Sign In
Create Account
0
Hello, my sister's computer was recently infected and after running MBAM a few times, the file PUP.BitMiner remains on the computer. Thanks in the advance for the help. Here are the logs:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 8.0.7600.16385
Run by Kim at 18:06:13 on 2011-11-24
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.2771 [GMT -5:00]
.
AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: PC Tools Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://samsung.msn.com
mStart Page = hxxp://samsung.msn.com
uInternet Settings,ProxyOverride = *.local;<local>
uURLSearchHooks: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: W2PBrowser Class: {aa609d72-8482-4076-8991-8cdae5b93bcb} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Facebook Update] "C:\Users\Kim\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Samsung PanelMgr] "C:\Windows\Samsung\PanelMgr\SSMMgr.exe" /autorun
mRun: [AppleSyncNotifier] "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{13C06044-6BD5-480D-8630-1A66C1E041C8} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{13C06044-6BD5-480D-8630-1A66C1E041C8}\16474777966696 : DhcpNameServer = 192.168.5.1
TCP: Interfaces\{13C06044-6BD5-480D-8630-1A66C1E041C8}\65143535D25505F312 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{13C06044-6BD5-480D-8630-1A66C1E041C8}\6563A43414 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: W2PBrowser Class: {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
BHO-X64: W2PBrowser Browser Helper - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Samsung PanelMgr] "C:\Windows\Samsung\PanelMgr\SSMMgr.exe" /autorun
mRun-x64: [AppleSyncNotifier] "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\7bfuubx4.default\
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc -
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]
R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?]
R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\system32\drivers\pctEFA64.sys --> C:\Windows\system32\drivers\pctEFA64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [?]
R1 VWiFiFlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe [2011-6-14 3997912]
R2 WRConsumerService;Webroot Client Service;C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe [2011-9-2 3381184]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx64.sys [2011-6-16 1143416]
S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110615.001\IDSviA64.sys [2011-6-15 488056]
S1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\system32\Drivers\PCTSD64.sys --> C:\Windows\system32\Drivers\PCTSD64.sys [?]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;\??\C:\Windows\system32\Drivers\SABI.sys --> C:\Windows\system32\Drivers\SABI.sys [?]
S1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [?]
S1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1206000.01D\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [?]
S2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2011-11-16 542672]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-8-31 408576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-13 136176]
S2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe [2011-6-13 130008]
S2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
S2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2011-11-16 402336]
S2 ssfmonm;ssfmonm;C:\Windows\system32\DRIVERS\ssfmonm.sys --> C:\Windows\system32\DRIVERS\ssfmonm.sys [?]
S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-8 2533400]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-8-31 911872]
S3 bpenum;bpenum;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\system32\DRIVERS\bpmp.sys --> C:\Windows\system32\DRIVERS\bpmp.sys [?]
S3 bpusb;bpusb;C:\Windows\system32\Drivers\bpusb.sys --> C:\Windows\system32\Drivers\bpusb.sys [?]
S3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-13 136176]
S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-10-19 340240]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PCTBD;PC Tools Browser Defender Driver;C:\Windows\system32\Drivers\PCTBD64.sys --> C:\Windows\system32\Drivers\PCTBD64.sys [?]
S3 Samsung UPD Service;Samsung UPD Service;"C:\Windows\System32\SUPDSvc.exe" --> C:\Windows\System32\SUPDSvc.exe [?]
S3 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe [2011-11-16 1117624]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-11-20 04:12:22 -------- d-sh--w- C:\found.000
2011-11-17 02:33:05 -------- d-----w- C:\Users\Kim\AppData\Roaming\Malwarebytes
2011-11-17 02:32:59 -------- d-----w- C:\ProgramData\Malwarebytes
2011-11-17 02:32:56 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-11-17 02:32:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-17 02:24:58 -------- d-----w- C:\Program Files (x86)\9102F
2011-11-17 02:24:47 -------- d-----w- C:\Program Files (x86)\LP
2011-11-17 01:13:31 -------- d-----w- C:\Users\Kim\AppData\Roaming\j2oobbF3pm
2011-11-17 01:13:31 -------- d-----w- C:\Users\Kim\AppData\Roaming\eTTXqjjUCekIrzN
2011-11-16 17:10:28 70760 ----a-w- C:\Windows\System32\drivers\PCTBD64.sys
2011-11-16 17:10:27 767952 ----a-w- C:\Windows\BDTSupport.dll
2011-11-16 17:10:27 149456 ----a-w- C:\Windows\SGDetectionTool.dll
2011-11-16 17:10:26 2291664 ----a-w- C:\Windows\PCTBDCore.dll
2011-11-16 17:10:26 1681360 ----a-w- C:\Windows\PCTBDRes.dll
2011-11-16 17:10:01 336512 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys
2011-11-16 17:10:01 141312 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys
2011-11-16 17:09:57 14776 ----a-w- C:\Windows\System32\drivers\pctBTFix64.sys
2011-11-16 17:09:49 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys
2011-11-16 17:09:38 -------- d-----w- C:\Program Files (x86)\PC Tools
2011-11-16 17:06:55 816016 ----a-w- C:\Windows\System32\drivers\pctEFA64.sys
2011-11-16 17:06:55 452872 ----a-w- C:\Windows\System32\drivers\pctDS64.sys
2011-11-16 17:06:49 367912 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys
2011-11-16 17:06:46 230952 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2011-11-16 17:06:46 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2011-11-16 17:05:50 -------- d-----w- C:\ProgramData\PC Tools
2011-11-16 17:05:47 -------- d-----w- C:\Users\Kim\AppData\Roaming\TestApp
2011-11-16 17:02:07 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6F3679E7-580E-4D6A-BB4F-6294252E9AE9}\mpengine.dll
2011-11-16 17:01:52 -------- d-----w- C:\Users\Kim\AppData\Roaming\y4pmH5sQJdKgZh
2011-11-16 17:01:51 -------- d-----w- C:\Users\Kim\AppData\Roaming\OUVelOBtz0c1v2n
2011-11-16 17:01:47 -------- d-----w- C:\Users\Kim\AppData\Roaming\UgRZqhYXwUeOtPy
2011-11-16 17:01:45 -------- d-----w- C:\Users\Kim\AppData\Roaming\sxP0ucS1iDo
2011-11-16 17:01:45 -------- d-----w- C:\Users\Kim\AppData\Roaming\IaQH6sWK7
2011-11-16 17:01:40 -------- d-----w- C:\Users\Kim\AppData\Roaming\a7fE9gTZqY
2011-11-16 16:59:14 -------- d-----w- C:\Users\Kim\AppData\Roaming\v4aQH6sWKf
2011-11-16 16:59:14 -------- d-----w- C:\Users\Kim\AppData\Roaming\UrzONtxA0c2b3n
2011-11-15 15:00:28 -------- d-----w- C:\Users\Kim\AppData\Roaming\bZqjYCwkIrO
2011-11-15 15:00:13 -------- d-----w- C:\Users\Kim\AppData\Roaming\oVrzONtxAuS
2011-11-15 14:58:36 -------- d-----w- C:\Users\Kim\AppData\Roaming\zXqjYCekIrOtAuS
2011-11-15 14:58:35 -------- d-----w- C:\Users\Kim\AppData\Roaming\xQH6dWK7fLg
2011-11-15 04:20:37 -------- d-----w- C:\Users\Kim\AppData\Roaming\9102F
2011-11-15 04:20:23 -------- d-----w- C:\Users\Kim\AppData\Roaming\JG55ssQJ6dEKfR9
2011-11-15 04:20:23 -------- d-----w- C:\Users\Kim\AppData\Roaming\cTTXXwjjUClIBzN
2011-11-15 04:20:17 -------- d-----w- C:\Users\Kim\AppData\Roaming\IeeelOOBt
2011-11-15 04:20:17 -------- d-----w- C:\Users\Kim\AppData\Roaming\CE091
2011-11-15 04:20:16 -------- d-----w- C:\Users\Kim\AppData\Roaming\qWWWJ77fEL8gZqY
2011-11-15 04:20:16 -------- d-----w- C:\Users\Kim\AppData\Roaming\cS11iibD3
2011-11-09 16:48:41 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 16:48:40 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 16:48:13 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-09 16:47:42 3141120 ----a-w- C:\Windows\System32\win32k.sys
2011-11-01 01:03:14 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-11-01 01:03:14 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
.
==================== Find3M ====================
.
2011-10-03 17:35:38 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-27 05:40:28 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-27 05:40:28 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-27 04:43:07 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-27 04:43:06 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
.
