TheY0ung0ne

August 7, 2012

yeah, things are really going great. Thank yoU!

August 6, 2012

Good, but since I found out about the viruses, I've been too paranoid to log on any account except malwarebytes forum that they might steal data from me. Would it be safe to be able to log on anything now?

August 5, 2012

log doesn't say much idk if i did anything wrong but it found 2 trojans.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

August 5, 2012

here you go

log.txt

August 4, 2012

Malwarebytes Anti-Malware (Trial) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.04.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

minhp :: MINHP-PC [administrator]

Protection: Enabled

8/4/2012 11:36:09 AM

mbam-log-2012-08-04 (11-36-09).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 213225

Time elapsed: 6 minute(s), 10 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

aswMBR.txt

Attach.txt

DDS.txt

August 4, 2012

I just restarted on the dds thingy and attached both of them. Sorry if i caused any trouble..man i'm dumb.

DDS.txt

attach.txt

August 4, 2012

oops, that was the "attached" file..fail. will this make things harder?

August 4, 2012

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 11/2/2011 5:15:36 PM

System Uptime: 8/3/2012 9:22:37 PM (0 hours ago)

.

Motherboard: Dell Inc. | | 0XN71K

Processor: Intel® Core i7-2670QM CPU @ 2.20GHz | CPU | 2201/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 446 GiB total, 349.436 GiB free.

D: is FIXED (NTFS) - 466 GiB total, 444.16 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description:

Device ID: ACPI\SMO8800\1

Manufacturer:

Name:

PNP Device ID: ACPI\SMO8800\1

Service:

.

==== System Restore Points ===================

.

RP126: 7/21/2012 9:44:36 PM - Windows Update

RP127: 7/27/2012 8:24:32 PM - Windows Update

RP128: 7/31/2012 12:59:50 PM - Windows Update

RP129: 8/3/2012 3:36:47 PM - Windows Update

RP131: 8/3/2012 4:43:32 PM - Windows Defender Checkpoint

.

==== Installed Programs ======================

.

ABBYY FineReader 6.0 Sprint

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.3) MUI

Advanced Audio FX Engine

ASPCA TriMini Reminder by We-Care.com v5.0.2.1

Blio

Conduit Engine

Cozi

D3DX10

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell DataSafe Online

Dell Getting Started Guide

Dell MusicStage

Dell PhotoStage

Dell Stage

Dell VideoStage

Dell Webcam Central

DirectX 9 Runtime

eBay

Google Toolbar for Internet Explorer

Google Update Helper

High-Definition Video Playback

IncrediMail MediaBar 2 Toolbar

Intel PROSet Wireless

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® WiDi

Internet Explorer

Java Auto Updater

Java 6 Update 29

Junk Mail filter update

Lexmark Printable Web

Lexmark Toolbar

Malwarebytes Anti-Malware version 1.62.0.1300

Mastercam X5

McAfee SecurityCenter

Mesh Runtime

Microsoft Office 2003 Web Components

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable - KB2467175

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft Visual Studio 2005 Tools for Applications - ENU

Mozilla Firefox 9.0 (x86 en-US)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 10 Movie ThemePack Basic

Nero Control Center 10

Nero ControlCenter 10 Help (CHM)

Nero Core Components 10

Nero Update

neroxml

NVIDIA Stereoscopic 3D Driver

PhotoShowExpress

PlayMemories Home

PlayReady PC Runtime x86

Realtek High Definition Audio Driver

Roxio Activation Module

Roxio BackOnTrack

Roxio Burn

Roxio Creator Starter

Roxio Express Labeler 3

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

SolidWorks 2012 x64 Edition SP0

Sonic CinePlayer Decoder Pack

StartNow Toolbar

SyncUP

System Requirements Lab

TrustedID

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

VLC media player 1.1.11

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Zinio Reader 4

.

==== Event Viewer Messages From Past Week ========

.

8/3/2012 9:24:04 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

8/3/2012 5:54:11 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

8/3/2012 5:52:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

8/3/2012 5:52:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

8/3/2012 5:52:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

8/3/2012 5:50:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}

8/3/2012 5:48:40 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

8/3/2012 5:48:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

8/3/2012 5:48:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

8/3/2012 5:48:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

8/3/2012 5:48:35 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21

8/3/2012 5:48:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

8/3/2012 5:48:20 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6

8/3/2012 5:48:16 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.

