Jump to content

Imnient search is making problems, possibly a malware?


Recommended Posts

Firstly, I'm new here, so please be patient with me.

This past friday, I stupidly downloaded something that I felt wrong about and I still installed it, but at midst of installing, I got a bad feeling, so I tried to abort the installation, but the installation wouldn't let me. So I manually turned off the laptop and turned it back on, nothing was installed but this "imnient search" and it started to take over my internet browsers, so I uninstalled it and did it clean, checked registry, etc. But after that, I found three icons that I never seen before on my laptop and I couldn't erase them, "Search (32 Bit)", a blank icon, and "Outlook" folder. Then after a while they dissappeared, but now the computer won't let me access some folders, saying that " No such interface supported". I'm worried that there's a virus, I'm doing a scan on Norton 360, and it found 16 risks so far.... but I'm still worried, since there still seems like there's problems. Help?

Edit: I downloaded the Anti-Malware of Malwarebytes, it says there's no malicious items detected, but then why am I unable to look at folders or anything on the desktop?

Link to post
Share on other sites

Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

IMPORTANT NOTE : Please do not delete anything unless instructed to.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.

Vista and Windows 7 users:

These tools MUST be run from the executable (.exe) every time you run them

with Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

---------

Please download DDS from either of these links

LINK 1

LINK 2

and save it to your desktop.

  • Disable any script blocking protection
  • Right-click and Run as Administrator dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.

---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt

Attach.txt

----------

Please download aswMBR to your desktop.

  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and attach its contents in your next reply.

aswmbrscan.jpg

Click the image to enlarge it

----------

Link to post
Share on other sites

Hi,

Download Combofix from either of the links below, and save it to your desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your desktop**

If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

Link to post
Share on other sites

Okay it ran fine, the forum won't let me attach anything, so Copy and Paste.

ComboFix 12-12-04.01 - Owner 12/05/2012 23:13:47.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1675 [GMT -6:00]

Running from: c:\users\Owner\Downloads\ComboFix.exe

AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Owner\AppData\Local\assembly\tmp

c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk

c:\users\Owner\Documents\CyberLink.1012a_GM2_Trial_VDE110914-01.tmp

c:\users\Owner\Documents\CyberLink.1129a_GM3_Trial_VDE111019-05.tmp

c:\windows\_iserr31.ini

.

.

((((((((((((((((((((((((( Files Created from 2012-11-06 to 2012-12-06 )))))))))))))))))))))))))))))))

.

.

2012-12-06 05:38 . 2012-12-06 05:38 -------- d-----w- c:\users\Guest\AppData\Local\temp

2012-12-06 05:38 . 2012-12-06 05:38 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-04 05:12 . 2012-12-04 05:12 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes

2012-12-04 05:11 . 2012-12-04 05:11 -------- d-----w- c:\programdata\Malwarebytes

2012-12-04 05:11 . 2012-12-04 05:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-12-04 05:11 . 2012-09-30 01:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-01 14:31 . 2012-12-01 14:57 -------- d-----w- c:\program files (x86)\Iminent

2012-12-01 14:00 . 2012-12-01 14:57 -------- d-----w- c:\program files (x86)\CamStudio 2.6b

2012-12-01 13:47 . 2012-12-01 14:57 -------- d-----w- C:\Fraps

2012-11-20 07:19 . 2012-11-20 07:19 -------- d-----w- c:\program files (x86)\Electronic Arts

2012-11-19 22:53 . 2012-11-19 22:53 11264 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{98613C99-1399-416C-A07C-1EE1C585D872}\Icon98613C992.exe

2012-11-19 22:52 . 2012-11-19 22:52 -------- d-----w- c:\program files (x86)\Seagate

2012-11-19 22:49 . 2012-11-19 22:49 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2012-11-19 22:40 . 2012-11-21 08:20 -------- d-----w- c:\program files (x86)\Origin

2012-11-17 03:13 . 2012-11-17 03:13 -------- d-----w- c:\users\Owner\AppData\Local\Origin

2012-11-15 05:02 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll

2012-11-15 05:02 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys

2012-11-15 05:02 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll

2012-11-15 05:02 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-11-15 05:02 . 2012-08-24 18:04 307200 ----a-w- c:\windows\system32\ncrypt.dll

2012-11-15 05:02 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll

2012-11-15 05:02 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2012-11-15 05:02 . 2012-08-24 16:57 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll

2012-11-15 05:02 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

2012-11-15 04:59 . 2012-11-15 04:59 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-11-15 04:57 . 2012-11-15 04:57 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-11-15 02:18 . 2012-11-22 03:08 -------- d-----w- c:\program files (x86)\SpeedFan

2012-11-15 02:11 . 2012-11-15 02:11 -------- d-----w- c:\programdata\EA Logs

2012-11-14 21:55 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2012-11-14 21:55 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-11-14 21:55 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-11-14 21:55 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-11-14 21:23 . 2012-10-08 12:19 17811968 ----a-w- c:\windows\system32\mshtml.dll

2012-11-14 21:23 . 2012-10-08 11:42 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-11-14 21:21 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-11-14 21:21 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-11-14 21:21 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-11-14 21:21 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-11-14 21:21 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2012-11-14 21:21 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2012-11-14 21:21 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-11-14 06:34 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll

2012-11-14 06:34 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-15 04:57 . 2012-06-06 16:15 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-11-15 04:57 . 2010-10-20 08:36 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-10-30 03:04 . 2011-02-23 19:26 66395536 ----a-w- c:\windows\system32\MRT.exe

2012-10-25 09:12 . 2012-10-25 09:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2012-10-25 09:12 . 2012-10-25 09:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

2012-10-16 08:38 . 2012-12-01 15:30 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38 . 2012-12-01 15:30 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39 . 2012-12-01 15:30 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-10 08:11 . 2012-08-09 05:03 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-10 08:11 . 2011-05-18 03:25 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-10 08:11 . 2012-10-10 08:11 10220472 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-09-28 06:02 . 2012-09-28 06:02 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2012-09-28 06:02 . 2012-09-28 06:02 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2012-09-28 06:02 . 2012-09-28 06:02 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2012-09-28 06:02 . 2012-09-28 06:02 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2012-09-28 06:02 . 2012-09-28 06:02 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2012-09-28 06:02 . 2012-09-28 06:02 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2012-09-28 06:02 . 2012-09-28 06:02 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2012-09-28 06:02 . 2012-09-28 06:02 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2012-09-28 06:02 . 2012-09-28 06:02 367104 ----a-w- c:\windows\SysWow64\html.iec

2012-09-28 06:02 . 2012-09-28 06:02 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2012-09-28 06:02 . 2012-09-28 06:02 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2012-09-28 06:02 . 2012-09-28 06:02 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2012-09-28 06:02 . 2012-09-28 06:02 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2012-09-28 06:02 . 2012-09-28 06:02 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2012-09-28 06:02 . 2012-09-28 06:02 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2012-09-28 06:02 . 2012-09-28 06:02 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-09-28 06:02 . 2012-09-28 06:02 222208 ----a-w- c:\windows\system32\msls31.dll

2012-09-28 06:02 . 2012-09-28 06:02 197120 ----a-w- c:\windows\system32\msrating.dll

2012-09-28 06:02 . 2012-09-28 06:02 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-09-28 06:02 . 2012-09-28 06:02 65024 ----a-w- c:\windows\system32\pngfilt.dll

2012-09-28 06:02 . 2012-09-28 06:02 55296 ----a-w- c:\windows\system32\msfeedsbs.dll

2012-09-28 06:02 . 2012-09-28 06:02 49664 ----a-w- c:\windows\system32\imgutil.dll

2012-09-28 06:02 . 2012-09-28 06:02 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-09-28 06:02 . 2012-09-28 06:02 267776 ----a-w- c:\windows\system32\ieaksie.dll

2012-09-28 06:02 . 2012-09-28 06:02 163840 ----a-w- c:\windows\system32\ieakui.dll

2012-09-28 06:02 . 2012-09-28 06:02 160256 ----a-w- c:\windows\system32\ieakeng.dll

2012-09-28 06:02 . 2012-09-28 06:02 149504 ----a-w- c:\windows\system32\occache.dll

2012-09-28 06:02 . 2012-09-28 06:02 145920 ----a-w- c:\windows\system32\iepeers.dll

2012-09-28 06:02 . 2012-09-28 06:02 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-09-28 06:02 . 2012-09-28 06:02 12288 ----a-w- c:\windows\system32\mshta.exe

2012-09-28 06:02 . 2012-09-28 06:02 114176 ----a-w- c:\windows\system32\admparse.dll