============= FINISH: 18:07:49.97 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 6/14/2011 12:43:04 PM
System Uptime: 11/24/2011 6:02:23 PM (0 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | RV411/RV511/E3511/S3511/RV711
Processor: Intel® Core™ i3 CPU M 380 @ 2.53GHz | CPU 1 | 2527/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 180 GiB total, 134.403 GiB free.
D: is FIXED (NTFS) - 268 GiB total, 268.4 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Windows Firewall Authorization Driver
Device ID: ROOT\LEGACY_MPSDRV\0000
Manufacturer:
Name: Windows Firewall Authorization Driver
PNP Device ID: ROOT\LEGACY_MPSDRV\0000
Service: mpsdrv
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP90: 11/8/2011 7:29:34 AM - Windows Update
RP91: 11/11/2011 9:17:01 AM - Windows Update
RP92: 11/11/2011 9:25:30 AM - Windows Update
RP93: 11/12/2011 1:13:29 PM - Windows Update
RP95: 11/14/2011 11:39:00 PM - Windows Defender Checkpoint
RP96: 11/15/2011 10:10:15 AM - Windows Update
RP97: 11/15/2011 10:20:17 AM - Removed Google Earth Plug-in.
RP98: 11/16/2011 12:03:47 PM - Windows Update
RP100: 11/16/2011 12:23:57 PM - Windows Defender Checkpoint
RP101: 11/16/2011 10:22:57 PM - Removed Easy Content Share.
RP102: 11/24/2011 4:31:15 PM - Removed Norton Online Backup
.
==== Installed Programs ======================
.
???? ??? Windows Live
???? Windows Live
????? Messenger
????? Windows Live
?????? ??????? ?? Windows Live
???????? ?? Messenger
???????? ?????????? Windows Live
????????? Messenger
?????????? Windows Live
??????????? ?? Windows Live
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
„Messenger“ pagalbine priemone
Apple Application Support
Apple Software Update
„Windows Live Essentials“
„Windows Live Mail“
„Windows Live Messenger“
„Windows Live“ fotogalerija
BatteryLifeExtender
Browser Defender 4.0
Complemento Messenger
Complément Messenger
CyberLink Media Suite
CyberLink Media+ Player10
CyberLink MediaShow
CyberLink Power2Go
CyberLink PowerDirector
CyberLink YouCam
D3DX10
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Doplnok programu Messenger
Easy Content Share
Easy Display Manager
Easy Migration
Easy Network Manager
Easy SpeedUp Manager
EasyBatteryManager
EasyFileShare
Facebook Video Calling 1.0.0.8953
Fast Start
Fotogalerija Windows Live
Galeria de Fotografias do Windows Live
Galeria fotografii uslugi Windows Live
Galerie de photos Windows Live
Galerie foto Windows Live
Galería fotográfica de Windows Live
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® Rapid Storage Technology
Intel® Wireless Display
Junk Mail filter update
Malwarebytes' Anti-Malware version 1.51.2.1300
Mesh Runtime
Messenger-kumppani
Messenger ??? ??
Messenger ????
Messenger ?????
Messenger Assistent
Messenger Companion
Messenger kíséro
Messenger Pratilac
Messenger Suradnik
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Movie Color Enhancer
Mozilla Firefox 7.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Internet Security
Norton Online Backup
PC Tools Spyware Doctor 9.0
Poczta uslugi Windows Live
Podstawowe programy Windows Live
Pomocnik Messenger
Pošta Windows Live
QuickTime
Raccolta foto di Windows Live
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
S?????? f?t???af??? t?? Windows Live
Safari
Samsung AnyWeb Print
Samsung Recovery Solution 5
Samsung Support Center
Samsung Universal Print Driver
Samsung Universal Scan Driver
Samsung Update Plus
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Excel 2010 (KB2553070)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Skype™ 5.3
Spremljevalec Messenger
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
User Guide
Webroot Software
Windows Live
Windows Live ??
Windows Live ?? ???
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotótár
Windows Live Foto-galerija
Windows Live fotoattelu galerija
Windows Live Fotogalerie
Windows Live Fotogalleri
Windows Live Fotogaléria
Windows Live Fotograf Galerisi
Windows Live Galeria de Fotos
Windows Live Galerija fotografija
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Pošta
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven asennustyökalu
Windows Liven sähköposti
Windows Liven valokuvavalikoima
.
==== Event Viewer Messages From Past Week ========
.
11/24/2011 6:04:51 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
11/24/2011 6:04:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/24/2011 6:04:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/24/2011 6:04:47 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
11/24/2011 6:04:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/24/2011 6:04:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/24/2011 6:03:31 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
11/24/2011 6:03:25 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 discache eeCtrl IDSVia64 PCTSD SABI spldr SRTSPX SymIRON SymNetS Wanarpv6
11/24/2011 6:03:12 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.
11/24/2011 6:03:12 PM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.
11/24/2011 5:16:41 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the PC Tools Security Service service to connect.
11/24/2011 5:16:41 PM, Error: Service Control Manager [7000] - The PC Tools Security Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/24/2011 5:16:27 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 SymIRON
11/24/2011 2:52:24 PM, Error: ssidrv [31] - Invalid input parameter found.
11/24/2011 2:52:24 PM, Error: ssidrv [26] - Failed to set monitor event rule.
11/24/2011 2:42:58 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 discache eeCtrl IDSVia64 SABI spldr SRTSPX SymIRON SymNetS Wanarpv6
11/22/2011 9:56:33 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
11/22/2011 9:56:33 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
11/22/2011 7:29:16 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
11/19/2011 9:49:59 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2.
.
==== End Of File ===========================
BUMP
-
This topic is locked
Back to top
#2
Posted 26 November 2011 - 08:59 PM
-
- Experts
-
- 17,303 posts
Forum Deity
- Gender:Male
- Location:So. Plainfield, New Jersey, USA
Welcome to the forum.
Please visit the page below and run ComboFix.
The most important things to remember when you run it is that it's run from your desktop and you have disabled all of your malware programs.
Post back the results when done.
http://www.bleepingc...to-use-combofix
MrC
Please visit the page below and run ComboFix.
The most important things to remember when you run it is that it's run from your desktop and you have disabled all of your malware programs.
Post back the results when done.
http://www.bleepingc...to-use-combofix
MrC
Malware Removal Expert
I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.
Thanks MrC & crew
#3
Posted 26 November 2011 - 10:25 PM
-
- Members
-
- 5 posts
New Member
Thanks for responding. Here's the ComboFix log:
ComboFix 11-11-26.04 - Kim 11/26/2011 22:09:01.1.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.2848 [GMT -5:00]
Running from: c:\users\Kim\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: PC Tools Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\LP
c:\program files (x86)\LP\62BC\47F8.tmp
c:\program files (x86)\LP\62BC\B0C8.tmp
c:\programdata\O1GYiM16.exe
c:\users\Kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\{257AA7E4-94C4-437F-ACE0-F0F9DF71BA9B}.xps
c:\users\Kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\{31538A0A-3944-47D9-87BB-3100E783D160}.xps
c:\users\Kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B70C3019-864D-445D-91C4-CFE8498D7B5E}.xps
c:\users\Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Security 2012
c:\users\Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Security 2012\AV Security 2012.lnk
c:\users\Kim\Documents\~WRL0394.tmp
c:\users\Kim\Documents\~WRL1012.tmp
c:\users\Kim\Documents\~WRL1078.tmp
c:\users\Kim\Documents\~WRL2076.tmp
c:\users\Kim\Documents\~WRL2550.tmp
c:\users\Kim\Documents\~WRL2862.tmp
c:\users\Kim\Documents\~WRL3040.tmp
c:\windows\system32\consrv.dll
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2011-10-27 to 2011-11-27 )))))))))))))))))))))))))))))))
.
.