8/3/2012 4:58:28 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

8/3/2012 4:54:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

8/3/2012 4:54:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

8/3/2012 4:53:47 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache mfehidk mfenlfk NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf

8/3/2012 4:53:47 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.

8/3/2012 4:53:47 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.

8/3/2012 4:53:47 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.

8/3/2012 4:53:47 PM, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.

8/3/2012 4:53:46 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

8/3/2012 4:53:46 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

8/3/2012 4:53:46 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

8/3/2012 4:53:46 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

8/3/2012 4:53:46 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

8/3/2012 4:53:46 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

8/3/2012 4:53:46 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

8/3/2012 4:53:46 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.

8/3/2012 4:53:46 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.

8/3/2012 4:53:46 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

8/3/2012 4:53:46 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

8/3/2012 4:53:46 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

8/3/2012 3:34:14 PM, Error: Service Control Manager [7034] - The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s).

.

==== End Of File ===========================

August 4, 2012

Hello! My laptop was attacked by a virus acting as an anti virus program (live security premium), so i went to safe mode and ran a full scan and removed it. BUUUUUTTTT, i think it's still there (along with many other viruses) and I would like to fully remove it!

THANK YOU!

March 12, 2012

C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined

C:\Users\steven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\2e5d1266-187f3547 a variant of Java/TrojanDownloader.OpenStream.NCP trojan deleted - quarantined

C:\Users\steven\Downloads\KMPlayer_EN_3.1.0.0_R2.exe Win32/OpenCandy application deleted - quarantined

C:\Users\steven_2\Downloads\VeohWebPlayerSetup_eng.exe multiple threats deleted - quarantined

C:\Windows.old\Users\Elmers\Downloads\SmileyBubblesSetup_CH.exe a variant of Win32/Toolbar.Zugo application deleted - quarantined

C:\Windows.old\Users\Elmers\Downloads\Unlocker1.9.1 (1).exe Win32/Adware.ADON application deleted - quarantined

C:\Windows.old\Users\Elmers\Downloads\Unlocker1.9.1.exe a variant of Win32/Toolbar.Babylon application deleted - quarantined

C:\Windows.old\Users\Elmers\Downloads\vs_tron_legacy_by_se7ensinner-d3g0dyj.rar Win32/OpenCandy application deleted - quarantined

C:\Windows.old.000\Documents and Settings\Elmers\AppData\Local\Application Data\Temp\Pivot Stickfigure.exe Win32/Toolbar.Zugo application deleted - quarantined

C:\Windows.old.000\Documents and Settings\Elmers\Downloads\Unlocker1.9.1-x64.exe a variant of Win32/Toolbar.Babylon application deleted - quarantined

C:\Windows.old.000\Documents and Settings\Elmers\Downloads\Unlocker1.9.1.exe a variant of Win32/Toolbar.Babylon application deleted - quarantined

March 11, 2012

OTL Extras logfile created on: 3/10/2012 9:46:04 AM - Run 2

OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\steven\Downloads

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 61.81% Memory free

8.00 Gb Paging File | 5.95 Gb Available in Paging File | 74.36% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 455.59 Gb Total Space | 172.88 Gb Free Space | 37.95% Space Free | Partition Type: NTFS

Drive D: | 10.17 Gb Total Space | 1.38 Gb Free Space | 13.52% Space Free | Partition Type: NTFS

Drive E: | 6.99 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: STEVEN-PC | User Name: steven | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 285.62

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.62

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit

"Lexmark Pro800-Pro900 Series" = Lexmark Pro800-Pro900 Series

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{624E54D0-E4F4-434F-9EF6-D4D066EE4348}" = Facebook Video Calling 1.1.1.1

"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90140011-0061-0409-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - English

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9910A499-33A8-4EF3-925F-726F2E16ED9E}" = Mastercam X5

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup

"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web

"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8

"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR

"4F6D5E84-5826-4394-9F40-3A9A19165651_is1" = Pandora Service

"Adobe AIR" = Adobe AIR

"InstallShield_{9910A499-33A8-4EF3-925F-726F2E16ED9E}" = Mastercam X5

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000

"McAfee Security Scan" = McAfee Security Scan Plus

"NAV" = Norton AntiVirus

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"Office14.Click2Run" = Microsoft Office Click-to-Run 2010

