Jump to content

Recommended Posts

Hello, my sister's computer was recently infected and after running MBAM a few times, the file PUP.BitMiner remains on the computer. Thanks in the advance for the help. Here are the logs:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK

Internet Explorer: 8.0.7600.16385

Run by Kim at 18:06:13 on 2011-11-24

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.2771 [GMT -5:00]

.

AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E}

AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: PC Tools Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

SP: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}

SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://samsung.msn.com

mStart Page = hxxp://samsung.msn.com

uInternet Settings,ProxyOverride = *.local;<local>

uURLSearchHooks: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: W2PBrowser Class: {aa609d72-8482-4076-8991-8cdae5b93bcb} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [Facebook Update] "C:\Users\Kim\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [samsung PanelMgr] "C:\Windows\Samsung\PanelMgr\SSMMgr.exe" /autorun

mRun: [AppleSyncNotifier] "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll

LSP: mswsock.dll

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{13C06044-6BD5-480D-8630-1A66C1E041C8} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{13C06044-6BD5-480D-8630-1A66C1E041C8}\16474777966696 : DhcpNameServer = 192.168.5.1

TCP: Interfaces\{13C06044-6BD5-480D-8630-1A66C1E041C8}\65143535D25505F312 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{13C06044-6BD5-480D-8630-1A66C1E041C8}\6563A43414 : DhcpNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll

BHO-X64: Symantec NCO BHO - No File

BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL

BHO-X64: Symantec Intrusion Prevention - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: W2PBrowser Class: {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll

BHO-X64: W2PBrowser Browser Helper - No File

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [samsung PanelMgr] "C:\Windows\Samsung\PanelMgr\SSMMgr.exe" /autorun

mRun-x64: [AppleSyncNotifier] "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\7bfuubx4.default\

.

---- FIREFOX POLICIES ----

FF - user.js: general.useragent.extra.brc -

.

============= SERVICES / DRIVERS ===============

.

R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]

R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?]

R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\system32\drivers\pctEFA64.sys --> C:\Windows\system32\drivers\pctEFA64.sys [?]

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [?]

R1 VWiFiFlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe [2011-6-14 3997912]

R2 WRConsumerService;Webroot Client Service;C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe [2011-9-2 3381184]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx64.sys [2011-6-16 1143416]

S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110615.001\IDSviA64.sys [2011-6-15 488056]

S1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\system32\Drivers\PCTSD64.sys --> C:\Windows\system32\Drivers\PCTSD64.sys [?]

S1 SABI;SAMSUNG Kernel Driver For Windows 7;\??\C:\Windows\system32\Drivers\SABI.sys --> C:\Windows\system32\Drivers\SABI.sys [?]

S1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [?]

S1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1206000.01D\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [?]

S2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2011-11-16 542672]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-8-31 408576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-13 136176]

S2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe [2011-6-13 130008]

S2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]

S2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2011-11-16 402336]

S2 ssfmonm;ssfmonm;C:\Windows\system32\DRIVERS\ssfmonm.sys --> C:\Windows\system32\DRIVERS\ssfmonm.sys [?]

S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-8 2533400]

S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-8-31 911872]

S3 bpenum;bpenum;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?]

S3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\system32\DRIVERS\bpmp.sys --> C:\Windows\system32\DRIVERS\bpmp.sys [?]

S3 bpusb;bpusb;C:\Windows\system32\Drivers\bpusb.sys --> C:\Windows\system32\Drivers\bpusb.sys [?]

S3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-13 136176]

S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]

S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-10-19 340240]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 PCTBD;PC Tools Browser Defender Driver;C:\Windows\system32\Drivers\PCTBD64.sys --> C:\Windows\system32\Drivers\PCTBD64.sys [?]

S3 Samsung UPD Service;Samsung UPD Service;"C:\Windows\System32\SUPDSvc.exe" --> C:\Windows\System32\SUPDSvc.exe [?]

S3 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe [2011-11-16 1117624]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2011-11-20 04:12:22 -------- d-sh--w- C:\found.000

2011-11-17 02:33:05 -------- d-----w- C:\Users\Kim\AppData\Roaming\Malwarebytes

2011-11-17 02:32:59 -------- d-----w- C:\ProgramData\Malwarebytes

2011-11-17 02:32:56 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-11-17 02:32:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-11-17 02:24:58 -------- d-----w- C:\Program Files (x86)\9102F

2011-11-17 02:24:47 -------- d-----w- C:\Program Files (x86)\LP

2011-11-17 01:13:31 -------- d-----w- C:\Users\Kim\AppData\Roaming\j2oobbF3pm

2011-11-17 01:13:31 -------- d-----w- C:\Users\Kim\AppData\Roaming\eTTXqjjUCekIrzN

2011-11-16 17:10:28 70760 ----a-w- C:\Windows\System32\drivers\PCTBD64.sys

2011-11-16 17:10:27 767952 ----a-w- C:\Windows\BDTSupport.dll

2011-11-16 17:10:27 149456 ----a-w- C:\Windows\SGDetectionTool.dll

2011-11-16 17:10:26 2291664 ----a-w- C:\Windows\PCTBDCore.dll

2011-11-16 17:10:26 1681360 ----a-w- C:\Windows\PCTBDRes.dll

2011-11-16 17:10:01 336512 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys

2011-11-16 17:10:01 141312 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys

2011-11-16 17:09:57 14776 ----a-w- C:\Windows\System32\drivers\pctBTFix64.sys

2011-11-16 17:09:49 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys

2011-11-16 17:09:38 -------- d-----w- C:\Program Files (x86)\PC Tools

2011-11-16 17:06:55 816016 ----a-w- C:\Windows\System32\drivers\pctEFA64.sys

2011-11-16 17:06:55 452872 ----a-w- C:\Windows\System32\drivers\pctDS64.sys

2011-11-16 17:06:49 367912 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys

2011-11-16 17:06:46 230952 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys

2011-11-16 17:06:46 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools

2011-11-16 17:05:50 -------- d-----w- C:\ProgramData\PC Tools

2011-11-16 17:05:47 -------- d-----w- C:\Users\Kim\AppData\Roaming\TestApp

2011-11-16 17:02:07 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6F3679E7-580E-4D6A-BB4F-6294252E9AE9}\mpengine.dll

2011-11-16 17:01:52 -------- d-----w- C:\Users\Kim\AppData\Roaming\y4pmH5sQJdKgZh

2011-11-16 17:01:51 -------- d-----w- C:\Users\Kim\AppData\Roaming\OUVelOBtz0c1v2n

2011-11-16 17:01:47 -------- d-----w- C:\Users\Kim\AppData\Roaming\UgRZqhYXwUeOtPy

2011-11-16 17:01:45 -------- d-----w- C:\Users\Kim\AppData\Roaming\sxP0ucS1iDo

2011-11-16 17:01:45 -------- d-----w- C:\Users\Kim\AppData\Roaming\IaQH6sWK7

2011-11-16 17:01:40 -------- d-----w- C:\Users\Kim\AppData\Roaming\a7fE9gTZqY

2011-11-16 16:59:14 -------- d-----w- C:\Users\Kim\AppData\Roaming\v4aQH6sWKf

2011-11-16 16:59:14 -------- d-----w- C:\Users\Kim\AppData\Roaming\UrzONtxA0c2b3n

2011-11-15 15:00:28 -------- d-----w- C:\Users\Kim\AppData\Roaming\bZqjYCwkIrO

2011-11-15 15:00:13 -------- d-----w- C:\Users\Kim\AppData\Roaming\oVrzONtxAuS

2011-11-15 14:58:36 -------- d-----w- C:\Users\Kim\AppData\Roaming\zXqjYCekIrOtAuS

2011-11-15 14:58:35 -------- d-----w- C:\Users\Kim\AppData\Roaming\xQH6dWK7fLg

2011-11-15 04:20:37 -------- d-----w- C:\Users\Kim\AppData\Roaming\9102F

2011-11-15 04:20:23 -------- d-----w- C:\Users\Kim\AppData\Roaming\JG55ssQJ6dEKfR9

2011-11-15 04:20:23 -------- d-----w- C:\Users\Kim\AppData\Roaming\cTTXXwjjUClIBzN

2011-11-15 04:20:17 -------- d-----w- C:\Users\Kim\AppData\Roaming\IeeelOOBt

2011-11-15 04:20:17 -------- d-----w- C:\Users\Kim\AppData\Roaming\CE091

2011-11-15 04:20:16 -------- d-----w- C:\Users\Kim\AppData\Roaming\qWWWJ77fEL8gZqY

2011-11-15 04:20:16 -------- d-----w- C:\Users\Kim\AppData\Roaming\cS11iibD3

2011-11-09 16:48:41 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll

2011-11-09 16:48:40 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll

2011-11-09 16:48:13 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-11-09 16:47:42 3141120 ----a-w- C:\Windows\System32\win32k.sys

2011-11-01 01:03:14 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll

2011-11-01 01:03:14 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll

.

==================== Find3M ====================

.

2011-10-03 17:35:38 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-08-27 05:40:28 861184 ----a-w- C:\Windows\System32\oleaut32.dll

2011-08-27 05:40:28 331776 ----a-w- C:\Windows\System32\oleacc.dll

2011-08-27 04:43:07 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-08-27 04:43:06 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll

.

============= FINISH: 18:07:49.97 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 6/14/2011 12:43:04 PM

System Uptime: 11/24/2011 6:02:23 PM (0 hours ago)

.

Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | RV411/RV511/E3511/S3511/RV711

Processor: Intel® Core i3 CPU M 380 @ 2.53GHz | CPU 1 | 2527/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 180 GiB total, 134.403 GiB free.

D: is FIXED (NTFS) - 268 GiB total, 268.4 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Windows Firewall Authorization Driver

Device ID: ROOT\LEGACY_MPSDRV\0000

Manufacturer:

Name: Windows Firewall Authorization Driver

PNP Device ID: ROOT\LEGACY_MPSDRV\0000

Service: mpsdrv

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Security Processor Loader Driver

Device ID: ROOT\LEGACY_SPLDR\0000

Manufacturer:

Name: Security Processor Loader Driver

PNP Device ID: ROOT\LEGACY_SPLDR\0000

Service: spldr

.

==== System Restore Points ===================

.

RP90: 11/8/2011 7:29:34 AM - Windows Update

RP91: 11/11/2011 9:17:01 AM - Windows Update

RP92: 11/11/2011 9:25:30 AM - Windows Update

RP93: 11/12/2011 1:13:29 PM - Windows Update

RP95: 11/14/2011 11:39:00 PM - Windows Defender Checkpoint

RP96: 11/15/2011 10:10:15 AM - Windows Update

RP97: 11/15/2011 10:20:17 AM - Removed Google Earth Plug-in.

RP98: 11/16/2011 12:03:47 PM - Windows Update

RP100: 11/16/2011 12:23:57 PM - Windows Defender Checkpoint

RP101: 11/16/2011 10:22:57 PM - Removed Easy Content Share.

RP102: 11/24/2011 4:31:15 PM - Removed Norton Online Backup

.

==== Installed Programs ======================

.

