Jump to content

Yontoo Virus


Recommended Posts

Yesterday at about four p.m my Norton popped up and warned me of three viruses all Yontoo. Earlier in the summer I accidently downloaded the mystartincredibar, I read some where that it is one of the things that could have put them onto my computer. I just find it strange that overall the summer I was not alerted. It just seems strange to me that it showed up then, earlier that day I had downloaded eclipse to help me, then I proceeded to download TeamViewer 7 so a friend of mine could help get me started with it. Could those two programs cause it? Overall I just want to know how to get yontoo out of my system and have it be safe again.

Also the strangest part for me is this, like I expressed before it was only Norton Pc check up that found it, since norton is a bad security system and it was just a check up it seemed strange. Both my antimalware and avast could not find it.

Link to post
Share on other sites

Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

IMPORTANT NOTE : Please do not delete anything unless instructed to.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.

Vista and Windows 7 users:

These tools MUST be run from the executable (.exe) every time you run them

with Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

---------

Please download DDS from either of these links

LINK 1

LINK 2

and save it to your desktop.

  • Disable any script blocking protection
  • Right-click and Run as Administrator dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.

---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt

Attach.txt

----------

Please download aswMBR to your desktop.

  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and attach its contents in your next reply.

aswmbrscan.jpg

Click the image to enlarge it

----------

Link to post
Share on other sites

DDS (Ver_2012-11-07.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16446

Run by jim at 20:46:17 on 2012-11-29

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2234 [GMT -5:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

C:\Program Files\Web Assistant\ExtensionUpdaterService.exe

C:\Windows\system32\dmwu.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\11g USB adapter\Wifiusb.exe

C:\Program Files (x86)\Privoxy\privoxy.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

c:\PROGRA~2\mcafee\SITEAD~1\saui.exe

C:\Windows\system32\svchost.exe -k HPService

C:\ProgramData\PC Performer Manager\2.2.558.177\{16cdff19-861d-48e3-a751-d99a27784753}\%Protector Process Name%.exe

C:\ProgramData\PC Performer Manager\2.2.558.177\{16cdff19-861d-48e3-a751-d99a27784753}\%Protector Process Name%.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\wuauclt.exe

\\?\C:\Windows\system32\wbem\WMIADAP.EXE

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227982

uURLSearchHooks: {e9df9360-97f8-4690-afe6-996c80790da4} - <orphaned>

uURLSearchHooks: appbario8 Toolbar: {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Program Files (x86)\appbario8\prxtbappb.dll

mURLSearchHooks: appbario8 Toolbar: {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Program Files (x86)\appbario8\prxtbappb.dll

mWinlogon: Userinit = userinit.exe,

BHO: appbario8 Toolbar: {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Program Files (x86)\appbario8\prxtbappb.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: SpecialSavings: {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -

TB: appbario8 Toolbar: {0CC09160-108C-4759-BAB1-5C12C216E005} - C:\Program Files (x86)\appbario8\prxtbappb.dll

TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [Driver Manager] C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe /applicationMode:systemTray /showWelcome:false

uRun: [Driver Detective] C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe /applicationMode:systemTray /showWelcome:false

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\80211G~1.LNK - C:\Program Files (x86)\11g USB adapter\Wifiusb.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Privoxy.lnk - C:\Program Files (x86)\Privoxy\privoxy.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{56F58173-8636-4296-B099-1FE56DB72A91} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{F20D920D-067B-4397-866B-79C415E3DD69} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{F20D920D-067B-4397-866B-79C415E3DD69}\24967644565627 : DHCPNameServer = 75.75.76.76 75.75.75.75 192.168.1.1

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll

x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

x64-Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe

x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-10-11 969200]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-10-11 359464]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-10-11 25232]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-10-11 71600]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-10-11 44808]

R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-7-23 8704]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2012-8-31 103472]

R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [2012-9-22 132056]

R2 PC Performer Manager;PC Performer Manager;C:\ProgramData\PC Performer Manager\2.2.558.177\{16cdff19-861d-48e3-a751-d99a27784753}\%Protector Process Name%.exe [2012-8-13 1695776]

