I'm young and I don't know what to do!

TheY0ung0ne · March 10, 2012

Hello! I'm fairly young, and recently malwarebytes quarantined a virus called "trojan.agent" found in my system32 folder. What should I do next to ensure it to be fully deleted and my computer to be virus free? Please refrain from using abbreviations though since i wouldn't understand most of them. PLEASE HELP!

Elise · March 10, 2012

Hello and :welcome:

We need to see some information about what is happening in your machine. Please perform the following scan:

Download DDS by sUBs from one of the following links. Save it to your desktop.
- DDS.scr
- DDS.pif
[*]Double click on the DDS icon, allow it to run.
[*]A small box will open, with an explaination about the tool. No input is needed, the scan is running.
[*]Notepad will open with the results.
[*]Follow the instructions that pop up for posting the results.
[*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

TheY0ung0ne · March 10, 2012

The links you gave me couldn't download. .scr sent me to a blank page, and .pif nothing happens when i press the big green spanish download button.

Elise · March 10, 2012

Run this instead:

OTL

-----

Please download OTL from one of the following mirrors:

- This is THE Mirror

[*]Save it to your desktop.

[*]Double click on the icon on your desktop.

[*]Click the "Scan All Users" checkbox.

[*]Push the button.

[*]Two reports will open, copy and paste them in a reply here:

OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized

TheY0ung0ne · March 10, 2012

OTL Extras logfile created on: 3/9/2012 7:18:18 AM - Run 1

OTL by OldTimer - Version 3.2.36.2 Folder = C:\Users\steven\Downloads

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.53 Gb Available Physical Memory | 63.19% Memory free

8.00 Gb Paging File | 6.01 Gb Available in Paging File | 75.16% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 455.59 Gb Total Space | 169.33 Gb Free Space | 37.17% Space Free | Partition Type: NTFS

Drive D: | 10.17 Gb Total Space | 1.38 Gb Free Space | 13.52% Space Free | Partition Type: NTFS

Drive E: | 6.99 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: STEVEN-PC | User Name: steven | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 285.62

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.62

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit

"Lexmark Pro800-Pro900 Series" = Lexmark Pro800-Pro900 Series

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{624E54D0-E4F4-434F-9EF6-D4D066EE4348}" = Facebook Video Calling 1.1.1.1

"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90140011-0061-0409-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - English

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9910A499-33A8-4EF3-925F-726F2E16ED9E}" = Mastercam X5

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup

"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web

"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8

"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR

"4F6D5E84-5826-4394-9F40-3A9A19165651_is1" = Pandora Service

"Adobe AIR" = Adobe AIR

"InstallShield_{9910A499-33A8-4EF3-925F-726F2E16ED9E}" = Mastercam X5

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000

"McAfee Security Scan" = McAfee Security Scan Plus

"NAV" = Norton AntiVirus

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"Office14.Click2Run" = Microsoft Office Click-to-Run 2010

"Steam App 440" = Team Fortress 2

"SystemRequirementsLab" = System Requirements Lab

"The KMPlayer" = The KMPlayer (remove only)

"VLC media player" = VLC media player 1.1.11

"WinRAR archiver" = WinRAR 4.01 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1090328997-2394222111-2209020592-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 3/5/2012 10:47:28 AM | Computer Name = steven-PC | Source = Application Virtualization Client | ID = 3079

Description = {hap=16:app=OfficeVirt 9014006104090000:tid=1040:usr=steven} The client

could not launch C:\Program Files (x86)\Common Files\microsoft shared\virtualization

handler\OfficeVirt.exe (rc 0C701533-000006BA, last error 87).

Error - 3/5/2012 7:23:21 PM | Computer Name = steven-PC | Source = .NET Runtime | ID = 1026

Description =

Error - 3/5/2012 7:23:22 PM | Computer Name = steven-PC | Source = Application Error | ID = 1000

Description = Faulting application name: Mosaic.exe, version: 1.0.295.0, time stamp:

0x4e4fe9a1 Faulting module name: KERNELBASE.dll, version: 6.1.7600.16850, time stamp:

0x4e211da1 Exception code: 0xe0434352 Fault offset: 0x000000000000a88d Faulting process

id: 0x14e0 Faulting application start time: 0x01ccfb26ea234210 Faulting application

path: C:\Users\steven\Desktop\Mosaic\Mosaic.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll

Report

Id: 3267ce60-671a-11e1-8fcf-001fc6e8ab83

Error - 3/5/2012 7:26:09 PM | Computer Name = steven-PC | Source = .NET Runtime | ID = 1026

Description =

Error - 3/5/2012 7:26:09 PM | Computer Name = steven-PC | Source = Application Error | ID = 1000

Description = Faulting application name: Mosaic.exe, version: 1.0.295.0, time stamp:

0x4e4fe9a1 Faulting module name: KERNELBASE.dll, version: 6.1.7600.16850, time stamp:

0x4e211da1 Exception code: 0xe0434352 Fault offset: 0x000000000000a88d Faulting process

id: 0xa18 Faulting application start time: 0x01ccfb274bc32bc0 Faulting application

path: C:\Users\steven\Desktop\Mosaic\Mosaic.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll

Report

Id: 966927b0-671a-11e1-8fcf-001fc6e8ab83

Error - 3/5/2012 7:47:24 PM | Computer Name = steven-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "C:\$Recycle.Bin\S-1-5-21-1090328997-2394222111-2209020592-1000\$R86B44R.exe".Error

in manifest or policy file "" on line . A component version required by the application

conflicts with another component version already active. Conflicting components

are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Component

2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

Error - 3/7/2012 10:56:28 PM | Computer Name = steven-PC | Source = Application Hang | ID = 1002

Description = The program KMPlayer.exe version 3.1.0.0 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 122c Start

Time: 01ccfcb98612b500 Termination Time: 89 Application Path: C:\PROGRA~2\THEKMP~1\KMPlayer.exe

Report

Id:

Error - 3/9/2012 12:16:23 AM | Computer Name = steven-PC | Source = Application Hang | ID = 1002

Description = The program KMPlayer.exe version 3.1.0.0 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 13cc Start

Time: 01ccfd9664cf3a70 Termination Time: 57 Application Path: C:\PROGRA~2\THEKMP~1\KMPlayer.exe

Report

Id:

Error - 3/9/2012 1:53:54 AM | Computer Name = steven-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "C:\$Recycle.Bin\S-1-5-21-1090328997-2394222111-2209020592-1000\$R86B44R.exe".Error

in manifest or policy file "" on line . A component version required by the application

conflicts with another component version already active. Conflicting components

are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Component

2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

Error - 3/9/2012 11:17:50 AM | Computer Name = steven-PC | Source = Application Hang | ID = 1002

Description = The program OTL.exe version 3.2.36.2 stopped interacting with Windows

and was closed. To see if more information about the problem is available, check

the problem history in the Action Center control panel. Process ID: 4cc Start Time:

01ccfe07afaa46e0 Termination Time: 25 Application Path: C:\Users\steven\Downloads\OTL.exe

Report

Id: 02e18f31-69fb-11e1-846d-001fc6e8ab83

[ System Events ]

Error - 3/9/2012 4:24:19 AM | Computer Name = steven-PC | Source = Service Control Manager | ID = 7001

Description = The Network List Service service depends on the Network Location Awareness

service which failed to start because of the following error: %%1068

Error - 3/9/2012 4:24:19 AM | Computer Name = steven-PC | Source = Service Control Manager | ID = 7001

Description = The Network List Service service depends on the Network Location Awareness

service which failed to start because of the following error: %%1068

Error - 3/9/2012 4:24:19 AM | Computer Name = steven-PC | Source = Service Control Manager | ID = 7001

Description = The Network List Service service depends on the Network Location Awareness

service which failed to start because of the following error: %%1068

Error - 3/9/2012 7:19:40 AM | Computer Name = steven-PC | Source = DCOM | ID = 10005

Description =

Error - 3/9/2012 10:58:26 AM | Computer Name = steven-PC | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the lxecCATSCustConnectService

service to connect.

Error - 3/9/2012 10:58:26 AM | Computer Name = steven-PC | Source = Service Control Manager | ID = 7000

Description = The lxecCATSCustConnectService service failed to start due to the

following error: %%1053

Error - 3/9/2012 11:00:43 AM | Computer Name = steven-PC | Source = Microsoft-Windows-Bits-Client | ID = 16392

Description = The BITS service failed to start. Error 2147942450.

Error - 3/9/2012 11:00:43 AM | Computer Name = steven-PC | Source = Service Control Manager | ID = 7024

Description = The Background Intelligent Transfer Service service terminated with

service-specific error %%-2147024846.

Error - 3/9/2012 11:02:03 AM | Computer Name = steven-PC | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the lxecCATSCustConnectService

service to connect.

Error - 3/9/2012 11:02:03 AM | Computer Name = steven-PC | Source = Service Control Manager | ID = 7000

Description = The lxecCATSCustConnectService service failed to start due to the

following error: %%1053

< End of report >

OTL logfile created on: 3/9/2012 7:18:18 AM - Run 1

OTL by OldTimer - Version 3.2.36.2 Folder = C:\Users\steven\Downloads

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.53 Gb Available Physical Memory | 63.19% Memory free

8.00 Gb Paging File | 6.01 Gb Available in Paging File | 75.16% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 455.59 Gb Total Space | 169.33 Gb Free Space | 37.17% Space Free | Partition Type: NTFS

Drive D: | 10.17 Gb Total Space | 1.38 Gb Free Space | 13.52% Space Free | Partition Type: NTFS

Drive E: | 6.99 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: STEVEN-PC | User Name: steven | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/09 07:16:24 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\steven\Downloads\OTL.exe

PRC - [2012/03/02 11:16:57 | 001,867,480 | ---- | M] (Pandora.TV) -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe

PRC - [2012/02/22 10:52:34 | 000,489,256 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe

PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/01/12 17:25:33 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe

PRC - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2011/10/15 00:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

PRC - [2011/04/16 16:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.0.13\ccsvchst.exe