???? ??? Windows Live

???? Windows Live

????? Messenger

????? Windows Live

?????? ??????? ?? Windows Live

???????? ?? Messenger

???????? ?????????? Windows Live

????????? Messenger

?????????? Windows Live

??????????? ?? Windows Live

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.1

„Messenger“ pagalbine priemone

Apple Application Support

Apple Software Update

„Windows Live Essentials“

„Windows Live Mail“

„Windows Live Messenger“

„Windows Live“ fotogalerija

BatteryLifeExtender

Browser Defender 4.0

Complemento Messenger

Complément Messenger

CyberLink Media Suite

CyberLink Media+ Player10

CyberLink MediaShow

CyberLink Power2Go

CyberLink PowerDirector

CyberLink YouCam

D3DX10

Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Doplnok programu Messenger

Easy Content Share

Easy Display Manager

Easy Migration

Easy Network Manager

Easy SpeedUp Manager

EasyBatteryManager

EasyFileShare

Facebook Video Calling 1.0.0.8953

Fast Start

Fotogalerija Windows Live

Galeria de Fotografias do Windows Live

Galeria fotografii uslugi Windows Live

Galerie de photos Windows Live

Galerie foto Windows Live

Galería fotográfica de Windows Live

Google Earth Plug-in

Google Toolbar for Internet Explorer

Google Update Helper

Intel® Control Center

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Components

Intel® Rapid Storage Technology

Intel® Wireless Display

Junk Mail filter update

Malwarebytes' Anti-Malware version 1.51.2.1300

Mesh Runtime

Messenger-kumppani

Messenger ??? ??

Messenger ????

Messenger ?????

Messenger Assistent

Messenger Companion

Messenger kíséro

Messenger Pratilac

Messenger Suradnik

Microsoft Office 2010

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Movie Color Enhancer

Mozilla Firefox 7.0.1 (x86 en-US)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Norton Internet Security

Norton Online Backup

PC Tools Spyware Doctor 9.0

Poczta uslugi Windows Live

Podstawowe programy Windows Live

Pomocnik Messenger

Pošta Windows Live

QuickTime

Raccolta foto di Windows Live

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

S?????? f?t???af??? t?? Windows Live

Safari

Samsung AnyWeb Print

Samsung Recovery Solution 5

Samsung Support Center

Samsung Universal Print Driver

Samsung Universal Scan Driver

Samsung Update Plus

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft Excel 2010 (KB2553070)

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Skype™ 5.3

Spremljevalec Messenger

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition

Update for Microsoft Outlook Social Connector (KB2583935)

User Guide

Webroot Software

Windows Live

Windows Live ??

Windows Live ?? ???

Windows Live ???

Windows Live ????

Windows Live Communications Platform

Windows Live Essentials

Windows Live Fotótár

Windows Live Foto-galerija

Windows Live fotoattelu galerija

Windows Live Fotogalerie

Windows Live Fotogalleri

Windows Live Fotogaléria

Windows Live Fotograf Galerisi

Windows Live Galeria de Fotos

Windows Live Galerija fotografija

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Pošta

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Temel Parçalar

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Liven asennustyökalu

Windows Liven sähköposti

Windows Liven valokuvavalikoima

.

==== Event Viewer Messages From Past Week ========

.

11/24/2011 6:04:51 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

11/24/2011 6:04:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

11/24/2011 6:04:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

11/24/2011 6:04:47 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.

11/24/2011 6:04:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

11/24/2011 6:04:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

11/24/2011 6:03:31 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21

11/24/2011 6:03:25 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 discache eeCtrl IDSVia64 PCTSD SABI spldr SRTSPX SymIRON SymNetS Wanarpv6

11/24/2011 6:03:12 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.

11/24/2011 6:03:12 PM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.

11/24/2011 5:16:41 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the PC Tools Security Service service to connect.

11/24/2011 5:16:41 PM, Error: Service Control Manager [7000] - The PC Tools Security Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/24/2011 5:16:27 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 SymIRON

11/24/2011 2:52:24 PM, Error: ssidrv [31] - Invalid input parameter found.

11/24/2011 2:52:24 PM, Error: ssidrv [26] - Failed to set monitor event rule.

11/24/2011 2:42:58 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 discache eeCtrl IDSVia64 SABI spldr SRTSPX SymIRON SymNetS Wanarpv6

11/22/2011 9:56:33 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

11/22/2011 9:56:33 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.

11/22/2011 7:29:16 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.

11/19/2011 9:49:59 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2.

.

==== End Of File ===========================

BUMP

Link to post
Share on other sites

Welcome to the forum.

Please visit the page below and run ComboFix.

The most important things to remember when you run it is that it's run from your desktop and you have disabled all of your malware programs.

Post back the results when done.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

MrC

Link to post
Share on other sites

Thanks for responding. Here's the ComboFix log:

ComboFix 11-11-26.04 - Kim 11/26/2011 22:09:01.1.4 - x64 NETWORK

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.2848 [GMT -5:00]

Running from: c:\users\Kim\Desktop\ComboFix.exe

AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: PC Tools Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

SP: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\LP

c:\program files (x86)\LP\62BC\47F8.tmp

c:\program files (x86)\LP\62BC\B0C8.tmp

c:\programdata\O1GYiM16.exe

c:\users\Kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\{257AA7E4-94C4-437F-ACE0-F0F9DF71BA9B}.xps

c:\users\Kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\{31538A0A-3944-47D9-87BB-3100E783D160}.xps

c:\users\Kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B70C3019-864D-445D-91C4-CFE8498D7B5E}.xps

c:\users\Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Security 2012

c:\users\Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Security 2012\AV Security 2012.lnk

c:\users\Kim\Documents\~WRL0394.tmp

c:\users\Kim\Documents\~WRL1012.tmp

c:\users\Kim\Documents\~WRL1078.tmp

c:\users\Kim\Documents\~WRL2076.tmp

c:\users\Kim\Documents\~WRL2550.tmp

c:\users\Kim\Documents\~WRL2862.tmp

c:\users\Kim\Documents\~WRL3040.tmp

c:\windows\system32\consrv.dll

c:\windows\System64

.