R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe [2012-5-28 126392]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-11-28 1153368]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]

R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-11-28 2848168]

R2 Web Assistant Updater;Web Assistant Updater;C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [2012-9-4 188760]

R2 WebOptimizer;WebOptimizer;C:\Windows\System32\dmwu.exe [2012-9-4 1259888]

R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;C:\Windows\System32\drivers\netr7364.sys [2009-6-10 707072]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-3-11 20992]

S3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-5-26 14648]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-3-11 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]

S3 UsbGps;LGE CDMA USB GPS NMEA Port;C:\Windows\System32\drivers\lgx64gps.sys [2012-9-21 27136]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-9 1255736]

.

=============== File Associations ===============

.

FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice]

.

=============== Created Last 30 ================

.

2012-11-29 02:21:49 -------- d-----w- C:\Windows\46ED2B6485C74E1F920CA555B21F2E4C.TMP

2012-11-29 01:31:01 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2012-11-29 01:31:01 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2012-11-28 23:13:19 -------- d-----w- C:\Program Files\Enigma Software Group

2012-11-28 21:45:17 -------- d-----w- C:\Program Files (x86)\TeamViewer

2012-11-28 02:07:37 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll

2012-11-28 01:08:10 -------- d-----w- C:\Users\jim\AppData\Roaming\eclipse

2012-11-28 00:59:25 -------- d-----w- C:\Users\jim\AppData\Local\Eclipse

2012-11-28 00:59:15 -------- d-----w- C:\Users\jim\workspace

2012-11-28 00:46:01 -------- d-----w- C:\java

2012-11-25 23:26:57 -------- d-----r- C:\Program Files (x86)\Skype

2012-11-21 01:25:22 -------- d-----w- C:\Users\jim\AppData\Local\SCE

2012-11-21 01:24:07 -------- d-----w- C:\Crash

2012-11-21 01:24:06 -------- d-----w- C:\Users\jim\AppData\Local\Sony Online Entertainment

.

==================== Find3M ====================

.

2012-11-28 02:07:33 916456 ----a-w- C:\Windows\System32\deployJava1.dll

2012-11-28 02:07:33 1034216 ----a-w- C:\Windows\System32\npdeployJava1.dll

2012-11-12 22:04:52 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-11-12 22:04:52 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-09-29 23:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-09-13 13:26:50 1259888 ----a-w- C:\Windows\System32\dmwu.exe

2012-09-13 13:25:38 35328 ----a-w- C:\Windows\System32\ImHttpComm.dll

.

============= FINISH: 20:46:33.00 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-07.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume2

Install Date: 3/9/2012 5:16:54 PM

System Uptime: 11/29/2012 8:40:42 PM (0 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P5N-D

Processor: Intel® Core™2 Quad CPU Q6700 @ 2.66GHz | Socket 775 | 3000/300mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 112 GiB total, 22.096 GiB free.

D: is FIXED (NTFS) - 153 GiB total, 142.835 GiB free.

E: is CDROM (CDFS)

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Officejet Pro 8600

Device ID: ROOT\MULTIFUNCTION\0001

Manufacturer: HP

Name: Officejet Pro 8600

PNP Device ID: ROOT\MULTIFUNCTION\0001

Service:

.

==== System Restore Points ===================

.

RP108: 11/27/2012 4:09:21 PM - Installed DirectX

RP109: 11/27/2012 4:10:16 PM - Installed Microsoft Visual C++ 2005 Redistributable

RP110: 11/27/2012 9:06:44 PM - Installed Java SE Development Kit 7 Update 9 (64-bit)

RP111: 11/27/2012 9:07:17 PM - Installed Java 7 Update 9 (64-bit)

RP112: 11/28/2012 6:13:04 PM - Installed SpyHunter

RP113: 11/28/2012 8:28:38 PM - Removed SpyHunter

RP114: 11/28/2012 8:30:22 PM - Removed SpyHunter

.

==== Installed Programs ======================

.

