Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help removing virus - redirects search


  • This topic is locked This topic is locked
10 replies to this topic

#1 squeakyLine

squeakyLine

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 01 April 2014 - 07:12 AM

Browser redirected to Tuvaro search engine at www-search.net.  Random ads popup when browsing.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16843  BrowserJavaVersion: 10.25.2
Run by Team Formation at 7:01:28 on 2014-04-01
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.5603.3571 [GMT -5:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton 360 Premier Edition *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton 360 Premier Edition *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 Premier Edition *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\dwm.exe
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\system32\svchost.exe -k apphost
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\windows\system32\svchost.exe -k ftpsvc
C:\windows\system32\dashost.exe
C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files (x86)\Norton One\Engine\3.2.2.12\ccSvcHst.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\NST.exe
c:\Program Files\SavingsbullFilter\SavingsbullFilterService64.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k iissvcs
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
C:\Program Files (x86)\Norton One\Engine\3.2.2.12\ccSvcHst.exe
C:\windows\system32\taskhostex.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\NST.exe
C:\windows\Explorer.EXE
C:\windows\SysWOW64\Rundll32.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files (x86)\YTDownloader\YTDownloader.exe
C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\windows\system32\wwahost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe
C:\windows\system32\wwahost.exe
C:\windows\system32\wwahost.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\YTDownloader\DownloadHelper.exe
C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe
C:\Program Files (x86)\ShopperPro\JSDriver\1.35.1.155\jsdrv.exe
C:\Program Files (x86)\YTDownloader\DownloadHelper.exe
C:\Program Files (x86)\YTDownloader\DownloadHelper.exe
C:\Program Files (x86)\YTDownloader\DownloadHelper.exe
C:\Program Files (x86)\YTDownloader\DownloadHelper.exe
C:\windows\system32\wwahost.exe
C:\windows\system32\wwahost.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe\LiveComm.exe
C:\windows\splwow64.exe
C:\windows\system32\wwahost.exe
C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe
C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe
C:\PROGRA~2\SearchProtect\UI\bin\cltmngui.exe
C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\N360.exe
C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\N360.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\vssvc.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe
C:\windows\system32\msiexec.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\wbem\wmiprvse.exe
\\?\C:\windows\system32\wbem\WMIADAP.EXE
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN15271518592081114&UM=2&ctid=CT3309657&UP=SP1B77BE28-0445-48DC-9E17-02196AD4B278&SSPV=
mStart Page = hxxp://start.mysearchdial.com/?f=1&a=solimmsd&cd=2XzuyEtN2Y1L1QzuyE0CyBtB0BzyzyyE0C0AtDtAyC0FzyyDtN0D0Tzu0CyDzytAtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1B1F1I1L1H1H1B1Q&cr=1931833727&ir=
uProxyServer = hxxp=127.0.0.1:49486;https=127.0.0.1:49486
uProxyOverride = <-loopback>
uURLSearchHooks: MixiDJ V44 Toolbar: {90a1b331-c2b4-4933-9f63-ba7b84d60d58} - C:\Program Files (x86)\MixiDJ_V44\prxtbMixi.dll
uURLSearchHooks: Vafmusic5 Toolbar: {232423f5-99f3-4682-ab7b-3b7e7f1d1556} - C:\Program Files (x86)\Vafmusic5\prxtbVaf0.dll
uURLSearchHooks: Popup Blocker: {E606052C-E26E-EA9D-835B-BABA8BA9F1F9} - C:\Program Files (x86)\Popup Blocker\popup_blockerWO.dll
uURLSearchHooks: InternetHelper3.1 Toolbar: {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll
uURLSearchHooks: KeyBar 1.8 Toolbar: {9ed31f84-c8b3-4926-b950-dff74047ff79} - C:\Program Files (x86)\KeyBar_1.8\prxtbKeyB.dll
uURLSearchHooks: KeyBar 2.2 Toolbar: {bfec236d-e122-4102-864f-f5f19d897f5e} - C:\Program Files (x86)\KeyBar_2.2\prxtbKeyB.dll
uURLSearchHooks: Swirlz Toolbar: {4cb3c467-0d72-44e6-9237-750b9b8b5ac9} - C:\Program Files (x86)\Swirlz\prxtbSwir.dll
mURLSearchHooks: MixiDJ V44 Toolbar: {90a1b331-c2b4-4933-9f63-ba7b84d60d58} - C:\Program Files (x86)\MixiDJ_V44\prxtbMixi.dll
mURLSearchHooks: Vafmusic5 Toolbar: {232423f5-99f3-4682-ab7b-3b7e7f1d1556} - C:\Program Files (x86)\Vafmusic5\prxtbVaf0.dll
mURLSearchHooks: InternetHelper3.1 Toolbar: {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll
mURLSearchHooks: KeyBar 1.8 Toolbar: {9ed31f84-c8b3-4926-b950-dff74047ff79} - C:\Program Files (x86)\KeyBar_1.8\prxtbKeyB.dll
mURLSearchHooks: KeyBar 2.2 Toolbar: {bfec236d-e122-4102-864f-f5f19d897f5e} - C:\Program Files (x86)\KeyBar_2.2\prxtbKeyB.dll
mURLSearchHooks: Swirlz Toolbar: {4cb3c467-0d72-44e6-9237-750b9b8b5ac9} - C:\Program Files (x86)\Swirlz\prxtbSwir.dll
mWinlogon: Userinit = C:\windows\System32\userinit.exe
BHO: InternetHelper3.1 Toolbar: {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll
BHO: IEOptimizer: {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files (x86)\SavingsBull\IEOptimizer.dll
BHO: iWebar: {11111111-1111-1111-1111-110311551110} - C:\Program Files (x86)\iWebar\iWebar-bho.dll
BHO: Vafmusic5 Toolbar: {232423f5-99f3-4682-ab7b-3b7e7f1d1556} - C:\Program Files (x86)\Vafmusic5\prxtbVaf0.dll
BHO: getsav-in 5.0: {2672DBFE-3DF1-4007-9319-E9602C21A459} - C:\Users\Team Formation\AppData\Local\getsav-in\ie\getsav-in_1376308518.dll
BHO: {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - <orphaned>
BHO: QuickShare WidgetEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} - 
BHO: Swirlz Toolbar: {4cb3c467-0d72-44e6-9237-750b9b8b5ac9} - C:\Program Files (x86)\Swirlz\prxtbSwir.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\ips\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: WordExtra: {8BA97046-C600-4264-B367-5DEFD9FC505F} - C:\Users\Team Formation\AppData\Roaming\WordExtra\temp.dat
BHO: MixiDJ V44 Toolbar: {90a1b331-c2b4-4933-9f63-ba7b84d60d58} - C:\Program Files (x86)\MixiDJ_V44\prxtbMixi.dll
BHO: Shopper Pro: {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} - C:\ProgramData\ShopperPro\ShopperPro.dll
