Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Yahoo/Spigot browser Hijack (Chrome)
Message
<blockquote data-quote="halp_me" data-source="post: 212792" data-attributes="member: 23979"><p>It wouldn't let me attach it so I just pasted it:</p><p></p><p>ComboFix 14-06-19.01 - Alex Breezy 06/20/2014 13:26:08.1.2 - x86</p><p>Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2938.1067 [GMT -7:00]</p><p>Running from: c:\users\Alex Breezy\Desktop\CLEANUP\Downloads\ComboFix.exe</p><p>AV: Norton Security Suite *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}</p><p>FW: Norton Security Suite *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}</p><p>SP: Norton Security Suite *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}</p><p>SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p>.</p><p>.</p><p>((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>c:\program files\Brand Affinity Technologies</p><p>c:\program files\Brand Affinity Technologies\Fantapper Player\ChromeInstaller.dll</p><p>c:\program files\Brand Affinity Technologies\Fantapper Player\ChromeInstaller.InstallState</p><p>c:\program files\Brand Affinity Technologies\Fantapper Player\Fantapper.xpi</p><p>c:\program files\Brand Affinity Technologies\Fantapper Player\FirefoxInstaller.dll</p><p>c:\program files\Brand Affinity Technologies\Fantapper Player\FirefoxInstaller.InstallState</p><p>c:\program files\Brand Affinity Technologies\Fantapper Player\FT_Enabled.ico</p><p>c:\program files\Brand Affinity Technologies\Fantapper Player\FT_Plugin_Installer.jpg</p><p>c:\program files\Brand Affinity Technologies\Fantapper Player\IEInstaller.dll</p><p>c:\program files\Brand Affinity Technologies\Fantapper Player\OpenIE.dll</p><p>c:\program files\Brand Affinity Technologies\Fantapper Player\OpenIE.InstallState</p><p>c:\program files\Brand Affinity Technologies\Fantapper Updater\FantapperArbitraryInstaller.exe</p><p>c:\program files\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.exe</p><p>c:\program files\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.InstallState</p><p>c:\program files\Brand Affinity Technologies\Fantapper Updater\FT_Enabled.ico</p><p>c:\program files\Brand Affinity Technologies\Fantapper Updater\FT_Plugin_Installer.jpg</p><p>c:\programdata\3768234786</p><p>c:\programdata\Roaming</p><p>c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini</p><p>c:\users\Alex Breezy\AppData\Roaming\Microsoft\engine_ag.dll</p><p>c:\users\Alex Breezy\AppData\Roaming\SearchProtect</p><p>c:\users\Alex Breezy\AppData\Roaming\SearchProtect\Res\SPSetup.exe</p><p>c:\users\Alex Breezy\Documents\~WRL2611.tmp</p><p>c:\users\Alex Breezy\karplayer.tmp</p><p>.</p><p>.</p><p>((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>-------\Service_FTSvc</p><p>-------\Service_FTSvc</p><p>.</p><p>.</p><p>((((((((((((((((((((((((( Files Created from 2014-05-20 to 2014-06-20 )))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>2014-06-20 20:36 . 2014-06-20 20:36 -------- d-----w- c:\users\Default\AppData\Local\temp</p><p>2014-06-20 19:24 . 2014-06-20 19:24 -------- d-----w- c:\program files\Common Files\Adobe</p><p>2014-06-20 19:20 . 2014-06-20 19:20 -------- d-----w- c:\users\Alex Breezy\AppData\Roaming\Oracle</p><p>2014-06-20 19:19 . 2014-06-20 19:20 -------- d-----w- c:\programdata\Oracle</p><p>2014-06-20 19:19 . 2014-06-20 19:19 -------- d-----w- c:\program files\Common Files\Java</p><p>2014-06-20 19:18 . 2014-06-20 19:18 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll</p><p>2014-06-20 17:51 . 2014-06-20 19:41 -------- d-----w- C:\FRST</p><p>2014-06-11 11:04 . 2014-06-11 11:04 -------- d-----w- c:\users\Alex Breezy\AppData\Roaming\Apowersoft</p><p>2014-06-11 11:02 . 2014-06-11 11:02 -------- d-----w- c:\users\Alex Breezy\<a href="http://www.apowersoft.com" target="_blank">www.apowersoft.com</a></p><p>2014-06-04 23:23 . 2014-06-04 23:24 -------- d-----w- c:\program files\Google</p><p>2014-06-04 22:55 . 2014-06-17 22:58 -------- d-----w- c:\windows\system32\drivers\N360\1503000.00C</p><p>.</p><p>.</p><p>.</p><p>(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>2014-05-14 00:14 . 