.

((((((((((((((((((((((((( Files Created from 2011-10-27 to 2011-11-27 )))))))))))))))))))))))))))))))

.

.

2011-11-27 03:14 . 2011-11-27 03:14 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-11-27 02:54 . 2011-11-27 02:54 32256 ----a-w- c:\windows\SysWow64\iWY8u4QD.com

2011-11-20 04:12 . 2011-11-20 04:12 -------- d-----w- C:\found.000

2011-11-17 02:33 . 2011-11-17 02:33 -------- d-----w- c:\users\Kim\AppData\Roaming\Malwarebytes

2011-11-17 02:32 . 2011-11-17 02:32 -------- d-----w- c:\programdata\Malwarebytes

2011-11-17 02:32 . 2011-11-17 02:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-11-17 02:32 . 2011-08-31 22:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-17 02:24 . 2011-11-17 03:13 -------- d-----w- c:\program files (x86)\9102F

2011-11-17 01:13 . 2011-11-17 01:13 -------- d-----w- c:\users\Kim\AppData\Roaming\eTTXqjjUCekIrzN

2011-11-17 01:13 . 2011-11-17 01:13 -------- d-----w- c:\users\Kim\AppData\Roaming\j2oobbF3pm

2011-11-16 17:10 . 2011-09-28 18:14 70760 ----a-w- c:\windows\system32\drivers\PCTBD64.sys

2011-11-16 17:10 . 2011-10-25 18:38 149456 ----a-w- c:\windows\SGDetectionTool.dll

2011-11-16 17:10 . 2011-10-25 18:38 767952 ----a-w- c:\windows\BDTSupport.dll

2011-11-16 17:10 . 2011-10-25 18:38 2291664 ----a-w- c:\windows\PCTBDCore.dll

2011-11-16 17:10 . 2011-10-25 18:38 1681360 ----a-w- c:\windows\PCTBDRes.dll

2011-11-16 17:10 . 2011-10-28 15:41 141312 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys

2011-11-16 17:10 . 2011-10-28 15:41 336512 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys

2011-11-16 17:09 . 2011-10-28 16:01 14776 ----a-w- c:\windows\system32\drivers\pctBTFix64.sys

2011-11-16 17:09 . 2011-10-28 16:03 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys

2011-11-16 17:09 . 2011-11-25 01:06 -------- d-----w- c:\program files (x86)\PC Tools

2011-11-16 17:06 . 2011-10-07 22:52 816016 ----a-w- c:\windows\system32\drivers\pctEFA64.sys

2011-11-16 17:06 . 2011-10-07 22:52 452872 ----a-w- c:\windows\system32\drivers\pctDS64.sys

2011-11-16 17:06 . 2011-10-22 20:11 367912 ----a-w- c:\windows\system32\drivers\PCTCore64.sys

2011-11-16 17:06 . 2011-11-25 01:06 -------- d-----w- c:\program files (x86)\Common Files\PC Tools

2011-11-16 17:06 . 2011-10-28 16:03 230952 ----a-w- c:\windows\system32\drivers\PCTSD64.sys

2011-11-16 17:05 . 2011-11-25 01:06 -------- d-----w- c:\programdata\PC Tools

2011-11-16 17:05 . 2011-11-16 17:05 -------- d-----w- c:\users\Kim\AppData\Roaming\TestApp

2011-11-16 17:02 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F3679E7-580E-4D6A-BB4F-6294252E9AE9}\mpengine.dll

2011-11-16 17:01 . 2011-11-16 17:01 -------- d-----w- c:\users\Kim\AppData\Roaming\y4pmH5sQJdKgZh

2011-11-16 17:01 . 2011-11-16 17:01 -------- d-----w- c:\users\Kim\AppData\Roaming\OUVelOBtz0c1v2n

2011-11-16 17:01 . 2011-11-16 17:01 -------- d-----w- c:\users\Kim\AppData\Roaming\UgRZqhYXwUeOtPy

2011-11-16 17:01 . 2011-11-17 03:13 -------- d-----w- c:\users\Kim\AppData\Roaming\sxP0ucS1iDo

2011-11-16 17:01 . 2011-11-16 17:01 -------- d-----w- c:\users\Kim\AppData\Roaming\IaQH6sWK7

2011-11-16 17:01 . 2011-11-16 17:01 -------- d-----w- c:\users\Kim\AppData\Roaming\a7fE9gTZqY

2011-11-16 16:59 . 2011-11-16 16:59 -------- d-----w- c:\users\Kim\AppData\Roaming\v4aQH6sWKf

2011-11-16 16:59 . 2011-11-16 16:59 -------- d-----w- c:\users\Kim\AppData\Roaming\UrzONtxA0c2b3n

2011-11-15 15:00 . 2011-11-15 15:00 -------- d-----w- c:\users\Kim\AppData\Roaming\bZqjYCwkIrO

2011-11-15 15:00 . 2011-11-15 15:00 -------- d-----w- c:\users\Kim\AppData\Roaming\oVrzONtxAuS

2011-11-15 14:58 . 2011-11-15 14:58 -------- d-----w- c:\users\Kim\AppData\Roaming\zXqjYCekIrOtAuS

2011-11-15 14:58 . 2011-11-15 14:58 -------- d-----w- c:\users\Kim\AppData\Roaming\xQH6dWK7fLg

2011-11-15 04:20 . 2011-11-17 03:13 -------- d-----w- c:\users\Kim\AppData\Roaming\9102F

2011-11-15 04:20 . 2011-11-15 04:20 -------- d-----w- c:\users\Kim\AppData\Roaming\JG55ssQJ6dEKfR9