2012-09-28 06:02 . 2012-09-28 06:02 111616 ----a-w- c:\windows\system32\iesysprep.dll

2012-09-28 06:02 . 2012-09-28 06:02 10752 ----a-w- c:\windows\system32\msfeedssync.exe

2012-09-28 06:02 . 2012-09-28 06:02 76800 ----a-w- c:\windows\system32\tdc.ocx

2012-09-28 06:02 . 2012-09-28 06:02 534528 ----a-w- c:\windows\system32\ieapfltr.dll

2012-09-28 06:02 . 2012-09-28 06:02 452608 ----a-w- c:\windows\system32\dxtmsft.dll

2012-09-28 06:02 . 2012-09-28 06:02 448512 ----a-w- c:\windows\system32\html.iec

2012-09-28 06:02 . 2012-09-28 06:02 3695416 ----a-w- c:\windows\system32\ieapfltr.dat

2012-09-28 06:02 . 2012-09-28 06:02 282112 ----a-w- c:\windows\system32\dxtrans.dll

2012-09-28 06:02 . 2012-09-28 06:02 89088 ----a-w- c:\windows\system32\ie4uinit.exe

2012-09-28 06:02 . 2012-09-28 06:02 85504 ----a-w- c:\windows\system32\iesetup.dll

2012-09-28 06:02 . 2012-09-28 06:02 82432 ----a-w- c:\windows\system32\icardie.dll

2012-09-28 06:02 . 2012-09-28 06:02 403248 ----a-w- c:\windows\system32\iedkcs32.dll

2012-09-28 06:02 . 2012-09-28 06:02 39936 ----a-w- c:\windows\system32\iernonce.dll

2012-09-28 06:02 . 2012-09-28 06:02 30720 ----a-w- c:\windows\system32\licmgr10.dll

2012-09-28 06:02 . 2012-09-28 06:02 249344 ----a-w- c:\windows\system32\webcheck.dll

2012-09-28 06:02 . 2012-09-28 06:02 160256 ----a-w- c:\windows\system32\wextract.exe

2012-09-28 06:02 . 2012-09-28 06:02 103936 ----a-w- c:\windows\system32\inseng.dll

2012-09-28 06:02 . 2012-09-28 06:02 165888 ----a-w- c:\windows\system32\iexpress.exe

2012-09-14 19:19 . 2012-10-10 19:53 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-14 18:28 . 2012-10-10 19:53 2048 ----a-w- c:\windows\SysWow64\tzres.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"HP Deskjet 3050A J611 series (NET)"="c:\program files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" [2011-03-31 2547048]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704]

"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]

"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]

.

c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;c:\windows\system32\libusbd-nt.exe [x]

R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-01-01 97040]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-05-07 245792]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 StkCMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\Drivers\StkCMini.sys [2010-04-16 1816968]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-23 1255736]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-05-15 73856]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-05-15 28800]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS [2011-01-27 450680]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS [2011-03-15 912504]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [2012-10-23 1384608]

S1 CbFs;CbFs;c:\windows\system32\drivers\cbfs64.sys [2010-11-09 191960]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20121204.001\IDSvia64.sys [2012-09-06 513184]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [2011-01-27 171128]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS [2011-04-21 386168]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-20 203264]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-07-04 361984]

S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]

S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-03-30 151656]

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]

S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]

S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe [2011-04-17 130008]

S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]

S2 NSL;Norton Safe Web Lite;c:\program files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe [2010-11-24 130000]

S2 RadeonPro Support Service;RadeonPro Support Service;c:\program files (x86)\RadeonPro\RadeonProSupport.exe [2011-02-10 12800]

S2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-09-29 31088]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-10-25 138912]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-04-29 38528]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-12-06 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-09 08:11]

.

2012-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-06 06:14]

.

2012-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-06 06:14]

.

2012-12-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2143110118-320003502-2240696131-1000Core.job

- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-07 04:17]

.

2012-12-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2143110118-320003502-2240696131-1000UA.job

- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-07 04:17]

.

