2011-10-28 15:41 141312 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys 2011-11-16 17:10 . 2011-10-28 15:41 336512 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys 2011-11-16 17:09 . 2011-10-28 16:01 14776 ----a-w- c:\windows\system32\drivers\pctBTFix64.sys 2011-11-16 17:09 . 2011-10-28 16:03 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys 2011-11-16 17:09 . 2011-11-25 01:06 -------- d-----w- c:\program files (x86)\PC Tools 2011-11-16 17:06 . 2011-10-07 22:52 816016 ----a-w- c:\windows\system32\drivers\pctEFA64.sys 2011-11-16 17:06 . 2011-10-07 22:52 452872 ----a-w- c:\windows\system32\drivers\pctDS64.sys 2011-11-16 17:06 . 2011-10-22 20:11 367912 ----a-w- c:\windows\system32\drivers\PCTCore64.sys 2011-11-16 17:06 . 2011-11-25 01:06 -------- d-----w- c:\program files (x86)\Common Files\PC Tools 2011-11-16 17:06 . 2011-10-28 16:03 230952 ----a-w- c:\windows\system32\drivers\PCTSD64.sys 2011-11-16 17:05 . 2011-11-25 01:06 -------- d-----w- c:\programdata\PC Tools 2011-11-16 17:05 . 2011-11-16 17:05 -------- d-----w- c:\users\Kim\AppData\Roaming\TestApp 2011-11-16 17:02 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F3679E7-580E-4D6A-BB4F-6294252E9AE9}\mpengine.dll 2011-11-09 16:48 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll 2011-11-09 16:48 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll 2011-11-09 16:48 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-11-09 16:47 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys 2011-11-01 01:03 . 2011-11-01 01:03 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll 2011-11-01 01:03 . 2011-11-01 01:03 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-03 17:35 . 2011-06-14 00:26 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-10-01 03:21 . 2011-10-13 14:48 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-10-01 02:59 . 2011-10-13 14:48 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb . . ((((((((((((((((((((((((((((( SnapShot@2011-11-27_03.17.46 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-14 05:10 . 2011-11-27 03:19 37852 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin - 2011-06-13 18:32 . 2011-11-24 21:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-06-13 18:32 . 2011-11-27 03:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-12-09 04:04 . 2011-11-27 03:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-12-09 04:04 . 2011-11-24 21:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-11-27 03:22 . 2011-11-27 03:22 65536 c:\windows\Installer\{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe + 2011-11-27 03:22 . 2011-11-27 03:22 65536 c:\windows\Installer\{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}\ARPPRODUCTICON.exe + 2011-06-14 16:44 . 2011-11-27 03:19 8490 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1688672369-560665978-2355779204-1000_UserData.bin + 2009-07-14 02:36 . 2011-11-27 03:22 710988 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2011-11-27 03:22 135896 c:\windows\system32\perfc009.dat + 2011-10-17 18:31 . 2011-10-17 18:31 926208 c:\windows\Installer\5f818.msi - 2009-07-14 02:34 . 2011-11-25 01:07 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat + 2009-07-14 02:34 . 2011-11-27 03:33 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="c:\users\Kim\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-10-04 137536] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888] "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-06-08 618496] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "HideSCAHealth"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx64.sys [2011-05-19 1143416] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 136176] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 136176] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-10-19 340240] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x] S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x] S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [x] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110615.001\IDSvia64.sys [2011-06-03 488056] S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x] S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [x] S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2011-10-25 542672] S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-09-01 408576] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008] S2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2011-10-28 402336] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-01 2533400] S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-09-01 911872] S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [x] S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x] S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [x] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x] S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2011-11-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1688672369-560665978-2355779204-1000Core.job - c:\users\Kim\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-04 01:47] . 2011-11-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1688672369-560665978-2355779204-1000UA.job - c:\users\Kim\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-04 01:47] . 2011-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 22:11] . 2011-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 22:11] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mStart Page = hxxp://samsung.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local;<local> IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105 LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll TCP: DhcpNameServer = 67.152.3.146 68.234.128.70 FF - ProfilePath - c:\users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\7bfuubx4.default\ FF - user.js: general.useragent.extra.brc - . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-11-26 22:58:06 ComboFix-quarantined-files.txt 2011-11-27 03:58 ComboFix2.txt 2011-11-27 03:24 . Pre-Run: 144,364,224,512 bytes free Post-Run: 144,299,147,264 bytes free . - - End Of File - - 5FA4A3E0517431FF59A704E54F335F3A
  3. Thank you. I ran ComboFix again, but I do not know how to disable the Webroot Antivirus software. I thought I uninstalled it, but it's still here. I'm about to run MBAM once more. Here are the updated ComboFix logs: ComboFix 11-11-26.04 - Kim 11/26/2011 22:51:34.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.2407 [GMT -5:00] Running from: c:\users\Kim\Desktop\ComboFix.exe Command switches used :: c:\users\Kim\Desktop\CFScript.txt AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: PC Tools Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F} SP: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\SysWow64\iWY8u4QD.com" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Kim\AppData\Roaming\9102F c:\users\Kim\AppData\Roaming\a7fE9gTZqY c:\users\Kim\AppData\Roaming\bZqjYCwkIrO c:\users\Kim\AppData\Roaming\CE091 c:\users\Kim\AppData\Roaming\CE091\102F.E09 c:\users\Kim\AppData\Roaming\cS11iibD3 c:\users\Kim\AppData\Roaming\cTTXXwjjUClIBzN c:\users\Kim\AppData\Roaming\cTTXXwjjUClIBzN\AV Security 2012.ico c:\users\Kim\AppData\Roaming\eTTXqjjUCekIrzN c:\users\Kim\AppData\Roaming\eTTXqjjUCekIrzN\AV Security 2012.ico c:\users\Kim\AppData\Roaming\IaQH6sWK7 c:\users\Kim\AppData\Roaming\IeeelOOBt c:\users\Kim\AppData\Roaming\j2oobbF3pm c:\users\Kim\AppData\Roaming\JG55ssQJ6dEKfR9 c:\users\Kim\AppData\Roaming\OUVelOBtz0c1v2n c:\users\Kim\AppData\Roaming\oVrzONtxAuS c:\users\Kim\AppData\Roaming\qWWWJ77fEL8gZqY c:\users\Kim\AppData\Roaming\sxP0ucS1iDo c:\users\Kim\AppData\Roaming\UgRZqhYXwUeOtPy c:\users\Kim\AppData\Roaming\UrzONtxA0c2b3n c:\users\Kim\AppData\Roaming\v4aQH6sWKf c:\users\Kim\AppData\Roaming\v4aQH6sWKf\AV Security 2012.ico c:\users\Kim\AppData\Roaming\xQH6dWK7fLg c:\users\Kim\AppData\Roaming\y4pmH5sQJdKgZh c:\users\Kim\AppData\Roaming\y4pmH5sQJdKgZh\AV Security 2012.ico c:\users\Kim\AppData\Roaming\zXqjYCekIrOtAuS c:\users\Kim\AppData\Roaming\zXqjYCekIrOtAuS\AV Security 2012.ico c:\windows\SysWow64\iWY8u4QD.com . . ((((((((((((((((((((((((( Files Created from 2011-10-27 to 2011-11-27 ))))))))))))))))))))))))))))))) . . 2011-11-27 03:56 . 2011-11-27 03:56 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-27 03:56 . 2011-11-27 03:56 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2011-11-20 04:12 . 2011-11-20 04:12 -------- d-----w- C:\found.000 2011-11-17 02:33 . 2011-11-17 02:33 -------- d-----w- c:\users\Kim\AppData\Roaming\Malwarebytes 2011-11-17 02:32 . 2011-11-17 02:32 -------- d-----w- c:\programdata\Malwarebytes 2011-11-17 02:32 . 2011-11-17 02:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-11-17 02:32 . 2011-08-31 22:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-17 02:24 . 2011-11-17 03:13 -------- d-----w- c:\program files (x86)\9102F 2011-11-16 17:10 . 2011-09-28 18:14 70760 ----a-w- c:\windows\system32\drivers\PCTBD64.sys 2011-11-16 17:10 . 2011-10-25 18:38 149456 ----a-w- c:\windows\SGDetectionTool.dll 2011-11-16 17:10 . 2011-10-25 18:38 767952 ----a-w- c:\windows\BDTSupport.dll 2011-11-16 17:10 . 2011-10-25 18:38 2291664 ----a-w- c:\windows\PCTBDCore.dll 2011-11-16 17:10 . 2011-10-25 18:38 1681360 ----a-w- c:\windows\PCTBDRes.dll 2011-11-16 17:10 . 2011-10-28 15:41 141312 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys 2011-11-16 17:10 . 2011-10-28 15:41 336512 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys 2011-11-16 17:09 . 2011-10-28 16:01 14776 ----a-w- c:\windows\system32\drivers\pctBTFix64.sys 2011-11-16 17:09 . 2011-10-28 16:03 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys 2011-11-16 17:09 . 2011-11-25 01:06 -------- d-----w- c:\program files (x86)\PC Tools 2011-11-16 17:06 . 2011-10-07 22:52 816016 ----a-w- c:\windows\system32\drivers\pctEFA64.sys 2011-11-16 17:06 . 2011-10-07 22:52 452872 ----a-w- c:\windows\system32\drivers\pctDS64.sys 2011-11-16 17:06 . 2011-10-22 20:11 367912 ----a-w- c:\windows\system32\drivers\PCTCore64.sys 2011-11-16 17:06 . 2011-11-25 01:06 -------- d-----w- c:\program files (x86)\Common Files\PC Tools 2011-11-16 17:06 . 2011-10-28 16:03 230952 ----a-w- c:\windows\system32\drivers\PCTSD64.sys 2011-11-16 17:05 . 2011-11-25 01:06 -------- d-----w- c:\programdata\PC Tools 2011-11-16 17:05 . 2011-11-16 17:05 -------- d-----w- c:\users\Kim\AppData\Roaming\TestApp 2011-11-16 17:02 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F3679E7-580E-4D6A-BB4F-6294252E9AE9}\mpengine.dll 2011-11-09 16:48 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll 2011-11-09 16:48 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll 2011-11-09 16:48 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-11-09 16:47 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys 2011-11-01 01:03 . 2011-11-01 01:03 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll 2011-11-01 01:03 . 2011-11-01 01:03 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-03 17:35 . 2011-06-14 00:26 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-10-01 03:21 . 2011-10-13 14:48 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-10-01 02:59 . 2011-10-13 14:48 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb . . ((((((((((((((((((((((((((((( SnapShot@2011-11-27_03.17.46 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-14 05:10 . 2011-11-27 03:19 37852 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin - 2011-06-13 18:32 . 2011-11-24 21:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-06-13 18:32 . 2011-11-27 03:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-12-09 04:04 . 2011-11-27 03:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-12-09 04:04 . 2011-11-24 21:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-11-27 03:22 . 2011-11-27 03:22 65536 c:\windows\Installer\{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe + 2011-11-27 03:22 . 2011-11-27 03:22 65536 c:\windows\Installer\{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}\ARPPRODUCTICON.exe + 2011-06-14 16:44 . 2011-11-27 03:19 8490 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1688672369-560665978-2355779204-1000_UserData.bin + 2009-07-14 02:36 . 2011-11-27 03:22 710988 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2011-11-27 03:22 135896 c:\windows\system32\perfc009.dat + 2011-10-17 18:31 . 2011-10-17 18:31 926208 c:\windows\Installer\5f818.msi - 2009-07-14 02:34 . 2011-11-25 01:07 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat + 2009-07-14 02:34 . 2011-11-27 03:33 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="c:\users\Kim\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-10-04 137536] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888] "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-06-08 618496] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "HideSCAHealth"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx64.sys [2011-05-19 1143416] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 136176] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 136176] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-10-19 340240] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x] S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x] S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [x] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110615.001\IDSvia64.sys [2011-06-03 488056] S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x] S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [x] S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2011-10-25 542672] S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-09-01 408576] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008] S2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2011-10-28 402336] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-01 2533400] S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-09-01 911872] S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [x] S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x] S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [x] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x] S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2011-11-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1688672369-560665978-2355779204-1000Core.job - c:\users\Kim\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-04 01:47] . 2011-11-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1688672369-560665978-2355779204-1000UA.job - c:\users\Kim\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-04 01:47] . 2011-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 22:11] . 2011-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 22:11] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mStart Page = hxxp://samsung.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local;<local> IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105 LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll TCP: DhcpNameServer = 67.152.3.146 68.234.128.70 FF - ProfilePath - c:\users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\7bfuubx4.default\ FF - user.js: general.useragent.extra.brc - . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-11-26 22:58:06 ComboFix-quarantined-files.txt 2011-11-27 03:58 ComboFix2.txt 2011-11-27 03:24 . Pre-Run: 144,364,224,512 bytes free Post-Run: 144,299,147,264 bytes free . - - End Of File - - 5FA4A3E0517431FF59A704E54F335F3A