2011-11-15 04:20 . 2011-11-15 04:20 -------- d-----w- c:\users\Kim\AppData\Roaming\cTTXXwjjUClIBzN

2011-11-15 04:20 . 2011-11-16 19:42 -------- d-----w- c:\users\Kim\AppData\Roaming\CE091

2011-11-15 04:20 . 2011-11-15 04:20 -------- d-----w- c:\users\Kim\AppData\Roaming\IeeelOOBt

2011-11-15 04:20 . 2011-11-17 03:13 -------- d-----w- c:\users\Kim\AppData\Roaming\qWWWJ77fEL8gZqY

2011-11-15 04:20 . 2011-11-15 04:20 -------- d-----w- c:\users\Kim\AppData\Roaming\cS11iibD3

2011-11-09 16:48 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll

2011-11-09 16:48 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll

2011-11-09 16:48 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-11-09 16:47 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys

2011-11-01 01:03 . 2011-11-01 01:03 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll

2011-11-01 01:03 . 2011-11-01 01:03 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-03 17:35 . 2011-06-14 00:26 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-01 03:21 . 2011-10-13 14:48 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-10-01 02:59 . 2011-10-13 14:48 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Facebook Update"="c:\users\Kim\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-10-04 137536]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-06-08 618496]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HideSCAHealth"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx64.sys [2011-05-19 1143416]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 136176]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 136176]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-10-19 340240]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]

S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]

S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [x]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110615.001\IDSvia64.sys [2011-06-03 488056]

S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x]

S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [x]

S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2011-10-25 542672]

S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-09-01 408576]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]

S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]

S2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2011-10-28 402336]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-01 2533400]

S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-09-01 911872]

S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [x]

S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x]

S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [x]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]

S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1688672369-560665978-2355779204-1000Core.job

- c:\users\Kim\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-04 01:47]

.

2011-11-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1688672369-560665978-2355779204-1000UA.job

- c:\users\Kim\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-04 01:47]

.

2011-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 22:11]

.

2011-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 22:11]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]

"combofix"="c:\combofix\CF16196.3XE" [2009-07-14 344576]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://samsung.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local;<local>

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

IE: {{328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - c:\program files\Samsung AnyWeb Print\W2PBrowser.dll

LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll

TCP: DhcpNameServer = 67.152.3.146 68.234.128.70

FF - ProfilePath - c:\users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\7bfuubx4.default\

FF - user.js: general.useragent.extra.brc -

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe

c:\program files (x86)\Samsung\Easy Display Manager\dmhkcore.exe

c:\program files (x86)\Samsung\Easy Display Manager\WifiManager.exe

c:\program files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe

c:\windows\SysWOW64\runonce.exe

c:\program files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe

c:\program files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe

c:\program files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe

c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe

c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe

c:\program files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe

c:\program files (x86)\Common Files\Samsung\SSCSettings\SSCSettings.exe

.

**************************************************************************

.

Completion time: 2011-11-26 22:24:32 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-27 03:24

.

Pre-Run: 144,322,224,128 bytes free

Post-Run: 143,913,177,088 bytes free

.

- - End Of File - - 2101046D685BAE73DAA4CC1F803C8F34

Link to post
Share on other sites

OK....Please dothis:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

4. If ComboFix wants to update.....please allow it to.


File::
c:\windows\SysWow64\iWY8u4QD.com

Folder::
c:\users\Kim\AppData\Roaming\eTTXqjjUCekIrzN
c:\users\Kim\AppData\Roaming\j2oobbF3pm
c:\users\Kim\AppData\Roaming\y4pmH5sQJdKgZh
c:\users\Kim\AppData\Roaming\OUVelOBtz0c1v2n
c:\users\Kim\AppData\Roaming\UgRZqhYXwUeOtPy
c:\users\Kim\AppData\Roaming\sxP0ucS1iDo
c:\users\Kim\AppData\Roaming\IaQH6sWK7
c:\users\Kim\AppData\Roaming\a7fE9gTZqY
c:\users\Kim\AppData\Roaming\v4aQH6sWKf
c:\users\Kim\AppData\Roaming\UrzONtxA0c2b3n
c:\users\Kim\AppData\Roaming\bZqjYCwkIrO
c:\users\Kim\AppData\Roaming\oVrzONtxAuS
c:\users\Kim\AppData\Roaming\zXqjYCekIrOtAuS
c:\users\Kim\AppData\Roaming\xQH6dWK7fLg
c:\users\Kim\AppData\Roaming\9102F
c:\users\Kim\AppData\Roaming\JG55ssQJ6dEKfR9
c:\users\Kim\AppData\Roaming\cTTXXwjjUClIBzN
c:\users\Kim\AppData\Roaming\CE091
c:\users\Kim\AppData\Roaming\IeeelOOBt
c:\users\Kim\AppData\Roaming\qWWWJ77fEL8gZqY
c:\users\Kim\AppData\Roaming\cS11iibD3

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScript.gif

Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......

Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.

-------------------------

Then update and run a quick scan with MBAM, post the log.

