RyanJamesM Posted November 29, 2012 ID:618356 Share Posted November 29, 2012 Yesterday at about four p.m my Norton popped up and warned me of three viruses all Yontoo. Earlier in the summer I accidently downloaded the mystartincredibar, I read some where that it is one of the things that could have put them onto my computer. I just find it strange that overall the summer I was not alerted. It just seems strange to me that it showed up then, earlier that day I had downloaded eclipse to help me, then I proceeded to download TeamViewer 7 so a friend of mine could help get me started with it. Could those two programs cause it? Overall I just want to know how to get yontoo out of my system and have it be safe again.Also the strangest part for me is this, like I expressed before it was only Norton Pc check up that found it, since norton is a bad security system and it was just a check up it seemed strange. Both my antimalware and avast could not find it. Link to post Share on other sites More sharing options...
jeffce Posted November 30, 2012 ID:618417 Share Posted November 30, 2012 Hi and Welcome!! My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following: I will be working on your Malware issues, this may or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for the issues on this machine. Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear. It's often worth reading through these instructions and printing them for ease of reference. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry. Please reply to this thread. Do not start a new topic.IMPORTANT NOTE : Please do not delete anything unless instructed to.DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.Vista and Windows 7 users:These tools MUST be run from the executable (.exe) every time you run themwith Admin Rights (Right click, choose "Run as Administrator")Stay with this topic until I give you the all clean post.---------Please download DDS from either of these linksLINK 1LINK 2and save it to your desktop.Disable any script blocking protectionRight-click and Run as Administrator dds to run the tool.When done, two DDS.txt's will open.Save both reports to your desktop.---------------------------------------------------Please include the contents of the following in your next reply:DDS.txtAttach.txt----------Please download aswMBR to your desktop.Double click the aswMBR icon to run it.Click the Scan button to start scan.If you are asked to update the Avast Virus database please allow it to do so.When it finishes, press the save log button, save the logfile to your desktop and attach its contents in your next reply.Click the image to enlarge it---------- Link to post Share on other sites More sharing options...
RyanJamesM Posted November 30, 2012 Author ID:618425 Share Posted November 30, 2012 DDS (Ver_2012-11-07.01) - NTFS_AMD64Internet Explorer: 9.0.8112.16446Run by jim at 20:46:17 on 2012-11-29Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2234 [GMT -5:00].AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files\AVAST Software\Avast\AvastSvc.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exec:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exeC:\Windows\system32\rundll32.exeC:\Windows\system32\rundll32.exeC:\Windows\SysWOW64\rundll32.exeC:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\SysWOW64\PnkBstrA.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exeC:\Program Files\Web Assistant\ExtensionUpdaterService.exeC:\Windows\system32\dmwu.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exeC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Program Files (x86)\Steam\Steam.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\11g USB adapter\Wifiusb.exeC:\Program Files (x86)\Privoxy\privoxy.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files (x86)\Common Files\Steam\SteamService.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exec:\PROGRA~2\mcafee\SITEAD~1\saui.exeC:\Windows\system32\svchost.exe -k HPServiceC:\ProgramData\PC Performer Manager\2.2.558.177\{16cdff19-861d-48e3-a751-d99a27784753}\%Protector Process Name%.exeC:\ProgramData\PC Performer Manager\2.2.558.177\{16cdff19-861d-48e3-a751-d99a27784753}\%Protector Process Name%.exeC:\Windows\system32\sppsvc.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\svchost.exe -k SDRSVCC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\servicing\TrustedInstaller.exeC:\Windows\system32\wuauclt.exe\\?\C:\Windows\system32\wbem\WMIADAP.EXEC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227982uURLSearchHooks: {e9df9360-97f8-4690-afe6-996c80790da4} - <orphaned>uURLSearchHooks: appbario8 Toolbar: {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Program Files (x86)\appbario8\prxtbappb.dllmURLSearchHooks: appbario8 Toolbar: {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Program Files (x86)\appbario8\prxtbappb.dllmWinlogon: Userinit = userinit.exe,BHO: appbario8 Toolbar: {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Program Files (x86)\appbario8\prxtbappb.dllBHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dllBHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dllBHO: SpecialSavings: {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dllBHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dllBHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -TB: appbario8 Toolbar: {0CC09160-108C-4759-BAB1-5C12C216E005} - C:\Program Files (x86)\appbario8\prxtbappb.dllTB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dllTB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dlluRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silentuRun: [Driver Manager] C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe /applicationMode:systemTray /showWelcome:falseuRun: [Driver Detective] C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe /applicationMode:systemTray /showWelcome:falseuRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exemRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /noguimRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\80211G~1.LNK - C:\Program Files (x86)\11g USB adapter\Wifiusb.