1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

I think i have a virus, please help!

Discussion in 'Virus & Other Malware Removal' started by akairi97, Aug 20, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. akairi97

    akairi97 Thread Starter

    Joined:
    Sep 14, 2010
    Messages:
    387
    I think i may have a virus because, ever since last week, whenever i go to a site it keeps routing me to another site that is not a good site to be on. This has started about a week ago. It first started when so many updates kept popping up on my pc and then my pc kept rebooting itself. It wouldnt let me do a system restore or anything. I downloaded malware and it pulled up a few viruses or malware( im not sure) and i quarantined them, but the virus is still on my pc. Can someone please help me?

    I have a windows 7 home premium computer, 32- bit operating system
     
  2. akairi97

    akairi97 Thread Starter

    Joined:
    Sep 14, 2010
    Messages:
    387
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:43:56 PM, on 8/20/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16448)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Citrix\ICA Client\concentr.exe
    C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    C:\Program Files\Citrix\ICA Client\wfcrun32.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
    C:\Users\user\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
    O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
    O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: http://www.convergysworkathome.com
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
    O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files\BitComet\tools\BitCometService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

    --
    End of file - 11258 bytes
     
  3. akairi97

    akairi97 Thread Starter

    Joined:
    Sep 14, 2010
    Messages:
    387
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
    Run by Andrea at 22:49:01 on 2012-08-20
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2013.1083 [GMT -4:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Citrix\ICA Client\concentr.exe
    C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Citrix\ICA Client\wfcrun32.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Windows\system32\DllHost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
    C:\Users\user\Downloads\HijackThis.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\conhost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://xfinity.comcast.net/?cid=insDate07162012
    uURLSearchHooks: H - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
    BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
    TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [KiesHelper] c:\program files\samsung\kies\KiesHelper.exe /s
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
    IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
    IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll/206
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{FE040ADA-E6F4-40E1-BA87-88A730D4112C} : DhcpNameServer = 192.168.1.254
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
    Notify: igfxcui - igfxdev.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath -
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]
    R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2011-4-25 65584]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
    R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-8-6 273960]
    R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-3-11 136176]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-15 250056]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-4-1 183560]
    S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\bitcomet\tools\bitcometservice.exe -service --> c:\program files\bitcomet\tools\BitCometService.exe -service [?]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-4-26 80824]
    S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-3-25 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-3-11 136176]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-17 129976]
    S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 74112]
    S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-4-26 181432]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-3-11 52224]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-3-11 1343400]
    S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
    .
    =============== Created Last 30 ================
    .
    2012-08-21 02:34:11 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{63a356f8-70ad-4f83-ad25-46ead70a4ee9}\offreg.dll
    2012-08-20 17:55:44 6891424 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{63a356f8-70ad-4f83-ad25-46ead70a4ee9}\mpengine.dll
    2012-08-19 05:49:18 6891424 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2012-08-15 21:51:28 400896 ----a-w- c:\windows\system32\srcore.dll
    2012-08-15 21:51:27 2345984 ----a-w- c:\windows\system32\win32k.sys
    2012-08-15 21:51:26 492032 ----a-w- c:\windows\system32\win32spl.dll
    2012-08-15 21:51:25 317440 ----a-w- c:\windows\system32\spoolsv.exe
    2012-08-15 21:51:24 41984 ----a-w- c:\windows\system32\browcli.dll
    2012-08-15 21:51:24 102912 ----a-w- c:\windows\system32\browser.dll
    2012-08-15 21:51:23 769024 ----a-w- c:\windows\system32\localspl.dll
    2012-08-15 02:21:34 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-15 02:21:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-07-24 19:30:32 -------- d-----w- c:\users\andrea\appdata\roaming\Malwarebytes
    2012-07-24 19:30:20 -------- d-----w- c:\programdata\Malwarebytes
    2012-07-24 19:25:53 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-07-24 13:29:23 -------- d-----w- c:\users\andrea\appdata\local\Mozilla
    2012-07-24 13:28:43 -------- d-----w- c:\users\andrea\appdata\local\Samsung
    2012-07-24 13:28:36 -------- d-----w- c:\users\andrea\appdata\roaming\Samsung
    .
    ==================== Find3M ====================
    .
    2012-08-15 14:28:10 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-08-15 14:28:10 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll
    2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-06-06 12:49:52 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
    2012-06-06 05:05:52 1390080 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-06 05:05:52 1236992 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-06 05:03:06 805376 ----a-w- c:\windows\system32\cdosys.dll
    2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 19:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 19:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 04:45:04 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-06-02 04:45:03 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-06-02 04:40:59 369336 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-06-02 04:40:39 225280 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 04:39:10 219136 ----a-w- c:\windows\system32\ncrypt.dll
    .
    ============= FINISH: 22:49:48.41 ===============
     