PRC - [2010/05/17 06:14:11 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe

PRC - [2010/05/17 06:14:09 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe

PRC - [2010/01/15 04:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

PRC - [2009/12/02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2009/12/02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

========== Modules (No Company Name) ==========

MOD - [2012/03/08 06:28:52 | 000,429,040 | ---- | M] () -- C:\Users\steven\AppData\Local\Google\Chrome\Application\17.0.963.78\ppGoogleNaClPluginChrome.dll

MOD - [2012/03/08 06:28:51 | 003,772,912 | ---- | M] () -- C:\Users\steven\AppData\Local\Google\Chrome\Application\17.0.963.78\pdf.dll

MOD - [2012/03/08 06:27:26 | 000,122,880 | ---- | M] () -- C:\Users\steven\AppData\Local\Google\Chrome\Application\17.0.963.78\avutil-51.dll

MOD - [2012/03/08 06:27:24 | 000,220,672 | ---- | M] () -- C:\Users\steven\AppData\Local\Google\Chrome\Application\17.0.963.78\avformat-53.dll

MOD - [2012/03/08 06:27:23 | 001,747,456 | ---- | M] () -- C:\Users\steven\AppData\Local\Google\Chrome\Application\17.0.963.78\avcodec-53.dll

MOD - [2012/03/08 01:39:20 | 008,593,056 | ---- | M] () -- C:\Users\steven\AppData\Local\Google\Chrome\Application\17.0.963.78\gcswf32.dll

MOD - [2012/03/08 01:39:20 | 008,593,056 | ---- | M] () -- C:\Users\steven\AppData\Local\Google\Chrome\APPLIC~1\170963~1.78\gcswf32.dll

MOD - [2012/02/22 10:52:33 | 014,415,144 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll

MOD - [2012/02/22 10:52:32 | 000,914,216 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-52.dll

MOD - [2012/02/22 10:52:32 | 000,857,896 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll

MOD - [2012/02/22 10:52:32 | 000,155,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-52.dll

MOD - [2012/02/22 10:52:32 | 000,091,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-50.dll

MOD - [2010/05/17 06:14:11 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe

MOD - [2010/05/17 06:14:09 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe

MOD - [2010/04/05 02:56:20 | 000,094,359 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epoemdll.dll

MOD - [2010/04/05 02:56:19 | 000,045,221 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epstring.dll

MOD - [2010/04/05 02:56:17 | 002,203,803 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epwizres.dll

MOD - [2010/04/05 02:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epwizard.dll

MOD - [2010/04/05 02:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\customui.dll

MOD - [2010/04/05 02:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epfunct.dll

MOD - [2010/04/05 02:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\eputil.dll

MOD - [2010/04/05 02:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\imagutil.dll

MOD - [2010/04/01 09:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecdrs.dll

MOD - [2010/04/01 09:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecscw.dll

MOD - [2009/05/27 04:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecdatr.dll

MOD - [2009/04/07 11:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\iptk.dll

MOD - [2009/03/09 21:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxeccaps.dll

MOD - [2009/03/02 06:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecptp.dll

MOD - [2009/02/20 00:48:43 | 000,023,552 | ---- | M] () -- C:\Windows\SysWOW64\LXECsmr.dll

MOD - [2009/02/20 00:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\SysWOW64\LXECsm.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/11 15:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)

SRV:64bit: - [2010/04/14 12:08:30 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxeccoms.exe -- (lxec_device)

SRV:64bit: - [2010/04/14 12:08:23 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxecserv.exe -- (lxecCATSCustConnectService)

SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2012/03/02 11:16:57 | 001,867,480 | ---- | M] (Pandora.TV) [Auto | Running] -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe -- (PanService)

SRV - [2012/02/22 10:52:34 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/02/15 13:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2011/10/15 00:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)

SRV - [2011/04/16 16:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.0.13\ccSvcHst.exe -- (NAV)

SRV - [2010/04/14 12:08:12 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxeccoms.exe -- (lxec_device)

SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/01/15 04:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2009/12/02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2009/12/02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2011/09/22 17:38:52 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2011/07/22 08:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)

DRV:64bit: - [2011/07/12 13:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)

DRV:64bit: - [2011/04/20 17:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1207000.00D\symnets.sys -- (SymNetS)

DRV:64bit: - [2011/03/30 19:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NAVx64\1207000.00D\srtsp64.sys -- (SRTSP)

DRV:64bit: - [2011/03/30 19:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1207000.00D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)

DRV:64bit: - [2011/03/14 18:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1207000.00D\symefa64.sys -- (SymEFA)

DRV:64bit: - [2011/03/10 22:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/10 22:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/01/26 22:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1207000.00D\symds64.sys -- (SymDS)

DRV:64bit: - [2011/01/26 21:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1207000.00D\ironx64.sys -- (SymIRON)

DRV:64bit: - [2009/12/02 22:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)

DRV:64bit: - [2009/12/02 22:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)

DRV:64bit: - [2009/12/02 22:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)

DRV:64bit: - [2009/12/02 22:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)

DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/13 17:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 13:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (VST64_DPV)