  4. Thanks for responding. Here's the ComboFix log: ComboFix 11-11-26.04 - Kim 11/26/2011 22:09:01.1.4 - x64 NETWORK Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.2848 [GMT -5:00] Running from: c:\users\Kim\Desktop\ComboFix.exe AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: PC Tools Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F} SP: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\LP c:\program files (x86)\LP\62BC\47F8.tmp c:\program files (x86)\LP\62BC\B0C8.tmp c:\programdata\O1GYiM16.exe c:\users\Kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\{257AA7E4-94C4-437F-ACE0-F0F9DF71BA9B}.xps c:\users\Kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\{31538A0A-3944-47D9-87BB-3100E783D160}.xps c:\users\Kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B70C3019-864D-445D-91C4-CFE8498D7B5E}.xps c:\users\Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Security 2012 c:\users\Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Security 2012\AV Security 2012.lnk c:\users\Kim\Documents\~WRL0394.tmp c:\users\Kim\Documents\~WRL1012.tmp c:\users\Kim\Documents\~WRL1078.tmp c:\users\Kim\Documents\~WRL2076.tmp c:\users\Kim\Documents\~WRL2550.tmp c:\users\Kim\Documents\~WRL2862.tmp c:\users\Kim\Documents\~WRL3040.tmp c:\windows\system32\consrv.dll c:\windows\System64 . . ((((((((((((((((((((((((( Files Created from 2011-10-27 to 2011-11-27 ))))))))))))))))))))))))))))))) . . 2011-11-27 03:14 . 2011-11-27 03:14 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-27 02:54 . 2011-11-27 02:54 32256 ----a-w- c:\windows\SysWow64\iWY8u4QD.com 2011-11-20 04:12 . 2011-11-20 04:12 -------- d-----w- C:\found.000 2011-11-17 02:33 . 2011-11-17 02:33 -------- d-----w- c:\users\Kim\AppData\Roaming\Malwarebytes 2011-11-17 02:32 . 2011-11-17 02:32 -------- d-----w- c:\programdata\Malwarebytes 2011-11-17 02:32 . 2011-11-17 02:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-11-17 02:32 . 2011-08-31 22:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-17 02:24 . 2011-11-17 03:13 -------- d-----w- c:\program files (x86)\9102F 2011-11-17 01:13 . 2011-11-17 01:13 -------- d-----w- c:\users\Kim\AppData\Roaming\eTTXqjjUCekIrzN 2011-11-17 01:13 . 2011-11-17 01:13 -------- d-----w- c:\users\Kim\AppData\Roaming\j2oobbF3pm 2011-11-16 17:10 . 2011-09-28 18:14 70760 ----a-w- c:\windows\system32\drivers\PCTBD64.sys 2011-11-16 17:10 . 2011-10-25 18:38 149456 ----a-w- c:\windows\SGDetectionTool.dll 2011-11-16 17:10 . 2011-10-25 18:38 767952 ----a-w- c:\windows\BDTSupport.dll 2011-11-16 17:10 . 2011-10-25 18:38 2291664 ----a-w- c:\windows\PCTBDCore.dll 2011-11-16 17:10 . 2011-10-25 18:38 1681360 ----a-w- c:\windows\PCTBDRes.dll 2011-11-16 17:10 . 2011-10-28 15:41 141312 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys 2011-11-16 17:10 . 2011-10-28 15:41 336512 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys 2011-11-16 17:09 . 2011-10-28 16:01 14776 ----a-w- c:\windows\system32\drivers\pctBTFix64.sys 2011-11-16 17:09 . 2011-10-28 16:03 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys 2011-11-16 17:09 . 2011-11-25 01:06 -------- d-----w- c:\program files (x86)\PC Tools 2011-11-16 17:06 . 2011-10-07 22:52 816016 ----a-w- c:\windows\system32\drivers\pctEFA64.sys 2011-11-16 17:06 . 2011-10-07 22:52 452872 ----a-w- c:\windows\system32\drivers\pctDS64.sys 2011-11-16 17:06 . 2011-10-22 20:11 367912 ----a-w- c:\windows\system32\drivers\PCTCore64.sys 2011-11-16 17:06 . 2011-11-25 01:06 -------- d-----w- c:\program files (x86)\Common Files\PC Tools 2011-11-16 17:06 . 2011-10-28 16:03 230952 ----a-w- c:\windows\system32\drivers\PCTSD64.sys 2011-11-16 17:05 . 2011-11-25 01:06 -------- d-----w- c:\programdata\PC Tools 2011-11-16 17:05 . 2011-11-16 17:05 -------- d-----w- c:\users\Kim\AppData\Roaming\TestApp 2011-11-16 17:02 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F3679E7-580E-4D6A-BB4F-6294252E9AE9}\mpengine.dll 2011-11-16 17:01 . 2011-11-16 17:01 -------- d-----w- c:\users\Kim\AppData\Roaming\y4pmH5sQJdKgZh 2011-11-16 17:01 . 2011-11-16 17:01 -------- d-----w- c:\users\Kim\AppData\Roaming\OUVelOBtz0c1v2n 2011-11-16 17:01 . 2011-11-16 17:01 -------- d-----w- c:\users\Kim\AppData\Roaming\UgRZqhYXwUeOtPy 2011-11-16 17:01 . 2011-11-17 03:13 -------- d-----w- c:\users\Kim\AppData\Roaming\sxP0ucS1iDo 2011-11-16 17:01 . 2011-11-16 17:01 -------- d-----w- c:\users\Kim\AppData\Roaming\IaQH6sWK7 2011-11-16 17:01 . 2011-11-16 17:01 -------- d-----w- c:\users\Kim\AppData\Roaming\a7fE9gTZqY 2011-11-16 16:59 . 2011-11-16 16:59 -------- d-----w- c:\users\Kim\AppData\Roaming\v4aQH6sWKf 2011-11-16 16:59 . 2011-11-16 16:59 -------- d-----w- c:\users\Kim\AppData\Roaming\UrzONtxA0c2b3n 2011-11-15 15:00 . 2011-11-15 15:00 -------- d-----w- c:\users\Kim\AppData\Roaming\bZqjYCwkIrO 2011-11-15 15:00 . 2011-11-15 15:00 -------- d-----w- c:\users\Kim\AppData\Roaming\oVrzONtxAuS 2011-11-15 14:58 . 2011-11-15 14:58 -------- d-----w- c:\users\Kim\AppData\Roaming\zXqjYCekIrOtAuS 2011-11-15 14:58 . 2011-11-15 14:58 -------- d-----w- c:\users\Kim\AppData\Roaming\xQH6dWK7fLg 2011-11-15 04:20 . 2011-11-17 03:13 -------- d-----w- c:\users\Kim\AppData\Roaming\9102F 2011-11-15 04:20 . 2011-11-15 04:20 -------- d-----w- c:\users\Kim\AppData\Roaming\JG55ssQJ6dEKfR9 2011-11-15 04:20 . 2011-11-15 04:20 -------- d-----w- c:\users\Kim\AppData\Roaming\cTTXXwjjUClIBzN 2011-11-15 04:20 . 2011-11-16 19:42 -------- d-----w- c:\users\Kim\AppData\Roaming\CE091 2011-11-15 04:20 . 2011-11-15 04:20 -------- d-----w- c:\users\Kim\AppData\Roaming\IeeelOOBt 2011-11-15 04:20 . 2011-11-17 03:13 -------- d-----w- c:\users\Kim\AppData\Roaming\qWWWJ77fEL8gZqY 2011-11-15 04:20 . 