  4. akairi97

    akairi97 Thread Starter

    Joined:
    Sep 14, 2010
    Messages:
    387
    attachment
     

    Attached Files:

  5. akairi97

    akairi97 Thread Starter

    Joined:
    Sep 14, 2010
    Messages:
    387
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-08-20 23:11:54
    Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3320418AS rev.CC46
    Running: 8flv80bc.exe; Driver: C:\Users\Andrea\AppData\Local\Temp\kxldapob.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82A4D3C9 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A86D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    ? C:\Users\Andrea\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2556] ntdll.dll!DbgUiRemoteBreakin 7748F17D 1 Byte [C3]

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

    Device \Driver\ACPI_HAL \Device\0000003f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----
     
  6. akairi97

    akairi97 Thread Starter

    Joined:
    Sep 14, 2010
    Messages:
    387
    Is there anybody that can help me? I work online and its really affecting me
     
  7. akairi97

    akairi97 Thread Starter

    Joined:
    Sep 14, 2010
    Messages:
    387
    i know i can be annoying but is there anyone that can assist me?
     
  8. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,929
    sorry for the wait, the forum has been swamped


    please run the following:

    Refer to the ComboFix User's Guide

    1. Download ComboFix from the following location:

      Link

      * IMPORTANT !!! Place ComboFix.exe on your Desktop
    2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
      You can get help on disabling your protection programs here
    3. Double click on ComboFix.exe & follow the prompts.
    4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
    5. When finished, it shall produce a log for you. Post that log in your next reply

      Note:
      Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


      ---------------------------------------------------------------------------------------------
    6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

      ---------------------------------------------------------------------------------------------