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Privoxy.lnk - C:\Program Files (x86)\Privoxy\privoxy.exemPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dllIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dllTrusted Zone: clonewarsadventures.comTrusted Zone: freerealms.comTrusted Zone: soe.comTrusted Zone: sony.comDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cabTCP: NameServer = 192.168.1.1TCP: Interfaces\{56F58173-8636-4296-B099-1FE56DB72A91} : DHCPNameServer = 192.168.1.1TCP: Interfaces\{F20D920D-067B-4397-866B-79C415E3DD69} : DHCPNameServer = 192.168.1.1TCP: Interfaces\{F20D920D-067B-4397-866B-79C415E3DD69}\24967644565627 : DHCPNameServer = 75.75.76.76 75.75.75.75 192.168.1.1Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dllHandler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllSSODL: WebCheck - <orphaned>x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-BHO: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dllx64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dllx64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dllx64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dllx64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dllx64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exex64-Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exex64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dllx64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dllx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-10-11 969200]R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-10-11 359464]R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-10-11 25232]R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-10-11 71600]R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-10-11 44808]R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-7-23 8704]R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2012-8-31 103472]R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [2012-9-22 132056]R2 PC Performer Manager;PC Performer Manager;C:\ProgramData\PC Performer Manager\2.2.558.177\{16cdff19-861d-48e3-a751-d99a27784753}\%Protector Process Name%.exe [2012-8-13 1695776]R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe [2012-5-28 126392]R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-11-28 1153368]R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-11-28 2848168]R2 Web Assistant Updater;Web Assistant Updater;C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [2012-9-4 188760]R2 WebOptimizer;WebOptimizer;C:\Windows\System32\dmwu.exe [2012-9-4 1259888]R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;C:\Windows\System32\drivers\netr7364.sys [2009-6-10 707072]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-3-11 20992]S3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-5-26 14648]S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-3-11 59392]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]S3 UsbGps;LGE CDMA USB GPS NMEA Port;C:\Windows\System32\drivers\lgx64gps.sys [2012-9-21 27136]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-9 1255736].=============== File Associations ===============.FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice].=============== Created Last 30 ================.2012-11-29 02:21:49 -------- d-----w- C:\Windows\46ED2B6485C74E1F920CA555B21F2E4C.TMP2012-11-29 01:31:01 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy2012-11-29 01:31:01 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy2012-11-28 23:13:19 -------- d-----w- C:\Program Files\Enigma Software Group2012-11-28 21:45:17 -------- d-----w- C:\Program Files (x86)\TeamViewer2012-11-28 02:07:37 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll2012-11-28 01:08:10 -------- d-----w- C:\Users\jim\AppData\Roaming\eclipse2012-11-28 00:59:25 -------- d-----w- C:\Users\jim\AppData\Local\Eclipse2012-11-28 00:59:15 -------- d-----w- C:\Users\jim\workspace2012-11-28 00:46:01 -------- d-----w- C:\java2012-11-25 23:26:57 -------- d-----r- C:\Program Files (x86)\Skype2012-11-21 01:25:22 -------- d-----w- C:\Users\jim\AppData\Local\SCE2012-11-21 01:24:07 -------- d-----w- C:\Crash2012-11-21 01:24:06 -------- d-----w- C:\Users\jim\AppData\Local\Sony Online Entertainment.==================== Find3M ====================.2012-11-28 02:07:33 916456 ----a-w- C:\Windows\System32\deployJava1.dll2012-11-28 02:07:33 1034216 ----a-w- C:\Windows\System32\npdeployJava1.dll2012-11-12 22:04:52 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2012-11-12 22:04:52 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2012-09-29 23:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2012-09-13 13:26:50 1259888 ----a-w- C:\Windows\System32\dmwu.exe2012-09-13 13:25:38 35328 ----a-w- C:\Windows\System32\ImHttpComm.dll.