2011-11-27 03:14 . 2011-11-27 03:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-27 02:54 . 2011-11-27 02:54 32256 ----a-w- c:\windows\SysWow64\iWY8u4QD.com
2011-11-20 04:12 . 2011-11-20 04:12 -------- d-----w- C:\found.000
2011-11-17 02:33 . 2011-11-17 02:33 -------- d-----w- c:\users\Kim\AppData\Roaming\Malwarebytes
2011-11-17 02:32 . 2011-11-17 02:32 -------- d-----w- c:\programdata\Malwarebytes
2011-11-17 02:32 . 2011-11-17 02:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-17 02:32 . 2011-08-31 22:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-17 02:24 . 2011-11-17 03:13 -------- d-----w- c:\program files (x86)\9102F
2011-11-17 01:13 . 2011-11-17 01:13 -------- d-----w- c:\users\Kim\AppData\Roaming\eTTXqjjUCekIrzN
2011-11-17 01:13 . 2011-11-17 01:13 -------- d-----w- c:\users\Kim\AppData\Roaming\j2oobbF3pm
2011-11-16 17:10 . 2011-09-28 18:14 70760 ----a-w- c:\windows\system32\drivers\PCTBD64.sys
2011-11-16 17:10 . 2011-10-25 18:38 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-11-16 17:10 . 2011-10-25 18:38 767952 ----a-w- c:\windows\BDTSupport.dll
2011-11-16 17:10 . 2011-10-25 18:38 2291664 ----a-w- c:\windows\PCTBDCore.dll
2011-11-16 17:10 . 2011-10-25 18:38 1681360 ----a-w- c:\windows\PCTBDRes.dll
2011-11-16 17:10 . 2011-10-28 15:41 141312 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2011-11-16 17:10 . 2011-10-28 15:41 336512 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2011-11-16 17:09 . 2011-10-28 16:01 14776 ----a-w- c:\windows\system32\drivers\pctBTFix64.sys
2011-11-16 17:09 . 2011-10-28 16:03 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
2011-11-16 17:09 . 2011-11-25 01:06 -------- d-----w- c:\program files (x86)\PC Tools
2011-11-16 17:06 . 2011-10-07 22:52 816016 ----a-w- c:\windows\system32\drivers\pctEFA64.sys
2011-11-16 17:06 . 2011-10-07 22:52 452872 ----a-w- c:\windows\system32\drivers\pctDS64.sys
2011-11-16 17:06 . 2011-10-22 20:11 367912 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
2011-11-16 17:06 . 2011-11-25 01:06 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2011-11-16 17:06 . 2011-10-28 16:03 230952 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2011-11-16 17:05 . 2011-11-25 01:06 -------- d-----w- c:\programdata\PC Tools
2011-11-16 17:05 . 2011-11-16 17:05 -------- d-----w- c:\users\Kim\AppData\Roaming\TestApp
2011-11-16 17:02 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F3679E7-580E-4D6A-BB4F-6294252E9AE9}\mpengine.dll
2011-11-16 17:01 . 2011-11-16 17:01 -------- d-----w- c:\users\Kim\AppData\Roaming\y4pmH5sQJdKgZh
2011-11-16 17:01 . 2011-11-16 17:01 -------- d-----w- c:\users\Kim\AppData\Roaming\OUVelOBtz0c1v2n
2011-11-16 17:01 . 2011-11-16 17:01 -------- d-----w- c:\users\Kim\AppData\Roaming\UgRZqhYXwUeOtPy
2011-11-16 17:01 . 2011-11-17 03:13 -------- d-----w- c:\users\Kim\AppData\Roaming\sxP0ucS1iDo
2011-11-16 17:01 . 2011-11-16 17:01 -------- d-----w- c:\users\Kim\AppData\Roaming\IaQH6sWK7
2011-11-16 17:01 . 2011-11-16 17:01 -------- d-----w- c:\users\Kim\AppData\Roaming\a7fE9gTZqY
2011-11-16 16:59 . 2011-11-16 16:59 -------- d-----w- c:\users\Kim\AppData\Roaming\v4aQH6sWKf
2011-11-16 16:59 . 2011-11-16 16:59 -------- d-----w- c:\users\Kim\AppData\Roaming\UrzONtxA0c2b3n
2011-11-15 15:00 . 2011-11-15 15:00 -------- d-----w- c:\users\Kim\AppData\Roaming\bZqjYCwkIrO
2011-11-15 15:00 . 2011-11-15 15:00 -------- d-----w- c:\users\Kim\AppData\Roaming\oVrzONtxAuS
2011-11-15 14:58 . 2011-11-15 14:58 -------- d-----w- c:\users\Kim\AppData\Roaming\zXqjYCekIrOtAuS
2011-11-15 14:58 . 2011-11-15 14:58 -------- d-----w- c:\users\Kim\AppData\Roaming\xQH6dWK7fLg
2011-11-15 04:20 . 2011-11-17 03:13 -------- d-----w- c:\users\Kim\AppData\Roaming\9102F
2011-11-15 04:20 . 2011-11-15 04:20 -------- d-----w- c:\users\Kim\AppData\Roaming\JG55ssQJ6dEKfR9
2011-11-15 04:20 . 2011-11-15 04:20 -------- d-----w- c:\users\Kim\AppData\Roaming\cTTXXwjjUClIBzN
2011-11-15 04:20 . 2011-11-16 19:42 -------- d-----w- c:\users\Kim\AppData\Roaming\CE091
2011-11-15 04:20 . 2011-11-15 04:20 -------- d-----w- c:\users\Kim\AppData\Roaming\IeeelOOBt
2011-11-15 04:20 . 2011-11-17 03:13 -------- d-----w- c:\users\Kim\AppData\Roaming\qWWWJ77fEL8gZqY
2011-11-15 04:20 . 2011-11-15 04:20 -------- d-----w- c:\users\Kim\AppData\Roaming\cS11iibD3
2011-11-09 16:48 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 16:48 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 16:48 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 16:47 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys
2011-11-01 01:03 . 2011-11-01 01:03 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-11-01 01:03 . 2011-11-01 01:03 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-03 17:35 . 2011-06-14 00:26 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-01 03:21 . 2011-10-13 14:48 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:59 . 2011-10-13 14:48 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Kim\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-10-04 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-06-08 618496]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx64.sys [2011-05-19 1143416]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 136176]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-10-19 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110615.001\IDSvia64.sys [2011-06-03 488056]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [x]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2011-10-25 542672]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-09-01 408576]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2011-10-28 402336]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-01 2533400]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-09-01 911872]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [x]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x]
S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1688672369-560665978-2355779204-1000Core.job
- c:\users\Kim\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-04 01:47]
.
2011-11-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1688672369-560665978-2355779204-1000UA.job
- c:\users\Kim\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-04 01:47]
.
2011-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 22:11]
.
2011-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 22:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]
"combofix"="c:\combofix\CF16196.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {{328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - c:\program files\Samsung AnyWeb Print\W2PBrowser.dll
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 67.152.3.146 68.234.128.70
FF - ProfilePath - c:\users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\7bfuubx4.default\
FF - user.js: general.useragent.extra.brc -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
c:\program files (x86)\Samsung\Easy Display Manager\WifiManager.exe
c:\program files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe
c:\windows\SysWOW64\runonce.exe
c:\program files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
c:\program files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
c:\program files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
c:\program files (x86)\Common Files\Samsung\SSCSettings\SSCSettings.exe
.
**************************************************************************
.
Completion time: 2011-11-26 22:24:32 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-27 03:24
.
Pre-Run: 144,322,224,128 bytes free
Post-Run: 143,913,177,088 bytes free
.
- - End Of File - - 2101046D685BAE73DAA4CC1F803C8F34
ComboFix 11-11-26.04 - Kim 11/26/2011 22:09:01.1.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.2848 [GMT -5:00]
Running from: c:\users\Kim\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: PC Tools Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\LP
c:\program files (x86)\LP\62BC\47F8.tmp
c:\program files (x86)\LP\62BC\B0C8.tmp
c:\programdata\O1GYiM16.exe
c:\users\Kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\{257AA7E4-94C4-437F-ACE0-F0F9DF71BA9B}.xps
c:\users\Kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\{31538A0A-3944-47D9-87BB-3100E783D160}.xps
c:\users\Kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B70C3019-864D-445D-91C4-CFE8498D7B5E}.xps
c:\users\Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Security 2012
c:\users\Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Security 2012\AV Security 2012.lnk
c:\users\Kim\Documents\~WRL0394.tmp
c:\users\Kim\Documents\~WRL1012.tmp
c:\users\Kim\Documents\~WRL1078.tmp
c:\users\Kim\Documents\~WRL2076.tmp
c:\users\Kim\Documents\~WRL2550.tmp
c:\users\Kim\Documents\~WRL2862.tmp
c:\users\Kim\Documents\~WRL3040.tmp
c:\windows\system32\consrv.dll
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2011-10-27 to 2011-11-27 )))))))))))))))))))))))))))))))
.
.