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
     
  9. akairi97

    akairi97 Thread Starter

    Joined:
    Sep 14, 2010
    Messages:
    387
    ComboFix 12-08-25.04 - Andrea 08/25/2012 23:40:41.1.2 - x86
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2013.1175 [GMT -4:00]
    Running from: c:\users\user\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Public\sdelevURL.tmp
    c:\users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E9997712-386A-4188-91C5-67E9279A45E7}.xps
    c:\users\user\g2mdlhlpx.exe
    c:\windows\system32\muzapp.exe
    c:\windows\system32\System32\MASetupCleaner.exe
    c:\windows\system32\System32\muzapp.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-26 to 2012-08-26 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-26 03:45 . 2012-08-26 03:46 -------- d-----w- c:\users\Andrea\AppData\Local\temp
    2012-08-26 03:45 . 2012-08-26 03:45 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2012-08-26 03:45 . 2012-08-26 03:45 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-26 03:37 . 2012-08-26 03:37 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5CF8AC47-2163-4156-89BD-41A10273DAAB}\MpKsl3588f6c8.sys
    2012-08-26 03:36 . 2012-08-26 03:36 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5CF8AC47-2163-4156-89BD-41A10273DAAB}\offreg.dll
    2012-08-25 13:02 . 2012-08-01 22:51 7023536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5CF8AC47-2163-4156-89BD-41A10273DAAB}\mpengine.dll
    2012-08-24 02:21 . 2012-08-01 22:51 7023536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-08-15 21:51 . 2012-05-05 07:46 400896 ----a-w- c:\windows\system32\srcore.dll
    2012-08-15 21:51 . 2012-07-18 17:47 2345984 ----a-w- c:\windows\system32\win32k.sys
    2012-08-15 21:51 . 2012-02-11 05:43 492032 ----a-w- c:\windows\system32\win32spl.dll
    2012-08-15 21:51 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe
    2012-08-15 21:51 . 2012-07-04 21:14 41984 ----a-w- c:\windows\system32\browcli.dll
    2012-08-15 21:51 . 2012-07-04 21:14 102912 ----a-w- c:\windows\system32\browser.dll
    2012-08-15 21:51 . 2012-05-14 04:33 769024 ----a-w- c:\windows\system32\localspl.dll
    2012-08-15 02:21 . 2012-08-15 02:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-08-15 02:21 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-15 14:28 . 2012-04-15 20:13 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-08-15 14:28 . 2012-03-11 00:21 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-06-06 12:49 . 2012-06-06 12:49 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
    2012-06-06 05:05 . 2012-07-10 23:25 1390080 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-06 05:05 . 2012-07-10 23:25 1236992 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-06 05:03 . 2012-07-10 23:25 805376 ----a-w- c:\windows\system32\cdosys.dll
    2012-06-02 22:19 . 2012-06-21 12:49 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-21 12:49 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-21 12:49 35864 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-21 12:49 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:19 . 2012-06-21 12:49 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:12 . 2012-06-21 12:49 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:12 . 2012-06-21 12:49 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 19:19 . 2012-06-21 12:49 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 19:12 . 2012-06-21 12:49 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 04:45 . 2012-07-10 23:25 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-06-02 04:45 . 2012-07-10 23:25 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-06-02 04:40 . 2012-07-10 23:25 369336 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-06-02 04:40 . 2012-07-10 23:25 225280 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 04:39 . 2012-07-10 23:25 219136 ----a-w- c:\windows\system32\ncrypt.dll
    2011-04-25 06:58 . 2011-04-25 06:58 124864 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
    2011-04-25 07:48 . 2011-04-25 07:48 13760 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
    2011-04-25 07:00 . 2011-04-25 07:00 71104 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
    2011-04-25 06:59 . 2011-04-25 06:59 92096 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
    2011-04-25 06:58 . 2011-04-25 06:58 22976 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
    2011-04-25 06:57 . 2011-04-25 06:57 255936 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
    2011-04-25 06:58 . 2011-04-25 06:58 32192 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
    2011-04-25 06:58 . 2011-04-25 06:58 40896 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
    2011-04-25 06:51 . 2011-04-25 06:51 898480 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
    2011-04-25 07:00 . 2011-04-25 07:00 24512 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
    2012-04-21 01:19 . 2012-05-17 10:46 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-04-04 954256]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-23 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-23 175128]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-23 166424]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2011-04-25 305088]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-04-04 3521424]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2012-03-14 280576]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
    R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
    R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [x]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
    S1 MpKsl3588f6c8;MpKsl3588f6c8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5CF8AC47-2163-4156-89BD-41A10273DAAB}\MpKsl3588f6c8.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
    S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [x]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MPKSL3588F6C8
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-26 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 14:28]
    .
    2012-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-03-12 01:19]
    .
    2012-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-03-12 01:19]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://xfinity.comcast.net/?cid=insDate07162012
    IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath -
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
    AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
    AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
    AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
    AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
    AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
    AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
    AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
    AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
    AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
    AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
    AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
    AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
    AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
    AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
    AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
    AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
    AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
    AddRemove-21_Searsburg - c:\program files\SAMSUNG\USB Drivers\21_Searsburg\Uninstall.exe
    AddRemove-22_WiBro_WiMAX - c:\program files\SAMSUNG\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
    AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
    AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-08-25 23:48:20
    ComboFix-quarantined-files.txt 2012-08-26 03:48
    .
    Pre-Run: 276,692,590,592 bytes free
    Post-Run: 278,339,358,720 bytes free
    .
    - - End Of File - - 889A7EE0B676B47E7B0B7E2EBD242F3A
     