DRV:64bit: - [2009/06/10 13:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (winachsf)

DRV:64bit: - [2009/06/10 13:01:11 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTBS26.SYS -- (VST64HWBS2)

DRV:64bit: - [2009/06/10 12:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)

DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2006/12/13 17:14:14 | 000,065,024 | ---- | M] (Aladdin Knowledge Systems Ltd.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)

DRV:64bit: - [2006/12/04 09:44:14 | 000,314,368 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (Hardlock)

DRV - [2011/12/07 22:13:41 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20111214.001\EX64.SYS -- (NAVEX15)

DRV - [2011/12/07 22:13:41 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20111214.001\ENG64.SYS -- (NAVENG)

DRV - [2011/11/14 11:28:01 | 001,156,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20111210.003\BHDrvx64.sys -- (BHDrvx64)

DRV - [2011/11/08 16:14:55 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2011/11/08 16:14:55 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2011/09/23 08:11:20 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20111214.001\IDSviA64.sys -- (IDSVia64)

DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1090328997-2394222111-2209020592-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =

IE - HKU\S-1-5-21-1090328997-2394222111-2209020592-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

IE - HKU\S-1-5-21-1090328997-2394222111-2209020592-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=108973&tt=191011_bsttb&babsrc=HP_ss&mntrId=46b7b13f000000000000001fc6e8ab83

IE - HKU\S-1-5-21-1090328997-2394222111-2209020592-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-1090328997-2394222111-2209020592-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-1090328997-2394222111-2209020592-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 85 3C 61 C6 BE CC 01 [binary data]

IE - HKU\S-1-5-21-1090328997-2394222111-2209020592-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKU\S-1-5-21-1090328997-2394222111-2209020592-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-1090328997-2394222111-2209020592-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=108973&tt=191011_bsttb&babsrc=SP_ss&mntrId=46b7b13f000000000000001fc6e8ab83

IE - HKU\S-1-5-21-1090328997-2394222111-2209020592-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={28B2952D-B3F2-416E-9EB0-5FE1EB64D73B}&mid=9893ad30609a47d182c5d156800c4270-0557ce5b5a869d7192b761f919a9816f19e08fef〈=en&ds=ins10&pr=&d=2011-12-24 15:30:54&v=8.0.0.34&sap=dsp&q={searchTerms}

IE - HKU\S-1-5-21-1090328997-2394222111-2209020592-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\steven\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\steven\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\steven\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2011/09/27 13:23:04 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\steven\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\steven\AppData\Local\Google\Chrome\Application\17.0.963.78\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\steven\AppData\Local\Google\Chrome\Application\17.0.963.78\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\steven\AppData\Local\Google\Chrome\Application\17.0.963.78\pdf.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\steven\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

CHR - plugin: Google Update (Enabled) = C:\Users\steven\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll

CHR - plugin: OGPlanet Game Plugin (Enabled) = C:\Windows\system32\npOGPPlugin.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.0.13\ips\ipsbho.dll (Symantec Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.

O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe ()

O4:64bit: - HKLM..\Run: [lxecmon.exe] C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1090328997-2394222111-2209020592-1000..\Run: [Facebook Update] C:\Users\steven\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O4 - HKU\S-1-5-21-1090328997-2394222111-2209020592-1000..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)

O4 - HKU\S-1-5-21-1090328997-2394222111-2209020592-1000..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - HKU\S-1-5-21-1090328997-2394222111-2209020592-1000..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED File not found

O4 - HKU\S-1-5-21-1090328997-2394222111-2209020592-1000..\Run: [windows] C:\Users\steven\AppData\Roaming\svc.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1090328997-2394222111-2209020592-1004..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-21-1090328997-2394222111-2209020592-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\S-1-5-21-1090328997-2394222111-2209020592-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1090328997-2394222111-2209020592-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKU\S-1-5-21-1090328997-2394222111-2209020592-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O9:64bit: - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe" File not found

O9:64bit: - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe" File not found

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{13B7CE48-FDAE-4E66-AD65-5489ADCE3D9E}: DhcpNameServer = 192.168.1.254

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2010/05/24 20:56:52 | 000,000,046 | -H-- | M] () - E:\autorun.inf -- [ UDF ]

O33 - MountPoints2\{f8be0ae7-e577-11e0-be44-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{f8be0ae7-e577-11e0-be44-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Installer.exe -- [2010/05/24 20:56:52 | 002,505,256 | ---- | M] ()

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/08 22:54:51 | 000,000,000 | ---D | C] -- C:\Users\steven\AppData\Roaming\SUPERAntiSpyware.com

[2012/03/08 22:54:07 | 000,000,000 | ---D | C] -- C:\Users\steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2012/03/08 22:54:03 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2012/03/08 22:54:03 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2012/03/08 21:43:10 | 000,000,000 | ---D | C] -- C:\Users\steven\AppData\Roaming\Malwarebytes

[2012/03/08 21:43:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/03/08 21:43:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/03/08 21:43:03 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/03/08 21:43:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/03/08 20:54:44 | 001,169,224 | ---- | C] (Microsoft Corporation) -- C:\Users\steven\AppData\Roaming\svc.exe

[2012/03/08 20:53:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2012/03/08 20:53:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2012/03/08 20:53:15 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll

[2012/03/08 20:53:15 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe

[2012/03/08 20:53:15 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe

[2012/03/08 20:53:15 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

[2012/03/08 20:52:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

[2012/03/05 21:32:47 | 000,000,000 | R--D | C] -- C:\Users\steven\Documents\Scanned Documents

[2012/03/05 21:32:46 | 000,000,000 | ---D | C] -- C:\Users\steven\Documents\Fax

[2012/03/05 15:32:29 | 000,000,000 | ---D | C] -- C:\Users\steven\MOSAIC

[2012/03/04 14:48:16 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer_edit_w7sbc.exe

[2012/03/04 14:48:16 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer_backup_w7sbc.exe

[2012/03/04 14:48:16 | 002,387,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe

[2012/03/04 14:48:16 | 000,000,000 | ---D | C] -- C:\Windows\W7SBC

[2012/03/04 14:48:05 | 000,917,504 | ---- | C] (The Windows Club) -- C:\Users\steven\Desktop\Windows 7 Start Button Changer v 2.6.exe

[2012/03/04 14:20:05 | 000,000,000 | ---D | C] -- C:\Users\steven\AppData\Roaming\replacer

[2012/03/02 19:57:55 | 000,000,000 | ---D | C] -- C:\Users\steven\AppData\Local\Howei

[2012/03/02 19:41:35 | 000,431,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp100.dll

[2012/03/02 19:41:28 | 000,431,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp100.dll

[2012/03/02 19:29:56 | 000,761,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr100.dll

[2012/03/02 19:27:48 | 000,761,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr100.dll

[2012/03/02 11:18:44 | 000,000,000 | ---D | C] -- C:\Users\steven\Documents\The KMPlayer

[2012/03/02 11:16:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PANDORATV

[2012/03/02 11:16:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PANDORA.TV

[2012/03/02 11:16:07 | 000,000,000 | ---D | C] -- C:\Users\steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer

[2012/03/02 11:16:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The KMPlayer

[2012/02/25 14:30:34 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype

[2012/02/25 14:30:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2012/02/25 14:30:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

[2012/02/18 13:45:46 | 000,000,000 | ---D | C] -- C:\Users\steven\AppData\Local\Microsoft Games

[2012/02/13 08:08:50 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll

[2012/02/13 08:08:37 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl

[2012/02/13 08:08:37 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl

[2012/02/13 08:08:29 | 000,634,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll

[2012/02/13 08:08:11 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2012/02/13 08:08:11 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012/02/13 08:08:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012/02/13 08:08:10 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec

[2012/02/13 08:08:10 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec

[2012/02/13 08:08:10 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll

[2012/02/13 08:08:10 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2012/02/13 08:08:10 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012/02/13 08:08:10 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012/02/13 08:08:10 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012/02/13 08:08:10 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012/02/13 08:08:10 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll

[2012/02/13 08:08:10 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll

[2012/02/13 08:08:10 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe

[2012/02/13 08:08:10 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe

[2012/02/12 10:26:08 | 000,000,000 | ---D | C] -- C:\Users\steven\Documents\Leawo

[1 C:\Users\steven\Documents\*.tmp files -> C:\Users\steven\Documents\*.tmp -> ]

[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/09 07:12:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1090328997-2394222111-2209020592-1003UA.job

[2012/03/09 07:09:31 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/03/09 07:09:31 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/03/09 07:02:11 | 000,000,330 | -H-- | M] () -- C:\Windows\tasks\C__Users_steven_AppData_Local_Temp_oi_VPCjKo75r0_fliptoast.app.13369.fliptoast.exe.job

[2012/03/09 07:01:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/03/09 07:01:47 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys

[2012/03/08 23:57:01 | 000,006,890 | ---- | M] () -- C:\Users\steven\AppData\Roaming\iolakalogss

[2012/03/08 23:06:30 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 1ba5fd36-79dc-4017-847f-4f0457e936a6.job

[2012/03/08 23:06:30 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 05eb8f23-845e-43ba-a8e0-b75bdf2d90aa.job

[2012/03/08 22:54:08 | 000,001,814 | ---- | M] () -- C:\Users\steven\Desktop\SUPERAntiSpyware Professional.lnk

[2012/03/08 22:52:02 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1090328997-2394222111-2209020592-1000UA.job

[2012/03/08 21:46:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1090328997-2394222111-2209020592-1003UA.job

[2012/03/08 21:43:05 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/03/08 21:42:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1090328997-2394222111-2209020592-1000UA.job

[2012/03/08 20:52:59 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll

[2012/03/08 20:52:59 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe

[2012/03/08 20:52:59 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe

[2012/03/08 20:52:59 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

[2012/03/08 19:52:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1090328997-2394222111-2209020592-1000Core.job

[2012/03/08 18:46:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1090328997-2394222111-2209020592-1003Core.job

[2012/03/08 14:42:04 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1090328997-2394222111-2209020592-1000Core.job

[2012/03/06 06:50:00 | 000,061,997 | ---- | M] () -- C:\Users\steven\Desktop\bvbvbvb.jpg

[2012/03/05 21:37:51 | 000,032,068 | ---- | M] () -- C:\Users\steven\Desktop\bvbvbvb.png

[2012/03/03 12:21:46 | 000,001,442 | ---- | M] () -- C:\Users\steven\Documents\gfdgdfg.rtf

[2012/03/03 09:12:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1090328997-2394222111-2209020592-1003Core.job

[2012/03/02 19:27:54 | 000,761,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr100.dll

[2012/03/02 19:27:54 | 000,761,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr100.dll

[2012/03/02 11:16:08 | 000,001,045 | ---- | M] () -- C:\Users\steven\Desktop\KMPlayer.lnk

[2012/03/01 06:47:41 | 000,002,547 | ---- | M] () -- C:\Users\steven\Documents\````.rtf

[2012/02/28 19:03:39 | 001,836,542 | ---- | M] () -- C:\Users\steven\Desktop\02-25-2012 06;56;43PM.JPG

[2012/02/26 22:48:42 | 001,507,979 | ---- | M] () -- C:\Users\steven\Desktop\02-26-2012 09;12;36PM.JPG

[2012/02/25 14:30:35 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[2012/02/15 06:56:42 | 000,002,432 | ---- | M] () -- C:\Users\steven\Documents\ddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd.rtf

[2012/02/14 05:24:35 | 002,877,096 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/02/13 14:00:20 | 000,793,578 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/02/13 14:00:20 | 000,660,512 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/02/13 14:00:20 | 000,121,182 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/02/13 13:56:02 | 000,000,594 | ---- | M] () -- C:\Users\steven\Documents\@.rtf

[1 C:\Users\steven\Documents\*.tmp files -> C:\Users\steven\Documents\*.tmp -> ]

[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/08 22:54:54 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 05eb8f23-845e-43ba-a8e0-b75bdf2d90aa.job

[2012/03/08 22:54:53 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 1ba5fd36-79dc-4017-847f-4f0457e936a6.job

[2012/03/08 22:54:08 | 000,001,814 | ---- | C] () -- C:\Users\steven\Desktop\SUPERAntiSpyware Professional.lnk

[2012/03/08 21:43:05 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/03/08 20:55:14 | 000,006,890 | ---- | C] () -- C:\Users\steven\AppData\Roaming\iolakalogss

[2012/03/05 19:36:43 | 000,061,997 | ---- | C] () -- C:\Users\steven\Desktop\bvbvbvb.jpg

[2012/03/04 21:04:20 | 000,032,068 | ---- | C] () -- C:\Users\steven\Desktop\bvbvbvb.png

[2012/03/03 12:21:46 | 000,001,442 | ---- | C] () -- C:\Users\steven\Documents\gfdgdfg.rtf

[2012/03/02 11:16:08 | 000,001,045 | ---- | C] () -- C:\Users\steven\Desktop\KMPlayer.lnk

[2012/02/26 22:48:39 | 000,002,547 | ---- | C] () -- C:\Users\steven\Documents\````.rtf

[2012/02/26 21:12:40 | 001,507,979 | ---- | C] () -- C:\Users\steven\Desktop\02-26-2012 09;12;36PM.JPG

[2012/02/25 18:56:47 | 001,836,542 | ---- | C] () -- C:\Users\steven\Desktop\02-25-2012 06;56;43PM.JPG

[2012/02/25 14:30:34 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk

[2012/02/19 19:47:04 | 000,000,932 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1090328997-2394222111-2209020592-1000UA.job

[2012/02/19 19:47:04 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1090328997-2394222111-2209020592-1000Core.job

[2012/02/14 23:54:02 | 000,002,432 | ---- | C] () -- C:\Users\steven\Documents\ddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd.rtf

[2012/02/13 13:56:02 | 000,000,594 | ---- | C] () -- C:\Users\steven\Documents\@.rtf

[2011/12/14 16:26:42 | 000,773,080 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/10/15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

[2011/09/24 19:48:34 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\LXECinst.dll

[2011/09/24 19:48:33 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecpmui.dll

[2011/09/24 19:48:33 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecinpa.dll

[2011/09/24 19:48:33 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeccomx.dll

[2011/09/24 19:48:33 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeciesc.dll

[2011/09/24 19:48:33 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxecins.dll

[2011/09/24 19:48:33 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxecinsb.dll

[2011/09/24 19:48:33 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeccu.dll

[2011/09/24 19:48:33 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxecinsr.dll

[2011/09/24 19:48:33 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeccub.dll

[2011/09/24 19:48:33 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxecjswr.dll

[2011/09/24 19:48:33 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeccur.dll

[2011/09/24 19:48:32 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecserv.dll

[2011/09/24 19:48:32 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecusb1.dll

[2011/09/24 19:48:32 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccomc.dll

[2011/09/24 19:48:32 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxechbn3.dll

[2011/09/24 19:48:32 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccoms.exe