BHO: KeyBar 2.2 Toolbar: {bfec236d-e122-4102-864f-f5f19d897f5e} - C:\Program Files (x86)\KeyBar_2.2\prxtbKeyB.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
BHO: {e8d2756f-0b75-4c78-aa58-4936ac18bb16} - <orphaned>
BHO: mysearchdial Helper Object: {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - C:\Program Files (x86)\Mysearchdial\bh\mysearchdial.dll
BHO: {fcaf637f-ec75-44ce-b102-e96aa2901a21} - <orphaned>
TB: MixiDJ V44 Toolbar: {90A1B331-C2B4-4933-9F63-BA7B84D60D58} - C:\Program Files (x86)\MixiDJ_V44\prxtbMixi.dll
TB: Vafmusic5 Toolbar: {232423F5-99F3-4682-AB7B-3B7E7F1D1556} - C:\Program Files (x86)\Vafmusic5\prxtbVaf0.dll
TB: Popup Blocker: {E606052C-E26E-EA9D-835B-BABA8BA9F1F9} - C:\Program Files (x86)\Popup Blocker\popup_blockerWO.dll
TB: InternetHelper3.1 Toolbar: {07CBF788-1359-421B-A4E3-5A8D041B90A3} - C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll
TB: KeyBar 2.2 Toolbar: {BFEC236D-E122-4102-864F-F5F19D897F5E} - C:\Program Files (x86)\KeyBar_2.2\prxtbKeyB.dll
TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\coieplg.dll
TB: Swirlz Toolbar: {4CB3C467-0D72-44E6-9237-750B9B8B5AC9} - C:\Program Files (x86)\Swirlz\prxtbSwir.dll
TB: MixiDJ V44 Toolbar: {90a1b331-c2b4-4933-9f63-ba7b84d60d58} - C:\Program Files (x86)\MixiDJ_V44\prxtbMixi.dll
TB: Vafmusic5 Toolbar: {232423f5-99f3-4682-ab7b-3b7e7f1d1556} - C:\Program Files (x86)\Vafmusic5\prxtbVaf0.dll
TB: Popup Blocker: {E606052C-E26E-EA9D-835B-BABA8BA9F1F9} - C:\Program Files (x86)\Popup Blocker\popup_blockerWO.dll
TB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} - 
TB: InternetHelper3.1 Toolbar: {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll
TB: mysearchdial Toolbar: {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files (x86)\Mysearchdial\mysearchdialTlbr.dll
TB: KeyBar 2.2 Toolbar: {bfec236d-e122-4102-864f-f5f19d897f5e} - C:\Program Files (x86)\KeyBar_2.2\prxtbKeyB.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\coieplg.dll
TB: Swirlz Toolbar: {4cb3c467-0d72-44e6-9237-750b9b8b5ac9} - C:\Program Files (x86)\Swirlz\prxtbSwir.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
uRun: [BackgroundContainer] "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\Team Formation\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
uRun: [Driver Support] C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe /applicationMode:systemTray /showWelcome:false
uRun: [SPDriver] C:\Program Files (x86)\ShopperPro\JSDriver\1.35.1.155\jsdrv.exe
mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mRun: [YTDownloader] "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
mRun: [SPDriver] C:\Program Files (x86)\ShopperPro\JSDriver\1.35.1.155\jsdrv.exe
dRun: [Norton Download Manager{N360P211018-SHPD-FSD40014}] C:\Program Files (x86)\Norton One\Engine\3.2.2.12\ccSvcHst.exe /m
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{BA48016C-1168-4FAA-AE52-4A73F44E163A} : DHCPNameServer = 10.0.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
x64-mStart Page = hxxp://start.mysearchdial.com/?f=1&a=solimmsd&cd=2XzuyEtN2Y1L1QzuyE0CyBtB0BzyzyyE0C0AtDtAyC0FzyyDtN0D0Tzu0CyDzytAtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1B1F1I1L1H1H1B1Q&cr=1931833727&ir=
x64-BHO: iWebar: {11111111-1111-1111-1111-110311551110} - C:\Program Files (x86)\iWebar\iWebar-bho64.dll
x64-BHO: QuickShare WidgetEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} - 
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.2.0.38\coieplg.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Shopper Pro: {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} - C:\ProgramData\ShopperPro\ShopperPro64.dll
x64-BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.0.43\coieplg.dll
x64-BHO: Updater By SweetPacks: {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - C:\Program Files\Updater By SweetPacks\Extension64.dll
x64-BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} - 
x64-TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.0.43\coieplg.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.2.0.38\coieplg.dll
x64-TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
x64-RunOnce: [NCPluginUpdater] "c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist Express Customer - C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\594\g2ax_winlogonx64.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\windows\System32\Drivers\amd_sata.sys [2013-3-31 80552]
R0 amd_xata;amd_xata;C:\windows\System32\Drivers\amd_xata.sys [2013-3-31 26280]
R0 SymDS;Symantec Data Store;C:\windows\System32\Drivers\N360x64\1502000.026\symds64.sys [2014-3-20 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\Drivers\N360x64\1502000.026\symefa64.sys [2014-3-20 1148120]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140319.001\BHDrvx64.sys [2014-3-18 1525976]
R1 ccSet_MCLIENT;Norton One Settings Manager;C:\windows\System32\Drivers\MCLIENTx64\0302020.00C\ccSetx64.sys [2013-11-8 168096]
R1 ccSet_N360;N360 Settings Manager;C:\windows\System32\Drivers\N360x64\1502000.026\ccsetx64.sys [2014-3-20 162392]
R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\windows\System32\Drivers\NSTx64\7DE07000.02B\ccsetx64.sys [2014-3-20 162392]
R1 CLVirtualDrive;CLVirtualDrive;C:\windows\System32\Drivers\CLVirtualDrive.sys [2012-9-12 92536]
R1 ElRawDisk;ElRawDisk;C:\windows\System32\Drivers\ElRawDsk.sys [2013-6-10 30752]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140331.001\IDSviA64.sys [2014-3-31 525016]
R1 netfilter64;netfilter64;C:\windows\System32\Drivers\netfilter64.sys [2013-12-17 46232]
R1 SymIRON;Symantec Iron Driver;C:\windows\System32\Drivers\N360x64\1502000.026\ironx64.sys [2014-3-20 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\Drivers\N360x64\1502000.026\symnets.sys [2014-3-20 593112]
R2 CltMngSvc;Search Protect by Conduit Service;C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [2014-3-30 2466080]
R2 ftpsvc;Microsoft FTP Service;C:\windows\System32\svchost.exe -k ftpsvc [2013-1-9 29696]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 92160]
R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2014-3-25 4492776]
R2 MCLIENT;Norton One;C:\Program Files (x86)\Norton One\Engine\3.2.2.12\ccSvcHst.exe [2013-11-8 143928]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\n360.exe [2014-3-20 265040]
R2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\nst.exe [2014-3-20 130104]
R2 PDFsFilter;PDFsFilter;C:\windows\System32\Drivers\PDFsFilter.sys [2013-6-10 82160]