2011-11-15 04:20 -------- d-----w- c:\users\Kim\AppData\Roaming\cS11iibD3 2011-11-09 16:48 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll 2011-11-09 16:48 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll 2011-11-09 16:48 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-11-09 16:47 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys 2011-11-01 01:03 . 2011-11-01 01:03 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll 2011-11-01 01:03 . 2011-11-01 01:03 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-03 17:35 . 2011-06-14 00:26 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-10-01 03:21 . 2011-10-13 14:48 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-10-01 02:59 . 2011-10-13 14:48 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="c:\users\Kim\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-10-04 137536] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888] "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-06-08 618496] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736] "Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "HideSCAHealth"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx64.sys [2011-05-19 1143416] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 136176] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 136176] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-10-19 340240] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x] S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x] S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [x] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110615.001\IDSvia64.sys [2011-06-03 488056] S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x] S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [x] S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2011-10-25 542672] S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-09-01 408576] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008] S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] S2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2011-10-28 402336] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-01 2533400] S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-09-01 911872] S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [x] S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x] S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [x] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x] S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2011-11-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1688672369-560665978-2355779204-1000Core.job - c:\users\Kim\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-04 01:47] . 2011-11-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1688672369-560665978-2355779204-1000UA.job - c:\users\Kim\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-04 01:47] . 2011-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 22:11] . 2011-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 22:11] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904] "combofix"="c:\combofix\CF16196.3XE" [2009-07-14 344576] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mStart Page = hxxp://samsung.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local;<local> IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105 IE: {{328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - c:\program files\Samsung AnyWeb Print\W2PBrowser.dll LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll TCP: DhcpNameServer = 67.152.3.146 68.234.128.70 FF - ProfilePath - c:\users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\7bfuubx4.default\ FF - user.js: general.useragent.extra.brc - . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\program files (x86)\CyberLink\Shared files\RichVideo.exe c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe c:\program files (x86)\Samsung\Easy Display Manager\dmhkcore.exe c:\program files (x86)\Samsung\Easy Display Manager\WifiManager.exe c:\program files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe c:\windows\SysWOW64\runonce.exe c:\program files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe c:\program files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe c:\program files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe c:\program files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe c:\program files (x86)\Common Files\Samsung\SSCSettings\SSCSettings.exe . ************************************************************************** . Completion time: 2011-11-26 22:24:32 - machine was rebooted ComboFix-quarantined-files.txt 2011-11-27 03:24 . Pre-Run: 144,322,224,128 bytes free Post-Run: 143,913,177,088 bytes free . - - End Of File - - 2101046D685BAE73DAA4CC1F803C8F34