[2011/09/24 19:48:32 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeclmpm.dll

[2011/09/24 19:48:32 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccomm.dll

[2011/09/24 19:48:32 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecih.exe

[2011/09/24 19:48:31 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccfg.exe

[2011/09/24 17:55:57 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXECsm.dll

[2011/09/24 17:55:57 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\LXECsmr.dll

< End of report >

Elise · March 10, 2012

Hi again,

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
Double click on Combofix.exe and follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

TheY0ung0ne · March 10, 2012

ComboFix 12-03-10.02 - steven 03/09/2012 7:45.1.2 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.2548 [GMT -8:00]

Running from: c:\users\steven\Downloads\ComboFix.exe

AV: Norton AntiVirus *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Norton AntiVirus *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\SPL902F.tmp

c:\programdata\Tarma Installer

c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setup.dll

c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll

c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.dat

c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.exe

c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.ico

c:\users\steven\Documents\~WRL1127.tmp

.

((((((((((((((((((((((((( Files Created from 2012-02-09 to 2012-03-09 )))))))))))))))))))))))))))))))

.

2012-03-09 15:58 . 2012-03-09 15:58 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-03-09 15:58 . 2012-03-09 15:58 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-09 15:58 . 2012-03-09 15:58 -------- d-----w- c:\users\steven_2\AppData\Local\temp

2012-03-09 15:58 . 2012-03-09 15:58 -------- d-----w- c:\users\Guest\AppData\Local\temp

2012-03-09 06:54 . 2012-03-09 06:54 -------- d-----w- c:\users\steven\AppData\Roaming\SUPERAntiSpyware.com

2012-03-09 06:54 . 2012-03-09 06:54 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-03-09 06:54 . 2012-03-09 06:54 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-03-09 05:43 . 2012-03-09 08:12 -------- d-----w- c:\users\steven\AppData\Roaming\Malwarebytes

2012-03-09 05:43 . 2012-03-09 05:43 -------- d-----w- c:\programdata\Malwarebytes

2012-03-09 05:43 . 2012-03-09 05:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-03-09 05:43 . 2011-12-10 23:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-09 04:54 . 2009-06-10 21:23 1169224 ----a-w- c:\users\steven\AppData\Roaming\svc.exe

2012-03-09 04:53 . 2012-03-09 08:13 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-03-09 04:53 . 2012-03-09 04:52 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-03-09 04:52 . 2012-03-09 08:13 -------- d-----w- c:\program files (x86)\Java

2012-03-08 22:20 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{79CD807A-0B5A-45AA-AD96-37678B0E082B}\mpengine.dll

2012-03-05 23:32 . 2012-03-05 23:38 -------- d-----w- c:\users\steven\MOSAIC

2012-03-04 22:48 . 2012-03-04 22:48 -------- d-----w- c:\windows\W7SBC

2012-03-04 22:48 . 2011-02-26 06:23 2870272 ----a-w- c:\windows\explorer_edit_w7sbc.exe

2012-03-04 22:48 . 2011-02-26 06:23 2870272 ----a-w- c:\windows\explorer_backup_w7sbc.exe

2012-03-04 22:48 . 2011-02-26 06:23 2387456 ----a-w- c:\windows\explorer.exe

2012-03-04 22:20 . 2012-03-04 22:20 -------- d-----w- c:\users\steven\AppData\Roaming\replacer

2012-03-03 03:57 . 2012-03-03 03:57 -------- d-----w- c:\users\steven\AppData\Local\Howei

2012-03-03 03:41 . 2009-09-24 00:48 431936 ----a-w- c:\windows\system32\msvcp100.dll

2012-03-03 03:41 . 2009-09-24 00:48 431936 ----a-w- c:\windows\SysWow64\msvcp100.dll

2012-03-03 03:29 . 2012-03-03 03:27 761152 ----a-w- c:\windows\system32\msvcr100.dll

2012-03-03 03:27 . 2012-03-03 03:27 761152 ----a-w- c:\windows\SysWow64\msvcr100.dll

2012-03-02 19:16 . 2012-03-02 19:16 -------- d-----w- c:\program files (x86)\PANDORA.TV

2012-03-02 19:16 . 2012-03-02 19:17 -------- d-----w- c:\program files (x86)\The KMPlayer

2012-02-25 22:30 . 2012-02-25 22:30 -------- d-----w- c:\program files (x86)\Common Files\Skype

2012-02-25 22:30 . 2012-02-25 22:30 -------- d-----r- c:\program files (x86)\Skype

2012-02-18 21:45 . 2012-02-18 21:45 -------- d-----w- c:\users\steven\AppData\Local\Microsoft Games

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-23 17:18 . 2011-09-23 00:27 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-01-11 03:25 . 2011-10-05 23:04 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-12-27 03:18 . 2011-12-27 03:18 18944 ----a-r- c:\users\steven\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2011-02-26 . E38899074D4951D31B4040E994DD7C8D . 2870784 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe

[-] 2011-02-26 . A2F93641D118A8278C32ABCFBE2D9D3D . 2387456 . . [6.1.7600.16385] .. c:\windows\explorer.exe

