[Yontoo Virus]

I tried this today and after waiting about 11 minutes for the log to process I was concerned so I exited, It proceeded to warn of an registry error on what ever I clicked saying that it was deleted or moved. I restarted my computer and it was fine I will give another attempt tomorrow.

[Yontoo Virus]

ComboFix 12-12-01.02 - jim 12/01/2012 20:25:27.2.4 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2606 [GMT -5:00]

Running from: c:\users\jim\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\jim\AppData\Roaming\Love

c:\users\jim\AppData\Roaming\Love\hawkthorne\gamesave-2.json

D:\install.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-11-02 to 2012-12-02 )))))))))))))))))))))))))))))))

.

.

2012-12-02 01:30 . 2012-12-02 01:30 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-02 01:30 . 2012-12-02 01:30 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-12-02 01:30 . 2012-12-02 01:30 -------- d-----w- c:\users\Paige\AppData\Local\temp

2012-12-02 01:30 . 2012-12-02 01:30 -------- d-----w- c:\users\Guest\AppData\Local\temp

2012-11-29 02:21 . 2012-11-29 02:21 -------- d-----w- c:\windows\46ED2B6485C74E1F920CA555B21F2E4C.TMP

2012-11-29 01:31 . 2012-11-29 02:18 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-11-29 01:31 . 2012-11-29 01:31 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-11-28 23:13 . 2012-11-28 23:13 -------- d-----w- c:\program files\Enigma Software Group

2012-11-28 21:45 . 2012-11-28 21:45 -------- d-----w- c:\program files (x86)\TeamViewer

2012-11-28 02:07 . 2012-11-28 02:07 289768 ----a-w- c:\windows\system32\javaws.exe

2012-11-28 02:07 . 2012-11-28 02:07 189416 ----a-w- c:\windows\system32\javaw.exe

2012-11-28 02:07 . 2012-11-28 02:07 188904 ----a-w- c:\windows\system32\java.exe

2012-11-28 02:07 . 2012-11-28 02:07 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll

2012-11-28 01:08 . 2012-11-28 01:08 -------- d-----w- c:\users\jim\AppData\Roaming\eclipse

2012-11-28 00:59 . 2012-11-28 21:31 -------- d-----w- c:\users\jim\AppData\Local\Eclipse

2012-11-28 00:59 . 2012-11-28 21:33 -------- d-----w- c:\users\jim\workspace

2012-11-28 00:46 . 2012-11-28 01:31 -------- d-----w- C:\java

2012-11-25 23:26 . 2012-11-25 23:26 -------- d-----w- c:\program files (x86)\Common Files\Skype

2012-11-25 23:26 . 2012-11-25 23:26 -------- d-----r- c:\program files (x86)\Skype

2012-11-24 01:39 . 2012-11-24 01:39 -------- d-----w- c:\users\Guest\AppData\Roaming\Apple Computer

2012-11-21 02:31 . 2012-11-21 02:31 -------- d-----w- c:\users\Paige\AppData\Roaming\Apple Computer

2012-11-21 01:25 . 2012-11-21 01:25 -------- d-----w- c:\users\jim\AppData\Local\SCE

2012-11-21 01:24 . 2012-11-21 01:24 -------- d-----w- C:\Crash

2012-11-21 01:24 . 2012-11-21 01:25 -------- d-----w- c:\users\jim\AppData\Local\Sony Online Entertainment

2012-11-21 01:21 . 2012-11-21 01:21 -------- d-----w- c:\users\Public\Sony Online Entertainment

2012-11-09 02:52 . 2012-11-09 02:52 -------- d-----w- c:\users\Guest\AppData\Local\Adobe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-28 02:07 . 2012-03-10 00:40 916456 ----a-w- c:\windows\system32\deployJava1.dll

2012-11-28 02:07 . 2012-03-10 00:40 1034216 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-11-28 01:28 . 2012-11-28 01:28 6239053 ----a-w- C:\mcp723.zip

2012-11-12 22:04 . 2012-06-22 17:51 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-11-12 22:04 . 2012-03-13 23:12 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-12 07:19 . 2012-10-25 08:39 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8497A8A7-3491-4001-AD6F-4F4F95243559}\mpengine.dll

2012-09-29 23:54 . 2012-10-26 20:13 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-13 13:26 . 2012-09-04 19:06 1259888 ----a-w- c:\windows\system32\dmwu.exe

2012-09-13 13:25 . 2012-09-04 19:06 35328 ----a-w- c:\windows\system32\ImHttpComm.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{0cc09160-108c-4759-bab1-5c12c216e005}"= "c:\program files (x86)\appbario8\prxtbappb.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{0cc09160-108c-4759-bab1-5c12c216e005}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0cc09160-108c-4759-bab1-5c12c216e005}]