============= FINISH: 20:46:33.00 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-07.01).Microsoft Windows 7 UltimateBoot Device: \Device\HarddiskVolume2Install Date: 3/9/2012 5:16:54 PMSystem Uptime: 11/29/2012 8:40:42 PM (0 hours ago).Motherboard: ASUSTeK Computer INC. | | P5N-DProcessor: Intel® Core™2 Quad CPU Q6700 @ 2.66GHz | Socket 775 | 3000/300mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 112 GiB total, 22.096 GiB free.D: is FIXED (NTFS) - 153 GiB total, 142.835 GiB free.E: is CDROM (CDFS).==== Disabled Device Manager Items =============.Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}Description: Officejet Pro 8600Device ID: ROOT\MULTIFUNCTION\0001Manufacturer: HPName: Officejet Pro 8600PNP Device ID: ROOT\MULTIFUNCTION\0001Service:.==== System Restore Points ===================.RP108: 11/27/2012 4:09:21 PM - Installed DirectXRP109: 11/27/2012 4:10:16 PM - Installed Microsoft Visual C++ 2005 RedistributableRP110: 11/27/2012 9:06:44 PM - Installed Java SE Development Kit 7 Update 9 (64-bit)RP111: 11/27/2012 9:07:17 PM - Installed Java 7 Update 9 (64-bit)RP112: 11/28/2012 6:13:04 PM - Installed SpyHunterRP113: 11/28/2012 8:28:38 PM - Removed SpyHunterRP114: 11/28/2012 8:30:22 PM - Removed SpyHunter.==== Installed Programs ======================.64 Bit HP CIO Components Installer802.11g USB adapterAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader X (10.1.3)appbario8 ToolbarApple Application SupportApple Mobile Device SupportApple Software Updateapplicationupdateravast! Free AntivirusBonjourBorderlands 2CCleanerCisco ConnectCore Temp 1.0 RC3DishonoredDriver DetectiveDriver ManagerESN Sonargamelauncher-ps2-liveGameSpy ArcadeGiant SavingsGoogle ChromeGoogle Toolbar for Internet ExplorerGoogle Update HelperHardware HelperHi-Rez Studios Authenticate and Update ServiceHP Photosmart D110 All-In-One Driver 14.0 Rel. 7ImgBurnIntel® Solid-State Drive ToolboxiTunesJava 7 Update 9 (64-bit)Java SE Development Kit 7 Update 9 (64-bit)Just Cause 2LG USB Modem driverLinksys Compact Wireless-G USB Adapter Driver - WUSB54GCMalwarebytes Anti-Malware version 1.65.1.1000McAfee SiteAdvisorMicrosoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Chart Controls for Microsoft .NET Framework 3.5Microsoft SilverlightMicrosoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft XNA Framework Redistributable 4.0MSI Afterburner 2.1.0MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)National Instruments SoftwareNetwork64NI LabVIEW Run-Time Engine 7.0Norton PC CheckupNVIDIA 3D Vision Controller Driver 296.10NVIDIA 3D Vision Driver 296.10NVIDIA Control Panel 296.10NVIDIA Graphics Driver 296.10NVIDIA HD Audio Driver 1.3.12.0NVIDIA Install ApplicationNVIDIA PhysXNVIDIA PhysX System Software 9.12.0213NVIDIA Stereoscopic 3D DriverNVIDIA Update 1.7.11NVIDIA Update ComponentsOriginPC Performer ManagerPlanetSide 2Privoxy (remove only)PS_AIO_07_D110_SW_MinPunkBuster ServicesRealm of the Mad GodRealtek High Definition Audio DriverRome - Total WarScanSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)SetFileDate 2.0Skype™ 6.0SpecialSavingsSPORE™Spybot - Search & DestroySteamTeam Fortress 2TeamViewer 7TerrariaThe Elder Scrolls III: MorrowindToolboxTotal War: Shogun 2 - TEdTribes: AscendTuneUp Utilities Language Pack (en-US)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)War of the RosesWeb Assistant 2.0.0.478Web OptimizerWinRAR 4.20 (32-bit).==== Event Viewer Messages From Past Week ========.11/29/2012 8:43:06 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).11/29/2012 8:43:06 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.11/29/2012 3:43:38 PM, Error: nvlddmkm [14] -11/28/2012 9:17:11 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.11/28/2012 9:17:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}11/28/2012 9:17:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}11/28/2012 9:17:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}11/28/2012 9:17:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}11/28/2012 9:17:00 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf11/28/2012 9:17:00 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.11/28/2012 9:17:00 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.11/28/2012 9:17:00 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.11/28/2012 9:17:00 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.11/28/2012 9:17:00 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.11/28/2012 9:17:00 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.11/28/2012 9:17:00 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.11/28/2012 9:17:00 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.11/28/2012 9:17:00 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.11/28/2012 9:17:00 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.11/28/2012 9:17:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}11/23/2012 8:39:05 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} and APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user jim-PC\Guest SID (S-1-5-21-2721748842-2450507710-3540540837-501) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.11/23/2012 12:58:06 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.11/22/2012 12:09:19 AM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control..==== End Of File ===========================aswMBR.txt Link to post Share on other sites More sharing options...