64 Bit HP CIO Components Installer

802.11g USB adapter

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.3)

appbario8 Toolbar

Apple Application Support

Apple Mobile Device Support

Apple Software Update

applicationupdater

avast! Free Antivirus

Bonjour

Borderlands 2

CCleaner

Cisco Connect

Core Temp 1.0 RC3

Dishonored

Driver Detective

Driver Manager

ESN Sonar

gamelauncher-ps2-live

GameSpy Arcade

Giant Savings

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

Hardware Helper

Hi-Rez Studios Authenticate and Update Service

HP Photosmart D110 All-In-One Driver 14.0 Rel. 7

ImgBurn

Intel® Solid-State Drive Toolbox

iTunes

Java 7 Update 9 (64-bit)

Java SE Development Kit 7 Update 9 (64-bit)

Just Cause 2

LG USB Modem driver

Linksys Compact Wireless-G USB Adapter Driver - WUSB54GC

Malwarebytes Anti-Malware version 1.65.1.1000

McAfee SiteAdvisor

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Chart Controls for Microsoft .NET Framework 3.5

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft XNA Framework Redistributable 4.0

MSI Afterburner 2.1.0

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

National Instruments Software

Network64

NI LabVIEW Run-Time Engine 7.0

Norton PC Checkup

NVIDIA 3D Vision Controller Driver 296.10

NVIDIA 3D Vision Driver 296.10

NVIDIA Control Panel 296.10

NVIDIA Graphics Driver 296.10

NVIDIA HD Audio Driver 1.3.12.0

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.0213

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.7.11

NVIDIA Update Components

Origin

PC Performer Manager

PlanetSide 2

Privoxy (remove only)

PS_AIO_07_D110_SW_Min

PunkBuster Services

Realm of the Mad God

Realtek High Definition Audio Driver

Rome - Total War

Scan

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

SetFileDate 2.0

Skype™ 6.0

SpecialSavings

SPORE™

Spybot - Search & Destroy

Steam

Team Fortress 2

TeamViewer 7

Terraria

The Elder Scrolls III: Morrowind

Toolbox

Total War: Shogun 2 - TEd

Tribes: Ascend

TuneUp Utilities Language Pack (en-US)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

War of the Roses

Web Assistant 2.0.0.478

Web Optimizer

WinRAR 4.20 (32-bit)

.

==== Event Viewer Messages From Past Week ========

.

11/29/2012 8:43:06 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

11/29/2012 8:43:06 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.

11/29/2012 3:43:38 PM, Error: nvlddmkm [14] -

11/28/2012 9:17:11 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

11/28/2012 9:17:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

11/28/2012 9:17:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

11/28/2012 9:17:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

11/28/2012 9:17:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

11/28/2012 9:17:00 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf

11/28/2012 9:17:00 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

11/28/2012 9:17:00 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

11/28/2012 9:17:00 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

11/28/2012 9:17:00 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

11/28/2012 9:17:00 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

11/28/2012 9:17:00 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

11/28/2012 9:17:00 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

11/28/2012 9:17:00 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

11/28/2012 9:17:00 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

11/28/2012 9:17:00 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

11/28/2012 9:17:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}

11/23/2012 8:39:05 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} and APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user jim-PC\Guest SID (S-1-5-21-2721748842-2450507710-3540540837-501) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

11/23/2012 12:58:06 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

11/22/2012 12:09:19 AM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.

.

==== End Of File ===========================

aswMBR.txt

Link to post
Share on other sites

Download Combofix from the link below, and save it to your desktop.

Link

**Note: It is important that it is saved directly to your desktop**

If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

----------

Link to post
Share on other sites

ComboFix 12-12-01.02 - jim 12/01/2012 20:25:27.2.4 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2606 [GMT -5:00]

Running from: c:\users\jim\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\jim\AppData\Roaming\Love

c:\users\jim\AppData\Roaming\Love\hawkthorne\gamesave-2.json

D:\install.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-11-02 to 2012-12-02 )))))))))))))))))))))))))))))))

.

.