"Steam App 440" = Team Fortress 2

"SystemRequirementsLab" = System Requirements Lab

"The KMPlayer" = The KMPlayer (remove only)

"VLC media player" = VLC media player 1.1.11

"WinRAR archiver" = WinRAR 4.01 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1090328997-2394222111-2209020592-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 3/5/2012 7:23:22 PM | Computer Name = steven-PC | Source = Application Error | ID = 1000

Description = Faulting application name: Mosaic.exe, version: 1.0.295.0, time stamp:

0x4e4fe9a1 Faulting module name: KERNELBASE.dll, version: 6.1.7600.16850, time stamp:

0x4e211da1 Exception code: 0xe0434352 Fault offset: 0x000000000000a88d Faulting process

id: 0x14e0 Faulting application start time: 0x01ccfb26ea234210 Faulting application

path: C:\Users\steven\Desktop\Mosaic\Mosaic.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll

Report

Id: 3267ce60-671a-11e1-8fcf-001fc6e8ab83

Error - 3/5/2012 7:26:09 PM | Computer Name = steven-PC | Source = .NET Runtime | ID = 1026

Description =

Error - 3/5/2012 7:26:09 PM | Computer Name = steven-PC | Source = Application Error | ID = 1000

Description = Faulting application name: Mosaic.exe, version: 1.0.295.0, time stamp:

0x4e4fe9a1 Faulting module name: KERNELBASE.dll, version: 6.1.7600.16850, time stamp:

0x4e211da1 Exception code: 0xe0434352 Fault offset: 0x000000000000a88d Faulting process

id: 0xa18 Faulting application start time: 0x01ccfb274bc32bc0 Faulting application

path: C:\Users\steven\Desktop\Mosaic\Mosaic.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll

Report

Id: 966927b0-671a-11e1-8fcf-001fc6e8ab83

Error - 3/5/2012 7:47:24 PM | Computer Name = steven-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "C:\$Recycle.Bin\S-1-5-21-1090328997-2394222111-2209020592-1000\$R86B44R.exe".Error

in manifest or policy file "" on line . A component version required by the application

conflicts with another component version already active. Conflicting components

are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Component

2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

Error - 3/7/2012 10:56:28 PM | Computer Name = steven-PC | Source = Application Hang | ID = 1002

Description = The program KMPlayer.exe version 3.1.0.0 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 122c Start

Time: 01ccfcb98612b500 Termination Time: 89 Application Path: C:\PROGRA~2\THEKMP~1\KMPlayer.exe

Report

Id:

Error - 3/9/2012 12:16:23 AM | Computer Name = steven-PC | Source = Application Hang | ID = 1002

Description = The program KMPlayer.exe version 3.1.0.0 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 13cc Start

Time: 01ccfd9664cf3a70 Termination Time: 57 Application Path: C:\PROGRA~2\THEKMP~1\KMPlayer.exe

Report

Id:

Error - 3/9/2012 1:53:54 AM | Computer Name = steven-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "C:\$Recycle.Bin\S-1-5-21-1090328997-2394222111-2209020592-1000\$R86B44R.exe".Error

in manifest or policy file "" on line . A component version required by the application

conflicts with another component version already active. Conflicting components

are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Component

2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

Error - 3/9/2012 11:17:50 AM | Computer Name = steven-PC | Source = Application Hang | ID = 1002

Description = The program OTL.exe version 3.2.36.2 stopped interacting with Windows

and was closed. To see if more information about the problem is available, check

the problem history in the Action Center control panel. Process ID: 4cc Start Time:

01ccfe07afaa46e0 Termination Time: 25 Application Path: C:\Users\steven\Downloads\OTL.exe

Report

Id: 02e18f31-69fb-11e1-846d-001fc6e8ab83

Error - 3/9/2012 11:52:16 AM | Computer Name = steven-PC | Source = Google Update | ID = 20

Description =

Error - 3/9/2012 1:41:45 PM | Computer Name = steven-PC | Source = Application Error | ID = 1000