MrC

Link to post
Share on other sites

Thank you. I ran ComboFix again, but I do not know how to disable the Webroot Antivirus software. I thought I uninstalled it, but it's still here. I'm about to run MBAM once more. Here are the updated ComboFix logs:

ComboFix 11-11-26.04 - Kim 11/26/2011 22:51:34.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.2407 [GMT -5:00]

Running from: c:\users\Kim\Desktop\ComboFix.exe

Command switches used :: c:\users\Kim\Desktop\CFScript.txt

AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: PC Tools Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

SP: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\SysWow64\iWY8u4QD.com"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Kim\AppData\Roaming\9102F

c:\users\Kim\AppData\Roaming\a7fE9gTZqY

c:\users\Kim\AppData\Roaming\bZqjYCwkIrO

c:\users\Kim\AppData\Roaming\CE091

c:\users\Kim\AppData\Roaming\CE091\102F.E09

c:\users\Kim\AppData\Roaming\cS11iibD3

c:\users\Kim\AppData\Roaming\cTTXXwjjUClIBzN

c:\users\Kim\AppData\Roaming\cTTXXwjjUClIBzN\AV Security 2012.ico

c:\users\Kim\AppData\Roaming\eTTXqjjUCekIrzN

c:\users\Kim\AppData\Roaming\eTTXqjjUCekIrzN\AV Security 2012.ico

c:\users\Kim\AppData\Roaming\IaQH6sWK7

c:\users\Kim\AppData\Roaming\IeeelOOBt

c:\users\Kim\AppData\Roaming\j2oobbF3pm

c:\users\Kim\AppData\Roaming\JG55ssQJ6dEKfR9

c:\users\Kim\AppData\Roaming\OUVelOBtz0c1v2n

c:\users\Kim\AppData\Roaming\oVrzONtxAuS

c:\users\Kim\AppData\Roaming\qWWWJ77fEL8gZqY

c:\users\Kim\AppData\Roaming\sxP0ucS1iDo

c:\users\Kim\AppData\Roaming\UgRZqhYXwUeOtPy

c:\users\Kim\AppData\Roaming\UrzONtxA0c2b3n

c:\users\Kim\AppData\Roaming\v4aQH6sWKf

c:\users\Kim\AppData\Roaming\v4aQH6sWKf\AV Security 2012.ico

c:\users\Kim\AppData\Roaming\xQH6dWK7fLg

c:\users\Kim\AppData\Roaming\y4pmH5sQJdKgZh

c:\users\Kim\AppData\Roaming\y4pmH5sQJdKgZh\AV Security 2012.ico

c:\users\Kim\AppData\Roaming\zXqjYCekIrOtAuS

c:\users\Kim\AppData\Roaming\zXqjYCekIrOtAuS\AV Security 2012.ico

c:\windows\SysWow64\iWY8u4QD.com

.

.

((((((((((((((((((((((((( Files Created from 2011-10-27 to 2011-11-27 )))))))))))))))))))))))))))))))

.

.

2011-11-27 03:56 . 2011-11-27 03:56 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-11-27 03:56 . 2011-11-27 03:56 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2011-11-20 04:12 . 2011-11-20 04:12 -------- d-----w- C:\found.000

2011-11-17 02:33 . 2011-11-17 02:33 -------- d-----w- c:\users\Kim\AppData\Roaming\Malwarebytes

2011-11-17 02:32 . 2011-11-17 02:32 -------- d-----w- c:\programdata\Malwarebytes

2011-11-17 02:32 . 2011-11-17 02:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-11-17 02:32 . 2011-08-31 22:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-17 02:24 . 2011-11-17 03:13 -------- d-----w- c:\program files (x86)\9102F

2011-11-16 17:10 . 2011-09-28 18:14 70760 ----a-w- c:\windows\system32\drivers\PCTBD64.sys

2011-11-16 17:10 . 2011-10-25 18:38 149456 ----a-w- c:\windows\SGDetectionTool.dll

2011-11-16 17:10 . 2011-10-25 18:38 767952 ----a-w- c:\windows\BDTSupport.dll

2011-11-16 17:10 . 2011-10-25 18:38 2291664 ----a-w- c:\windows\PCTBDCore.dll

2011-11-16 17:10 . 2011-10-25 18:38 1681360 ----a-w- c:\windows\PCTBDRes.dll

2011-11-16 17:10 . 2011-10-28 15:41 141312 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys

2011-11-16 17:10 . 2011-10-28 15:41 336512 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys

2011-11-16 17:09 . 2011-10-28 16:01 14776 ----a-w- c:\windows\system32\drivers\pctBTFix64.sys

2011-11-16 17:09 . 2011-10-28 16:03 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys

2011-11-16 17:09 . 2011-11-25 01:06 -------- d-----w- c:\program files (x86)\PC Tools

2011-11-16 17:06 . 2011-10-07 22:52 816016 ----a-w- c:\windows\system32\drivers\pctEFA64.sys

2011-11-16 17:06 . 2011-10-07 22:52 452872 ----a-w- c:\windows\system32\drivers\pctDS64.sys

2011-11-16 17:06 . 2011-10-22 20:11 367912 ----a-w- c:\windows\system32\drivers\PCTCore64.sys

2011-11-16 17:06 . 2011-11-25 01:06 -------- d-----w- c:\program files (x86)\Common Files\PC Tools

2011-11-16 17:06 . 2011-10-28 16:03 230952 ----a-w- c:\windows\system32\drivers\PCTSD64.sys

2011-11-16 17:05 . 2011-11-25 01:06 -------- d-----w- c:\programdata\PC Tools

2011-11-16 17:05 . 2011-11-16 17:05 -------- d-----w- c:\users\Kim\AppData\Roaming\TestApp

2011-11-16 17:02 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F3679E7-580E-4D6A-BB4F-6294252E9AE9}\mpengine.dll

2011-11-09 16:48 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll

2011-11-09 16:48 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll

2011-11-09 16:48 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-11-09 16:47 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys

2011-11-01 01:03 . 2011-11-01 01:03 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll

2011-11-01 01:03 . 2011-11-01 01:03 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-03 17:35 . 2011-06-14 00:26 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-01 03:21 . 2011-10-13 14:48 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-10-01 02:59 . 2011-10-13 14:48 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

.

.

((((((((((((((((((((((((((((( SnapShot@2011-11-27_03.17.46 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-14 05:10 . 2011-11-27 03:19 37852 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2011-06-13 18:32 . 2011-11-24 21:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-06-13 18:32 . 2011-11-27 03:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-12-09 04:04 . 2011-11-27 03:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-12-09 04:04 . 2011-11-24 21:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-11-27 03:22 . 2011-11-27 03:22 65536 c:\windows\Installer\{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe

+ 2011-11-27 03:22 . 2011-11-27 03:22 65536 c:\windows\Installer\{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}\ARPPRODUCTICON.exe

+ 2011-06-14 16:44 . 2011-11-27 03:19 8490 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1688672369-560665978-2355779204-1000_UserData.bin

+ 2009-07-14 02:36 . 2011-11-27 03:22 710988 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-11-27 03:22 135896 c:\windows\system32\perfc009.dat

+ 2011-10-17 18:31 . 2011-10-17 18:31 926208 c:\windows\Installer\5f818.msi

- 2009-07-14 02:34 . 2011-11-25 01:07 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat

+ 2009-07-14 02:34 . 2011-11-27 03:33 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Facebook Update"="c:\users\Kim\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-10-04 137536]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-06-08 618496]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HideSCAHealth"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx64.sys [2011-05-19 1143416]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 136176]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 136176]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-10-19 340240]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]

S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]

S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [x]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110615.001\IDSvia64.sys [2011-06-03 488056]

S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x]

S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [x]

S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2011-10-25 542672]

S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-09-01 408576]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]

S2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2011-10-28 402336]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-01 2533400]

S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-09-01 911872]

S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [x]

S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x]

S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [x]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]

S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1688672369-560665978-2355779204-1000Core.job

- c:\users\Kim\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-04 01:47]

.

2011-11-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1688672369-560665978-2355779204-1000UA.job

- c:\users\Kim\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-04 01:47]

.

2011-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 22:11]

.

2011-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 22:11]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://samsung.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local;<local>

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll

TCP: DhcpNameServer = 67.152.3.146 68.234.128.70

FF - ProfilePath - c:\users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\7bfuubx4.default\

FF - user.js: general.useragent.extra.brc -

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-11-26 22:58:06

ComboFix-quarantined-files.txt 2011-11-27 03:58

ComboFix2.txt 2011-11-27 03:24

.

Pre-Run: 144,364,224,512 bytes free

Post-Run: 144,299,147,264 bytes free

.

- - End Of File - - 5FA4A3E0517431FF59A704E54F335F3A

Link to post
Share on other sites

Okay thank you for all your help Mr. C. Here is the latest MBAM log. Somehow another file was infected but MBAM quarantined and deleted it. About to run another scan to see if it's gone for good. Here's the MBAM log:

ComboFix 11-11-26.04 - Kim 11/26/2011 22:51:34.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.2407 [GMT -5:00]

Running from: c:\users\Kim\Desktop\ComboFix.exe

Command switches used :: c:\users\Kim\Desktop\CFScript.txt

AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: PC Tools Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

SP: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\SysWow64\iWY8u4QD.com"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Kim\AppData\Roaming\9102F

c:\users\Kim\AppData\Roaming\a7fE9gTZqY

c:\users\Kim\AppData\Roaming\bZqjYCwkIrO

c:\users\Kim\AppData\Roaming\CE091

c:\users\Kim\AppData\Roaming\CE091\102F.E09

c:\users\Kim\AppData\Roaming\cS11iibD3

c:\users\Kim\AppData\Roaming\cTTXXwjjUClIBzN

c:\users\Kim\AppData\Roaming\cTTXXwjjUClIBzN\AV Security 2012.ico

c:\users\Kim\AppData\Roaming\eTTXqjjUCekIrzN

c:\users\Kim\AppData\Roaming\eTTXqjjUCekIrzN\AV Security 2012.ico

c:\users\Kim\AppData\Roaming\IaQH6sWK7

c:\users\Kim\AppData\Roaming\IeeelOOBt

c:\users\Kim\AppData\Roaming\j2oobbF3pm

c:\users\Kim\AppData\Roaming\JG55ssQJ6dEKfR9

c:\users\Kim\AppData\Roaming\OUVelOBtz0c1v2n

c:\users\Kim\AppData\Roaming\oVrzONtxAuS

c:\users\Kim\AppData\Roaming\qWWWJ77fEL8gZqY

c:\users\Kim\AppData\Roaming\sxP0ucS1iDo

c:\users\Kim\AppData\Roaming\UgRZqhYXwUeOtPy

c:\users\Kim\AppData\Roaming\UrzONtxA0c2b3n

c:\users\Kim\AppData\Roaming\v4aQH6sWKf

c:\users\Kim\AppData\Roaming\v4aQH6sWKf\AV Security 2012.ico

c:\users\Kim\AppData\Roaming\xQH6dWK7fLg

c:\users\Kim\AppData\Roaming\y4pmH5sQJdKgZh

c:\users\Kim\AppData\Roaming\y4pmH5sQJdKgZh\AV Security 2012.ico

c:\users\Kim\AppData\Roaming\zXqjYCekIrOtAuS

c:\users\Kim\AppData\Roaming\zXqjYCekIrOtAuS\AV Security 2012.ico

c:\windows\SysWow64\iWY8u4QD.com

.

.

((((((((((((((((((((((((( Files Created from 2011-10-27 to 2011-11-27 )))))))))))))))))))))))))))))))

.

.