2012-12-02 01:30 . 2012-12-02 01:30 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-02 01:30 . 2012-12-02 01:30 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-12-02 01:30 . 2012-12-02 01:30 -------- d-----w- c:\users\Paige\AppData\Local\temp

2012-12-02 01:30 . 2012-12-02 01:30 -------- d-----w- c:\users\Guest\AppData\Local\temp

2012-11-29 02:21 . 2012-11-29 02:21 -------- d-----w- c:\windows\46ED2B6485C74E1F920CA555B21F2E4C.TMP

2012-11-29 01:31 . 2012-11-29 02:18 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-11-29 01:31 . 2012-11-29 01:31 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-11-28 23:13 . 2012-11-28 23:13 -------- d-----w- c:\program files\Enigma Software Group

2012-11-28 21:45 . 2012-11-28 21:45 -------- d-----w- c:\program files (x86)\TeamViewer

2012-11-28 02:07 . 2012-11-28 02:07 289768 ----a-w- c:\windows\system32\javaws.exe

2012-11-28 02:07 . 2012-11-28 02:07 189416 ----a-w- c:\windows\system32\javaw.exe

2012-11-28 02:07 . 2012-11-28 02:07 188904 ----a-w- c:\windows\system32\java.exe

2012-11-28 02:07 . 2012-11-28 02:07 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll

2012-11-28 01:08 . 2012-11-28 01:08 -------- d-----w- c:\users\jim\AppData\Roaming\eclipse

2012-11-28 00:59 . 2012-11-28 21:31 -------- d-----w- c:\users\jim\AppData\Local\Eclipse

2012-11-28 00:59 . 2012-11-28 21:33 -------- d-----w- c:\users\jim\workspace

2012-11-28 00:46 . 2012-11-28 01:31 -------- d-----w- C:\java

2012-11-25 23:26 . 2012-11-25 23:26 -------- d-----w- c:\program files (x86)\Common Files\Skype

2012-11-25 23:26 . 2012-11-25 23:26 -------- d-----r- c:\program files (x86)\Skype

2012-11-24 01:39 . 2012-11-24 01:39 -------- d-----w- c:\users\Guest\AppData\Roaming\Apple Computer

2012-11-21 02:31 . 2012-11-21 02:31 -------- d-----w- c:\users\Paige\AppData\Roaming\Apple Computer

2012-11-21 01:25 . 2012-11-21 01:25 -------- d-----w- c:\users\jim\AppData\Local\SCE

2012-11-21 01:24 . 2012-11-21 01:24 -------- d-----w- C:\Crash

2012-11-21 01:24 . 2012-11-21 01:25 -------- d-----w- c:\users\jim\AppData\Local\Sony Online Entertainment

2012-11-21 01:21 . 2012-11-21 01:21 -------- d-----w- c:\users\Public\Sony Online Entertainment

2012-11-09 02:52 . 2012-11-09 02:52 -------- d-----w- c:\users\Guest\AppData\Local\Adobe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-28 02:07 . 2012-03-10 00:40 916456 ----a-w- c:\windows\system32\deployJava1.dll

2012-11-28 02:07 . 2012-03-10 00:40 1034216 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-11-28 01:28 . 2012-11-28 01:28 6239053 ----a-w- C:\mcp723.zip

2012-11-12 22:04 . 2012-06-22 17:51 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-11-12 22:04 . 2012-03-13 23:12 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-12 07:19 . 2012-10-25 08:39 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8497A8A7-3491-4001-AD6F-4F4F95243559}\mpengine.dll

2012-09-29 23:54 . 2012-10-26 20:13 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-13 13:26 . 2012-09-04 19:06 1259888 ----a-w- c:\windows\system32\dmwu.exe

2012-09-13 13:25 . 2012-09-04 19:06 35328 ----a-w- c:\windows\system32\ImHttpComm.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{0cc09160-108c-4759-bab1-5c12c216e005}"= "c:\program files (x86)\appbario8\prxtbappb.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{0cc09160-108c-4759-bab1-5c12c216e005}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0cc09160-108c-4759-bab1-5c12c216e005}]

2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\appbario8\prxtbappb.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]