Description = Faulting application name: spoolsv.exe, version: 6.1.7600.16661, time

stamp: 0x4c6f61fe Faulting module name: lxeccomc.dll, version: 9.2.33.0, time stamp:

0x4b20075b Exception code: 0x40000015 Fault offset: 0x000000000009c26e Faulting process

id: 0x468 Faulting application start time: 0x01ccfe151e6595a0 Faulting application

path: C:\Windows\System32\spoolsv.exe Faulting module path: C:\Windows\System32\lxeccomc.dll

Report

Id: 22f65440-6a0f-11e1-bc3c-001fc6e8ab83

[ System Events ]

Error - 3/10/2012 12:15:47 PM | Computer Name = steven-PC | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the lxecCATSCustConnectService

service to connect.

Error - 3/10/2012 12:15:47 PM | Computer Name = steven-PC | Source = Service Control Manager | ID = 7000

Description = The lxecCATSCustConnectService service failed to start due to the

following error: %%1053

Error - 3/10/2012 12:46:53 PM | Computer Name = steven-PC | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the NAV service.

Error - 3/10/2012 12:46:59 PM | Computer Name = steven-PC | Source = Microsoft-Windows-HAL | ID = 12

Description = The platform firmware has corrupted memory across the previous system

power transition. Please check for updated firmware for your system.

Error - 3/10/2012 12:56:29 PM | Computer Name = steven-PC | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the NAV service.

Error - 3/10/2012 12:56:59 PM | Computer Name = steven-PC | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the NAV service.

Error - 3/10/2012 12:57:29 PM | Computer Name = steven-PC | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the NAV service.

Error - 3/10/2012 12:57:59 PM | Computer Name = steven-PC | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the NAV service.

Error - 3/10/2012 1:00:26 PM | Computer Name = steven-PC | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the lxecCATSCustConnectService

service to connect.

Error - 3/10/2012 1:00:26 PM | Computer Name = steven-PC | Source = Service Control Manager | ID = 7000

Description = The lxecCATSCustConnectService service failed to start due to the

following error: %%1053

< End of report >

March 11, 2012

It feels as if the virus is gone! . But one question. Before, everytime i rebooted my computer a black box (the command prompt) would start up and appear out of no where. On the top it said something about app data, scv.exe. Was this the virus?

March 10, 2012

ComboFix 12-03-10.02 - steven 03/09/2012 13:16:47.3.2 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.2869 [GMT -8:00]

Running from: c:\users\steven\Downloads\ComboFix.exe

Command switches used :: c:\users\steven\Desktop\CFScript.txt

AV: Norton AntiVirus *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Norton AntiVirus *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

--------------- FCopy ---------------

.

c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe --> c:\windows\explorer.exe

.

((((((((((((((((((((((((( Files Created from 2012-02-09 to 2012-03-09 )))))))))))))))))))))))))))))))

.

2012-03-09 21:25 . 2012-03-09 21:25 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-03-09 21:25 . 2012-03-09 21:25 -------- d-----w- c:\users\steven_2\AppData\Local\temp

2012-03-09 21:25 . 2012-03-09 21:25 -------- d-----w- c:\users\Guest\AppData\Local\temp

2012-03-09 21:25 . 2012-03-09 21:25 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-09 06:54 . 2012-03-09 06:54 -------- d-----w- c:\users\steven\AppData\Roaming\SUPERAntiSpyware.com

2012-03-09 06:54 . 2012-03-09 06:54 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-03-09 06:54 . 2012-03-09 06:54 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-03-09 05:43 . 2012-03-09 08:12 -------- d-----w- c:\users\steven\AppData\Roaming\Malwarebytes

2012-03-09 05:43 . 2012-03-09 05:43 -------- d-----w- c:\programdata\Malwarebytes

2012-03-09 05:43 . 2012-03-09 05:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-03-09 05:43 . 2011-12-10 23:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-09 04:54 . 2009-06-10 21:23 1169224 ----a-w- c:\users\steven\AppData\Roaming\svc.exe

2012-03-09 04:53 . 2012-03-09 08:13 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-03-09 04:53 . 2012-03-09 04:52 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-03-09 04:52 . 2012-03-09 08:13 -------- d-----w- c:\program files (x86)\Java