2011-11-27 03:14 . 2011-11-27 03:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-27 02:54 . 2011-11-27 02:54 32256 ----a-w- c:\windows\SysWow64\iWY8u4QD.com
2011-11-20 04:12 . 2011-11-20 04:12 -------- d-----w- C:\found.000
2011-11-17 02:33 . 2011-11-17 02:33 -------- d-----w- c:\users\Kim\AppData\Roaming\Malwarebytes
2011-11-17 02:32 . 2011-11-17 02:32 -------- d-----w- c:\programdata\Malwarebytes
2011-11-17 02:32 . 2011-11-17 02:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-17 02:32 . 2011-08-31 22:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-17 02:24 . 2011-11-17 03:13 -------- d-----w- c:\program files (x86)\9102F
2011-11-17 01:13 . 2011-11-17 01:13 -------- d-----w- c:\users\Kim\AppData\Roaming\eTTXqjjUCekIrzN
2011-11-17 01:13 . 2011-11-17 01:13 -------- d-----w- c:\users\Kim\AppData\Roaming\j2oobbF3pm
2011-11-16 17:10 . 2011-09-28 18:14 70760 ----a-w- c:\windows\system32\drivers\PCTBD64.sys
2011-11-16 17:10 . 2011-10-25 18:38 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-11-16 17:10 . 2011-10-25 18:38 767952 ----a-w- c:\windows\BDTSupport.dll
2011-11-16 17:10 . 2011-10-25 18:38 2291664 ----a-w- c:\windows\PCTBDCore.dll
2011-11-16 17:10 . 2011-10-25 18:38 1681360 ----a-w- c:\windows\PCTBDRes.dll
2011-11-16 17:10 . 2011-10-28 15:41 141312 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2011-11-16 17:10 . 2011-10-28 15:41 336512 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2011-11-16 17:09 . 2011-10-28 16:01 14776 ----a-w- c:\windows\system32\drivers\pctBTFix64.sys
2011-11-16 17:09 . 2011-10-28 16:03 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
2011-11-16 17:09 . 2011-11-25 01:06 -------- d-----w- c:\program files (x86)\PC Tools
2011-11-16 17:06 . 2011-10-07 22:52 816016 ----a-w- c:\windows\system32\drivers\pctEFA64.sys
2011-11-16 17:06 . 2011-10-07 22:52 452872 ----a-w- c:\windows\system32\drivers\pctDS64.sys
2011-11-16 17:06 . 2011-10-22 20:11 367912 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
2011-11-16 17:06 . 2011-11-25 01:06 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2011-11-16 17:06 . 2011-10-28 16:03 230952 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2011-11-16 17:05 . 2011-11-25 01:06 -------- d-----w- c:\programdata\PC Tools
2011-11-16 17:05 . 2011-11-16 17:05 -------- d-----w- c:\users\Kim\AppData\Roaming\TestApp
2011-11-16 17:02 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F3679E7-580E-4D6A-BB4F-6294252E9AE9}\mpengine.dll
2011-11-16 17:01 . 2011-11-16 17:01 -------- d-----w- c:\users\Kim\AppData\Roaming\y4pmH5sQJdKgZh
2011-11-16 17:01 . 2011-11-16 17:01 -------- d-----w- c:\users\Kim\AppData\Roaming\OUVelOBtz0c1v2n
2011-11-16 17:01 . 2011-11-16 17:01 -------- d-----w- c:\users\Kim\AppData\Roaming\UgRZqhYXwUeOtPy
2011-11-16 17:01 . 2011-11-17 03:13 -------- d-----w- c:\users\Kim\AppData\Roaming\sxP0ucS1iDo
2011-11-16 17:01 . 2011-11-16 17:01 -------- d-----w- c:\users\Kim\AppData\Roaming\IaQH6sWK7
2011-11-16 17:01 . 2011-11-16 17:01 -------- d-----w- c:\users\Kim\AppData\Roaming\a7fE9gTZqY
2011-11-16 16:59 . 2011-11-16 16:59 -------- d-----w- c:\users\Kim\AppData\Roaming\v4aQH6sWKf
2011-11-16 16:59 . 2011-11-16 16:59 -------- d-----w- c:\users\Kim\AppData\Roaming\UrzONtxA0c2b3n
2011-11-15 15:00 . 2011-11-15 15:00 -------- d-----w- c:\users\Kim\AppData\Roaming\bZqjYCwkIrO
2011-11-15 15:00 . 2011-11-15 15:00 -------- d-----w- c:\users\Kim\AppData\Roaming\oVrzONtxAuS
2011-11-15 14:58 . 2011-11-15 14:58 -------- d-----w- c:\users\Kim\AppData\Roaming\zXqjYCekIrOtAuS
2011-11-15 14:58 . 2011-11-15 14:58 -------- d-----w- c:\users\Kim\AppData\Roaming\xQH6dWK7fLg
2011-11-15 04:20 . 2011-11-17 03:13 -------- d-----w- c:\users\Kim\AppData\Roaming\9102F
2011-11-15 04:20 . 2011-11-15 04:20 -------- d-----w- c:\users\Kim\AppData\Roaming\JG55ssQJ6dEKfR9
2011-11-15 04:20 . 2011-11-15 04:20 -------- d-----w- c:\users\Kim\AppData\Roaming\cTTXXwjjUClIBzN
2011-11-15 04:20 . 2011-11-16 19:42 -------- d-----w- c:\users\Kim\AppData\Roaming\CE091
2011-11-15 04:20 . 2011-11-15 04:20 -------- d-----w- c:\users\Kim\AppData\Roaming\IeeelOOBt
2011-11-15 04:20 . 2011-11-17 03:13 -------- d-----w- c:\users\Kim\AppData\Roaming\qWWWJ77fEL8gZqY
2011-11-15 04:20 . 2011-11-15 04:20 -------- d-----w- c:\users\Kim\AppData\Roaming\cS11iibD3
2011-11-09 16:48 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 16:48 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 16:48 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 16:47 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys
2011-11-01 01:03 . 2011-11-01 01:03 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-11-01 01:03 . 2011-11-01 01:03 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-03 17:35 . 2011-06-14 00:26 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-01 03:21 . 2011-10-13 14:48 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:59 . 2011-10-13 14:48 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Kim\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-10-04 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-06-08 618496]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx64.sys [2011-05-19 1143416]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 136176]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-10-19 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110615.001\IDSvia64.sys [2011-06-03 488056]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [x]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2011-10-25 542672]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-09-01 408576]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2011-10-28 402336]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-01 2533400]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-09-01 911872]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [x]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x]
S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1688672369-560665978-2355779204-1000Core.job
- c:\users\Kim\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-04 01:47]
.
2011-11-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1688672369-560665978-2355779204-1000UA.job
- c:\users\Kim\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-04 01:47]
.
2011-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 22:11]
.
2011-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 22:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]
"combofix"="c:\combofix\CF16196.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {{328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - c:\program files\Samsung AnyWeb Print\W2PBrowser.dll
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 67.152.3.146 68.234.128.70
FF - ProfilePath - c:\users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\7bfuubx4.default\
FF - user.js: general.useragent.extra.brc -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
c:\program files (x86)\Samsung\Easy Display Manager\WifiManager.exe
c:\program files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe
c:\windows\SysWOW64\runonce.exe
c:\program files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
c:\program files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
c:\program files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
c:\program files (x86)\Common Files\Samsung\SSCSettings\SSCSettings.exe
.
**************************************************************************
.
Completion time: 2011-11-26 22:24:32 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-27 03:24
.
Pre-Run: 144,322,224,128 bytes free
Post-Run: 143,913,177,088 bytes free
.
- - End Of File - - 2101046D685BAE73DAA4CC1F803C8F34
#4
Posted 26 November 2011 - 10:45 PM
-
- Experts
-
- 17,303 posts
Forum Deity
- Gender:Male
- Location:So. Plainfield, New Jersey, USA
OK....Please dothis:
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
4. If ComboFix wants to update.....please allow it to.
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.
After reboot, (in case it asks to reboot)......
Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.
-------------------------
Then update and run a quick scan with MBAM, post the log.