  5. Hello, my sister's computer was recently infected and after running MBAM a few times, the file PUP.BitMiner remains on the computer. Thanks in the advance for the help. Here are the logs: . DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK Internet Explorer: 8.0.7600.16385 Run by Kim at 18:06:13 on 2011-11-24 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.2771 [GMT -5:00] . AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E} AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: PC Tools Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F} SP: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223} SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uDefault_Page_URL = hxxp://samsung.msn.com mStart Page = hxxp://samsung.msn.com uInternet Settings,ProxyOverride = *.local;<local> uURLSearchHooks: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: W2PBrowser Class: {aa609d72-8482-4076-8991-8cdae5b93bcb} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [Facebook Update] "C:\Users\Kim\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [samsung PanelMgr] "C:\Windows\Samsung\PanelMgr\SSMMgr.exe" /autorun mRun: [AppleSyncNotifier] "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-explorer: HideSCAHealth = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll LSP: mswsock.dll TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{13C06044-6BD5-480D-8630-1A66C1E041C8} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{13C06044-6BD5-480D-8630-1A66C1E041C8}\16474777966696 : DhcpNameServer = 192.168.5.1 TCP: Interfaces\{13C06044-6BD5-480D-8630-1A66C1E041C8}\65143535D25505F312 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{13C06044-6BD5-480D-8630-1A66C1E041C8}\6563A43414 : DhcpNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4 BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll BHO-X64: Symantec NCO BHO - No File BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL BHO-X64: Symantec Intrusion Prevention - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: W2PBrowser Class: {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll BHO-X64: W2PBrowser Browser Helper - No File BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [samsung PanelMgr] "C:\Windows\Samsung\PanelMgr\SSMMgr.exe" /autorun mRun-x64: [AppleSyncNotifier] "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\7bfuubx4.default\ . ---- FIREFOX POLICIES ---- FF - user.js: general.useragent.extra.brc - . ============= SERVICES / DRIVERS =============== . R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?] R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?] R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\system32\drivers\pctEFA64.sys --> C:\Windows\system32\drivers\pctEFA64.sys [?] R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [?] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [?] R1 VWiFiFlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe [2011-6-14 3997912] R2 WRConsumerService;Webroot Client Service;C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe [2011-9-2 3381184] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx64.sys [2011-6-16 1143416] S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110615.001\IDSviA64.sys [2011-6-15 488056] S1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\system32\Drivers\PCTSD64.sys --> C:\Windows\system32\Drivers\PCTSD64.sys [?] S1 SABI;SAMSUNG Kernel Driver For Windows 7;\??\C:\Windows\system32\Drivers\SABI.sys --> C:\Windows\system32\Drivers\SABI.sys [?] S1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [?] S1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1206000.01D\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [?] S2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2011-11-16 542672] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-8-31 408576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-13 136176] S2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe [2011-6-13 130008] S2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568] S2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2011-11-16 402336] S2 ssfmonm;ssfmonm;C:\Windows\system32\DRIVERS\ssfmonm.sys --> C:\Windows\system32\DRIVERS\ssfmonm.sys [?] S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-8 2533400] S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-8-31 911872] S3 bpenum;bpenum;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?] S3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\system32\DRIVERS\bpmp.sys --> C:\Windows\system32\DRIVERS\bpmp.sys [?] S3 bpusb;bpusb;C:\Windows\system32\Drivers\bpusb.sys --> C:\Windows\system32\Drivers\bpusb.sys [?] S3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-13 136176] S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?] S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-10-19 340240] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 PCTBD;PC Tools Browser Defender Driver;C:\Windows\system32\Drivers\PCTBD64.sys --> C:\Windows\system32\Drivers\PCTBD64.sys [?] S3 Samsung UPD Service;Samsung UPD Service;"C:\Windows\System32\SUPDSvc.exe" --> C:\Windows\System32\SUPDSvc.exe [?] S3 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe [2011-11-16 1117624] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2011-11-20 04:12:22 -------- d-sh--w- C:\found.000 2011-11-17 02:33:05 -------- d-----w- C:\Users\Kim\AppData\Roaming\Malwarebytes 2011-11-17 02:32:59 -------- d-----w- C:\ProgramData\Malwarebytes 2011-11-17 02:32:56 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-11-17 02:32:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2011-11-17 02:24:58 -------- d-----w- C:\Program Files (x86)\9102F 2011-11-17 02:24:47 -------- d-----w- C:\Program Files (x86)\LP 2011-11-17 01:13:31 -------- d-----w- C:\Users\Kim\AppData\Roaming\j2oobbF3pm 2011-11-17 01:13:31 -------- d-----w- C:\Users\Kim\AppData\Roaming\eTTXqjjUCekIrzN 2011-11-16 17:10:28 70760 ----a-w- C:\Windows\System32\drivers\PCTBD64.sys 2011-11-16 17:10:27 767952 ----a-w- C:\Windows\BDTSupport.dll 2011-11-16 17:10:27 149456 ----a-w- C:\Windows\SGDetectionTool.dll 2011-11-16 17:10:26 2291664 ----a-w- C:\Windows\PCTBDCore.dll 2011-11-16 17:10:26 1681360 ----a-w- C:\Windows\PCTBDRes.dll 2011-11-16 17:10:01 336512 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys 2011-11-16 17:10:01 141312 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys 2011-11-16 17:09:57 14776 ----a-w- C:\Windows\System32\drivers\pctBTFix64.sys 2011-11-16 17:09:49 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys 2011-11-16 17:09:38 -------- d-----w- C:\Program Files (x86)\PC Tools 2011-11-16 17:06:55 816016 ----a-w- C:\Windows\System32\drivers\pctEFA64.sys 2011-11-16 17:06:55 452872 ----a-w- C:\Windows\System32\drivers\pctDS64.sys 2011-11-16 17:06:49 367912 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys 2011-11-16 17:06:46 230952 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys 2011-11-16 17:06:46 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools 2011-11-16 17:05:50 -------- d-----w- C:\ProgramData\PC Tools 2011-11-16 17:05:47 -------- d-----w- C:\Users\Kim\AppData\Roaming\TestApp 2011-11-16 17:02:07 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6F3679E7-580E-4D6A-BB4F-6294252E9AE9}\mpengine.dll 2011-11-16 17:01:52 -------- d-----w- C:\Users\Kim\AppData\Roaming\y4pmH5sQJdKgZh 2011-11-16 17:01:51 -------- d-----w- C:\Users\Kim\AppData\Roaming\OUVelOBtz0c1v2n 2011-11-16 17:01:47 -------- d-----w- C:\Users\Kim\AppData\Roaming\UgRZqhYXwUeOtPy 2011-11-16 17:01:45 -------- d-----w- C:\Users\Kim\AppData\Roaming\sxP0ucS1iDo 2011-11-16 17:01:45 -------- d-----w- C:\Users\Kim\AppData\Roaming\IaQH6sWK7 2011-11-16 17:01:40 -------- d-----w- C:\Users\Kim\AppData\Roaming\a7fE9gTZqY 2011-11-16 16:59:14 -------- d-----w- C:\Users\Kim\AppData\Roaming\v4aQH6sWKf 2011-11-16 16:59:14 -------- d-----w- C:\Users\Kim\AppData\Roaming\UrzONtxA0c2b3n 2011-11-15 15:00:28 -------- d-----w- C:\Users\Kim\AppData\Roaming\bZqjYCwkIrO 2011-11-15 15:00:13 -------- d-----w- C:\Users\Kim\AppData\Roaming\oVrzONtxAuS 2011-11-15 14:58:36 -------- d-----w- C:\Users\Kim\AppData\Roaming\zXqjYCekIrOtAuS 2011-11-15 14:58:35 -------- d-----w- C:\Users\Kim\AppData\Roaming\xQH6dWK7fLg 2011-11-15 04:20:37 -------- d-----w- C:\Users\Kim\AppData\Roaming\9102F 2011-11-15 04:20:23 -------- d-----w- C:\Users\Kim\AppData\Roaming\JG55ssQJ6dEKfR9 2011-11-15 04:20:23 -------- d-----w- C:\Users\Kim\AppData\Roaming\cTTXXwjjUClIBzN 2011-11-15 04:20:17 -------- d-----w- C:\Users\Kim\AppData\Roaming\IeeelOOBt 2011-11-15 04:20:17 -------- d-----w- C:\Users\Kim\AppData\Roaming\CE091 2011-11-15 04:20:16 -------- d-----w- C:\Users\Kim\AppData\Roaming\qWWWJ77fEL8gZqY 2011-11-15 04:20:16 -------- d-----w- C:\Users\Kim\AppData\Roaming\cS11iibD3 2011-11-09 16:48:41 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll 2011-11-09 16:48:40 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll 2011-11-09 16:48:13 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2011-11-09 16:47:42 3141120 ----a-w- C:\Windows\System32\win32k.sys 2011-11-01 01:03:14 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll 2011-11-01 01:03:14 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll . ==================== Find3M ==================== . 2011-10-03 17:35:38 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-08-27 05:40:28 861184 ----a-w- C:\Windows\System32\oleaut32.dll 2011-08-27 05:40:28 331776 ----a-w- C:\Windows\System32\oleacc.dll 2011-08-27 04:43:07 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll 2011-08-27 04:43:06 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll . ============= FINISH: 18:07:49.97 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 6/14/2011 12:43:04 PM System Uptime: 11/24/2011 6:02:23 PM (0 hours ago) . Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | RV411/RV511/E3511/S3511/RV711 Processor: Intel® Core i3 CPU M 380 @ 2.53GHz | CPU 1 | 2527/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 180 GiB total, 134.403 GiB free. D: is FIXED (NTFS) - 268 GiB total, 268.4 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Windows Firewall Authorization Driver Device ID: ROOT\LEGACY_MPSDRV\0000 Manufacturer: Name: Windows Firewall Authorization Driver PNP Device ID: ROOT\LEGACY_MPSDRV\0000 Service: mpsdrv . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Security Processor Loader Driver Device ID: ROOT\LEGACY_SPLDR\0000 Manufacturer: Name: Security Processor Loader Driver PNP Device ID: ROOT\LEGACY_SPLDR\0000 Service: spldr . ==== System Restore Points =================== . RP90: 11/8/2011 7:29:34 AM - Windows Update RP91: 11/11/2011 9:17:01 AM - Windows Update RP92: 11/11/2011 9:25:30 AM - Windows Update RP93: 11/12/2011 1:13:29 PM - Windows Update RP95: 11/14/2011 11:39:00 PM - Windows Defender Checkpoint RP96: 11/15/2011 10:10:15 AM - Windows Update RP97: 11/15/2011 10:20:17 AM - Removed Google Earth Plug-in. RP98: 11/16/2011 12:03:47 PM - Windows Update RP100: 11/16/2011 12:23:57 PM - Windows Defender Checkpoint RP101: 11/16/2011 10:22:57 PM - Removed Easy Content Share. RP102: 11/24/2011 4:31:15 PM - Removed Norton Online Backup . ==== Installed Programs ====================== . ???? ??? Windows Live ???? Windows