2012-03-08 22:20 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{79CD807A-0B5A-45AA-AD96-37678B0E082B}\mpengine.dll

2012-03-05 23:32 . 2012-03-05 23:38 -------- d-----w- c:\users\steven\MOSAIC

2012-03-04 22:48 . 2012-03-04 22:48 -------- d-----w- c:\windows\W7SBC

2012-03-04 22:48 . 2011-02-26 06:26 2870784 ----a-w- c:\windows\explorer.exe

2012-03-04 22:48 . 2011-02-26 06:23 2870272 ----a-w- c:\windows\explorer_edit_w7sbc.exe

2012-03-04 22:48 . 2011-02-26 06:23 2870272 ----a-w- c:\windows\explorer_backup_w7sbc.exe

2012-03-04 22:20 . 2012-03-04 22:20 -------- d-----w- c:\users\steven\AppData\Roaming\replacer

2012-03-03 03:57 . 2012-03-03 03:57 -------- d-----w- c:\users\steven\AppData\Local\Howei

2012-03-03 03:41 . 2009-09-24 00:48 431936 ----a-w- c:\windows\system32\msvcp100.dll

2012-03-03 03:41 . 2009-09-24 00:48 431936 ----a-w- c:\windows\SysWow64\msvcp100.dll

2012-03-03 03:29 . 2012-03-03 03:27 761152 ----a-w- c:\windows\system32\msvcr100.dll

2012-03-03 03:27 . 2012-03-03 03:27 761152 ----a-w- c:\windows\SysWow64\msvcr100.dll

2012-03-02 19:16 . 2012-03-02 19:16 -------- d-----w- c:\program files (x86)\PANDORA.TV

2012-03-02 19:16 . 2012-03-02 19:17 -------- d-----w- c:\program files (x86)\The KMPlayer

2012-02-25 22:30 . 2012-02-25 22:30 -------- d-----w- c:\program files (x86)\Common Files\Skype

2012-02-25 22:30 . 2012-02-25 22:30 -------- d-----r- c:\program files (x86)\Skype

2012-02-18 21:45 . 2012-02-18 21:45 -------- d-----w- c:\users\steven\AppData\Local\Microsoft Games

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-23 17:18 . 2011-09-23 00:27 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-01-11 03:25 . 2011-10-05 23:04 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-12-27 03:18 . 2011-12-27 03:18 18944 ----a-r- c:\users\steven\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe

.

((((((((((((((((((((((((((((( SnapShot@2012-03-09_16.01.35 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2012-03-09 16:00 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-03-09 21:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-03-09 16:00 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-03-09 21:27 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-03-09 21:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-03-09 16:00 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-09-23 15:15 . 2012-03-09 16:55 40222 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-03-09 20:44 45318 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-09-23 01:13 . 2012-03-09 20:44 12554 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1090328997-2394222111-2209020592-1000_UserData.bin

+ 2011-09-23 01:13 . 2012-03-09 21:27 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-09-23 01:13 . 2012-03-09 16:01 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-09-23 01:13 . 2012-03-09 21:27 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-09-23 01:13 . 2012-03-09 16:01 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-09-23 01:13 . 2012-03-09 16:01 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-09-23 01:13 . 2012-03-09 21:27 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-09-23 01:13 . 2012-03-09 16:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-09-23 01:13 . 2012-03-09 21:27 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-09-23 01:13 . 2012-03-09 16:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-09-23 01:13 . 2012-03-09 21:27 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2012-03-09 21:27 . 2012-03-09 21:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-03-09 16:00 . 2012-03-09 16:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-03-09 16:00 . 2012-03-09 16:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-03-09 21:27 . 2012-03-09 21:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-09-23 01:05 . 2012-03-09 18:35 264578 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin

- 2009-07-14 05:01 . 2012-03-09 15:59 299300 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-03-09 21:25 299300 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 02:34 . 2012-03-08 22:30 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat

+ 2009-07-14 02:34 . 2012-03-09 20:56 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat

- 2011-11-11 20:25 . 2012-03-09 15:59 11592282 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1090328997-2394222111-2209020592-1000-8192.dat

+ 2011-11-11 20:25 . 2012-03-09 21:25 11592282 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1090328997-2394222111-2209020592-1000-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-01-13 1242448]

"Facebook Update"="c:\users\steven\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-02-20 137536]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-15 17146504]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 4785536]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 lxecCATSCustConnectService;lxecCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe [2010-04-14 45736]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1207000.00D\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1207000.00D\SYMEFA64.SYS [x]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20111210.003\BHDrvx64.sys [2011-11-14 1156216]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20111214.001\IDSvia64.sys [2011-09-23 488568]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1207000.00D\Ironx64.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1207000.00D\SYMNETS.SYS [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

S2 aksdf;aksdf;c:\windows\system32\DRIVERS\aksdf.sys [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]

S2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe [2010-04-14 1052328]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\18.7.0.13\ccSvcHst.exe [2011-04-17 130008]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]

S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-03-02 1867480]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-03 483688]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 138360]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-03 209768]

S3 VST64_DPV;VST64_DPV;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

S3 VST64HWBS2;VST64HWBS2;c:\windows\system32\DRIVERS\VSTBS26.SYS [x]

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1090328997-2394222111-2209020592-1000Core.job

- c:\users\steven\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-20 03:47]

.

2012-03-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1090328997-2394222111-2209020592-1000UA.job

- c:\users\steven\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-20 03:47]

.

2012-03-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1090328997-2394222111-2209020592-1003Core.job

- c:\users\steven_2\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-29 01:41]

.

2012-03-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1090328997-2394222111-2209020592-1003UA.job

- c:\users\steven_2\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-29 01:41]

.

2012-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1090328997-2394222111-2209020592-1000Core.job

- c:\users\steven\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-23 02:27]

.

2012-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1090328997-2394222111-2209020592-1000UA.job

- c:\users\steven\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-23 02:27]

.

2012-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1090328997-2394222111-2209020592-1003Core.job

- c:\users\steven_2\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-06 21:26]

.

2012-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1090328997-2394222111-2209020592-1003UA.job

- c:\users\steven_2\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-06 21:26]

.

2012-03-09 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 55cc2847-e13b-4f13-83c1-51ed5249143c.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

2012-03-09 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task f57a387b-30ac-4ab8-a5eb-594851f3e9c0.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

--------- x86-64 -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"lxecmon.exe"="c:\program files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe" [2010-05-17 770728]

"EzPrint"="c:\program files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe" [2010-05-17 148280]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://search.babylon.com/?AF=108973&tt=191011_bsttb&babsrc=HP_ss&mntrId=46b7b13f000000000000001fc6e8ab83

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.1.254

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]

"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\18.7.0.13\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\18.7.0.13\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-03-09 13:31:53 - machine was rebooted

ComboFix-quarantined-files.txt 2012-03-09 21:31

ComboFix2.txt 2012-03-09 19:33

ComboFix3.txt 2012-03-09 16:08

.

Pre-Run: 180,977,242,112 bytes free

Post-Run: 180,694,085,632 bytes free

.

- - End Of File - - A32D20DD924209DC4F7AC9F396AF0AEB

March 10, 2012

Do i have to put in the FCopy too?

March 10, 2012

ComboFix 12-03-10.02 - steven 03/09/2012 9:46.2.2 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.2734 [GMT -8:00]

Running from: c:\users\steven\Downloads\ComboFix.exe

Command switches used :: c:\users\steven\Desktop\CFScript.txt

AV: Norton AntiVirus *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Norton AntiVirus *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\search.babylon.com_favicon.ico

c:\users\steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\www.leawo.com_favicon.ico

c:\users\steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\www.youtube.com_favicon.ico

.

((((((((((((((((((((((((( Files Created from 2012-02-09 to 2012-03-09 )))))))))))))))))))))))))))))))

.

2012-03-09 19:30 . 2012-03-09 19:30 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-03-09 19:30 . 2012-03-09 19:30 -------- d-----w- c:\users\steven_2\AppData\Local\temp

2012-03-09 19:30 . 2012-03-09 19:30 -------- d-----w- c:\users\Guest\AppData\Local\temp

2012-03-09 19:30 . 2012-03-09 19:30 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-09 17:43 . 2012-03-09 17:43 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{79CD807A-0B5A-45AA-AD96-37678B0E082B}\offreg.dll