2012-11-19 c:\windows\Tasks\HPCeeScheduleForOWNER-HP$.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

2012-12-06 c:\windows\Tasks\HPCeeScheduleForOwner.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-09-22 6489704]

"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mDefault_Page_URL = hxxp://www.yahoo.com

mStart Page = hxxp://www.yahoo.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

Trusted Zone: clonewarsadventures.com

Trusted Zone: ecollege.com

Trusted Zone: finalfantasyxiv.com\na

Trusted Zone: freerealms.com

Trusted Zone: mathxl.com

Trusted Zone: microsoft.com\update

Trusted Zone: microsoft.com\windowsupdate

Trusted Zone: myitlab.com

Trusted Zone: pearsoncmg.com

Trusted Zone: pearsoned.com

Trusted Zone: pearsoned.com\myitlab

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.15.1

FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\94x298yx.default\

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=UP30&ocid=univskyhp

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=UP30DF&PC=UP30&q=

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{338B4DFE-2E2C-4338-9E41-E176D497299E} - (no file)

Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe

Wow6432Node-HKCU-Run-DW6 - c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

Wow6432Node-HKLM-Run-Adobe Reader Speed Launcher - c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

ShellIconOverlayIdentifiers-{D25B32FE-CB96-491A-98FF-AD59DA382D69} - (no file)

ShellIconOverlayIdentifiers-{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5} - (no file)

ShellIconOverlayIdentifiers-{B3C78E40-6B64-47C3-AE34-60B770881EB8} - (no file)

ShellIconOverlayIdentifiers-{622AFE52-33F6-4D9F-9966-E0BC52D7D69D} - (no file)

ShellIconOverlayIdentifiers-{855156F0-2A0F-11DE-8C30-0800200C9A66} - (no file)

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-AVS Screen Capture_is1 - c:\program files (x86)\AVS4YOU\AVSScreenCapture\unins000.exe

AddRemove-AVS Update Manager_is1 - c:\program files (x86)\AVS4YOU\AVSUpdateManager\unins000.exe

AddRemove-AVS Video Editor_is1 - c:\program files (x86)\AVS4YOU\AVSVideoEditor\unins000.exe

AddRemove-AVS Video Recorder_is1 - c:\program files (x86)\AVS4YOU\AVSVideoRecorder\unins000.exe

AddRemove-AVS4YOU Software Navigator_is1 - c:\program files (x86)\AVS4YOU\AVSSoftwareNavigator\unins000.exe

AddRemove-The Weather Channel Desktop 6 - c:\program files (x86)\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe

AddRemove-{44EAFE3D-09A9-4478-A2BF-0EED22F4E49F} - c:\program files (x86)\InstallShield Installation Information\{44EAFE3D-09A9-4478-A2BF-0EED22F4E49F}\setup.exe

AddRemove-{65761BAE-11E8-48FE-B30F-1F01011AB906} - c:\program files (x86)\InstallShield Installation Information\{65761BAE-11E8-48FE-B30F-1F01011AB906}\setup.exe

AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]

"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NSL]

"ImagePath"="\"c:\program files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2143110118-320003502-2240696131-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="SafariDownload"

.

[HKEY_USERS\S-1-5-21-2143110118-320003502-2240696131-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (S-1-5-21-2143110118-320003502-2240696131-1000)

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML.5NB6YNWNBSKMHTSL55AACUUPGU"

.

[HKEY_USERS\S-1-5-21-2143110118-320003502-2240696131-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (S-1-5-21-2143110118-320003502-2240696131-1000)

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML.5NB6YNWNBSKMHTSL55AACUUPGU"

.

[HKEY_USERS\S-1-5-21-2143110118-320003502-2240696131-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="SafariExtension"

.

[HKEY_USERS\S-1-5-21-2143110118-320003502-2240696131-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (S-1-5-21-2143110118-320003502-2240696131-1000)

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML.5NB6YNWNBSKMHTSL55AACUUPGU"

.

[HKEY_USERS\S-1-5-21-2143110118-320003502-2240696131-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2143110118-320003502-2240696131-1000)

"Progid"="SafariHTML"

.

[HKEY_USERS\S-1-5-21-2143110118-320003502-2240696131-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="SafariHTML"

.

[HKEY_USERS\S-1-5-21-2143110118-320003502-2240696131-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (S-1-5-21-2143110118-320003502-2240696131-1000)

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML.5NB6YNWNBSKMHTSL55AACUUPGU"

.

[HKEY_USERS\S-1-5-21-2143110118-320003502-2240696131-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (S-1-5-21-2143110118-320003502-2240696131-1000)

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML.5NB6YNWNBSKMHTSL55AACUUPGU"

.