Live ????? Messenger ????? Windows Live ?????? ??????? ?? Windows Live ???????? ?? Messenger ???????? ?????????? Windows Live ????????? Messenger ?????????? Windows Live ??????????? ?? Windows Live Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9.1 „Messenger“ pagalbine priemone Apple Application Support Apple Software Update „Windows Live Essentials“ „Windows Live Mail“ „Windows Live Messenger“ „Windows Live“ fotogalerija BatteryLifeExtender Browser Defender 4.0 Complemento Messenger Complément Messenger CyberLink Media Suite CyberLink Media+ Player10 CyberLink MediaShow CyberLink Power2Go CyberLink PowerDirector CyberLink YouCam D3DX10 Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition Doplnok programu Messenger Easy Content Share Easy Display Manager Easy Migration Easy Network Manager Easy SpeedUp Manager EasyBatteryManager EasyFileShare Facebook Video Calling 1.0.0.8953 Fast Start Fotogalerija Windows Live Galeria de Fotografias do Windows Live Galeria fotografii uslugi Windows Live Galerie de photos Windows Live Galerie foto Windows Live Galería fotográfica de Windows Live Google Earth Plug-in Google Toolbar for Internet Explorer Google Update Helper Intel® Control Center Intel® Graphics Media Accelerator Driver Intel® Management Engine Components Intel® Rapid Storage Technology Intel® Wireless Display Junk Mail filter update Malwarebytes' Anti-Malware version 1.51.2.1300 Mesh Runtime Messenger-kumppani Messenger ??? ?? Messenger ???? Messenger ????? Messenger Assistent Messenger Companion Messenger kíséro Messenger Pratilac Messenger Suradnik Microsoft Office 2010 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Home and Student 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Movie Color Enhancer Mozilla Firefox 7.0.1 (x86 en-US) MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Norton Internet Security Norton Online Backup PC Tools Spyware Doctor 9.0 Poczta uslugi Windows Live Podstawowe programy Windows Live Pomocnik Messenger Pošta Windows Live QuickTime Raccolta foto di Windows Live Realtek Ethernet Controller Driver Realtek High Definition Audio Driver S?????? f?t???af??? t?? Windows Live Safari Samsung AnyWeb Print Samsung Recovery Solution 5 Samsung Support Center Samsung Universal Print Driver Samsung Universal Scan Driver Samsung Update Plus Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft Excel 2010 (KB2553070) Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Skype™ 5.3 Spremljevalec Messenger Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition Update for Microsoft Outlook Social Connector (KB2583935) User Guide Webroot Software Windows Live Windows Live ?? Windows Live ?? ??? Windows Live ??? Windows Live ???? Windows Live Communications Platform Windows Live Essentials Windows Live Fotótár Windows Live Foto-galerija Windows Live fotoattelu galerija Windows Live Fotogalerie Windows Live Fotogalleri Windows Live Fotogaléria Windows Live Fotograf Galerisi Windows Live Galeria de Fotos Windows Live Galerija fotografija Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Messenger Windows Live Messenger Companion Core Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Pošta Windows Live SOXE Windows Live SOXE Definitions Windows Live Temel Parçalar Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Liven asennustyökalu Windows Liven sähköposti Windows Liven valokuvavalikoima . ==== Event Viewer Messages From Past Week ======== . 11/24/2011 6:04:51 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 11/24/2011 6:04:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 11/24/2011 6:04:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 11/24/2011 6:04:47 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. 11/24/2011 6:04:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 11/24/2011 6:04:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 11/24/2011 6:03:31 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21 11/24/2011 6:03:25 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 discache eeCtrl IDSVia64 PCTSD SABI spldr SRTSPX SymIRON SymNetS Wanarpv6 11/24/2011 6:03:12 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists. 11/24/2011 6:03:12 PM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists. 11/24/2011 5:16:41 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the PC Tools Security Service service to connect. 11/24/2011 5:16:41 PM, Error: Service Control Manager [7000] - The PC Tools Security Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/24/2011 5:16:27 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 SymIRON 11/24/2011 2:52:24 PM, Error: ssidrv [31] - Invalid input parameter found. 11/24/2011 2:52:24 PM, Error: ssidrv [26] - Failed to set monitor event rule. 11/24/2011 2:42:58 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 discache eeCtrl IDSVia64 SABI spldr SRTSPX SymIRON SymNetS Wanarpv6 11/22/2011 9:56:33 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service. 11/22/2011 9:56:33 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service. 11/22/2011 7:29:16 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10. 11/19/2011 9:49:59 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2. . ==== End Of File =========================== BUMP
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.