2012-10-23 23:15 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe</p><p>2014-05-14 00:14 . 2012-02-22 22:27 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl</p><p>2014-04-01 05:46 . 2014-04-01 05:46 130712 ----a-w- c:\windows\system32\MSSTDFMT.DLL</p><p>2014-04-01 05:46 . 2014-04-01 05:46 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX</p><p>.</p><p>.</p><p>((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>*Note* empty entries & legit default entries are not shown </p><p>REGEDIT4</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AOLOverlayIcon]</p><p>@="{AB0C8BE3-041C-47d6-8195-E089D32B38DD}"</p><p>[HKEY_CLASSES_ROOT\CLSID\{AB0C8BE3-041C-47d6-8195-E089D32B38DD}]</p><p>2008-06-14 00:07 303104 ------w- c:\ddi\OverIcon.dll</p><p>.</p><p>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</p><p>"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]</p><p>"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]</p><p>"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</p><p>"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-04 150040]</p><p>"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-04 170520]</p><p>"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-04 145944]</p><p>"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6295552]</p><p>"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]</p><p>"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]</p><p>"SmartWiHelper"="c:\program files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" [2008-06-27 77824]</p><p>"VAIOMyMemCenter"="c:\program files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe" [2008-02-29 679936]</p><p>"VAIORegistration"="c:\program files\Sony\First Experience\WelcomeLauncher.exe" [2007-10-17 20480]</p><p>"VAIOSurvey"="c:\program files\Sony\VAIO Survey\VAIO Sat Survey.exe" [2008-07-25 385024]</p><p>"VWLASU"="c:\program files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe" [2008-05-20 24576]</p><p>"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-11 323584]</p><p>"Skytel"="Skytel.exe" [2008-07-03 1826816]</p><p>"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-05-07 256896]</p><p>"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]</p><p>"EnableUIADesktopToggle"= 0 (0x0)</p><p>.</p><p>[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]</p><p>"NoWinKeys"= 1 (0x1)</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]</p><p>2008-07-16 01:04 98304 ----a-w- c:\windows\System32\VESWinlogon.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]</p><p>@="Driver"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]</p><p>@="Driver"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]</p><p>@="Service"</p><p>.</p><p>--- Other Services/Drivers In Memory ---</p><p>.</p><p>*NewlyCreated* - WS2IFSL</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]</p><p>WindowsMobile REG_MULTI_SZ wcescomm rapimgr</p><p>LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr</p><p>LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]</p><p>2014-06-11 21:35 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe</p><p>.</p><p>Contents of the 'Scheduled Tasks' folder</p><p>.</p><p>2014-06-20 c:\windows\Tasks\Adobe Flash Player Updater.job</p><p>- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-23 00:14]</p><p>.</p><p>2014-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>- c:\program files\Google\Update\GoogleUpdate.exe [2014-06-04 23:23]</p><p>.</p><p>2014-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>- c:\program files\Google\Update\GoogleUpdate.exe [2014-06-04 23:23]</p><p>.</p><p>2014-06-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1174959718-3467187954-1045871324-1000Core.job</p><p>- c:\users\Alex Breezy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-30 22:34]</p><p>.</p><p>2014-06-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1174959718-3467187954-1045871324-1000UA.job</p><p>- c:\users\Alex Breezy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-30 22:34]</p><p>.</p><p>.</p><p>------- Supplementary Scan -------</p><p>.