[HKEY_USERS\S-1-5-21-2143110118-320003502-2240696131-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="SafariHTML"

.

[HKEY_USERS\S-1-5-21-2143110118-320003502-2240696131-1000\Software\SecuROM\License information*]

"datasecu"=hex:6f,af,63,0b,44,e1,e1,02,77,40,72,ae,a1,42,ea,d4,fc,ba,03,ed,1a,

27,88,a6,28,5d,4f,2b,f8,7c,a5,c2,f1,51,e4,33,d4,26,4d,10,17,09,10,cb,2c,2e,\

"rkeysecu"=hex:32,e8,b2,42,b4,28,e1,27,f0,f8,28,69,24,ab,63,06

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-12-05 23:45:42

ComboFix-quarantined-files.txt 2012-12-06 05:45

.

Pre-Run: 95,684,706,304 bytes free

Post-Run: 96,100,888,576 bytes free

.

- - End Of File - - 614582780040248A51ABF30D8BC1C77A

Link to post
Share on other sites

Do you recognize all of these as sites that you frequent:

Trusted Zone: clonewarsadventures.com

Trusted Zone: ecollege.com

Trusted Zone: finalfantasyxiv.com\na

Trusted Zone: freerealms.com

Trusted Zone: mathxl.com

Trusted Zone: microsoft.com\update

Trusted Zone: microsoft.com\windowsupdate

Trusted Zone: myitlab.com

Trusted Zone: pearsoncmg.com

Trusted Zone: pearsoned.com

Trusted Zone: pearsoned.com\myitlab

Trusted Zone: soe.com

Trusted Zone: sony.com

Link to post
Share on other sites

Do you recognize all of these as sites that you frequent:

Trusted Zone: clonewarsadventures.com <---- Only one I don't.

Trusted Zone: ecollege.com

Trusted Zone: finalfantasyxiv.com\na

Trusted Zone: freerealms.com

Trusted Zone: mathxl.com

Trusted Zone: microsoft.com\update

Trusted Zone: microsoft.com\windowsupdate

Trusted Zone: myitlab.com

Trusted Zone: pearsoncmg.com

Trusted Zone: pearsoned.com

Trusted Zone: pearsoned.com\myitlab

Trusted Zone: soe.com

Trusted Zone: sony.com

Link to post
Share on other sites

Do you recognize all of these as sites that you frequent:

Trusted Zone: clonewarsadventures.com <--- Never seen this before

Trusted Zone: ecollege.com

Trusted Zone: finalfantasyxiv.com\na

Trusted Zone: freerealms.com <--- No reason to have this... never gotten on this.

Trusted Zone: mathxl.com

Trusted Zone: microsoft.com\update <---- Same thing.

Trusted Zone: microsoft.com\windowsupdate <--- I know this, but I don't know what I have this

Trusted Zone: myitlab.com

Trusted Zone: pearsoncmg.com

Trusted Zone: pearsoned.com

Trusted Zone: pearsoned.com\myitlab

Trusted Zone: soe.com

Trusted Zone: sony.com

Link to post
Share on other sites

Hi,

Thanks for letting me know....

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    ClearJavaCache::
    DDS::
    BHO: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - <orphaned>
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: microsoft.com\update
    Trusted Zone: microsoft.com\windowsupdate
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

----------

Post the new ComboFix log and let me know how your system is running now. :)

Link to post
Share on other sites

Download Windows Repair (all in one) from this site

Install and then run the program.

On the Start Repairs tab, select Advanced Mode and click Start

Capture1.gif

Select all of the items in the screen shot below (the picture below is just an example) and check Restart System When Finished.

windowsservicetool.jpg

----------

Once you get that complete let me know if that fixed up your problem. :)

Link to post
Share on other sites

:) Let's get some updates and check for any remnants that might be hanging around...

I see that your Java software is out of date. Please go to Start >> Control Panel >> Programs and Features >> uninstall all versions of Java.

Now download and install the newest version from here >> http://java.com/en/download/index.jsp

-------------

Clear Java Cache

See this page for instructions on how to clear java's cache.

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked

    • Downloaded Applets
      Downloaded Applications
      Other Files

    [*]Click OK on Delete Temporary Files Window

    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

    [*]Click OK to leave the Java Control Panel.

----------

Malwarebytes

Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.

----------

ESET Online Scanner

Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.

----------

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.