  10. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,929
    Please do the following:

    • Please open your MalwareBytes AntiMalware Program
    • Click the Update Tab and search for updates
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish, so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected. <-- very important
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.

    Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



    NEXT


    Go here to run an online scanner from ESET.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activeX control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
    • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    • Click Scan
    • Wait for the scan to finish
    • When the scan completes, press the LIST OF THREATS FOUND button
    • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
    • Include the contents of this report in your next reply.
    • Press the BACK button.
    • Press Finish
     
  11. akairi97

    akairi97 Thread Starter

    Joined:
    Sep 14, 2010
    Messages:
    387
    Malwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.08.14.07

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    user :: USER-PC [limited]

    Protection: Disabled

    8/26/2012 12:30:25 AM
    mbam-log-2012-08-26 (00-30-25).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 178954
    Time elapsed: 4 minute(s), 3 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  12. akairi97

    akairi97 Thread Starter

    Joined:
    Sep 14, 2010
    Messages:
    387
    C:\TDSSKiller_Quarantine\24.07.2012_15.25.09\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AYI trojan
    C:\TDSSKiller_Quarantine\24.07.2012_15.25.09\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan
    C:\TDSSKiller_Quarantine\24.07.2012_15.25.09\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan
    C:\TDSSKiller_Quarantine\24.07.2012_15.25.09\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AL trojan
    C:\TDSSKiller_Quarantine\24.07.2012_15.25.09\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.NH trojan
    C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\7mq0efgw.default\extensions\[email protected] JS/Redirector.NCA trojan
    C:\Users\user\AppData\Local\Apps\Apple Computer\dvqxakl.dll a variant of Win32/Kryptik.AKQH trojan
    C:\Users\user\AppData\Local\Macromedia\Deployment\kwhyat.dll a variant of Win32/Kryptik.AJGX trojan
    C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\29d18562-63c3dfde Java/TrojanDownloader.Agent.NDW trojan
    C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\432013fc-55f1fd37 Java/Exploit.CVE-2012-0507.CK trojan
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\c0kim9dr.default\extensions\[email protected] JS/Redirector.NCA trojan
     
  13. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,929
    Please do the following:

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
    • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    Copy/paste the text inside the Codebox below into notepad:

    Here's how to do that:
    Click Start > Run type Notepad click OK.
    This will open an empty notepad file:

    Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

    Code:
    http://forums.techguy.org/virus-other-malware-removal/1065829-i-think-i-have-virus.html#post8451042
    
    Collect::
    C:\Users\user\AppData\Local\Apps\Apple Computer\dvqxakl.dll 
    C:\Users\user\AppData\Local\Macromedia\Deployment\kwhyat.dll 
    
    File::
    C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\7mq0efgw.default\e xtensions\[email protected] 
    C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\29d18562-63c3dfde 
    C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\432013fc-55f1fd37 
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\c0kim9dr.default\ext ensions\[email protected] 
    ClearJavaCache::
    
    Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

    Save this file to your desktop, Save this as "CFScript"


    Here's how to do that:

    1.Click File;
    2.Click Save As... Change the directory to your desktop;
    3.Change the Save as type to "All Files";
    4.Type in the file name: CFScript
    5.Click Save ...

    [​IMG]
    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix may request an update; please allow it.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you.
    • Copy and paste the contents of the log in your next reply.

    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


    When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
    • Ensure you are connected to the internet and click OK on the message box.