MrC
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
4. If ComboFix wants to update.....please allow it to.
File:: c:\windows\SysWow64\iWY8u4QD.com Folder:: c:\users\Kim\AppData\Roaming\eTTXqjjUCekIrzN c:\users\Kim\AppData\Roaming\j2oobbF3pm c:\users\Kim\AppData\Roaming\y4pmH5sQJdKgZh c:\users\Kim\AppData\Roaming\OUVelOBtz0c1v2n c:\users\Kim\AppData\Roaming\UgRZqhYXwUeOtPy c:\users\Kim\AppData\Roaming\sxP0ucS1iDo c:\users\Kim\AppData\Roaming\IaQH6sWK7 c:\users\Kim\AppData\Roaming\a7fE9gTZqY c:\users\Kim\AppData\Roaming\v4aQH6sWKf c:\users\Kim\AppData\Roaming\UrzONtxA0c2b3n c:\users\Kim\AppData\Roaming\bZqjYCwkIrO c:\users\Kim\AppData\Roaming\oVrzONtxAuS c:\users\Kim\AppData\Roaming\zXqjYCekIrOtAuS c:\users\Kim\AppData\Roaming\xQH6dWK7fLg c:\users\Kim\AppData\Roaming\9102F c:\users\Kim\AppData\Roaming\JG55ssQJ6dEKfR9 c:\users\Kim\AppData\Roaming\cTTXXwjjUClIBzN c:\users\Kim\AppData\Roaming\CE091 c:\users\Kim\AppData\Roaming\IeeelOOBt c:\users\Kim\AppData\Roaming\qWWWJ77fEL8gZqY c:\users\Kim\AppData\Roaming\cS11iibD3
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.
After reboot, (in case it asks to reboot)......
Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.
-------------------------
Then update and run a quick scan with MBAM, post the log.
MrC
Malware Removal Expert
I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.
Thanks MrC & crew
#5
Posted 26 November 2011 - 10:59 PM
-
- Members
-
- 5 posts
New Member
Thank you. I ran ComboFix again, but I do not know how to disable the Webroot Antivirus software. I thought I uninstalled it, but it's still here. I'm about to run MBAM once more. Here are the updated ComboFix logs:
ComboFix 11-11-26.04 - Kim 11/26/2011 22:51:34.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.2407 [GMT -5:00]
Running from: c:\users\Kim\Desktop\ComboFix.exe
Command switches used :: c:\users\Kim\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: PC Tools Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\SysWow64\iWY8u4QD.com"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kim\AppData\Roaming\9102F
c:\users\Kim\AppData\Roaming\a7fE9gTZqY
c:\users\Kim\AppData\Roaming\bZqjYCwkIrO
c:\users\Kim\AppData\Roaming\CE091
c:\users\Kim\AppData\Roaming\CE091\102F.E09
c:\users\Kim\AppData\Roaming\cS11iibD3
c:\users\Kim\AppData\Roaming\cTTXXwjjUClIBzN
c:\users\Kim\AppData\Roaming\cTTXXwjjUClIBzN\AV Security 2012.ico
c:\users\Kim\AppData\Roaming\eTTXqjjUCekIrzN
c:\users\Kim\AppData\Roaming\eTTXqjjUCekIrzN\AV Security 2012.ico
c:\users\Kim\AppData\Roaming\IaQH6sWK7
c:\users\Kim\AppData\Roaming\IeeelOOBt
c:\users\Kim\AppData\Roaming\j2oobbF3pm
c:\users\Kim\AppData\Roaming\JG55ssQJ6dEKfR9
c:\users\Kim\AppData\Roaming\OUVelOBtz0c1v2n
c:\users\Kim\AppData\Roaming\oVrzONtxAuS
c:\users\Kim\AppData\Roaming\qWWWJ77fEL8gZqY
c:\users\Kim\AppData\Roaming\sxP0ucS1iDo
c:\users\Kim\AppData\Roaming\UgRZqhYXwUeOtPy
c:\users\Kim\AppData\Roaming\UrzONtxA0c2b3n
c:\users\Kim\AppData\Roaming\v4aQH6sWKf
c:\users\Kim\AppData\Roaming\v4aQH6sWKf\AV Security 2012.ico
c:\users\Kim\AppData\Roaming\xQH6dWK7fLg
c:\users\Kim\AppData\Roaming\y4pmH5sQJdKgZh
c:\users\Kim\AppData\Roaming\y4pmH5sQJdKgZh\AV Security 2012.ico
c:\users\Kim\AppData\Roaming\zXqjYCekIrOtAuS
c:\users\Kim\AppData\Roaming\zXqjYCekIrOtAuS\AV Security 2012.ico
c:\windows\SysWow64\iWY8u4QD.com
.
.
((((((((((((((((((((((((( Files Created from 2011-10-27 to 2011-11-27 )))))))))))))))))))))))))))))))
.
.
2011-11-27 03:56 . 2011-11-27 03:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-27 03:56 . 2011-11-27 03:56 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-11-20 04:12 . 2011-11-20 04:12 -------- d-----w- C:\found.000
2011-11-17 02:33 . 2011-11-17 02:33 -------- d-----w- c:\users\Kim\AppData\Roaming\Malwarebytes
2011-11-17 02:32 . 2011-11-17 02:32 -------- d-----w- c:\programdata\Malwarebytes
2011-11-17 02:32 . 2011-11-17 02:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-17 02:32 . 2011-08-31 22:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-17 02:24 . 2011-11-17 03:13 -------- d-----w- c:\program files (x86)\9102F
2011-11-16 17:10 . 2011-09-28 18:14 70760 ----a-w- c:\windows\system32\drivers\PCTBD64.sys
2011-11-16 17:10 . 2011-10-25 18:38 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-11-16 17:10 . 2011-10-25 18:38 767952 ----a-w- c:\windows\BDTSupport.dll
2011-11-16 17:10 . 2011-10-25 18:38 2291664 ----a-w- c:\windows\PCTBDCore.dll
2011-11-16 17:10 . 2011-10-25 18:38 1681360 ----a-w- c:\windows\PCTBDRes.dll
2011-11-16 17:10 . 2011-10-28 15:41 141312 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2011-11-16 17:10 . 2011-10-28 15:41 336512 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2011-11-16 17:09 . 2011-10-28 16:01 14776 ----a-w- c:\windows\system32\drivers\pctBTFix64.sys
2011-11-16 17:09 . 2011-10-28 16:03 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
2011-11-16 17:09 . 2011-11-25 01:06 -------- d-----w- c:\program files (x86)\PC Tools
2011-11-16 17:06 . 2011-10-07 22:52 816016 ----a-w- c:\windows\system32\drivers\pctEFA64.sys
2011-11-16 17:06 . 2011-10-07 22:52 452872 ----a-w- c:\windows\system32\drivers\pctDS64.sys
2011-11-16 17:06 . 2011-10-22 20:11 367912 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
2011-11-16 17:06 . 2011-11-25 01:06 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2011-11-16 17:06 . 2011-10-28 16:03 230952 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2011-11-16 17:05 . 2011-11-25 01:06 -------- d-----w- c:\programdata\PC Tools
2011-11-16 17:05 . 2011-11-16 17:05 -------- d-----w- c:\users\Kim\AppData\Roaming\TestApp
2011-11-16 17:02 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F3679E7-580E-4D6A-BB4F-6294252E9AE9}\mpengine.dll
2011-11-09 16:48 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 16:48 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 16:48 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 16:47 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys
2011-11-01 01:03 . 2011-11-01 01:03 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-11-01 01:03 . 2011-11-01 01:03 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-03 17:35 . 2011-06-14 00:26 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-01 03:21 . 2011-10-13 14:48 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:59 . 2011-10-13 14:48 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-27_03.17.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2011-11-27 03:19 37852 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-06-13 18:32 . 2011-11-24 21:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-13 18:32 . 2011-11-27 03:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-09 04:04 . 2011-11-27 03:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-09 04:04 . 2011-11-24 21:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-27 03:22 . 2011-11-27 03:22 65536 c:\windows\Installer\{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2011-11-27 03:22 . 2011-11-27 03:22 65536 c:\windows\Installer\{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}\ARPPRODUCTICON.exe
+ 2011-06-14 16:44 . 2011-11-27 03:19 8490 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1688672369-560665978-2355779204-1000_UserData.bin
+ 2009-07-14 02:36 . 2011-11-27 03:22 710988 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-27 03:22 135896 c:\windows\system32\perfc009.dat
+ 2011-10-17 18:31 . 2011-10-17 18:31 926208 c:\windows\Installer\5f818.msi
- 2009-07-14 02:34 . 2011-11-25 01:07 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-11-27 03:33 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Kim\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-10-04 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-06-08 618496]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx64.sys [2011-05-19 1143416]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 136176]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-10-19 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110615.001\IDSvia64.sys [2011-06-03 488056]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [x]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2011-10-25 542672]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-09-01 408576]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2011-10-28 402336]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-01 2533400]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-09-01 911872]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [x]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x]
S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1688672369-560665978-2355779204-1000Core.job
- c:\users\Kim\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-04 01:47]
.
2011-11-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1688672369-560665978-2355779204-1000UA.job
- c:\users\Kim\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-04 01:47]
.
2011-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 22:11]
.
2011-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 22:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 67.152.3.146 68.234.128.70
FF - ProfilePath - c:\users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\7bfuubx4.default\
FF - user.js: general.useragent.extra.brc -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-11-26 22:58:06
ComboFix-quarantined-files.txt 2011-11-27 03:58
ComboFix2.txt 2011-11-27 03:24
.
Pre-Run: 144,364,224,512 bytes free
Post-Run: 144,299,147,264 bytes free
.
- - End Of File - - 5FA4A3E0517431FF59A704E54F335F3A
ComboFix 11-11-26.04 - Kim 11/26/2011 22:51:34.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.2407 [GMT -5:00]
Running from: c:\users\Kim\Desktop\ComboFix.exe
Command switches used :: c:\users\Kim\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: PC Tools Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\SysWow64\iWY8u4QD.com"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kim\AppData\Roaming\9102F
c:\users\Kim\AppData\Roaming\a7fE9gTZqY
c:\users\Kim\AppData\Roaming\bZqjYCwkIrO
c:\users\Kim\AppData\Roaming\CE091
c:\users\Kim\AppData\Roaming\CE091\102F.E09
c:\users\Kim\AppData\Roaming\cS11iibD3
c:\users\Kim\AppData\Roaming\cTTXXwjjUClIBzN
c:\users\Kim\AppData\Roaming\cTTXXwjjUClIBzN\AV Security 2012.ico
c:\users\Kim\AppData\Roaming\eTTXqjjUCekIrzN
c:\users\Kim\AppData\Roaming\eTTXqjjUCekIrzN\AV Security 2012.ico
c:\users\Kim\AppData\Roaming\IaQH6sWK7
c:\users\Kim\AppData\Roaming\IeeelOOBt
c:\users\Kim\AppData\Roaming\j2oobbF3pm
c:\users\Kim\AppData\Roaming\JG55ssQJ6dEKfR9
c:\users\Kim\AppData\Roaming\OUVelOBtz0c1v2n
c:\users\Kim\AppData\Roaming\oVrzONtxAuS
c:\users\Kim\AppData\Roaming\qWWWJ77fEL8gZqY
c:\users\Kim\AppData\Roaming\sxP0ucS1iDo
c:\users\Kim\AppData\Roaming\UgRZqhYXwUeOtPy
c:\users\Kim\AppData\Roaming\UrzONtxA0c2b3n
c:\users\Kim\AppData\Roaming\v4aQH6sWKf
c:\users\Kim\AppData\Roaming\v4aQH6sWKf\AV Security 2012.ico
c:\users\Kim\AppData\Roaming\xQH6dWK7fLg
c:\users\Kim\AppData\Roaming\y4pmH5sQJdKgZh
c:\users\Kim\AppData\Roaming\y4pmH5sQJdKgZh\AV Security 2012.ico
c:\users\Kim\AppData\Roaming\zXqjYCekIrOtAuS
c:\users\Kim\AppData\Roaming\zXqjYCekIrOtAuS\AV Security 2012.ico
c:\windows\SysWow64\iWY8u4QD.com
.
.
((((((((((((((((((((((((( Files Created from 2011-10-27 to 2011-11-27 )))))))))))))))))))))))))))))))
.
.
2011-11-27 03:56 . 2011-11-27 03:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-27 03:56 . 2011-11-27 03:56 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-11-20 04:12 . 2011-11-20 04:12 -------- d-----w- C:\found.000
2011-11-17 02:33 . 2011-11-17 02:33 -------- d-----w- c:\users\Kim\AppData\Roaming\Malwarebytes
2011-11-17 02:32 . 2011-11-17 02:32 -------- d-----w- c:\programdata\Malwarebytes
2011-11-17 02:32 . 2011-11-17 02:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-17 02:32 . 2011-08-31 22:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-17 02:24 . 2011-11-17 03:13 -------- d-----w- c:\program files (x86)\9102F
2011-11-16 17:10 . 2011-09-28 18:14 70760 ----a-w- c:\windows\system32\drivers\PCTBD64.sys
2011-11-16 17:10 . 2011-10-25 18:38 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-11-16 17:10 . 2011-10-25 18:38 767952 ----a-w- c:\windows\BDTSupport.dll
2011-11-16 17:10 . 2011-10-25 18:38 2291664 ----a-w- c:\windows\PCTBDCore.dll
2011-11-16 17:10 . 2011-10-25 18:38 1681360 ----a-w- c:\windows\PCTBDRes.dll
2011-11-16 17:10 . 2011-10-28 15:41 141312 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2011-11-16 17:10 . 2011-10-28 15:41 336512 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2011-11-16 17:09 . 2011-10-28 16:01 14776 ----a-w- c:\windows\system32\drivers\pctBTFix64.sys
2011-11-16 17:09 . 2011-10-28 16:03 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
2011-11-16 17:09 . 2011-11-25 01:06 -------- d-----w- c:\program files (x86)\PC Tools
2011-11-16 17:06 . 2011-10-07 22:52 816016 ----a-w- c:\windows\system32\drivers\pctEFA64.sys
2011-11-16 17:06 . 2011-10-07 22:52 452872 ----a-w- c:\windows\system32\drivers\pctDS64.sys
2011-11-16 17:06 . 2011-10-22 20:11 367912 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
2011-11-16 17:06 . 2011-11-25 01:06 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2011-11-16 17:06 . 2011-10-28 16:03 230952 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2011-11-16 17:05 . 2011-11-25 01:06 -------- d-----w- c:\programdata\PC Tools
2011-11-16 17:05 . 2011-11-16 17:05 -------- d-----w- c:\users\Kim\AppData\Roaming\TestApp
2011-11-16 17:02 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F3679E7-580E-4D6A-BB4F-6294252E9AE9}\mpengine.dll
2011-11-09 16:48 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 16:48 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 16:48 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 16:47 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys
2011-11-01 01:03 . 2011-11-01 01:03 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-11-01 01:03 . 2011-11-01 01:03 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-03 17:35 . 2011-06-14 00:26 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-01 03:21 . 2011-10-13 14:48 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:59 . 2011-10-13 14:48 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-27_03.17.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2011-11-27 03:19 37852 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-06-13 18:32 . 2011-11-24 21:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-13 18:32 . 2011-11-27 03:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-09 04:04 . 2011-11-27 03:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-09 04:04 . 2011-11-24 21:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-27 03:22 . 2011-11-27 03:22 65536 c:\windows\Installer\{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2011-11-27 03:22 . 2011-11-27 03:22 65536 c:\windows\Installer\{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}\ARPPRODUCTICON.exe
+ 2011-06-14 16:44 . 2011-11-27 03:19 8490 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1688672369-560665978-2355779204-1000_UserData.bin
+ 2009-07-14 02:36 . 2011-11-27 03:22 710988 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-27 03:22 135896 c:\windows\system32\perfc009.dat
+ 2011-10-17 18:31 . 2011-10-17 18:31 926208 c:\windows\Installer\5f818.msi
- 2009-07-14 02:34 . 2011-11-25 01:07 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-11-27 03:33 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Kim\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-10-04 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-06-08 618496]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx64.sys [2011-05-19 1143416]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 136176]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-10-19 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110615.001\IDSvia64.sys [2011-06-03 488056]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [x]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2011-10-25 542672]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-09-01 408576]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2011-10-28 402336]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-01 2533400]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-09-01 911872]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [x]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x]
S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1688672369-560665978-2355779204-1000Core.job
- c:\users\Kim\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-04 01:47]
.
2011-11-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1688672369-560665978-2355779204-1000UA.job
- c:\users\Kim\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-04 01:47]
.
2011-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 22:11]
.
2011-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 22:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 67.152.3.146 68.234.128.70
FF - ProfilePath - c:\users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\7bfuubx4.default\
FF - user.js: general.useragent.extra.brc -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-11-26 22:58:06
ComboFix-quarantined-files.txt 2011-11-27 03:58
ComboFix2.txt 2011-11-27 03:24
.
Pre-Run: 144,364,224,512 bytes free
Post-Run: 144,299,147,264 bytes free
.
- - End Of File - - 5FA4A3E0517431FF59A704E54F335F3A
#6
Posted 26 November 2011 - 11:21 PM
-
- Experts
-
- 17,303 posts
Forum Deity
- Gender:Male
- Location:So. Plainfield, New Jersey, USA
OK, we have to address your security programs when we are done, seems you have too many installed.