jeffce Posted November 30, 2012 ID:618442 Share Posted November 30, 2012 Download Combofix from the link below, and save it to your desktop. Link**Note: It is important that it is saved directly to your desktop** If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.--------------------------------------------------------------------IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here --------------------------------------------------------------------Right-Click and Run as Administrator on ComboFix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt for further review.---------- Link to post Share on other sites More sharing options...
jeffce Posted December 1, 2012 ID:618895 Share Posted December 1, 2012 Still with me? Link to post Share on other sites More sharing options...
RyanJamesM Posted December 2, 2012 Author ID:618941 Share Posted December 2, 2012 Yes it is installed and I am denabling the programs right now Link to post Share on other sites More sharing options...
RyanJamesM Posted December 2, 2012 Author ID:618946 Share Posted December 2, 2012 ComboFix 12-12-01.02 - jim 12/01/2012 20:25:27.2.4 - x64Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2606 [GMT -5:00]Running from: c:\users\jim\Desktop\ComboFix.exeAV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\jim\AppData\Roaming\Lovec:\users\jim\AppData\Roaming\Love\hawkthorne\gamesave-2.jsonD:\install.exe..((((((((((((((((((((((((( Files Created from 2012-11-02 to 2012-12-02 )))))))))))))))))))))))))))))))..2012-12-02 01:30 . 2012-12-02 01:30 -------- d-----w- c:\users\Default\AppData\Local\temp2012-12-02 01:30 . 2012-12-02 01:30 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp2012-12-02 01:30 . 2012-12-02 01:30 -------- d-----w- c:\users\Paige\AppData\Local\temp2012-12-02 01:30 . 2012-12-02 01:30 -------- d-----w- c:\users\Guest\AppData\Local\temp2012-11-29 02:21 . 2012-11-29 02:21 -------- d-----w- c:\windows\46ED2B6485C74E1F920CA555B21F2E4C.TMP2012-11-29 01:31 . 2012-11-29 02:18 -------- d-----w- c:\programdata\Spybot - Search & Destroy2012-11-29 01:31 . 2012-11-29 01:31 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy2012-11-28 23:13 . 2012-11-28 23:13 -------- d-----w- c:\program files\Enigma Software Group2012-11-28 21:45 . 2012-11-28 21:45 -------- d-----w- c:\program files (x86)\TeamViewer2012-11-28 02:07 . 2012-11-28 02:07 289768 ----a-w- c:\windows\system32\javaws.exe2012-11-28 02:07 . 2012-11-28 02:07 189416 ----a-w- c:\windows\system32\javaw.exe2012-11-28 02:07 . 2012-11-28 02:07 188904 ----a-w- c:\windows\system32\java.exe2012-11-28 02:07 . 2012-11-28 02:07 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll2012-11-28 01:08 . 2012-11-28 01:08 -------- d-----w- c:\users\jim\AppData\Roaming\eclipse2012-11-28 00:59 . 2012-11-28 21:31 -------- d-----w- c:\users\jim\AppData\Local\Eclipse2012-11-28 00:59 . 2012-11-28 21:33 -------- d-----w- c:\users\jim\workspace2012-11-28 00:46 . 2012-11-28 01:31 -------- d-----w- C:\java2012-11-25 23:26 . 2012-11-25 23:26 -------- d-----w- c:\program files (x86)\Common Files\Skype2012-11-25 23:26 . 2012-11-25 23:26 -------- d-----r- c:\program files (x86)\Skype2012-11-24 01:39 . 2012-11-24 01:39 -------- d-----w- c:\users\Guest\AppData\Roaming\Apple Computer2012-11-21 02:31 . 2012-11-21 02:31 -------- d-----w- c:\users\Paige\AppData\Roaming\Apple Computer2012-11-21 01:25 . 2012-11-21 01:25 -------- d-----w- c:\users\jim\AppData\Local\SCE2012-11-21 01:24 . 2012-11-21 01:24 -------- d-----w- C:\Crash2012-11-21 01:24 . 2012-11-21 01:25 -------- d-----w- c:\users\jim\AppData\Local\Sony Online Entertainment2012-11-21 01:21 . 2012-11-21 01:21 -------- d-----w- c:\users\Public\Sony Online Entertainment2012-11-09 02:52 . 2012-11-09 02:52 -------- d-----w- c:\users\Guest\AppData\Local\Adobe...