    NEXT

    • Please download MiniToolBox and save it to your desktop and run it.

      Checkmark following checkboxes:
      • Flush DNS
      • Report IE Proxy Settings
      • Report FF Proxy Settings
      • List content of Hosts
      • List installed programs.

      Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.


    NEXT


    Please download Farbar Service Scanner to your desktop and run it.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    NEXT

    Please advise how the computer is running now and if there are any outstanding issues
     
  14. akairi97

    akairi97 Thread Starter

    Joined:
    Sep 14, 2010
    Messages:
    387
    ComboFix 12-08-25.04 - Andrea 08/26/2012 23:39:02.2.2 - x86
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2013.1140 [GMT -4:00]
    Running from: c:\users\user\Desktop\ComboFix.exe
    Command switches used :: c:\users\user\Desktop\CFScript.txt.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\7mq0efgw.default\e xtensions\[email protected]"
    "c:\users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\29d18562-63c3dfde"
    "c:\users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\432013fc-55f1fd37"
    "c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\c0kim9dr.default\ext ensions\[email protected]"
    .
    file zipped: c:\users\user\AppData\Local\Apps\Apple Computer\dvqxakl.dll
    file zipped: c:\users\user\AppData\Local\Macromedia\Deployment\kwhyat.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\boost_interprocess\20120826055101.368145
    c:\users\user\AppData\Local\Apps\Apple Computer\dvqxakl.dll
    c:\users\user\AppData\Local\Macromedia\Deployment\kwhyat.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-27 to 2012-08-27 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-27 03:45 . 2012-08-27 03:45 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2012-08-27 03:45 . 2012-08-27 03:45 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-27 03:45 . 2012-08-27 03:45 -------- d-----w- c:\users\Andrea\AppData\Local\temp
    2012-08-26 06:26 . 2012-08-26 06:26 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1435744B-9F03-4574-8134-99A85B81521E}\offreg.dll
    2012-08-26 06:25 . 2012-08-01 22:51 7023536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1435744B-9F03-4574-8134-99A85B81521E}\mpengine.dll
    2012-08-26 04:39 . 2012-08-26 04:39 -------- d-----w- c:\program files\ESET
    2012-08-26 03:57 . 2012-08-01 22:51 7023536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-08-26 03:53 . 2012-08-26 03:53 -------- d-----w- c:\users\Andrea\AppData\Local\Macromedia
    2012-08-26 03:52 . 2012-07-14 00:16 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
    2012-08-26 03:52 . 2012-07-14 00:16 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
    2012-08-15 21:51 . 2012-05-05 07:46 400896 ----a-w- c:\windows\system32\srcore.dll
    2012-08-15 21:51 . 2012-07-18 17:47 2345984 ----a-w- c:\windows\system32\win32k.sys
    2012-08-15 21:51 . 2012-02-11 05:43 492032 ----a-w- c:\windows\system32\win32spl.dll
    2012-08-15 21:51 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe
    2012-08-15 21:51 . 2012-07-04 21:14 41984 ----a-w- c:\windows\system32\browcli.dll
    2012-08-15 21:51 . 2012-07-04 21:14 102912 ----a-w- c:\windows\system32\browser.dll
    2012-08-15 21:51 . 2012-05-14 04:33 769024 ----a-w- c:\windows\system32\localspl.dll
    2012-08-15 02:21 . 2012-08-15 02:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-08-15 02:21 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-15 14:28 . 2012-04-15 20:13 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-08-15 14:28 . 2012-03-11 00:21 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-06-06 12:49 . 2012-06-06 12:49 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
    2012-06-06 05:05 . 2012-07-10 23:25 1390080 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-06 05:05 . 2012-07-10 23:25 1236992 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-06 05:03 . 2012-07-10 23:25 805376 ----a-w- c:\windows\system32\cdosys.dll