</p><p>uInternet Settings,ProxyOverride = <local></p><p>uInternet Settings,ProxyServer = http=127.0.0.1:8592</p><p>IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000</p><p>TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1</p><p>FF - ProfilePath - c:\users\Alex Breezy\AppData\Roaming\Mozilla\Firefox\Profiles\qle0662w.default\</p><p>FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&CUI=UN32935333951698119&UM=2&SearchSource=3&q={searchTerms}</p><p>FF - prefs.js: browser.startup.homepage - hxxps://search.yahoo.com/?type=903578&fr=spigot-yhp-ff</p><p>FF - user.js: extensions.autoDisableScopes - 14</p><p>FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=52d9d47000000000000000215d825d9a&q=</p><p>FF - user.js: extensions.BabylonToolbar.id - 52d9d47000000000000000215d825d9a</p><p>FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}</p><p>FF - user.js: extensions.BabylonToolbar.instlDay - 15682</p><p>FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.4.9</p><p>FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.4.9</p><p>FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.4.917:08</p><p>FF - user.js: extensions.BabylonToolbar.prtnrId - babylon</p><p>FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar</p><p>FF - user.js: extensions.BabylonToolbar.aflt - babsst</p><p>FF - user.js: extensions.BabylonToolbar_i.smplGrp - none</p><p>FF - user.js: extensions.BabylonToolbar.tlbrId - tb9</p><p>FF - user.js: extensions.BabylonToolbar.instlRef - sst</p><p>FF - user.js: extensions.BabylonToolbar.dfltLng - en</p><p>FF - user.js: extensions.BabylonToolbar_i.excTlbr - false</p><p>FF - user.js: extensions.BabylonToolbar.excTlbr - false</p><p>FF - user.js: extensions.BabylonToolbar.admin - false</p><p>FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110803&tt=4912_6</p><p>FF - user.js: extensions.BabylonToolbar_i.babExt - </p><p>FF - user.js: extensions.BabylonToolbar_i.srcExt - ss</p><p>FF - user.js: extensions.BabylonToolbar.autoRvrt - false</p><p>FF - user.js: extensions.BabylonToolbar.rvrt - false</p><p>FF - user.js: extensions.BabylonToolbar_i.newTab - false</p><p>.</p><p>- - - - ORPHANS REMOVED - - - -</p><p>.</p><p>WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)</p><p>WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)</p><p>HKCU-Run-Paladin Antivirus - c:\users\Alex Breezy\AppData\Roaming\Paladin Antivirus\pav.exe</p><p>HKCU-Run-Drujihufehori - c:\users\Alex Breezy\AppData\Local\eduqinoq.dll</p><p>HKLM-Run-Wondershare Helper Compact.exe - c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe</p><p>c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe /Startup</p><p>SafeBoot-mcmscsvc</p><p>SafeBoot-MCODS</p><p>AddRemove-1ClickDownload - c:\program files\1ClickDownload\uninst.exe</p><p>.</p><p>.</p><p>.</p><p>**************************************************************************</p><p>.</p><p>catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, <a href="http://www.gmer.net" target="_blank">http://www.gmer.net</a></p><p>Rootkit scan 2014-06-20 13:42</p><p>Windows 6.0.6002 Service Pack 2 NTFS</p><p>.</p><p>scanning hidden processes ... </p><p>.</p><p>scanning hidden autostart entries ... </p><p>.</p><p>scanning hidden files ... </p><p>.</p><p>scan completed successfully</p><p>hidden files: 0</p><p>.</p><p>**************************************************************************</p><p>.</p><p>[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]</p><p>"ImagePath"="\"c:\program files\Norton Security Suite\Engine\21.3.0.12\N360.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\21.3.0.12\diMaster.dll\" /prefetch:1"</p><p>"ImagePath"="\SystemRoot\System32\Drivers\N360\1503000.00C\SYMTDIV.SYS"</p><p>"TrustedImagePaths"="c:\program files\Norton Security Suite\Engine\21.3.0.12"</p><p>.</p><p>--------------------- LOCKED REGISTRY KEYS ---------------------</p><p>.</p><p>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]</p><p>@Denied: (A) (Users)</p><p>@Denied: (A) (Everyone)</p><p>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</p><p>"BlindDial"=dword:00000000</p><p>.</p><p>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]</p><p>@Denied: (A) (Users)</p><p>@Denied: (A) (Everyone)</p><p>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</p><p>"BlindDial"=dword:00000000</p><p>.</p><p>--------------------- DLLs Loaded Under Running Processes ---------------------</p><p>.</p><p>- - - - - - - > 'Explorer.exe'(2880)</p><p>c:\ddi\overicon.dll</p><p>.</p><p>------------------------ Other Running Processes ------------------------</p><p>.</p><p>c:\windows\RtkAudioService.exe</p><p>c:\windows\system32\WLANExt.exe</p><p>c:\program files\Google\Update\1.3.24.15\GoogleCrashHandler.exe</p><p>c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe</p><p>c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe</p><p>c:\program files\Bonjour\mDNSResponder.exe</p><p>c:\program files\Sony\VAIO Care\VCsystray.exe</p><p>c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe</p><p>c:\program files\Intel\WiFi\bin\EvtEng.exe</p><p>c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe</p><p>c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe</p><p>c:\program files\Norton Security Suite\Engine\21.3.0.12\N360.exe</p><p>c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe</p><p>c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe</p><p>c:\windows\system32\java.exe</p><p>c:\program files\Norton Security Suite\Engine\21.3.0.12\N360.exe</p><p>c:\program files\Sony\VAIO Event Service\VESMgr.exe</p><p>c:\program files\Sony\VAIO Power Management\SPMService.exe</p><p>c:\windows\system32\DllHost.exe</p><p>c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe</p><p>c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe</p><p>c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE</p><p>c:\windows\system32\DRIVERS\xaudio.exe</p><p>c:\windows\System32\WUDFHost.exe</p><p>c:\program files\Sony\VAIO Event Service\VESMgrSub.exe</p><p>c:\windows\system32\DllHost.exe</p><p>c:\windows\system32\igfxext.exe</p><p>c:\windows\system32\igfxsrvc.exe</p><p>c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe</p><p>c:\program files\Sony\VAIO Power Management\SPMgr.exe</p><p>c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe</p><p>c:\windows\system32\DllHost.exe</p><p>c:\program files\Windows Media Player\wmpnetwk.exe</p><p>c:\windows\servicing\TrustedInstaller.exe</p><p>.</p><p>**************************************************************************</p><p>.</p><p>Completion time: 2014-06-20 13:47:14 - machine was rebooted</p><p>ComboFix-quarantined-files.txt 2014-06-20 20:47</p><p>.</p><p>Pre-Run: 97,834,319,872 bytes free</p><p>Post-Run: 97,622,806,528 bytes free</p><p>.</p><p>- - End Of File - - BE3297F5F70BE561532332905521B529</p><p>5C616939100B85E558DA92B899A0FC36</p></blockquote><p></p>
[QUOTE="halp_me, post: 212792, member: 23979"] It wouldn't let me attach it so I just pasted it: ComboFix 14-06-19.01 - Alex Breezy 06/20/2014 13:26:08.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2938.1067 [GMT -7:00] Running from: c:\users\Alex Breezy\Desktop\CLEANUP\Downloads\ComboFix.exe AV: Norton Security Suite *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} FW: Norton Security Suite *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} SP: Norton Security Suite *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Brand Affinity Technologies c:\program files\Brand Affinity Technologies\Fantapper Player\ChromeInstaller.dll c:\program files\Brand Affinity Technologies\Fantapper Player\ChromeInstaller.InstallState c:\program files\Brand Affinity Technologies\Fantapper Player\Fantapper.xpi c:\program files\Brand Affinity Technologies\Fantapper Player\FirefoxInstaller.dll c:\program files\Brand Affinity Technologies\Fantapper Player\FirefoxInstaller.InstallState c:\program files\Brand Affinity Technologies\Fantapper Player\FT_Enabled.ico c:\program files\Brand Affinity Technologies\Fantapper Player\FT_Plugin_Installer.jpg c:\program files\Brand Affinity Technologies\Fantapper Player\IEInstaller.dll c:\program files\Brand Affinity Technologies\Fantapper Player\OpenIE.dll c:\program files\Brand Affinity Technologies\Fantapper Player\OpenIE.InstallState c:\program files\Brand Affinity Technologies\Fantapper Updater\FantapperArbitraryInstaller.exe c:\program files\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.exe c:\program files\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.InstallState c:\program files\Brand Affinity Technologies\Fantapper Updater\FT_Enabled.ico c:\program files\Brand Affinity Technologies\Fantapper Updater\FT_Plugin_Installer.jpg c:\programdata\3768234786 c:\programdata\Roaming c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini c:\users\Alex Breezy\AppData\Roaming\Microsoft\engine_ag.dll c:\users\Alex Breezy\AppData\Roaming\SearchProtect c:\users\Alex Breezy\AppData\Roaming\SearchProtect\Res\SPSetup.exe c:\users\Alex Breezy\Documents\~WRL2611.tmp c:\users\Alex Breezy\karplayer.tmp . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_FTSvc -------\Service_FTSvc . . ((((((((((((((((((((((((( Files Created from 2014-05-20 to 2014-06-20 ))))))))))))))))))))))))))))))) . . 2014-06-20 20:36 . 2014-06-20 20:36 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-06-20 19:24 . 2014-06-20 19:24 -------- d-----w- c:\program files\Common Files\Adobe 2014-06-20 19:20 . 2014-06-20 19:20 -------- d-----w- c:\users\Alex Breezy\AppData\Roaming\Oracle 2014-06-20 19:19 . 2014-06-20 19:20 -------- d-----w- c:\programdata\Oracle 2014-06-20 19:19 . 2014-06-20 19:19 -------- d-----w- c:\program files\Common Files\Java 2014-06-20 19:18 . 2014-06-20 19:18 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2014-06-20 17:51 . 2014-06-20 19:41 -------- d-----w- C:\FRST 2014-06-11 11:04 . 2014-06-11 11:04 -------- d-----w- c:\users\Alex Breezy\AppData\Roaming\Apowersoft 2014-06-11 11:02 . 2014-06-11 11:02 -------- d-----w- c:\users\Alex Breezy\[url="http://www.apowersoft.com"]www.apowersoft.com[/url] 2014-06-04 23:23 . 2014-06-04 23:24 -------- d-----w- c:\program files\Google 2014-06-04 22:55 . 2014-06-17 22:58 -------- d-----w- c:\windows\system32\drivers\N360\1503000.00C . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-05-14 00:14 . 2012-10-23 23:15 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-05-14 00:14 . 2012-02-22 22:27 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-04-01 05:46 . 2014-04-01 05:46 130712 ----a-w- c:\windows\system32\MSSTDFMT.DLL 2014-04-01 05:46 . 2014-04-01 05:46 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AOLOverlayIcon] @="{AB0C8BE3-041C-47d6-8195-E089D32B38DD}" [HKEY_CLASSES_ROOT\CLSID\{AB0C8BE3-041C-47d6-8195-E089D32B38DD}] 2008-06-14 00:07 303104 ------w- c:\ddi\OverIcon.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-04 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-04 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-04 145944] "RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6295552] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280] "SmartWiHelper"="c:\program files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" [2008-06-27 77824] "VAIOMyMemCenter"="c:\program files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe" [2008-02-29 679936] "VAIORegistration"="c:\program files\Sony\First Experience\WelcomeLauncher.exe" [2007-10-17 20480] "VAIOSurvey"="c:\program files\Sony\VAIO Survey\VAIO Sat Survey.exe" [2008-07-25 385024] "VWLASU"="c:\program files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe" [2008-05-20 24576] "PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-11 323584] "Skytel"="Skytel.exe" [2008-07-03 1826816] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-05-07 256896] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoWinKeys"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2008-07-16 01:04 98304 ----a-w- c:\windows\System32\VESWinlogon.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-06-11 21:35 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-06-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-23 00:14] . 2014-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2014-06-04 23:23] . 2014-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2014-06-04 23:23] . 2014-06-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1174959718-3467187954-1045871324-1000Core.job - c:\users\Alex Breezy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-30 22:34] . 