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-11-28 02:07 . 2012-03-10 00:40 916456 ----a-w- c:\windows\system32\deployJava1.dll2012-11-28 02:07 . 2012-03-10 00:40 1034216 ----a-w- c:\windows\system32\npdeployJava1.dll2012-11-28 01:28 . 2012-11-28 01:28 6239053 ----a-w- C:\mcp723.zip2012-11-12 22:04 . 2012-06-22 17:51 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2012-11-12 22:04 . 2012-03-13 23:12 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2012-10-12 07:19 . 2012-10-25 08:39 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8497A8A7-3491-4001-AD6F-4F4F95243559}\mpengine.dll2012-09-29 23:54 . 2012-10-26 20:13 25928 ----a-w- c:\windows\system32\drivers\mbam.sys2012-09-13 13:26 . 2012-09-04 19:06 1259888 ----a-w- c:\windows\system32\dmwu.exe2012-09-13 13:25 . 2012-09-04 19:06 35328 ----a-w- c:\windows\system32\ImHttpComm.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]"{0cc09160-108c-4759-bab1-5c12c216e005}"= "c:\program files (x86)\appbario8\prxtbappb.dll" [2011-05-09 176936].[HKEY_CLASSES_ROOT\clsid\{0cc09160-108c-4759-bab1-5c12c216e005}].[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0cc09160-108c-4759-bab1-5c12c216e005}]2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\appbario8\prxtbappb.dll.[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]2012-08-23 19:40 167256 ----a-w- c:\program files\Web Assistant\Extension32.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-04 1353080]"Driver Manager"="c:\program files (x86)\Driver Manager\Driver Manager\DriverManager.exe" [2012-05-21 3513272]"Driver Detective"="c:\program files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe" [2012-05-21 3515872]"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\802.11g USB adapter.lnk - c:\program files (x86)\11g USB adapter\Wifiusb.exe [2004-9-6 487424]Privoxy.lnk - c:\program files (x86)\Privoxy\privoxy.exe [2011-12-27 359936].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=c:\progra~3\pcperf~1\22558~1.177\{16cdf~1\%prote~1.dll c:\progra~3\pcperf~1\22558~1.177\{16cdf~1\%protector process name%.dll"LoadAppInit_DLLs"=1 (0x1).R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]R3 ALSysIO;ALSysIO;c:\users\jim\AppData\Local\Temp\ALSysIO64.sys [x]R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]R3 UsbGps;LGE CDMA USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgx64gps.sys [2008-11-11 27136]R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-09 1255736]S1 aswSnx;aswSnx; [x]S1 aswSP;aswSP; [x]S2 aswFsBlk;aswFsBlk; [x]S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-08-30 8704]S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [2012-06-15 103472]S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [2012-07-17 132056]S2 PC Performer Manager;PC Performer Manager;c:\programdata\PC Performer Manager\2.2.558.177\{16cdff19-861d-48e3-a751-d99a27784753}\%Protector Process Name%.exe [2012-08-13 1695776]S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe [2011-11-07 126392]S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-10-23 2848168]S2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [2012-08-23 188760]S2 WebOptimizer;WebOptimizer;c:\windows\system32\dmwu.exe [2012-09-13 1259888]S3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [2009-06-10 707072]..Contents of the 'Scheduled Tasks' folder.2012-12-02 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-22 22:04].2012-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-22 22:51].2012-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-22 22:51]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]@="{472083B0-C522-11CF-8763-00608CC02F24}"[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-05-30 7833120]"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2012-05-30 1833504].