R2 SavingsbullFilterService64;SavingsbullFilterService64;C:\Program Files\SavingsbullFilter\SavingsbullFilterService64.exe [2014-1-16 167936]
R2 sbmntr;sbmntr;C:\PROGRA~2\YTDOWN~1\sbmntr.sys [2013-12-20 58728]
R2 SMUpd;Search Module Update;C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe [2014-2-21 2577768]
R2 SPDRIVER_1.0.0.24;SPDRIVER_1.0.0.24;C:\Program Files (x86)\ShopperPro\JSDriver\1.0.0.24\jsdrv.sys [2014-2-23 52072]
R2 SPDRIVER_1.35.1.155;SPDRIVER_1.35.1.155;C:\Program Files (x86)\ShopperPro\JSDriver\1.35.1.155\jsdrv.sys [2014-3-30 52072]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE [2014-3-11 247968]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-1-3 137648]
R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2013-1-21 760032]
R3 SMUpdd;Search Module UpdateD;C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [2014-2-21 41320]
R3 usbfilter;AMD USB Filter Driver;C:\windows\System32\Drivers\usbfilter.sys [2012-7-16 57000]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
R4 SPDRIVER_1.30.1.146;SPDRIVER_1.30.1.146;C:\Program Files (x86)\ShopperPro\JSDriver\1.30.1.146\jsdrv.sys [2014-3-12 52072]
S0 SymELAM;Symantec ELAM Driver;C:\windows\System32\Drivers\N360x64\1502000.026\symelam.sys [2014-3-20 23568]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE [2014-3-11 193696]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\windows\System32\Drivers\BrSerIb.sys [2012-3-27 284160]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\windows\System32\Drivers\BrUsbSIb.sys [2011-7-18 15360]
S3 GoToAssist Remote Support Customer;GoToAssist Remote Support Customer;C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\594\g2ax_service.exe [2013-12-6 610376]
S3 SWDUMon;SWDUMon;C:\windows\System32\Drivers\SWDUMon.sys [2013-5-16 16152]
S4 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-8-29 239616]
S4 DefaultTabSearch;DefaultTabSearch;C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [2013-2-11 572928]
S4 DefaultTabUpdate;DefaultTabUpdate;C:\Users\Team Formation\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [2013-6-6 107520]
S4 FastFreeConverterUpdt;FastFreeConverterUpdt;C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe [2012-11-26 687104]
S4 IBUpdaterService;IBUpdaterService;C:\windows\System32\dmwu.exe [2013-5-30 1453872]
S4 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2013-6-28 14624]
S4 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-6 214896]
S4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]
S4 Updater By SweetPacks;Updater By SweetPacks;C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe [2013-5-30 188760]
.
=============== Created Last 30 ================
.
2014-03-25 12:01:27 2155152 ----a-w- C:\windows\System32\Incinerator64.dll
2014-03-22 20:13:16 -------- d-----w- C:\Program Files (x86)\MediaWatchV1
2014-03-20 16:04:27 875736 ----a-w- C:\windows\System32\drivers\N360x64\1502000.026\srtsp64.sys
2014-03-20 16:04:27 593112 ----a-w- C:\windows\System32\drivers\N360x64\1502000.026\symnets.sys
2014-03-20 16:04:27 493656 ----a-r- C:\windows\System32\drivers\N360x64\1502000.026\symds64.sys
2014-03-20 16:04:27 36952 ----a-r- C:\windows\System32\drivers\N360x64\1502000.026\srtspx64.sys
2014-03-20 16:04:27 264280 ----a-r- C:\windows\System32\drivers\N360x64\1502000.026\ironx64.sys
2014-03-20 16:04:27 23568 ----a-r- C:\windows\System32\drivers\N360x64\1502000.026\symelam.sys
2014-03-20 16:04:27 162392 ----a-r- C:\windows\System32\drivers\N360x64\1502000.026\ccsetx64.sys
2014-03-20 16:04:27 1148120 ----a-w- C:\windows\System32\drivers\N360x64\1502000.026\symefa64.sys
2014-03-20 16:04:12 -------- d-----w- C:\windows\System32\drivers\N360x64\1502000.026
2014-03-20 13:20:22 162392 ----a-w- C:\windows\System32\drivers\NSTx64\7DE07000.02B\ccsetx64.sys
2014-03-20 13:20:15 -------- d-----w- C:\windows\System32\drivers\NSTx64\7DE07000.02B
2014-03-15 12:53:01 254640 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10236.bin
2014-03-12 12:29:01 868448 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
2014-03-12 12:29:01 28032 ----a-w- C:\Program Files\Windows Defender\mpuxhostproxy.dll
2014-03-12 12:29:01 1571328 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
2014-03-12 12:29:01 1330792 ----a-w- C:\Program Files\Windows Defender\MSASCui.exe
2014-03-12 12:29:01 118776 ----a-w- C:\Program Files\Windows Defender\MpOAV.dll
2014-03-12 12:29:00 661040 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
2014-03-12 12:29:00 507392 ----a-w- C:\Program Files\Windows Defender\MpRtp.dll
2014-03-12 12:29:00 348376 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
2014-03-12 12:27:08 595968 ----a-w- C:\windows\System32\qedit.dll
2014-03-12 12:27:07 496640 ----a-w- C:\windows\SysWow64\qedit.dll
.
==================== Find3M  ====================
.
2014-03-27 16:11:44 16152 ----a-w- C:\windows\System32\drivers\SWDUMon.sys
2014-03-13 16:25:26 57584 ----a-w- C:\windows\System32\iolobtdfg.exe
2014-03-13 16:25:16 26184 ----a-w- C:\windows\System32\smrgdf.exe
2014-03-13 16:08:38 2097984 ----a-w- C:\windows\SysWow64\Incinerator32.dll
2014-03-04 22:52:34 78304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-04 22:52:34 694240 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-02-23 08:13:41 2241536 ----a-w- C:\windows\System32\wininet.dll
2014-02-23 08:13:31 915968 ----a-w- C:\windows\System32\uxtheme.dll
2014-02-23 08:13:31 53760 ----a-w- C:\windows\System32\UXInit.dll
2014-02-23 08:11:59 3960320 ----a-w- C:\windows\System32\jscript9.dll
2014-02-23 08:11:52 67072 ----a-w- C:\windows\System32\iesetup.dll
2014-02-23 08:11:52 136704 ----a-w- C:\windows\System32\iesysprep.dll
2014-02-23 06:54:46 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2014-02-23 06:54:37 44032 ----a-w- C:\windows\SysWow64\UXInit.dll
2014-02-23 06:53:22 2877952 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-02-23 06:53:18 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-02-23 06:53:18 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2014-02-23 06:35:36 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2014-02-23 06:31:25 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-02-23 04:06:33 534528 ----a-w- C:\windows\SysWow64\uxtheme.dll
2014-02-08 04:34:42 4036608 ----a-w- C:\windows\System32\win32k.sys
2014-01-12 23:30:39 2032640 ----a-w- C:\windows\SysWow64\d3d10warp.dll
2014-01-12 23:30:18 2238976 ----a-w- C:\windows\System32\d3d10warp.dll
.
============= FINISH:  7:02:24.97 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 PM

Posted 01 April 2014 - 07:29 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please attach this file to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 squeakyLine

squeakyLine
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 01 April 2014 - 03:24 PM

ran tddskiller and attached logfile

Attached Files



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 PM

Posted 02 April 2014 - 06:07 AM

Add-/remove programms

Click on start-->control panel.

Vista/7: Open Programs and Features
XP: Open add/remove programs

Search for and remove the following programs

BrowserSafeguard
Coupon Printer for Windows
DefaultTab
Fast Free Converter
Flash Player Pro V5.4
getsav-in
InternetHelper3.1 Toolbar
iWebar
KeyBar 1.8 Toolbar
KeyBar 2.2 Toolbar for IE
LessTabs
MixiDJ V44 Toolbar
Mysearchdial
Object Browser
OtShot
Plus-HD-7.7
savingsBull
SavingsbullFilter
Search module
Search Protect
SelectionLinks
Severe Weather Alerts
Shopper-Pro
Software Version Updater
SweetPacks Updater Service
Swirlz Toolbar for IE
Trusted Saver
Updater By SweetPacks 2.0.0.566
Vafmusic5 Toolbar
WeatherBug
Web Cake 3.00
Webexp Enhanced



Close the window.

 

 

 

 

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 squeakyLine

squeakyLine
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 04 April 2014 - 10:08 AM

ComboFix 14-04-03.01 - Team Formation 04/04/2014 7:41:39.1.2 - x64
Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.5603.3771 [GMT -5:00]
Running from: C:\Users\Team Formation\Downloads\ComboFix.exe
AV: Norton 360 Premier Edition *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 Premier Edition *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton 360 Premier Edition *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files (x86)\MediaPlayerV1
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha980\ch\MediaPlayerV1alpha980.crx
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha980\ff\chrome.manifest
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha980\ff\chrome\content\ffMediaPlayerV1alpha980.js
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha980\ff\chrome\content\icons\default\MediaPlayerV1alpha980_32.png
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha980\ff\chrome\content\icons\Thumbs.db
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha980\ff\chrome\content\overlay.xul
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha980\ff\install.rdf
C:\Program Files (x86)\Popup Blocker\poPUp_blockerwo.dll
C:\Program Files (x86)\VideoPlayerV3
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta553\ch\VideoPlayerV3beta553.crx
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta553\ff\chrome.manifest
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta553\ff\chrome\content\ffVideoPlayerV3beta553.js
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta553\ff\chrome\content\ffVideoPlayerV3beta553ffaction.js
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta553\ff\chrome\content\icons\default\VideoPlayerV3beta553_32.png
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta553\ff\chrome\content\icons\Thumbs.db
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta553\ff\chrome\content\overlay.xul
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta553\ff\install.rdf
C:\Program Files (x86)\WebexpEnhancedV1
C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha212\ch\WebexpEnhancedV1alpha212.crx
C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha212\ff\chrome.manifest
C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha212\ff\chrome\content\ffWebexpEnhancedV1alpha212.js
C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha212\ff\chrome\content\icons\default\WebexpEnhancedV1alpha212_32.png
C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha212\ff\chrome\content\icons\Thumbs.db
C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha212\ff\chrome\content\overlay.xul
C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha212\ff\install.rdf
C:\Users\Team Formation\AppData\Local\assembly\tmp
C:\Users\Team Formation\AppData\Roaming\SearchProtect
C:\Users\Team Formation\AppData\Roaming\SearchProtect\Res\SPSetup.exe
C:\Users\Team Formation\AppData\Roaming\WordExtra\teMP.dat
C:\Users\Team Formation\g2ax_customer_downloadhelper_win32_x86.exe


((((((((((((((((((((((((( Files Created from 2014-03-04 to 2014-04-04 )))))))))))))))))))))))))))))))


2014-04-04 12:51:17 . 2014-04-04 12:51:17 -------- d-----w- C:\Users\DefaultAppPool\AppData\Local\temp
2014-04-04 12:51:17 . 2014-04-04 12:51:17 -------- d-----w- C:\Users\Default\AppData\Local\temp
2014-04-04 04:25:23 . 2014-04-04 04:25:23 -------- d-----w- C:\Users\Team Formation\AppData\Local\BrowserSafeguard
2014-04-03 20:01:22 . 2014-04-04 12:21:09 4194304 ----a-w- C:\Windows\ServiceProfiles\NetworkService\msmqlog.bin
2014-04-03 20:00:30 . 2014-04-03 20:00:30 -------- d-----w- C:\windows\system32\msmq
2014-03-25 12:01:27 . 2014-03-13 16:08:40 2155152 ----a-w- C:\windows\system32\Incinerator64.dll
2014-03-22 20:13:16 . 2014-03-22 20:13:16 -------- d-----w- C:\Program Files (x86)\MediaWatchV1
2014-03-20 16:04:12 . 2014-03-28 03:04:58 -------- d-----w- C:\windows\system32\drivers\N360x64\1502000.026
2014-03-20 13:20:15 . 2014-03-20 13:20:22 -------- d-----w- C:\windows\system32\drivers\NSTx64\7DE07000.02B
2014-03-15 12:53:01 . 2014-03-15 12:53:05 254640 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10236.bin
2014-03-12 12:29:01 . 2013-10-24 22:34:31 868448 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
2014-03-12 12:29:01 . 2013-10-24 22:34:31 28032 ----a-w- C:\Program Files\Windows Defender\mpuxhostproxy.dll
2014-03-12 12:29:01 . 2013-10-24 22:34:31 1571328 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
2014-03-12 12:29:01 . 2013-10-24 22:34:31 1330792 ----a-w- C:\Program Files\Windows Defender\MSASCui.exe
2014-03-12 12:29:01 . 2013-10-24 22:34:31 118776 ----a-w- C:\Program Files\Windows Defender\MpOAV.dll
2014-03-12 12:29:00 . 2013-10-24 22:34:31 507392 ----a-w- C:\Program Files\Windows Defender\MpRtp.dll
2014-03-12 12:29:00 . 2013-10-24 22:34:31 348376 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
2014-03-12 12:29:00 . 2013-10-24 22:33:55 661040 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
2014-03-12 12:27:35 . 2013-12-07 06:36:58 19751936 ----a-w- C:\windows\system32\shell32.dll
2014-03-12 12:27:08 . 2014-02-05 23:41:39 595968 ----a-w- C:\windows\system32\qedit.dll
2014-03-12 12:27:07 . 2014-02-05 23:37:51 496640 ----a-w- C:\windows\SysWow64\qedit.dll
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2014-04-04 12:21:45 . 2013-05-17 02:28:22 16152 ----a-w- C:\windows\system32\drivers\SWDUMon.sys
2014-03-18 08:00:13 . 2012-12-16 21:07:06 90015360 ----a-w- C:\windows\system32\MRT.exe
2014-03-13 16:25:26 . 2013-06-10 18:12:59 57584 ----a-w- C:\windows\system32\iolobtdfg.exe
2014-03-13 16:25:16 . 2013-06-10 18:12:59 26184 ----a-w- C:\windows\system32\smrgdf.exe
2014-03-13 16:08:38 . 2013-06-10 18:13:01 2097984 ----a-w- C:\windows\SysWow64\Incinerator32.dll
2014-03-04 22:52:34 . 2013-11-16 16:10:51 78304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-04 22:52:34 . 2013-11-16 16:10:50 694240 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-01-12 23:30:39 . 2014-02-12 12:56:08 2032640 ----a-w- C:\windows\SysWow64\d3d10warp.dll
2014-01-12 23:30:18 . 2014-02-12 12:56:09 2238976 ----a-w- C:\windows\system32\d3d10warp.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{232423f5-99f3-4682-ab7b-3b7e7f1d1556}"= "C:\Program Files (x86)\Vafmusic5\prxtbVaf0.dll" [2013-05-20 09:21:54 231712]
"{9ed31f84-c8b3-4926-b950-dff74047ff79}"= "C:\Program Files (x86)\KeyBar_1.8\prxtbKeyB.dll" [2013-07-17 08:53:40 226592]

[HKEY_CLASSES_ROOT\clsid\{232423f5-99f3-4682-ab7b-3b7e7f1d1556}]

[HKEY_CLASSES_ROOT\clsid\{9ed31f84-c8b3-4926-b950-dff74047ff79}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3}]
2014-02-18 16:17:48 86800 ----a-w- C:\Program Files (x86)\SavingsBull\IEOptimizer.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{232423f5-99f3-4682-ab7b-3b7e7f1d1556}]
2013-05-20 09:21:54 231712 ----a-w- C:\Program Files (x86)\Vafmusic5\prxtbVaf0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2012-06-02 20:25:25 298568 ----a-w- C:\Windows\System32\mscoree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{90a1b331-c2b4-4933-9f63-ba7b84d60d58}]
2013-05-16 12:13:56 231712 ----a-w- C:\Program Files (x86)\MixiDJ_V44\prxtbMixi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{90a1b331-c2b4-4933-9f63-ba7b84d60d58}"= "C:\Program Files (x86)\MixiDJ_V44\prxtbMixi.dll" [2013-05-16 12:13:56 231712]
"{232423f5-99f3-4682-ab7b-3b7e7f1d1556}"= "C:\Program Files (x86)\Vafmusic5\prxtbVaf0.dll" [2013-05-20 09:21:54 231712]