It's late here so I'll catch you in the morning.
MrC
It's late here so I'll catch you in the morning.
MrC
Malware Removal Expert
I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.
Thanks MrC & crew
#7
Posted 26 November 2011 - 11:34 PM
-
- Members
-
- 5 posts
New Member
Okay thank you for all your help Mr. C. Here is the latest MBAM log. Somehow another file was infected but MBAM quarantined and deleted it. About to run another scan to see if it's gone for good. Here's the MBAM log:
ComboFix 11-11-26.04 - Kim 11/26/2011 22:51:34.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.2407 [GMT -5:00]
Running from: c:\users\Kim\Desktop\ComboFix.exe
Command switches used :: c:\users\Kim\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: PC Tools Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\SysWow64\iWY8u4QD.com"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kim\AppData\Roaming\9102F
c:\users\Kim\AppData\Roaming\a7fE9gTZqY
c:\users\Kim\AppData\Roaming\bZqjYCwkIrO
c:\users\Kim\AppData\Roaming\CE091
c:\users\Kim\AppData\Roaming\CE091\102F.E09
c:\users\Kim\AppData\Roaming\cS11iibD3
c:\users\Kim\AppData\Roaming\cTTXXwjjUClIBzN
c:\users\Kim\AppData\Roaming\cTTXXwjjUClIBzN\AV Security 2012.ico
c:\users\Kim\AppData\Roaming\eTTXqjjUCekIrzN
c:\users\Kim\AppData\Roaming\eTTXqjjUCekIrzN\AV Security 2012.ico
c:\users\Kim\AppData\Roaming\IaQH6sWK7
c:\users\Kim\AppData\Roaming\IeeelOOBt
c:\users\Kim\AppData\Roaming\j2oobbF3pm
c:\users\Kim\AppData\Roaming\JG55ssQJ6dEKfR9
c:\users\Kim\AppData\Roaming\OUVelOBtz0c1v2n
c:\users\Kim\AppData\Roaming\oVrzONtxAuS
c:\users\Kim\AppData\Roaming\qWWWJ77fEL8gZqY
c:\users\Kim\AppData\Roaming\sxP0ucS1iDo
c:\users\Kim\AppData\Roaming\UgRZqhYXwUeOtPy
c:\users\Kim\AppData\Roaming\UrzONtxA0c2b3n
c:\users\Kim\AppData\Roaming\v4aQH6sWKf
c:\users\Kim\AppData\Roaming\v4aQH6sWKf\AV Security 2012.ico
c:\users\Kim\AppData\Roaming\xQH6dWK7fLg
c:\users\Kim\AppData\Roaming\y4pmH5sQJdKgZh
c:\users\Kim\AppData\Roaming\y4pmH5sQJdKgZh\AV Security 2012.ico
c:\users\Kim\AppData\Roaming\zXqjYCekIrOtAuS
c:\users\Kim\AppData\Roaming\zXqjYCekIrOtAuS\AV Security 2012.ico
c:\windows\SysWow64\iWY8u4QD.com
.
.
((((((((((((((((((((((((( Files Created from 2011-10-27 to 2011-11-27 )))))))))))))))))))))))))))))))
.
.
2011-11-27 03:56 . 2011-11-27 03:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-27 03:56 . 2011-11-27 03:56 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-11-20 04:12 . 2011-11-20 04:12 -------- d-----w- C:\found.000
2011-11-17 02:33 . 2011-11-17 02:33 -------- d-----w- c:\users\Kim\AppData\Roaming\Malwarebytes
2011-11-17 02:32 . 2011-11-17 02:32 -------- d-----w- c:\programdata\Malwarebytes
2011-11-17 02:32 . 2011-11-17 02:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-17 02:32 . 2011-08-31 22:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-17 02:24 . 2011-11-17 03:13 -------- d-----w- c:\program files (x86)\9102F
2011-11-16 17:10 . 2011-09-28 18:14 70760 ----a-w- c:\windows\system32\drivers\PCTBD64.sys
2011-11-16 17:10 . 2011-10-25 18:38 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-11-16 17:10 . 2011-10-25 18:38 767952 ----a-w- c:\windows\BDTSupport.dll
2011-11-16 17:10 . 2011-10-25 18:38 2291664 ----a-w- c:\windows\PCTBDCore.dll
2011-11-16 17:10 . 2011-10-25 18:38 1681360 ----a-w- c:\windows\PCTBDRes.dll
2011-11-16 17:10 . 2011-10-28 15:41 141312 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2011-11-16 17:10 . 2011-10-28 15:41 336512 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2011-11-16 17:09 . 2011-10-28 16:01 14776 ----a-w- c:\windows\system32\drivers\pctBTFix64.sys
2011-11-16 17:09 . 2011-10-28 16:03 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
2011-11-16 17:09 . 2011-11-25 01:06 -------- d-----w- c:\program files (x86)\PC Tools
2011-11-16 17:06 . 2011-10-07 22:52 816016 ----a-w- c:\windows\system32\drivers\pctEFA64.sys
2011-11-16 17:06 . 2011-10-07 22:52 452872 ----a-w- c:\windows\system32\drivers\pctDS64.sys
2011-11-16 17:06 . 2011-10-22 20:11 367912 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
2011-11-16 17:06 . 2011-11-25 01:06 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2011-11-16 17:06 . 2011-10-28 16:03 230952 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2011-11-16 17:05 . 2011-11-25 01:06 -------- d-----w- c:\programdata\PC Tools
2011-11-16 17:05 . 2011-11-16 17:05 -------- d-----w- c:\users\Kim\AppData\Roaming\TestApp
2011-11-16 17:02 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F3679E7-580E-4D6A-BB4F-6294252E9AE9}\mpengine.dll
2011-11-09 16:48 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 16:48 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 16:48 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 16:47 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys
2011-11-01 01:03 . 2011-11-01 01:03 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-11-01 01:03 . 2011-11-01 01:03 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-03 17:35 . 2011-06-14 00:26 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-01 03:21 . 2011-10-13 14:48 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:59 . 2011-10-13 14:48 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-27_03.17.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2011-11-27 03:19 37852 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-06-13 18:32 . 2011-11-24 21:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-13 18:32 . 2011-11-27 03:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-09 04:04 . 2011-11-27 03:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-09 04:04 . 2011-11-24 21:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-27 03:22 . 2011-11-27 03:22 65536 c:\windows\Installer\{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2011-11-27 03:22 . 2011-11-27 03:22 65536 c:\windows\Installer\{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}\ARPPRODUCTICON.exe
+ 2011-06-14 16:44 . 2011-11-27 03:19 8490 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1688672369-560665978-2355779204-1000_UserData.bin
+ 2009-07-14 02:36 . 2011-11-27 03:22 710988 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-27 03:22 135896 c:\windows\system32\perfc009.dat
+ 2011-10-17 18:31 . 2011-10-17 18:31 926208 c:\windows\Installer\5f818.msi
- 2009-07-14 02:34 . 2011-11-25 01:07 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-11-27 03:33 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Kim\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-10-04 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-06-08 618496]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx64.sys [2011-05-19 1143416]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 136176]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-10-19 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110615.001\IDSvia64.sys [2011-06-03 488056]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [x]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2011-10-25 542672]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-09-01 408576]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2011-10-28 402336]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-01 2533400]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-09-01 911872]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [x]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x]
S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1688672369-560665978-2355779204-1000Core.job
- c:\users\Kim\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-04 01:47]
.
2011-11-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1688672369-560665978-2355779204-1000UA.job
- c:\users\Kim\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-04 01:47]
.
2011-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 22:11]
.
2011-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 22:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 67.152.3.146 68.234.128.70
FF - ProfilePath - c:\users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\7bfuubx4.default\
FF - user.js: general.useragent.extra.brc -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-11-26 22:58:06
ComboFix-quarantined-files.txt 2011-11-27 03:58
ComboFix2.txt 2011-11-27 03:24
.
Pre-Run: 144,364,224,512 bytes free
Post-Run: 144,299,147,264 bytes free
.