2012-08-23 19:40 167256 ----a-w- c:\program files\Web Assistant\Extension32.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-04 1353080]

"Driver Manager"="c:\program files (x86)\Driver Manager\Driver Manager\DriverManager.exe" [2012-05-21 3513272]

"Driver Detective"="c:\program files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe" [2012-05-21 3515872]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

802.11g USB adapter.lnk - c:\program files (x86)\11g USB adapter\Wifiusb.exe [2004-9-6 487424]

Privoxy.lnk - c:\program files (x86)\Privoxy\privoxy.exe [2011-12-27 359936]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~3\pcperf~1\22558~1.177\{16cdf~1\%prote~1.dll c:\progra~3\pcperf~1\22558~1.177\{16cdf~1\%protector process name%.dll

"LoadAppInit_DLLs"=1 (0x1)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]

R3 ALSysIO;ALSysIO;c:\users\jim\AppData\Local\Temp\ALSysIO64.sys [x]

R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]

R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]

R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]

R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 UsbGps;LGE CDMA USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgx64gps.sys [2008-11-11 27136]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-09 1255736]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]

S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-08-30 8704]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [2012-06-15 103472]

S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [2012-07-17 132056]

S2 PC Performer Manager;PC Performer Manager;c:\programdata\PC Performer Manager\2.2.558.177\{16cdff19-861d-48e3-a751-d99a27784753}\%Protector Process Name%.exe [2012-08-13 1695776]

S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe [2011-11-07 126392]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]

S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-10-23 2848168]

S2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [2012-08-23 188760]

S2 WebOptimizer;WebOptimizer;c:\windows\system32\dmwu.exe [2012-09-13 1259888]

S3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [2009-06-10 707072]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-12-02 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-22 22:04]

.

2012-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-22 22:51]

.

2012-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-22 22:51]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-05-30 7833120]

"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2012-05-30 1833504]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227982

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: {{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files (x86)\SpecialSavings\SpecialSavingsSinged.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{e9df9360-97f8-4690-afe6-996c80790da4} - (no file)

Toolbar-{D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)

WebBrowser-{E9DF9360-97F8-4690-AFE6-996C80790DA4} - (no file)

WebBrowser-{0CC09160-108C-4759-BAB1-5C12C216E005} - (no file)

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]

"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.17.20\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2721748842-2450507710-3540540837-1001\Software\SecuROM\License information*]

@Allowed: (Read) (RestrictedCode)

"datasecu"=hex:ff,bd,56,89,0e,c1,de,ad,84,38,0f,c7,54,de,1a,a7,8e,cd,97,d3,64,

5f,be,32,c3,01,ba,87,51,99,95,d4,59,ae,98,57,3e,c6,61,fb,8b,5e,a2,18,86,5d,\

"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-12-01 20:31:55

ComboFix-quarantined-files.txt 2012-12-02 01:31

.

Pre-Run: 23,443,263,488 bytes free

Post-Run: 23,965,192,192 bytes free

.

- - End Of File - - F715AAD99EA2FE12FF48717B55DAD170

Link to post
Share on other sites

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the box below:

    ClearJavaCache::
    DDS::
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227982
    uURLSearchHooks: {e9df9360-97f8-4690-afe6-996c80790da4} - <orphaned>
    uURLSearchHooks: appbario8 Toolbar: {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Program Files (x86)\appbario8\prxtbappb.dll
    mURLSearchHooks: appbario8 Toolbar: {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Program Files (x86)\appbario8\prxtbappb.dll
    BHO: appbario8 Toolbar: {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Program Files (x86)\appbario8\prxtbappb.dll
    BHO: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll
    BHO: SpecialSavings: {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll
    TB: appbario8 Toolbar: {0CC09160-108C-4759-BAB1-5C12C216E005} - C:\Program Files (x86)\appbario8\prxtbappb.dll
    IE: {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll
    x64-BHO: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll
    File::
    C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
    Driver::
    Web Assistant Updater
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Post the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

----------

Post the new ComboFix log and let me know how your system is running now.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.