[HKEY_CLASSES_ROOT\clsid\{90a1b331-c2b4-4933-9f63-ba7b84d60d58}]

[HKEY_CLASSES_ROOT\clsid\{232423f5-99f3-4682-ab7b-3b7e7f1d1556}]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2013-10-10 21:26:00 1021448 ----a-r- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2013-10-10 21:26:00 1021448 ----a-r- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2013-10-10 21:26:00 1021448 ----a-r- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Driver Support"="C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe" [2014-02-28 00:12:49 4680568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Carbonite Backup"="C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2013-10-10 21:25:58 1056264]
"YTDownloader"="C:\Program Files (x86)\YTDownloader\YTDownloader.exe" [2013-12-20 13:49:12 2049896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Norton Download Manager{N360P211018-SHPD-FSD40014}"="C:\Program Files (x86)\Norton One\Engine\3.2.2.12\ccSvcHst.exe" [2012-12-05 01:40:03 143928]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\windows\system32\userinit.exe"

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"

R2 SPDRIVER_1.0.0.24;SPDRIVER_1.0.0.24;C:\Program Files (x86)\ShopperPro\JSDriver\1.0.0.24\jsdrv.sys;C:\Program Files (x86)\ShopperPro\JSDriver\1.0.0.24\jsdrv.sys [x]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\windows\system32\DRIVERS\BrSerIb.sys;C:\windows\SYSNATIVE\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\windows\system32\DRIVERS\BrUsbSIb.sys;C:\windows\SYSNATIVE\DRIVERS\BrUsbSIb.sys [x]
R3 GoToAssist Remote Support Customer;GoToAssist Remote Support Customer;C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\594\g2ax_service.exe Start=service;C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\594\g2ax_service.exe Start=service [x]
R3 SWDUMon;SWDUMon;C:\windows\system32\DRIVERS\SWDUMon.sys;C:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\windows\system32\DRIVERS\WUDFRd.sys;C:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
R4 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe;C:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
R4 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [x]
R4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
R4 SymELAM;Symantec ELAM Driver;C:\windows\system32\drivers\N360x64\1502000.026\SymELAM.sys;C:\windows\SYSNATIVE\drivers\N360x64\1502000.026\SymELAM.sys [x]
S0 amd_sata;amd_sata;C:\windows\System32\drivers\amd_sata.sys;C:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;C:\windows\System32\drivers\amd_xata.sys;C:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S0 SymDS;Symantec Data Store;C:\windows\system32\drivers\N360x64\1502000.026\SYMDS64.SYS;C:\windows\SYSNATIVE\drivers\N360x64\1502000.026\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\N360x64\1502000.026\SYMEFA64.SYS;C:\windows\SYSNATIVE\drivers\N360x64\1502000.026\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140319.001\BHDrvx64.sys;C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140319.001\BHDrvx64.sys [x]
S1 ccSet_MCLIENT;Norton One Settings Manager;C:\windows\system32\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys;C:\windows\SYSNATIVE\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys [x]
S1 ccSet_N360;N360 Settings Manager;C:\windows\system32\drivers\N360x64\1502000.026\ccSetx64.sys;C:\windows\SYSNATIVE\drivers\N360x64\1502000.026\ccSetx64.sys [x]
S1 ccSet_NST;Norton Identity Safe Settings Manager;C:\windows\system32\drivers\NSTx64\7DE07000.02B\ccSetx64.sys;C:\windows\SYSNATIVE\drivers\NSTx64\7DE07000.02B\ccSetx64.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;C:\windows\system32\DRIVERS\CLVirtualDrive.sys;C:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S1 ElRawDisk;ElRawDisk;C:\windows\system32\drivers\ElRawDsk.sys;C:\windows\SYSNATIVE\drivers\ElRawDsk.sys [x]
S1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140403.001\IDSvia64.sys;C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140403.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\N360x64\1502000.026\Ironx64.SYS;C:\windows\SYSNATIVE\drivers\N360x64\1502000.026\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\Drivers\N360x64\1502000.026\SYMNETS.SYS;C:\windows\SYSNATIVE\Drivers\N360x64\1502000.026\SYMNETS.SYS [x]
S2 ftpsvc;Microsoft FTP Service;C:\windows\system32\svchost.exe;C:\windows\SYSNATIVE\svchost.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [x]
S2 MCLIENT;Norton One;C:\Program Files (x86)\Norton One\Engine\3.2.2.12\ccSvcHst.exe;C:\Program Files (x86)\Norton One\Engine\3.2.2.12\ccSvcHst.exe [x]
S2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\N360.exe;C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\N360.exe [x]
S2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\NST.exe;C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\NST.exe [x]
S2 PDFsFilter;PDFsFilter;C:\windows\system32\DRIVERS\PDFsFilter.sys;C:\windows\SYSNATIVE\DRIVERS\PDFsFilter.sys [x]
S2 sbmntr;sbmntr;C:\PROGRA~2\YTDOWN~1\sbmntr.sys;C:\PROGRA~2\YTDOWN~1\sbmntr.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;C:\windows\system32\DRIVERS\Rt630x64.sys;C:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 usbfilter;AMD USB Filter Driver;C:\windows\System32\drivers\usbfilter.sys;C:\windows\SYSNATIVE\drivers\usbfilter.sys [x]


[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
apphost REG_MULTI_SZ apphostsvc
iissvcs REG_MULTI_SZ w3svc was

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-06 16:39:01 1165776 ----a-w- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2013-09-05 14:04:08 215416 ----a-w- C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll

Contents of the 'Scheduled Tasks' folder

2014-04-04 C:\windows\Tasks\Adobe Flash Player Updater.job
- C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-06 19:53:12 . 2013-09-26 10:58:21]

2014-04-04 C:\windows\Tasks\DriverUpdate Startup.job
- C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [2013-05-23 13:25:20 . 2013-05-23 13:25:20]

2014-04-04 C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-15 03:44:53 . 2012-12-15 03:44:51]

2014-04-04 C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-15 03:44:53 . 2012-12-15 03:44:51]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2013-10-10 21:12:18 1294344 ----a-r- C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2013-10-10 21:12:18 1294344 ----a-r- C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2013-10-10 21:12:18 1294344 ----a-r- C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-03-26 01:16:30 21720]

------- Supplementary Scan -------

uStart Page = hxxp://search.conduit.com?searchsource=10&cui=un15271518592081114&um=2&ctid=ct3309657&up=sp1b77be28-0445-48dc-9e17-02196ad4b278&sspv=
uLocal Page = C:\windows\system32\blank.htm
mStart Page = hxxp://start.mysearchdial.com/?f=1&a=solimmsd&cd=2XzuyEtN2Y1L1QzuyE0CyBtB0BzyzyyE0C0AtDtAyC0FzyyDtN0D0Tzu0CyDzytAtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1B1F1I1L1H1H1B1Q&cr=1931833727&ir=
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.1

- - - - ORPHANS REMOVED - - - -

BHO-{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - (no file)
BHO-{8BA97046-C600-4264-B367-5DEFD9FC505F} - C:\Users\Team Formation\AppData\Roaming\WordExtra\temp.dat
BHO-{e8d2756f-0b75-4c78-aa58-4936ac18bb16} - (no file)
BHO-{fcaf637f-ec75-44ce-b102-e96aa2901a21} - (no file)
Toolbar-{E606052C-E26E-EA9D-835B-BABA8BA9F1F9} - C:\Program Files (x86)\Popup Blocker\popup_blockerWO.dll
Wow6432Node-HKLM-Run-BrowserSafeguard - C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe
BHO-{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} - (no file)
WebBrowser-{232423F5-99F3-4682-AB7B-3B7E7F1D1556} - (no file)

Attached Files


Edited by TB-Psychotic, 07 April 2014 - 02:05 AM.


#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 PM

Posted 07 April 2014 - 02:21 AM

The log is incomplete, please post the whole content of the file.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 squeakyLine

squeakyLine
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 10 April 2014 - 08:21 AM

ComboFix 14-04-03.01 - Team Formation 04/04/2014   7:41:39.1.2 - x64
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.5603.3771 [GMT -5:00]
Running from: C:\Users\Team Formation\Downloads\ComboFix.exe
AV: Norton 360 Premier Edition *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 Premier Edition *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton 360 Premier Edition *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
 
 
C:\Program Files (x86)\MediaPlayerV1
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha980\ch\MediaPlayerV1alpha980.crx
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha980\ff\chrome.manifest
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha980\ff\chrome\content\ffMediaPlayerV1alpha980.js
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha980\ff\chrome\content\icons\default\MediaPlayerV1alpha980_32.png
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha980\ff\chrome\content\icons\Thumbs.db
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha980\ff\chrome\content\overlay.xul
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha980\ff\install.rdf
C:\Program Files (x86)\Popup Blocker\poPUp_blockerwo.dll
C:\Program Files (x86)\VideoPlayerV3
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta553\ch\VideoPlayerV3beta553.crx
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta553\ff\chrome.manifest
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta553\ff\chrome\content\ffVideoPlayerV3beta553.js
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta553\ff\chrome\content\ffVideoPlayerV3beta553ffaction.js
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta553\ff\chrome\content\icons\default\VideoPlayerV3beta553_32.png
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta553\ff\chrome\content\icons\Thumbs.db
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta553\ff\chrome\content\overlay.xul
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta553\ff\install.rdf
C:\Program Files (x86)\WebexpEnhancedV1
C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha212\ch\WebexpEnhancedV1alpha212.crx
C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha212\ff\chrome.manifest
C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha212\ff\chrome\content\ffWebexpEnhancedV1alpha212.js
C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha212\ff\chrome\content\icons\default\WebexpEnhancedV1alpha212_32.png
C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha212\ff\chrome\content\icons\Thumbs.db
C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha212\ff\chrome\content\overlay.xul
C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha212\ff\install.rdf
C:\Users\Team Formation\AppData\Local\assembly\tmp
C:\Users\Team Formation\AppData\Roaming\SearchProtect
C:\Users\Team Formation\AppData\Roaming\SearchProtect\Res\SPSetup.exe
C:\Users\Team Formation\AppData\Roaming\WordExtra\teMP.dat
C:\Users\Team Formation\g2ax_customer_downloadhelper_win32_x86.exe
 
 
(((((((((((((((((((((((((   Files Created from 2014-03-04 to 2014-04-04  )))))))))))))))))))))))))))))))
 
 
2014-04-04 12:51:17 . 2014-04-04 12:51:17 -------- d-----w- C:\Users\DefaultAppPool\AppData\Local\temp
2014-04-04 12:51:17 . 2014-04-04 12:51:17 -------- d-----w- C:\Users\Default\AppData\Local\temp
2014-04-04 04:25:23 . 2014-04-04 04:25:23 -------- d-----w- C:\Users\Team Formation\AppData\Local\BrowserSafeguard
2014-04-03 20:01:22 . 2014-04-04 12:21:09 4194304 ----a-w- C:\Windows\ServiceProfiles\NetworkService\msmqlog.bin
2014-04-03 20:00:30 . 2014-04-03 20:00:30 -------- d-----w- C:\windows\system32\msmq
2014-03-25 12:01:27 . 2014-03-13 16:08:40 2155152 ----a-w- C:\windows\system32\Incinerator64.dll
2014-03-22 20:13:16 . 2014-03-22 20:13:16 -------- d-----w- C:\Program Files (x86)\MediaWatchV1
2014-03-20 16:04:12 . 2014-03-28 03:04:58 -------- d-----w- C:\windows\system32\drivers\N360x64\1502000.026
2014-03-20 13:20:15 . 2014-03-20 13:20:22 -------- d-----w- C:\windows\system32\drivers\NSTx64\7DE07000.02B
2014-03-15 12:53:01 . 2014-03-15 12:53:05 254640 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10236.bin
2014-03-12 12:29:01 . 2013-10-24 22:34:31 868448 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
2014-03-12 12:29:01 . 2013-10-24 22:34:31 28032 ----a-w- C:\Program Files\Windows Defender\mpuxhostproxy.dll
2014-03-12 12:29:01 . 2013-10-24 22:34:31 1571328 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
2014-03-12 12:29:01 . 2013-10-24 22:34:31 1330792 ----a-w- C:\Program Files\Windows Defender\MSASCui.exe
2014-03-12 12:29:01 . 2013-10-24 22:34:31 118776 ----a-w- C:\Program Files\Windows Defender\MpOAV.dll
2014-03-12 12:29:00 . 2013-10-24 22:34:31 507392 ----a-w- C:\Program Files\Windows Defender\MpRtp.dll
2014-03-12 12:29:00 . 2013-10-24 22:34:31 348376 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
2014-03-12 12:29:00 . 2013-10-24 22:33:55 661040 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
2014-03-12 12:27:35 . 2013-12-07 06:36:58 19751936 ----a-w- C:\windows\system32\shell32.dll
2014-03-12 12:27:08 . 2014-02-05 23:41:39 595968 ----a-w- C:\windows\system32\qedit.dll
2014-03-12 12:27:07 . 2014-02-05 23:37:51 496640 ----a-w- C:\windows\SysWow64\qedit.dll
.
 
 
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
 
2014-04-04 12:21:45 . 2013-05-17 02:28:22 16152 ----a-w- C:\windows\system32\drivers\SWDUMon.sys
2014-03-18 08:00:13 . 2012-12-16 21:07:06 90015360 ----a-w- C:\windows\system32\MRT.exe
2014-03-13 16:25:26 . 2013-06-10 18:12:59 57584 ----a-w- C:\windows\system32\iolobtdfg.exe
2014-03-13 16:25:16 . 2013-06-10 18:12:59 26184 ----a-w- C:\windows\system32\smrgdf.exe
2014-03-13 16:08:38 . 2013-06-10 18:13:01 2097984 ----a-w- C:\windows\SysWow64\Incinerator32.dll
2014-03-04 22:52:34 . 2013-11-16 16:10:51 78304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-04 22:52:34 . 2013-11-16 16:10:50 694240 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-01-12 23:30:39 . 2014-02-12 12:56:08 2032640 ----a-w- C:\windows\SysWow64\d3d10warp.dll
2014-01-12 23:30:18 . 2014-02-12 12:56:09 2238976 ----a-w- C:\windows\system32\d3d10warp.dll
 
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{232423f5-99f3-4682-ab7b-3b7e7f1d1556}"= "C:\Program Files (x86)\Vafmusic5\prxtbVaf0.dll" [2013-05-20 09:21:54 231712]
"{9ed31f84-c8b3-4926-b950-dff74047ff79}"= "C:\Program Files (x86)\KeyBar_1.8\prxtbKeyB.dll" [2013-07-17 08:53:40 226592]
 
[HKEY_CLASSES_ROOT\clsid\{232423f5-99f3-4682-ab7b-3b7e7f1d1556}]
 
[HKEY_CLASSES_ROOT\clsid\{9ed31f84-c8b3-4926-b950-dff74047ff79}]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3}]
2014-02-18 16:17:48 86800 ----a-w- C:\Program Files (x86)\SavingsBull\IEOptimizer.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{232423f5-99f3-4682-ab7b-3b7e7f1d1556}]
2013-05-20 09:21:54 231712 ----a-w- C:\Program Files (x86)\Vafmusic5\prxtbVaf0.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2012-06-02 20:25:25 298568 ----a-w- C:\Windows\System32\mscoree.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{90a1b331-c2b4-4933-9f63-ba7b84d60d58}]
2013-05-16 12:13:56 231712 ----a-w- C:\Program Files (x86)\MixiDJ_V44\prxtbMixi.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{90a1b331-c2b4-4933-9f63-ba7b84d60d58}"= "C:\Program Files (x86)\MixiDJ_V44\prxtbMixi.dll" [2013-05-16 12:13:56 231712]
"{232423f5-99f3-4682-ab7b-3b7e7f1d1556}"= "C:\Program Files (x86)\Vafmusic5\prxtbVaf0.dll" [2013-05-20 09:21:54 231712]
 
[HKEY_CLASSES_ROOT\clsid\{90a1b331-c2b4-4933-9f63-ba7b84d60d58}]
 
[HKEY_CLASSES_ROOT\clsid\{232423f5-99f3-4682-ab7b-3b7e7f1d1556}]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2013-10-10 21:26:00 1021448 ----a-r- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2013-10-10 21:26:00 1021448 ----a-r- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2013-10-10 21:26:00 1021448 ----a-r- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Driver Support"="C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe" [2014-02-28 00:12:49 4680568]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Carbonite Backup"="C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2013-10-10 21:25:58 1056264]
"YTDownloader"="C:\Program Files (x86)\YTDownloader\YTDownloader.exe" [2013-12-20 13:49:12 2049896]
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Norton Download Manager{N360P211018-SHPD-FSD40014}"="C:\Program Files (x86)\Norton One\Engine\3.2.2.12\ccSvcHst.exe" [2012-12-05 01:40:03 143928]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\windows\system32\userinit.exe"
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
 
R2 SPDRIVER_1.0.0.24;SPDRIVER_1.0.0.24;C:\Program Files (x86)\ShopperPro\JSDriver\1.0.0.24\jsdrv.sys;C:\Program Files (x86)\ShopperPro\JSDriver\1.0.0.24\jsdrv.sys [x]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\windows\system32\DRIVERS\BrSerIb.sys;C:\windows\SYSNATIVE\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\windows\system32\DRIVERS\BrUsbSIb.sys;C:\windows\SYSNATIVE\DRIVERS\BrUsbSIb.sys [x]
R3 GoToAssist Remote Support Customer;GoToAssist Remote Support Customer;C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\594\g2ax_service.exe Start=service;C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\594\g2ax_service.exe Start=service [x]
R3 SWDUMon;SWDUMon;C:\windows\system32\DRIVERS\SWDUMon.sys;C:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\windows\system32\DRIVERS\WUDFRd.sys;C:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
R4 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe;C:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
R4 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [x]
R4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
R4 SymELAM;Symantec ELAM Driver;C:\windows\system32\drivers\N360x64\1502000.026\SymELAM.sys;C:\windows\SYSNATIVE\drivers\N360x64\1502000.026\SymELAM.sys [x]
S0 amd_sata;amd_sata;C:\windows\System32\drivers\amd_sata.sys;C:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;C:\windows\System32\drivers\amd_xata.sys;C:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S0 SymDS;Symantec Data Store;C:\windows\system32\drivers\N360x64\1502000.026\SYMDS64.SYS;C:\windows\SYSNATIVE\drivers\N360x64\1502000.026\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\N360x64\1502000.026\SYMEFA64.SYS;C:\windows\SYSNATIVE\drivers\N360x64\1502000.026\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140319.001\BHDrvx64.sys;C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140319.001\BHDrvx64.sys [x]
S1 ccSet_MCLIENT;Norton One Settings Manager;C:\windows\system32\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys;C:\windows\SYSNATIVE\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys [x]
S1 ccSet_N360;N360 Settings Manager;C:\windows\system32\drivers\N360x64\1502000.026\ccSetx64.sys;C:\windows\SYSNATIVE\drivers\N360x64\1502000.026\ccSetx64.sys [x]
S1 ccSet_NST;Norton Identity Safe Settings Manager;C:\windows\system32\drivers\NSTx64\7DE07000.02B\ccSetx64.sys;C:\windows\SYSNATIVE\drivers\NSTx64\7DE07000.02B\ccSetx64.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;C:\windows\system32\DRIVERS\CLVirtualDrive.sys;C:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S1 ElRawDisk;ElRawDisk;C:\windows\system32\drivers\ElRawDsk.sys;C:\windows\SYSNATIVE\drivers\ElRawDsk.sys [x]
S1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140403.001\IDSvia64.sys;C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140403.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\N360x64\1502000.026\Ironx64.SYS;C:\windows\SYSNATIVE\drivers\N360x64\1502000.026\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\Drivers\N360x64\1502000.026\SYMNETS.SYS;C:\windows\SYSNATIVE\Drivers\N360x64\1502000.026\SYMNETS.SYS [x]
S2 ftpsvc;Microsoft FTP Service;C:\windows\system32\svchost.exe;C:\windows\SYSNATIVE\svchost.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [x]
S2 MCLIENT;Norton One;C:\Program Files (x86)\Norton One\Engine\3.2.2.12\ccSvcHst.exe;C:\Program Files (x86)\Norton One\Engine\3.2.2.12\ccSvcHst.exe [x]
S2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\N360.exe;C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\N360.exe [x]
S2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\NST.exe;C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\NST.exe [x]
S2 PDFsFilter;PDFsFilter;C:\windows\system32\DRIVERS\PDFsFilter.sys;C:\windows\SYSNATIVE\DRIVERS\PDFsFilter.sys [x]
S2 sbmntr;sbmntr;C:\PROGRA~2\YTDOWN~1\sbmntr.sys;C:\PROGRA~2\YTDOWN~1\sbmntr.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;C:\windows\system32\DRIVERS\Rt630x64.sys;C:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 usbfilter;AMD USB Filter Driver;C:\windows\System32\drivers\usbfilter.sys;C:\windows\SYSNATIVE\drivers\usbfilter.sys [x]
 
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
apphost REG_MULTI_SZ   apphostsvc
iissvcs REG_MULTI_SZ   w3svc was
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-06 16:39:01 1165776 ----a-w- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2013-09-05 14:04:08 215416 ----a-w- C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll
 
Contents of the 'Scheduled Tasks' folder
 
2014-04-04 C:\windows\Tasks\Adobe Flash Player Updater.job
- C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-06 19:53:12 . 2013-09-26 10:58:21]
 
2014-04-04 C:\windows\Tasks\DriverUpdate Startup.job
- C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [2013-05-23 13:25:20 . 2013-05-23 13:25:20]
 