    2012-06-02 22:19 . 2012-06-21 12:49 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-21 12:49 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-21 12:49 35864 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-21 12:49 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:19 . 2012-06-21 12:49 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:12 . 2012-06-21 12:49 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:12 . 2012-06-21 12:49 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 19:19 . 2012-06-21 12:49 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 19:12 . 2012-06-21 12:49 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 04:45 . 2012-07-10 23:25 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-06-02 04:45 . 2012-07-10 23:25 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-06-02 04:40 . 2012-07-10 23:25 369336 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-06-02 04:40 . 2012-07-10 23:25 225280 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 04:39 . 2012-07-10 23:25 219136 ----a-w- c:\windows\system32\ncrypt.dll
    2011-04-25 06:58 . 2011-04-25 06:58 124864 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
    2011-04-25 07:48 . 2011-04-25 07:48 13760 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
    2011-04-25 07:00 . 2011-04-25 07:00 71104 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
    2011-04-25 06:59 . 2011-04-25 06:59 92096 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
    2011-04-25 06:58 . 2011-04-25 06:58 22976 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
    2011-04-25 06:57 . 2011-04-25 06:57 255936 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
    2011-04-25 06:58 . 2011-04-25 06:58 32192 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
    2011-04-25 06:58 . 2011-04-25 06:58 40896 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
    2011-04-25 06:51 . 2011-04-25 06:51 898480 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
    2011-04-25 07:00 . 2011-04-25 07:00 24512 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
    2012-07-14 00:17 . 2012-05-17 10:46 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-04-04 954256]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-23 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-23 175128]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-23 166424]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2011-04-25 305088]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-04-04 3521424]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2012-03-14 280576]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
    R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
    R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [x]
    R3 CFcatchme;CFcatchme;c:\users\Andrea\AppData\Local\Temp\CFcatchme.sys [x]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
    S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-27 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 14:28]
    .
    2012-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-03-12 01:19]
    .
    2012-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-03-12 01:19]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://xfinity.comcast.net/?cid=insDate07162012
    IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\bgiqxxow.default\
    FF - prefs.js: network.proxy.type - 0
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Microsoft Security Client\MsMpEng.exe
    c:\program files\Microsoft\BingBar\SeaPort.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\system32\taskhost.exe
    c:\windows\system32\conhost.exe
    c:\windows\system32\sppsvc.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    .
    **************************************************************************
    .
    Completion time: 2012-08-27 00:01:45 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-27 04:01
    ComboFix2.txt 2012-08-26 03:48
    .
    Pre-Run: 278,357,147,648 bytes free
    Post-Run: 278,346,113,024 bytes free
    .
    - - End Of File - - E0C7C85D0F764D56DEE9B0D47E64869F
     
  15. akairi97

    akairi97 Thread Starter

    Joined:
    Sep 14, 2010
    Messages:
    387
    MiniToolBox by Farbar Version: 23-07-2012
    Ran by user (ATTENTION: The logged in user is not administrator) on 27-08-2012 at 00:08:55
    Windows 7 Home Premium Service Pack 1 (X86)
    Boot Mode: Normal
    ***************************************************************************

    ========================= Flush DNS: ===================================

    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========================= IE Proxy Settings: ==============================

    Proxy is not enabled.
    No Proxy Server is set.

    ========================= FF Proxy Settings: ==============================

    "network.proxy.type", 0
    ========================= Hosts content: =================================

    127.0.0.1 localhost


    =========================== Installed Programs ============================

    7-Zip 9.20
    Adobe Flash Player 11 ActiveX (Version: 11.3.300.271)
    Adobe Flash Player 11 Plugin (Version: 11.3.300.271)
    Adobe Reader X (10.1.3) (Version: 10.1.3)
    Adobe Shockwave Player 11.6 (Version: 11.6.4.634)
    Apple Application Support (Version: 2.1.5)
    Apple Software Update (Version: 2.1.3.127)
    Bing Bar (Version: 7.0.619.0)
    BitComet 1.32 (Version: 1.32)
    Broadcom Gigabit NetLink Controller (Version: 12.33.02)
    Citrix online plug-in - web (Version: 12.1.44.1)
    Citrix online plug-in (DV) (Version: 12.1.44.1)
    Citrix online plug-in (HDX) (Version: 12.1.44.1)
    Citrix online plug-in (USB) (Version: 12.1.44.1)
    Citrix online plug-in (Web) (Version: 12.1.44.1)
    D3DX10 (Version: 15.4.2368.0902)
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    ESET Online Scanner v3
    Google Toolbar for Internet Explorer (Version: 1.0.0)
    Google Toolbar for Internet Explorer (Version: 7.4.3203.136)
    Google Update Helper (Version: 1.3.21.115)
    GoToMeeting 5.1.0.880 (Version: 5.1.0.880)
    Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.1995)
    Java Auto Updater (Version: 2.1.6.0)
    Java(TM) 6 Update 31 (Version: 6.0.310)
    JavaFX 2.1.1 (Version: 2.1.1)
    Junk Mail filter update (Version: 15.4.3502.0922)
    K-Lite Codec Pack 8.6.0 (Basic) (Version: 8.6.0)
    Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
    Mesh Runtime (Version: 15.4.5722.2)
    Messenger Companion (Version: 15.4.3502.0922)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
    Microsoft Application Error Reporting (Version: 12.0.6012.5000)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
    Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
    Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
    Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
    Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
    Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
    Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
    Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
    Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
    Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
    Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
    Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
    Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
    Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
    Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
    Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
    Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
    Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
    Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (Version: 14.0.5120.5000)
    Microsoft Security Client (Version: 4.0.1526.0)
    Microsoft Security Essentials (Version: 4.0.1526.0)
    Microsoft Silverlight (Version: 5.1.10516.0)
    Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
    Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
    Mozilla Maintenance Service (Version: 14.0.1)
    MpcStar 5.4 (Version: 5.4)
    MSVCRT (Version: 15.4.2862.0708)
    QuickTime (Version: 7.71.80.42)
    Samsung Kies (Version: 2.1.0.11112_41)
    SAMSUNG USB Driver for Mobile Phones (Version: 1.5.4.0)
    Secure Download Manager (Version: 3.0.3)
    swMSM (Version: 12.0.0.1)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Windows Live Communications Platform (Version: 15.4.3502.0922)
    Windows Live Essentials (Version: 15.4.3502.0922)
    Windows Live Essentials (Version: 15.4.3555.0308)
    Windows Live Family Safety (Version: 15.4.3555.0308)
    Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
    Windows Live Installer (Version: 15.4.3502.0922)
    Windows Live Mail (Version: 15.4.3502.0922)
    Windows Live Mesh (Version: 15.4.3502.0922)
    Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
    Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
    Windows Live MIME IFilter (Version: 15.4.3502.0922)
    Windows Live Movie Maker (Version: 15.4.3502.0922)
    Windows Live Photo Common (Version: 15.4.3502.0922)
    Windows Live Photo Gallery (Version: 15.4.3502.0922)
    Windows Live PIMT Platform (Version: 15.4.3508.1109)
    Windows Live Remote Client (Version: 15.4.5722.2)
    Windows Live Remote Client Resources (Version: 15.4.5722.2)
    Windows Live Remote Service (Version: 15.4.5722.2)
    Windows Live Remote Service Resources (Version: 15.4.5722.2)
    Windows Live SOXE (Version: 15.4.3502.0922)
    Windows Live SOXE Definitions (Version: 15.4.3502.0922)
    Windows Live UX Platform (Version: 15.4.3502.0922)
    Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
    Windows Live Writer (Version: 15.4.3502.0922)
    Windows Live Writer Resources (Version: 15.4.3502.0922)
    WOT for Internet Explorer (Version: 11.11.7.0)

    **** End of log ****
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1065829