- - End Of File - - 5FA4A3E0517431FF59A704E54F335F3A
ComboFix 11-11-26.04 - Kim 11/26/2011 22:51:34.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.2407 [GMT -5:00]
Running from: c:\users\Kim\Desktop\ComboFix.exe
Command switches used :: c:\users\Kim\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: PC Tools Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\SysWow64\iWY8u4QD.com"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kim\AppData\Roaming\9102F
c:\users\Kim\AppData\Roaming\a7fE9gTZqY
c:\users\Kim\AppData\Roaming\bZqjYCwkIrO
c:\users\Kim\AppData\Roaming\CE091
c:\users\Kim\AppData\Roaming\CE091\102F.E09
c:\users\Kim\AppData\Roaming\cS11iibD3
c:\users\Kim\AppData\Roaming\cTTXXwjjUClIBzN
c:\users\Kim\AppData\Roaming\cTTXXwjjUClIBzN\AV Security 2012.ico
c:\users\Kim\AppData\Roaming\eTTXqjjUCekIrzN
c:\users\Kim\AppData\Roaming\eTTXqjjUCekIrzN\AV Security 2012.ico
c:\users\Kim\AppData\Roaming\IaQH6sWK7
c:\users\Kim\AppData\Roaming\IeeelOOBt
c:\users\Kim\AppData\Roaming\j2oobbF3pm
c:\users\Kim\AppData\Roaming\JG55ssQJ6dEKfR9
c:\users\Kim\AppData\Roaming\OUVelOBtz0c1v2n
c:\users\Kim\AppData\Roaming\oVrzONtxAuS
c:\users\Kim\AppData\Roaming\qWWWJ77fEL8gZqY
c:\users\Kim\AppData\Roaming\sxP0ucS1iDo
c:\users\Kim\AppData\Roaming\UgRZqhYXwUeOtPy
c:\users\Kim\AppData\Roaming\UrzONtxA0c2b3n
c:\users\Kim\AppData\Roaming\v4aQH6sWKf
c:\users\Kim\AppData\Roaming\v4aQH6sWKf\AV Security 2012.ico
c:\users\Kim\AppData\Roaming\xQH6dWK7fLg
c:\users\Kim\AppData\Roaming\y4pmH5sQJdKgZh
c:\users\Kim\AppData\Roaming\y4pmH5sQJdKgZh\AV Security 2012.ico
c:\users\Kim\AppData\Roaming\zXqjYCekIrOtAuS
c:\users\Kim\AppData\Roaming\zXqjYCekIrOtAuS\AV Security 2012.ico
c:\windows\SysWow64\iWY8u4QD.com
.
.
((((((((((((((((((((((((( Files Created from 2011-10-27 to 2011-11-27 )))))))))))))))))))))))))))))))
.
.
2011-11-27 03:56 . 2011-11-27 03:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-27 03:56 . 2011-11-27 03:56 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-11-20 04:12 . 2011-11-20 04:12 -------- d-----w- C:\found.000
2011-11-17 02:33 . 2011-11-17 02:33 -------- d-----w- c:\users\Kim\AppData\Roaming\Malwarebytes
2011-11-17 02:32 . 2011-11-17 02:32 -------- d-----w- c:\programdata\Malwarebytes
2011-11-17 02:32 . 2011-11-17 02:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-17 02:32 . 2011-08-31 22:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-17 02:24 . 2011-11-17 03:13 -------- d-----w- c:\program files (x86)\9102F
2011-11-16 17:10 . 2011-09-28 18:14 70760 ----a-w- c:\windows\system32\drivers\PCTBD64.sys
2011-11-16 17:10 . 2011-10-25 18:38 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-11-16 17:10 . 2011-10-25 18:38 767952 ----a-w- c:\windows\BDTSupport.dll
2011-11-16 17:10 . 2011-10-25 18:38 2291664 ----a-w- c:\windows\PCTBDCore.dll
2011-11-16 17:10 . 2011-10-25 18:38 1681360 ----a-w- c:\windows\PCTBDRes.dll
2011-11-16 17:10 . 2011-10-28 15:41 141312 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2011-11-16 17:10 . 2011-10-28 15:41 336512 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2011-11-16 17:09 . 2011-10-28 16:01 14776 ----a-w- c:\windows\system32\drivers\pctBTFix64.sys
2011-11-16 17:09 . 2011-10-28 16:03 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
2011-11-16 17:09 . 2011-11-25 01:06 -------- d-----w- c:\program files (x86)\PC Tools
2011-11-16 17:06 . 2011-10-07 22:52 816016 ----a-w- c:\windows\system32\drivers\pctEFA64.sys
2011-11-16 17:06 . 2011-10-07 22:52 452872 ----a-w- c:\windows\system32\drivers\pctDS64.sys
2011-11-16 17:06 . 2011-10-22 20:11 367912 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
2011-11-16 17:06 . 2011-11-25 01:06 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2011-11-16 17:06 . 2011-10-28 16:03 230952 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2011-11-16 17:05 . 2011-11-25 01:06 -------- d-----w- c:\programdata\PC Tools
2011-11-16 17:05 . 2011-11-16 17:05 -------- d-----w- c:\users\Kim\AppData\Roaming\TestApp
2011-11-16 17:02 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F3679E7-580E-4D6A-BB4F-6294252E9AE9}\mpengine.dll
2011-11-09 16:48 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 16:48 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 16:48 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 16:47 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys
2011-11-01 01:03 . 2011-11-01 01:03 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-11-01 01:03 . 2011-11-01 01:03 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-03 17:35 . 2011-06-14 00:26 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-01 03:21 . 2011-10-13 14:48 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:59 . 2011-10-13 14:48 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-27_03.17.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2011-11-27 03:19 37852 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-06-13 18:32 . 2011-11-24 21:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-13 18:32 . 2011-11-27 03:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-09 04:04 . 2011-11-27 03:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-09 04:04 . 2011-11-24 21:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-27 03:22 . 2011-11-27 03:22 65536 c:\windows\Installer\{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2011-11-27 03:22 . 2011-11-27 03:22 65536 c:\windows\Installer\{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}\ARPPRODUCTICON.exe
+ 2011-06-14 16:44 . 2011-11-27 03:19 8490 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1688672369-560665978-2355779204-1000_UserData.bin
+ 2009-07-14 02:36 . 2011-11-27 03:22 710988 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-27 03:22 135896 c:\windows\system32\perfc009.dat
+ 2011-10-17 18:31 . 2011-10-17 18:31 926208 c:\windows\Installer\5f818.msi
- 2009-07-14 02:34 . 2011-11-25 01:07 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-11-27 03:33 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Kim\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-10-04 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-06-08 618496]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx64.sys [2011-05-19 1143416]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 136176]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-10-19 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110615.001\IDSvia64.sys [2011-06-03 488056]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [x]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2011-10-25 542672]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-09-01 408576]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2011-10-28 402336]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-01 2533400]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-09-01 911872]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [x]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x]
S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1688672369-560665978-2355779204-1000Core.job
- c:\users\Kim\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-04 01:47]
.
2011-11-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1688672369-560665978-2355779204-1000UA.job
- c:\users\Kim\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-04 01:47]
.
2011-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 22:11]
.
2011-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 22:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 67.152.3.146 68.234.128.70
FF - ProfilePath - c:\users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\7bfuubx4.default\
FF - user.js: general.useragent.extra.brc -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-11-26 22:58:06
ComboFix-quarantined-files.txt 2011-11-27 03:58
ComboFix2.txt 2011-11-27 03:24
.
Pre-Run: 144,364,224,512 bytes free
Post-Run: 144,299,147,264 bytes free
.
- - End Of File - - 5FA4A3E0517431FF59A704E54F335F3A
#8
Posted 27 November 2011 - 12:33 AM
-
- Members
-
- 5 posts
New Member
Okay, after one more scan, it SEEMS this computer is clean. Here is the latest log:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8235
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
11/27/2011 12:17:21 AM
mbam-log-2011-11-27 (00-17-21).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 343693
Time elapsed: 37 minute(s), 35 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8235
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
11/27/2011 12:17:21 AM
mbam-log-2011-11-27 (00-17-21).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 343693
Time elapsed: 37 minute(s), 35 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
#9
Posted 27 November 2011 - 06:56 AM
-
- Experts
-
- 17,303 posts
Forum Deity
- Gender:Male
- Location:So. Plainfield, New Jersey, USA
How's the computer running now? Any problems?
MrC
MrC
Malware Removal Expert
I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.
Thanks MrC & crew
#10
Posted 04 December 2011 - 08:09 AM
-
- Moderators
-
- 20,035 posts
Forum Deity
- Gender:Male
- Location:Missouri, USA
Glad we could help. 
If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.
Other members who need assistance please start your own topic in a new thread. Thanks!
If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.
Other members who need assistance please start your own topic in a new thread. Thanks!
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