2011-11-27 03:56 . 2011-11-27 03:56 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-11-27 03:56 . 2011-11-27 03:56 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2011-11-20 04:12 . 2011-11-20 04:12 -------- d-----w- C:\found.000

2011-11-17 02:33 . 2011-11-17 02:33 -------- d-----w- c:\users\Kim\AppData\Roaming\Malwarebytes

2011-11-17 02:32 . 2011-11-17 02:32 -------- d-----w- c:\programdata\Malwarebytes

2011-11-17 02:32 . 2011-11-17 02:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-11-17 02:32 . 2011-08-31 22:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-17 02:24 . 2011-11-17 03:13 -------- d-----w- c:\program files (x86)\9102F

2011-11-16 17:10 . 2011-09-28 18:14 70760 ----a-w- c:\windows\system32\drivers\PCTBD64.sys

2011-11-16 17:10 . 2011-10-25 18:38 149456 ----a-w- c:\windows\SGDetectionTool.dll

2011-11-16 17:10 . 2011-10-25 18:38 767952 ----a-w- c:\windows\BDTSupport.dll

2011-11-16 17:10 . 2011-10-25 18:38 2291664 ----a-w- c:\windows\PCTBDCore.dll

2011-11-16 17:10 . 2011-10-25 18:38 1681360 ----a-w- c:\windows\PCTBDRes.dll

2011-11-16 17:10 . 2011-10-28 15:41 141312 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys

2011-11-16 17:10 . 2011-10-28 15:41 336512 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys

2011-11-16 17:09 . 2011-10-28 16:01 14776 ----a-w- c:\windows\system32\drivers\pctBTFix64.sys

2011-11-16 17:09 . 2011-10-28 16:03 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys

2011-11-16 17:09 . 2011-11-25 01:06 -------- d-----w- c:\program files (x86)\PC Tools

2011-11-16 17:06 . 2011-10-07 22:52 816016 ----a-w- c:\windows\system32\drivers\pctEFA64.sys

2011-11-16 17:06 . 2011-10-07 22:52 452872 ----a-w- c:\windows\system32\drivers\pctDS64.sys

2011-11-16 17:06 . 2011-10-22 20:11 367912 ----a-w- c:\windows\system32\drivers\PCTCore64.sys

2011-11-16 17:06 . 2011-11-25 01:06 -------- d-----w- c:\program files (x86)\Common Files\PC Tools

2011-11-16 17:06 . 2011-10-28 16:03 230952 ----a-w- c:\windows\system32\drivers\PCTSD64.sys

2011-11-16 17:05 . 2011-11-25 01:06 -------- d-----w- c:\programdata\PC Tools

2011-11-16 17:05 . 2011-11-16 17:05 -------- d-----w- c:\users\Kim\AppData\Roaming\TestApp

2011-11-16 17:02 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F3679E7-580E-4D6A-BB4F-6294252E9AE9}\mpengine.dll

2011-11-09 16:48 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll

2011-11-09 16:48 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll

2011-11-09 16:48 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-11-09 16:47 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys

2011-11-01 01:03 . 2011-11-01 01:03 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll

2011-11-01 01:03 . 2011-11-01 01:03 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-03 17:35 . 2011-06-14 00:26 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-01 03:21 . 2011-10-13 14:48 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-10-01 02:59 . 2011-10-13 14:48 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

.

.

((((((((((((((((((((((((((((( SnapShot@2011-11-27_03.17.46 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-14 05:10 . 2011-11-27 03:19 37852 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2011-06-13 18:32 . 2011-11-24 21:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-06-13 18:32 . 2011-11-27 03:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-12-09 04:04 . 2011-11-27 03:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-12-09 04:04 . 2011-11-24 21:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-11-27 03:22 . 2011-11-27 03:22 65536 c:\windows\Installer\{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe

+ 2011-11-27 03:22 . 2011-11-27 03:22 65536 c:\windows\Installer\{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}\ARPPRODUCTICON.exe

+ 2011-06-14 16:44 . 2011-11-27 03:19 8490 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1688672369-560665978-2355779204-1000_UserData.bin

+ 2009-07-14 02:36 . 2011-11-27 03:22 710988 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-11-27 03:22 135896 c:\windows\system32\perfc009.dat

+ 2011-10-17 18:31 . 2011-10-17 18:31 926208 c:\windows\Installer\5f818.msi

- 2009-07-14 02:34 . 2011-11-25 01:07 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat

+ 2009-07-14 02:34 . 2011-11-27 03:33 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Facebook Update"="c:\users\Kim\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-10-04 137536]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-06-08 618496]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HideSCAHealth"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx64.sys [2011-05-19 1143416]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 136176]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 136176]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-10-19 340240]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]

S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]

S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [x]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110615.001\IDSvia64.sys [2011-06-03 488056]

S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x]

S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [x]

S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2011-10-25 542672]

S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-09-01 408576]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]

S2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2011-10-28 402336]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-01 2533400]

S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-09-01 911872]

S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [x]

S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x]

S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [x]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]

S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1688672369-560665978-2355779204-1000Core.job

- c:\users\Kim\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-04 01:47]

.

2011-11-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1688672369-560665978-2355779204-1000UA.job

- c:\users\Kim\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-04 01:47]

.

2011-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 22:11]

.

2011-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 22:11]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://samsung.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local;<local>

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll

TCP: DhcpNameServer = 67.152.3.146 68.234.128.70

FF - ProfilePath - c:\users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\7bfuubx4.default\

FF - user.js: general.useragent.extra.brc -

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-11-26 22:58:06

ComboFix-quarantined-files.txt 2011-11-27 03:58

ComboFix2.txt 2011-11-27 03:24

.

Pre-Run: 144,364,224,512 bytes free

Post-Run: 144,299,147,264 bytes free

.

- - End Of File - - 5FA4A3E0517431FF59A704E54F335F3A

Link to post
Share on other sites

Okay, after one more scan, it SEEMS this computer is clean. Here is the latest log:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8235

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

11/27/2011 12:17:21 AM

mbam-log-2011-11-27 (00-17-21).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 343693

Time elapsed: 37 minute(s), 35 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.