2014-06-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1174959718-3467187954-1045871324-1000UA.job - c:\users\Alex Breezy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-30 22:34] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = <local> uInternet Settings,ProxyServer = http=127.0.0.1:8592 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1 FF - ProfilePath - c:\users\Alex Breezy\AppData\Roaming\Mozilla\Firefox\Profiles\qle0662w.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&CUI=UN32935333951698119&UM=2&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxps://search.yahoo.com/?type=903578&fr=spigot-yhp-ff FF - user.js: extensions.autoDisableScopes - 14 FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=52d9d47000000000000000215d825d9a&q= FF - user.js: extensions.BabylonToolbar.id - 52d9d47000000000000000215d825d9a FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB} FF - user.js: extensions.BabylonToolbar.instlDay - 15682 FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.4.9 FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.4.9 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.4.917:08 FF - user.js: extensions.BabylonToolbar.prtnrId - babylon FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar.instlRef - sst FF - user.js: extensions.BabylonToolbar.dfltLng - en FF - user.js: extensions.BabylonToolbar_i.excTlbr - false FF - user.js: extensions.BabylonToolbar.excTlbr - false FF - user.js: extensions.BabylonToolbar.admin - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110803&tt=4912_6 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar.autoRvrt - false FF - user.js: extensions.BabylonToolbar.rvrt - false FF - user.js: extensions.BabylonToolbar_i.newTab - false . - - - - ORPHANS REMOVED - - - - . WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file) WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) HKCU-Run-Paladin Antivirus - c:\users\Alex Breezy\AppData\Roaming\Paladin Antivirus\pav.exe HKCU-Run-Drujihufehori - c:\users\Alex Breezy\AppData\Local\eduqinoq.dll HKLM-Run-Wondershare Helper Compact.exe - c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe /Startup SafeBoot-mcmscsvc SafeBoot-MCODS AddRemove-1ClickDownload - c:\program files\1ClickDownload\uninst.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url] Rootkit scan 2014-06-20 13:42 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360] "ImagePath"="\"c:\program files\Norton Security Suite\Engine\21.3.0.12\N360.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\21.3.0.12\diMaster.dll\" /prefetch:1" "ImagePath"="\SystemRoot\System32\Drivers\N360\1503000.00C\SYMTDIV.SYS" "TrustedImagePaths"="c:\program files\Norton Security Suite\Engine\21.3.0.12" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(2880) c:\ddi\overicon.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\RtkAudioService.exe c:\windows\system32\WLANExt.exe c:\program files\Google\Update\1.3.24.15\GoogleCrashHandler.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Sony\VAIO Care\VCsystray.exe c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe c:\program files\Intel\WiFi\bin\EvtEng.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe c:\program files\Norton Security Suite\Engine\21.3.0.12\N360.exe c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe c:\windows\system32\java.exe c:\program files\Norton Security Suite\Engine\21.3.0.12\N360.exe c:\program files\Sony\VAIO Event Service\VESMgr.exe c:\program files\Sony\VAIO Power Management\SPMService.exe c:\windows\system32\DllHost.exe c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\windows\system32\DRIVERS\xaudio.exe c:\windows\System32\WUDFHost.exe c:\program files\Sony\VAIO Event Service\VESMgrSub.exe c:\windows\system32\DllHost.exe c:\windows\system32\igfxext.exe c:\windows\system32\igfxsrvc.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\Sony\VAIO Power Management\SPMgr.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe c:\windows\system32\DllHost.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Completion time: 2014-06-20 13:47:14 - machine was rebooted ComboFix-quarantined-files.txt 2014-06-20 20:47 . Pre-Run: 97,834,319,872 bytes free Post-Run: 97,622,806,528 bytes free . - - End Of File - - BE3297F5F70BE561532332905521B529 5C616939100B85E558DA92B899A0FC36 [/QUOTE]
Insert quotes…
Verification
Post reply
Top