2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\appbario8\prxtbappb.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]

2012-08-23 19:40 167256 ----a-w- c:\program files\Web Assistant\Extension32.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-04 1353080]

"Driver Manager"="c:\program files (x86)\Driver Manager\Driver Manager\DriverManager.exe" [2012-05-21 3513272]

"Driver Detective"="c:\program files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe" [2012-05-21 3515872]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

802.11g USB adapter.lnk - c:\program files (x86)\11g USB adapter\Wifiusb.exe [2004-9-6 487424]

Privoxy.lnk - c:\program files (x86)\Privoxy\privoxy.exe [2011-12-27 359936]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~3\pcperf~1\22558~1.177\{16cdf~1\%prote~1.dll c:\progra~3\pcperf~1\22558~1.177\{16cdf~1\%protector process name%.dll

"LoadAppInit_DLLs"=1 (0x1)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]

R3 ALSysIO;ALSysIO;c:\users\jim\AppData\Local\Temp\ALSysIO64.sys [x]

R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]

R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]

R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]

R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 UsbGps;LGE CDMA USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgx64gps.sys [2008-11-11 27136]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-09 1255736]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]

S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-08-30 8704]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [2012-06-15 103472]

S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [2012-07-17 132056]

S2 PC Performer Manager;PC Performer Manager;c:\programdata\PC Performer Manager\2.2.558.177\{16cdff19-861d-48e3-a751-d99a27784753}\%Protector Process Name%.exe [2012-08-13 1695776]

S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe [2011-11-07 126392]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]

S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-10-23 2848168]

S2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [2012-08-23 188760]

S2 WebOptimizer;WebOptimizer;c:\windows\system32\dmwu.exe [2012-09-13 1259888]

S3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [2009-06-10 707072]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-12-02 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-22 22:04]

.

2012-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-22 22:51]

.

2012-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-22 22:51]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-05-30 7833120]

"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2012-05-30 1833504]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227982

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: {{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files (x86)\SpecialSavings\SpecialSavingsSinged.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{e9df9360-97f8-4690-afe6-996c80790da4} - (no file)

Toolbar-{D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)

WebBrowser-{E9DF9360-97F8-4690-AFE6-996C80790DA4} - (no file)

WebBrowser-{0CC09160-108C-4759-BAB1-5C12C216E005} - (no file)

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]

"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.17.20\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2721748842-2450507710-3540540837-1001\Software\SecuROM\License information*]

@Allowed: (Read) (RestrictedCode)

"datasecu"=hex:ff,bd,56,89,0e,c1,de,ad,84,38,0f,c7,54,de,1a,a7,8e,cd,97,d3,64,

5f,be,32,c3,01,ba,87,51,99,95,d4,59,ae,98,57,3e,c6,61,fb,8b,5e,a2,18,86,5d,\

"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-12-01 20:31:55

ComboFix-quarantined-files.txt 2012-12-02 01:31

.

Pre-Run: 23,443,263,488 bytes free

Post-Run: 23,965,192,192 bytes free

.

- - End Of File - - F715AAD99EA2FE12FF48717B55DAD170

[Yontoo Virus]

Yes it is installed and I am denabling the programs right now

[Yontoo Virus]

DDS (Ver_2012-11-07.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16446

Run by jim at 20:46:17 on 2012-11-29

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2234 [GMT -5:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

C:\Program Files\Web Assistant\ExtensionUpdaterService.exe

C:\Windows\system32\dmwu.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\11g USB adapter\Wifiusb.exe

C:\Program Files (x86)\Privoxy\privoxy.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

c:\PROGRA~2\mcafee\SITEAD~1\saui.exe

C:\Windows\system32\svchost.exe -k HPService

C:\ProgramData\PC Performer Manager\2.2.558.177\{16cdff19-861d-48e3-a751-d99a27784753}\%Protector Process Name%.exe

C:\ProgramData\PC Performer Manager\2.2.558.177\{16cdff19-861d-48e3-a751-d99a27784753}\%Protector Process Name%.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\wuauclt.exe

\\?\C:\Windows\system32\wbem\WMIADAP.EXE

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227982

uURLSearchHooks: {e9df9360-97f8-4690-afe6-996c80790da4} - <orphaned>

uURLSearchHooks: appbario8 Toolbar: {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Program Files (x86)\appbario8\prxtbappb.dll

mURLSearchHooks: appbario8 Toolbar: {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Program Files (x86)\appbario8\prxtbappb.dll

mWinlogon: Userinit = userinit.exe,

BHO: appbario8 Toolbar: {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Program Files (x86)\appbario8\prxtbappb.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: SpecialSavings: {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -

TB: appbario8 Toolbar: {0CC09160-108C-4759-BAB1-5C12C216E005} - C:\Program Files (x86)\appbario8\prxtbappb.dll

TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [Driver Manager] C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe /applicationMode:systemTray /showWelcome:false

uRun: [Driver Detective] C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe /applicationMode:systemTray /showWelcome:false

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\80211G~1.LNK - C:\Program Files (x86)\11g USB adapter\Wifiusb.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Privoxy.lnk - C:\Program Files (x86)\Privoxy\privoxy.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{56F58173-8636-4296-B099-1FE56DB72A91} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{F20D920D-067B-4397-866B-79C415E3DD69} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{F20D920D-067B-4397-866B-79C415E3DD69}\24967644565627 : DHCPNameServer = 75.75.76.76 75.75.75.75 192.168.1.1

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll

x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

x64-Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe

x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-10-11 969200]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-10-11 359464]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-10-11 25232]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-10-11 71600]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-10-11 44808]

R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-7-23 8704]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2012-8-31 103472]

R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [2012-9-22 132056]

R2 PC Performer Manager;PC Performer Manager;C:\ProgramData\PC Performer Manager\2.2.558.177\{16cdff19-861d-48e3-a751-d99a27784753}\%Protector Process Name%.exe [2012-8-13 1695776]

R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe [2012-5-28 126392]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-11-28 1153368]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]

R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-11-28 2848168]

R2 Web Assistant Updater;Web Assistant Updater;C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [2012-9-4 188760]

R2 WebOptimizer;WebOptimizer;C:\Windows\System32\dmwu.exe [2012-9-4 1259888]

R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;C:\Windows\System32\drivers\netr7364.sys [2009-6-10 707072]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-3-11 20992]

S3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-5-26 14648]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-3-11 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]

S3 UsbGps;LGE CDMA USB GPS NMEA Port;C:\Windows\System32\drivers\lgx64gps.sys [2012-9-21 27136]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-9 1255736]

.

=============== File Associations ===============

.

FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice]

.

=============== Created Last 30 ================

.

2012-11-29 02:21:49 -------- d-----w- C:\Windows\46ED2B6485C74E1F920CA555B21F2E4C.TMP

2012-11-29 01:31:01 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2012-11-29 01:31:01 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2012-11-28 23:13:19 -------- d-----w- C:\Program Files\Enigma Software Group

2012-11-28 21:45:17 -------- d-----w- C:\Program Files (x86)\TeamViewer

2012-11-28 02:07:37 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll

2012-11-28 01:08:10 -------- d-----w- C:\Users\jim\AppData\Roaming\eclipse

2012-11-28 00:59:25 -------- d-----w- C:\Users\jim\AppData\Local\Eclipse

2012-11-28 00:59:15 -------- d-----w- C:\Users\jim\workspace

2012-11-28 00:46:01 -------- d-----w- C:\java

2012-11-25 23:26:57 -------- d-----r- C:\Program Files (x86)\Skype

2012-11-21 01:25:22 -------- d-----w- C:\Users\jim\AppData\Local\SCE

2012-11-21 01:24:07 -------- d-----w- C:\Crash

2012-11-21 01:24:06 -------- d-----w- C:\Users\jim\AppData\Local\Sony Online Entertainment

.

==================== Find3M ====================

.

2012-11-28 02:07:33 916456 ----a-w- C:\Windows\System32\deployJava1.dll

2012-11-28 02:07:33 1034216 ----a-w- C:\Windows\System32\npdeployJava1.dll

2012-11-12 22:04:52 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-11-12 22:04:52 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-09-29 23:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-09-13 13:26:50 1259888 ----a-w- C:\Windows\System32\dmwu.exe

2012-09-13 13:25:38 35328 ----a-w- C:\Windows\System32\ImHttpComm.dll

.

============= FINISH: 20:46:33.00 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-07.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume2

Install Date: 3/9/2012 5:16:54 PM

System Uptime: 11/29/2012 8:40:42 PM (0 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P5N-D

Processor: Intel® Core™2 Quad CPU Q6700 @ 2.66GHz | Socket 775 | 3000/300mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 112 GiB total, 22.096 GiB free.

D: is FIXED (NTFS) - 153 GiB total, 142.835 GiB free.

E: is CDROM (CDFS)

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Officejet Pro 8600

Device ID: ROOT\MULTIFUNCTION\0001

Manufacturer: HP

Name: Officejet Pro 8600

PNP Device ID: ROOT\MULTIFUNCTION\0001

Service:

.

==== System Restore Points ===================

.