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227982mLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localIE: {{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files (x86)\SpecialSavings\SpecialSavingsSinged.dllTrusted Zone: clonewarsadventures.comTrusted Zone: freerealms.comTrusted Zone: soe.comTrusted Zone: sony.comTCP: DhcpNameServer = 192.168.1.1.- - - - ORPHANS REMOVED - - - -.URLSearchHooks-{e9df9360-97f8-4690-afe6-996c80790da4} - (no file)Toolbar-{D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)WebBrowser-{E9DF9360-97F8-4690-AFE6-996C80790DA4} - (no file)WebBrowser-{0CC09160-108C-4759-BAB1-5C12C216E005} - (no file)AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.17.20\diMaster.dll\" /prefetch:1".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-2721748842-2450507710-3540540837-1001\Software\SecuROM\License information*]@Allowed: (Read) (RestrictedCode)"datasecu"=hex:ff,bd,56,89,0e,c1,de,ad,84,38,0f,c7,54,de,1a,a7,8e,cd,97,d3,64, 5f,be,32,c3,01,ba,87,51,99,95,d4,59,ae,98,57,3e,c6,61,fb,8b,5e,a2,18,86,5d,\"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2012-12-01 20:31:55ComboFix-quarantined-files.txt 2012-12-02 01:31.Pre-Run: 23,443,263,488 bytes freePost-Run: 23,965,192,192 bytes free.- - End Of File - - F715AAD99EA2FE12FF48717B55DAD170 Link to post Share on other sites More sharing options...
jeffce Posted December 2, 2012 ID:618987 Share Posted December 2, 2012 Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the box below:ClearJavaCache::DDS::uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227982uURLSearchHooks: {e9df9360-97f8-4690-afe6-996c80790da4} - <orphaned>uURLSearchHooks: appbario8 Toolbar: {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Program Files (x86)\appbario8\prxtbappb.dllmURLSearchHooks: appbario8 Toolbar: {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Program Files (x86)\appbario8\prxtbappb.dllBHO: appbario8 Toolbar: {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Program Files (x86)\appbario8\prxtbappb.dllBHO: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dllBHO: SpecialSavings: {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dllTB: appbario8 Toolbar: {0CC09160-108C-4759-BAB1-5C12C216E005} - C:\Program Files (x86)\appbario8\prxtbappb.dllIE: {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dllx64-BHO: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dllFile::C:\Program Files\Web Assistant\ExtensionUpdaterService.exeDriver::Web Assistant UpdaterSave this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.ComboFix may request an update; please allow it.ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.When finished, it shall produce a log for you. Post the contents of the log in your next reply.CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.----------Post the new ComboFix log and let me know how your system is running now. Link to post Share on other sites More sharing options...
RyanJamesM Posted December 4, 2012 Author ID:619643 Share Posted December 4, 2012 I tried this today and after waiting about 11 minutes for the log to process I was concerned so I exited, It proceeded to warn of an registry error on what ever I clicked saying that it was deleted or moved. I restarted my computer and it was fine I will give another attempt tomorrow. Link to post Share on other sites More sharing options...
jeffce Posted December 4, 2012 ID:619646 Share Posted December 4, 2012 Ok....no problem. Link to post Share on other sites More sharing options...
jeffce Posted December 6, 2012 ID:620575 Share Posted December 6, 2012 Still with me? Link to post Share on other sites More sharing options...
LDTate Posted December 7, 2012 ID:620842 Share Posted December 7, 2012 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts