BinDong

November 28, 2012

Thank you for your help!

November 27, 2012

As for the ESET scanner, is it safe to not uninstall it? Im going to scan with it also as like an extra protection.

Also.. Using roguekiller.. is it safe or not on your own? I heard from some people that they used it all the time without much problems. I heard from others it can be dangerous. Can roguekiller be a program you just open up and scan and delete viruses?

November 26, 2012

No more problems now.

What could I do to prevent hijackers and such? I been scanning constantly and cannot detect anything. What could i do to prevent this from happening?

November 24, 2012

I was thinking maybe it is my registery that was being messed up.

I did some research and some say that Windows Update messes up your registery and such. Maybe that is the reason why my computer is acting that way. Are there any programs out there that I can run anytime and can fix my registery?

November 23, 2012

I dont think i still have the browser redirect problem now. But when my computer starts up, sometimes it loads EXTREMELY slowly and i had to force restart it to get it working. I wonder if that is because of the virus or just my computer.

November 22, 2012

ComboFix 12-11-22.03 - Bin 11/22/2012 8:56.3.4 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.5610.3968 [GMT -8:00]

Running from: c:\users\Bin\Downloads\ComboFix.exe

Command switches used :: c:\users\Bin\Downloads\CFScript.txt

AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\users\Bin\unofficial tiaras moonshine mod g16s2-v118c(1).exe.part"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Bin\unofficial tiaras moonshine mod g16s2-v118c(1).exe.part

.

((((((((((((((((((((((((( Files Created from 2012-10-22 to 2012-11-22 )))))))))))))))))))))))))))))))

.

2012-11-22 17:06 . 2012-11-22 17:06 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-22 08:14 . 2012-01-19 17:22 45936 ----a-w- c:\windows\SysWow64\SBBD.EXE

2012-11-18 23:20 . 2012-11-18 23:20 -------- d-----w- c:\users\Bin\Documentscode.client.directory.cache

2012-11-18 04:02 . 2012-11-18 04:02 -------- d-----w- c:\users\Bin\AppData\Local\AIM

2012-11-18 01:33 . 2012-10-30 05:04 66395536 ----a-w- c:\windows\system32\MRT.exe

2012-11-18 01:32 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll

2012-11-18 01:32 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-11-18 01:32 . 2012-10-18 18:25 3149824 ----a-w- c:\windows\system32\win32k.sys

2012-11-18 01:32 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-11-18 01:32 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-11-18 01:32 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-11-18 01:32 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll

2012-11-18 01:32 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-11-18 01:31 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll

2012-11-18 01:31 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll

2012-11-18 01:30 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll

2012-11-18 01:30 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll

2012-11-18 01:30 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-11-18 01:30 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-11-18 01:30 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll

2012-11-18 01:30 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-11-18 01:30 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-11-18 01:30 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-11-17 23:11 . 2012-01-12 16:28 74872 ----a-r- c:\windows\system32\drivers\sbapifs.sys

2012-11-17 23:10 . 2012-01-19 17:22 45936 ------w- c:\windows\system32\SBBD.EXE

2012-11-16 23:08 . 2012-11-16 23:08 -------- d-----w- c:\program files (x86)\ESET

2012-11-14 21:03 . 2012-11-15 02:24 -------- d-----w- c:\users\Bin\AppData\Roaming\QuickScan

2012-11-13 01:46 . 2012-11-13 01:46 -------- d-----w- c:\windows\system32\drivers\NSTx64

2012-11-13 01:46 . 2012-11-13 01:46 -------- d-----w- c:\program files (x86)\Norton Identity Safe

2012-11-13 01:43 . 2012-11-16 02:34 -------- d-----w- c:\windows\system32\drivers\NAVx64\1402000.013

2012-11-12 01:34 . 2011-12-16 04:29 31232 ----a-w- c:\windows\system32\drivers\tap0901.sys

2012-11-06 21:44 . 2012-11-06 21:44 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys

2012-11-06 21:44 . 2012-11-06 21:44 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll

2012-10-25 06:50 . 2012-10-25 06:50 535552 ----a-w- c:\windows\system32\drivers\stwrt64.sys

2012-10-25 06:50 . 2012-10-25 06:50 654336 ------w- c:\windows\system32\stapi64.dll

2012-10-25 06:50 . 2012-10-25 06:50 448512 ----a-w- c:\windows\system32\stcplx64.dll

2012-10-25 06:50 . 2012-10-25 06:50 1987072 ----a-w- c:\windows\system32\stapo64.dll

2012-10-25 06:50 . 2012-10-25 06:52 -------- d-----w- c:\program files\IDT

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-18 01:43 . 2012-09-26 00:56 205984 ----a-w- c:\programdata\Microsoft\VBExpress\10.0\1033\ResourceCache.dll

2012-11-13 01:44 . 2012-06-03 21:03 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2012-10-25 06:50 . 2012-04-08 03:18 4444672 ----a-w- c:\windows\system32\stlang64.dll

2012-10-25 06:50 . 2012-04-08 03:18 1425408 ----a-w- c:\windows\sttray64.exe

2012-10-25 06:50 . 2012-04-08 03:18 223744 ----a-w- c:\windows\system32\HPToneCtrls64.dll

2012-10-25 06:50 . 2012-04-08 03:18 6344704 ----a-w- c:\windows\system32\IDTNGUI.exe

2012-10-25 06:50 . 2012-04-08 03:18 5298688 ----a-w- c:\windows\system32\IDTNHP.dll

2012-10-25 06:50 . 2012-04-08 03:18 249344 ----a-w- c:\windows\system32\IDTNJ.exe

2012-10-25 06:50 . 2012-04-08 03:18 1819136 ----a-w- c:\windows\system32\IDTNC64.cpl

2012-10-25 06:50 . 2012-04-08 03:18 1085440 ----a-w- c:\windows\system32\IDTNX.dll

2012-10-25 06:50 . 2012-04-08 03:17 251904 ----a-w- c:\windows\system32\staco64.dll

2012-10-25 06:50 . 2012-04-08 03:18 68608 ----a-w- c:\windows\system32\AESTAR64.dll

2012-10-25 06:50 . 2012-04-08 03:18 442368 ----a-w- c:\windows\system32\AESTEC64.dll

2012-10-25 06:50 . 2012-04-08 03:18 162304 ----a-w- c:\windows\system32\AESTAC64.dll

2012-10-25 06:50 . 2012-04-08 03:18 90624 ----a-w- c:\windows\system32\AESTCo64.dll

2012-10-09 20:05 . 2012-06-03 22:14 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-09 20:05 . 2011-11-09 18:53 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-09 20:05 . 2012-10-09 20:05 10220472 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-09-30 02:54 . 2012-09-22 21:45 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-25 21:49 . 2012-08-01 21:12 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-09-25 21:49 . 2012-08-01 21:12 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-09-25 21:39 . 2012-08-20 15:42 916456 ----a-w- c:\windows\system32\deployJava1.dll

2012-09-25 21:39 . 2012-08-20 15:42 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-09-01 18:06 . 2012-09-01 18:06 3847762 ----a-w- C:\DeamonPackage.zip

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{AB4C7833-A6EC-433f-B9FE-6B14B1A2F836}]

2012-10-18 17:57 498584 ----a-r- c:\program files (x86)\Norton Identity Safe\Engine\2013.2.0.18\CoIEPlg.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{A13C2648-91D4-4bf3-BC6D-0079707C4389}"= "c:\program files (x86)\Norton Identity Safe\Engine\2013.2.0.18\coIEPlg.dll" [2012-10-18 498584]

.

[HKEY_CLASSES_ROOT\clsid\{a13c2648-91d4-4bf3-bc6d-0079707c4389}]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-28 343168]

"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-10-08 169528]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]

"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-08-26 1342008]

"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-11-06 51712]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-05 1255736]

R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-04-16 79488]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-04-16 40064]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1402000.013\SYMDS64.SYS [2012-10-04 493216]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1402000.013\SYMEFA64.SYS [2012-10-04 1133216]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\BASHDefs\20121106.001_565\BHDrvx64.sys [2012-11-07 1384608]

S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1402000.013\ccSetx64.sys [2012-10-04 168096]

S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DD02000.012\ccSetx64.sys [2012-10-04 168096]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-09 283200]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\IPSDefs\20121121.001\IDSvia64.sys [2012-11-11 513184]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1402000.013\Ironx64.SYS [2012-09-07 224416]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1402000.013\SYMNETS.SYS [2012-09-07 432800]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2012-10-25 89600]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-29 204288]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-09-28 361984]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2012\TrueSuiteService.exe [2011-08-26 260424]

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-04-25 197504]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-27 30520]

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-02-15 34872]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]

S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe [2012-10-11 143928]

S2 NCO;Norton Identity Safe;c:\program files (x86)\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe [2012-10-11 143928]

S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2012-01-12 74872]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [2011-07-16 96896]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]

S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [2011-07-16 214144]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-12 138912]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-05-31 338536]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136]

S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-07-19 1145448]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-22 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-03 20:05]

.

2012-11-13 c:\windows\Tasks\HPCeeScheduleForBin.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-09-30 43320]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-10-25 1425408]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.1.1 75.75.76.76 75.75.75.75

FF - ProfilePath - c:\users\Bin\AppData\Roaming\Mozilla\Firefox\Profiles\2726zvtm.default\

FF - prefs.js: browser.startup.homepage - www.msn.com

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: 2012-10-08 08:37; {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}; c:\users\Bin\AppData\Roaming\Mozilla\Firefox\Profiles\2726zvtm.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}

FF - ExtSQL: 2012-11-12 17:46; {F04D2D30-776C-4d02-8627-8E4385ECA58D}; c:\programdata\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.2.0.18\coFFPlgn

FF - ExtSQL: 2012-11-14 13:02; {e001c731-5e37-4538-a5cb-8168736a2360}; c:\users\Bin\AppData\Roaming\Mozilla\Firefox\Profiles\2726zvtm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAV]

"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\20.2.0.19\diMaster.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NCO]

"ImagePath"="\"c:\program files (x86)\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe\" /s \"NCO\" /m \"c:\program files (x86)\Norton Identity Safe\Engine\2013.2.0.18\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{49C795C2-604A-4D18-AEB1-B3EBA27E5EA2}"=hex:51,66,7a,6c,4c,1d,38,12,ac,96,d4,

4d,78,2e,76,08,d1,a7,f0,ab,a7,20,1a,b6

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}"=hex:51,66,7a,6c,4c,1d,38,12,c0,08,7b,

68,6e,2b,53,0b,f0,d2,a5,e5,25,9d,9d,3c

"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,

69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}"=hex:51,66,7a,6c,4c,1d,38,12,00,8b,83,

81,be,a2,af,06,dc,3a,a7,82,b5,e8,7d,4f

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:24,8a,e6,21,f2,91,cd,01

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,24,72,f4,ce,d0,f0,7a,4d,88,1f,b4,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,24,72,f4,ce,d0,f0,7a,4d,88,1f,b4,\

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-11-22 09:08:54

ComboFix-quarantined-files.txt 2012-11-22 17:08

ComboFix2.txt 2012-11-19 11:31

.

Pre-Run: 531,266,633,728 bytes free

Post-Run: 530,860,998,656 bytes free

.

- - End Of File - - EC9E3A3288862C34817FC3E534084DC6

November 22, 2012

https://www.virustotal.com/file/520cabff6d04c255c143e2ef3b0b2525340bcc961a650e39f185b359d77b5840/analysis/

November 21, 2012

It says that the application cannot be open in windows in Win32 mode..

my computer is 64 bit so i dont see why it doesnt run.

November 20, 2012

Are there anywhere wrong with my computer with the post i posted?

November 19, 2012

ComboFix 12-11-16.02 - Bin 11/19/2012 3:21.2.4 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.5610.3376 [GMT -8:00]

Running from: c:\users\Bin\Downloads\ComboFix.exe

AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Bin\AppData\Local\Temp\22abac685128.tmp

c:\users\Bin\AppData\Local\Temp\8b03d16a82ce.tmp

c:\users\Bin\AppData\Local\Temp\8eb5bac196cd.tmp

c:\users\Bin\AppData\Local\Temp\a044da55a52a.tmp

c:\users\Bin\AppData\Local\Temp\ad73b50bbd3d.tmp

c:\users\Bin\AppData\Local\Temp\b588cce39dd0.tmp

c:\users\Bin\AppData\Local\Temp\c940d5224159.tmp

.

((((((((((((((((((((((((( Files Created from 2012-10-19 to 2012-11-19 )))))))))))))))))))))))))))))))

.

2012-11-19 11:29 . 2012-11-19 11:29 -------- d-----w- c:\users\Default\AppData\Local\temp