RP108: 11/27/2012 4:09:21 PM - Installed DirectX

RP109: 11/27/2012 4:10:16 PM - Installed Microsoft Visual C++ 2005 Redistributable

RP110: 11/27/2012 9:06:44 PM - Installed Java SE Development Kit 7 Update 9 (64-bit)

RP111: 11/27/2012 9:07:17 PM - Installed Java 7 Update 9 (64-bit)

RP112: 11/28/2012 6:13:04 PM - Installed SpyHunter

RP113: 11/28/2012 8:28:38 PM - Removed SpyHunter

RP114: 11/28/2012 8:30:22 PM - Removed SpyHunter

.

==== Installed Programs ======================

.

64 Bit HP CIO Components Installer

802.11g USB adapter

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.3)

appbario8 Toolbar

Apple Application Support

Apple Mobile Device Support

Apple Software Update

applicationupdater

avast! Free Antivirus

Bonjour

Borderlands 2

CCleaner

Cisco Connect

Core Temp 1.0 RC3

Dishonored

Driver Detective

Driver Manager

ESN Sonar

gamelauncher-ps2-live

GameSpy Arcade

Giant Savings

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

Hardware Helper

Hi-Rez Studios Authenticate and Update Service

HP Photosmart D110 All-In-One Driver 14.0 Rel. 7

ImgBurn

Intel® Solid-State Drive Toolbox

iTunes

Java 7 Update 9 (64-bit)

Java SE Development Kit 7 Update 9 (64-bit)

Just Cause 2

LG USB Modem driver

Linksys Compact Wireless-G USB Adapter Driver - WUSB54GC

Malwarebytes Anti-Malware version 1.65.1.1000

McAfee SiteAdvisor

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Chart Controls for Microsoft .NET Framework 3.5

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft XNA Framework Redistributable 4.0

MSI Afterburner 2.1.0

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

National Instruments Software

Network64

NI LabVIEW Run-Time Engine 7.0

Norton PC Checkup

NVIDIA 3D Vision Controller Driver 296.10

NVIDIA 3D Vision Driver 296.10

NVIDIA Control Panel 296.10

NVIDIA Graphics Driver 296.10

NVIDIA HD Audio Driver 1.3.12.0

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.0213

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.7.11

NVIDIA Update Components

Origin

PC Performer Manager

PlanetSide 2

Privoxy (remove only)

PS_AIO_07_D110_SW_Min

PunkBuster Services

Realm of the Mad God

Realtek High Definition Audio Driver

Rome - Total War

Scan

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

SetFileDate 2.0

Skype™ 6.0

SpecialSavings

SPORE™

Spybot - Search & Destroy

Steam

Team Fortress 2

TeamViewer 7

Terraria

The Elder Scrolls III: Morrowind

Toolbox

Total War: Shogun 2 - TEd

Tribes: Ascend

TuneUp Utilities Language Pack (en-US)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

War of the Roses

Web Assistant 2.0.0.478

Web Optimizer

WinRAR 4.20 (32-bit)

.

==== Event Viewer Messages From Past Week ========

.

11/29/2012 8:43:06 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

11/29/2012 8:43:06 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.

11/29/2012 3:43:38 PM, Error: nvlddmkm [14] -

11/28/2012 9:17:11 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

11/28/2012 9:17:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

11/28/2012 9:17:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

11/28/2012 9:17:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

11/28/2012 9:17:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

11/28/2012 9:17:00 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf

11/28/2012 9:17:00 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

11/28/2012 9:17:00 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

11/28/2012 9:17:00 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

11/28/2012 9:17:00 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

11/28/2012 9:17:00 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

11/28/2012 9:17:00 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

11/28/2012 9:17:00 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

11/28/2012 9:17:00 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

11/28/2012 9:17:00 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

11/28/2012 9:17:00 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

11/28/2012 9:17:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}

11/23/2012 8:39:05 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} and APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user jim-PC\Guest SID (S-1-5-21-2721748842-2450507710-3540540837-501) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

11/23/2012 12:58:06 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

11/22/2012 12:09:19 AM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.

.

==== End Of File ===========================

aswMBR.txt

[Yontoo Virus]

Yesterday at about four p.m my Norton popped up and warned me of three viruses all Yontoo. Earlier in the summer I accidently downloaded the mystartincredibar, I read some where that it is one of the things that could have put them onto my computer. I just find it strange that overall the summer I was not alerted. It just seems strange to me that it showed up then, earlier that day I had downloaded eclipse to help me, then I proceeded to download TeamViewer 7 so a friend of mine could help get me started with it. Could those two programs cause it? Overall I just want to know how to get yontoo out of my system and have it be safe again.

Also the strangest part for me is this, like I expressed before it was only Norton Pc check up that found it, since norton is a bad security system and it was just a check up it seemed strange. Both my antimalware and avast could not find it.

[Yantoo Virus]

About twoh ours ago surprisingly it was my norton security alerted me to 3 yantoo virus's on my computer. I would like to know how I can remove this virus and all of its dangers