[7] 2011-02-26 . 0862495E0C825893DB75EF44FAEA8E93 . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe

[7] 2011-02-26 . 3B69712041F3D63605529BD66DC00C48 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe

[7] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe

[7] 2010-11-20 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7600.16385] .. c:\windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

[7] 2009-10-31 . B8EC4BD49CE8F6FC457721BFC210B67F . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe

[7] 2009-10-31 . 9AAAEC8DAC27AA17B053E6352AD233AE . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe

[7] 2009-08-03 . 700073016DAC1C3D2E7E2CE4223334B6 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe

[7] 2009-08-03 . F170B4A061C9E026437B193B4D571799 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

[7] 2009-07-14 . C235A51CB740E45FFA0EBFB9BAFCDA64 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-01-13 1242448]

"Facebook Update"="c:\users\steven\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-02-20 137536]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-15 17146504]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 4785536]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 lxecCATSCustConnectService;lxecCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe [2010-04-14 45736]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1207000.00D\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1207000.00D\SYMEFA64.SYS [x]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20111210.003\BHDrvx64.sys [2011-11-14 1156216]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20111214.001\IDSvia64.sys [2011-09-23 488568]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1207000.00D\Ironx64.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1207000.00D\SYMNETS.SYS [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

S2 aksdf;aksdf;c:\windows\system32\DRIVERS\aksdf.sys [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]

S2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe [2010-04-14 1052328]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\18.7.0.13\ccSvcHst.exe [2011-04-17 130008]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]

S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-03-02 1867480]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-03 483688]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 138360]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-03 209768]

S3 VST64_DPV;VST64_DPV;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

S3 VST64HWBS2;VST64HWBS2;c:\windows\system32\DRIVERS\VSTBS26.SYS [x]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1090328997-2394222111-2209020592-1000Core.job

- c:\users\steven\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-20 03:47]

.

2012-03-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1090328997-2394222111-2209020592-1000UA.job

- c:\users\steven\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-20 03:47]

.

2012-03-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1090328997-2394222111-2209020592-1003Core.job

- c:\users\steven_2\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-29 01:41]

.

2012-03-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1090328997-2394222111-2209020592-1003UA.job

- c:\users\steven_2\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-29 01:41]

.

2012-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1090328997-2394222111-2209020592-1000Core.job

- c:\users\steven\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-23 02:27]

.

2012-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1090328997-2394222111-2209020592-1000UA.job

- c:\users\steven\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-23 02:27]

.

2012-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1090328997-2394222111-2209020592-1003Core.job

- c:\users\steven_2\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-06 21:26]

.

2012-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1090328997-2394222111-2209020592-1003UA.job

- c:\users\steven_2\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-06 21:26]

.

2012-03-09 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 05eb8f23-845e-43ba-a8e0-b75bdf2d90aa.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

2012-03-09 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 1ba5fd36-79dc-4017-847f-4f0457e936a6.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

--------- x86-64 -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"lxecmon.exe"="c:\program files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe" [2010-05-17 770728]

"EzPrint"="c:\program files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe" [2010-05-17 148280]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://search.babylon.com/?AF=108973&tt=191011_bsttb&babsrc=HP_ss&mntrId=46b7b13f000000000000001fc6e8ab83

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.1.254

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe

AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]

"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\18.7.0.13\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\18.7.0.13\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Steam\SteamService.exe

.

**************************************************************************

.

Completion time: 2012-03-09 08:08:23 - machine was rebooted

ComboFix-quarantined-files.txt 2012-03-09 16:08

.

Pre-Run: 181,479,284,736 bytes free

Post-Run: 181,226,000,384 bytes free

.

- - End Of File - - 0AD12C87046D829B9544898FA8C918C6

Elise · March 10, 2012

Hi again,

CF-SCRIPT

-------------

We need to execute a CF-script.

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:


FCopy::
c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe | c:\windows\explorer.exe

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

TheY0ung0ne · March 10, 2012

ComboFix 12-03-10.02 - steven 03/09/2012 9:46.2.2 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.2734 [GMT -8:00]

Running from: c:\users\steven\Downloads\ComboFix.exe

Command switches used :: c:\users\steven\Desktop\CFScript.txt

AV: Norton AntiVirus *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Norton AntiVirus *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\search.babylon.com_favicon.ico

c:\users\steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\www.leawo.com_favicon.ico

c:\users\steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\www.youtube.com_favicon.ico

.

((((((((((((((((((((((((( Files Created from 2012-02-09 to 2012-03-09 )))))))))))))))))))))))))))))))

.

2012-03-09 19:30 . 2012-03-09 19:30 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-03-09 19:30 . 2012-03-09 19:30 -------- d-----w- c:\users\steven_2\AppData\Local\temp

2012-03-09 19:30 . 2012-03-09 19:30 -------- d-----w- c:\users\Guest\AppData\Local\temp

2012-03-09 19:30 . 2012-03-09 19:30 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-09 17:43 . 2012-03-09 17:43 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{79CD807A-0B5A-45AA-AD96-37678B0E082B}\offreg.dll