2014-04-04 C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-15 03:44:53 . 2012-12-15 03:44:51]
 
2014-04-04 C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-15 03:44:53 . 2012-12-15 03:44:51]
 
 
--------- X64 Entries -----------
 
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2013-10-10 21:12:18 1294344 ----a-r- C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2013-10-10 21:12:18 1294344 ----a-r- C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2013-10-10 21:12:18 1294344 ----a-r- C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-03-26 01:16:30 21720]
 
------- Supplementary Scan -------
 
uStart Page = hxxp://search.conduit.com?searchsource=10&cui=un15271518592081114&um=2&ctid=ct3309657&up=sp1b77be28-0445-48dc-9e17-02196ad4b278&sspv=
uLocal Page = C:\windows\system32\blank.htm
mStart Page = hxxp://start.mysearchdial.com/?f=1&a=solimmsd&cd=2XzuyEtN2Y1L1QzuyE0CyBtB0BzyzyyE0C0AtDtAyC0FzyyDtN0D0Tzu0CyDzytAtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1B1F1I1L1H1H1B1Q&cr=1931833727&ir=
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.1
 
- - - - ORPHANS REMOVED - - - -
 
BHO-{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - (no file)
BHO-{8BA97046-C600-4264-B367-5DEFD9FC505F} - C:\Users\Team Formation\AppData\Roaming\WordExtra\temp.dat
BHO-{e8d2756f-0b75-4c78-aa58-4936ac18bb16} - (no file)
BHO-{fcaf637f-ec75-44ce-b102-e96aa2901a21} - (no file)
Toolbar-{E606052C-E26E-EA9D-835B-BABA8BA9F1F9} - C:\Program Files (x86)\Popup Blocker\popup_blockerWO.dll
Wow6432Node-HKLM-Run-BrowserSafeguard - C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe
BHO-{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} - (no file)
WebBrowser-{232423F5-99F3-4682-AB7B-3B7E7F1D1556} - (no file)


#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 PM

Posted 10 April 2014 - 08:34 AM

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is saved to.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 squeakyLine

squeakyLine
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 11 April 2014 - 07:07 AM

ComboFix 14-04-09.02 - Team Formation 04/11/2014   6:50.2.2 - x64
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.5603.4055 [GMT -5:00]
Running from: c:\users\Team Formation\Downloads\ComboFix.exe
Command switches used :: c:\users\Team Formation\Desktop\CFScript .txt
AV: Norton 360 Premier Edition *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 Premier Edition *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton 360 Premier Edition *Disabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\MediaViewerV1
c:\program files (x86)\MediaViewerV1\MediaViewerV1alpha4409\ch\MediaViewerV1alpha4409.crx
c:\program files (x86)\MediaViewerV1\MediaViewerV1alpha4409\ff\chrome.manifest
c:\program files (x86)\MediaViewerV1\MediaViewerV1alpha4409\ff\chrome\content\ffMediaViewerV1alpha4409.js
c:\program files (x86)\MediaViewerV1\MediaViewerV1alpha4409\ff\chrome\content\icons\default\MediaViewerV1alpha4409_32.png
c:\program files (x86)\MediaViewerV1\MediaViewerV1alpha4409\ff\chrome\content\icons\Thumbs.db
c:\program files (x86)\MediaViewerV1\MediaViewerV1alpha4409\ff\chrome\content\overlay.xul
c:\program files (x86)\MediaViewerV1\MediaViewerV1alpha4409\ff\install.rdf
c:\program files (x86)\MediaWatchV1
c:\program files (x86)\MediaWatchV1\MediaWatchV1home136\ch\MediaWatchV1home136.crx
c:\program files (x86)\MediaWatchV1\MediaWatchV1home136\ff\chrome.manifest
c:\program files (x86)\MediaWatchV1\MediaWatchV1home136\ff\chrome\content\ffMediaWatchV1home136.js
c:\program files (x86)\MediaWatchV1\MediaWatchV1home136\ff\chrome\content\ffMediaWatchV1home136ffaction.js
c:\program files (x86)\MediaWatchV1\MediaWatchV1home136\ff\chrome\content\icons\default\MediaWatchV1home136_32.png
c:\program files (x86)\MediaWatchV1\MediaWatchV1home136\ff\chrome\content\icons\Thumbs.db
c:\program files (x86)\MediaWatchV1\MediaWatchV1home136\ff\chrome\content\overlay.xul
c:\program files (x86)\MediaWatchV1\MediaWatchV1home136\ff\install.rdf
.
---- Previous Run -------
.
c:\program files (x86)\MediaPlayerV1
c:\program files (x86)\MediaPlayerV1\MediaPlayerV1alpha980\ch\MediaPlayerV1alpha980.crx
c:\program files (x86)\MediaPlayerV1\MediaPlayerV1alpha980\ff\chrome.manifest
c:\program files (x86)\MediaPlayerV1\MediaPlayerV1alpha980\ff\chrome\content\ffMediaPlayerV1alpha980.js
c:\program files (x86)\MediaPlayerV1\MediaPlayerV1alpha980\ff\chrome\content\icons\default\MediaPlayerV1alpha980_32.png
c:\program files (x86)\MediaPlayerV1\MediaPlayerV1alpha980\ff\chrome\content\icons\Thumbs.db
c:\program files (x86)\MediaPlayerV1\MediaPlayerV1alpha980\ff\chrome\content\overlay.xul
c:\program files (x86)\MediaPlayerV1\MediaPlayerV1alpha980\ff\install.rdf
c:\program files (x86)\Popup Blocker\poPUp_blockerwo.dll
c:\program files (x86)\VideoPlayerV3
c:\program files (x86)\VideoPlayerV3\VideoPlayerV3beta553\ch\VideoPlayerV3beta553.crx
c:\program files (x86)\VideoPlayerV3\VideoPlayerV3beta553\ff\chrome.manifest
c:\program files (x86)\VideoPlayerV3\VideoPlayerV3beta553\ff\chrome\content\ffVideoPlayerV3beta553.js
c:\program files (x86)\VideoPlayerV3\VideoPlayerV3beta553\ff\chrome\content\ffVideoPlayerV3beta553ffaction.js
c:\program files (x86)\VideoPlayerV3\VideoPlayerV3beta553\ff\chrome\content\icons\default\VideoPlayerV3beta553_32.png
c:\program files (x86)\VideoPlayerV3\VideoPlayerV3beta553\ff\chrome\content\icons\Thumbs.db
c:\program files (x86)\VideoPlayerV3\VideoPlayerV3beta553\ff\chrome\content\overlay.xul
c:\program files (x86)\VideoPlayerV3\VideoPlayerV3beta553\ff\install.rdf
c:\program files (x86)\WebexpEnhancedV1
c:\program files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha212\ch\WebexpEnhancedV1alpha212.crx
c:\program files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha212\ff\chrome.manifest
c:\program files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha212\ff\chrome\content\ffWebexpEnhancedV1alpha212.js
c:\program files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha212\ff\chrome\content\icons\default\WebexpEnhancedV1alpha212_32.png
c:\program files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha212\ff\chrome\content\icons\Thumbs.db
c:\program files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha212\ff\chrome\content\overlay.xul
c:\program files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha212\ff\install.rdf
c:\users\Team Formation\AppData\Local\assembly\tmp
c:\users\Team Formation\AppData\Roaming\SearchProtect
c:\users\Team Formation\AppData\Roaming\SearchProtect\Res\SPSetup.exe
c:\users\Team Formation\AppData\Roaming\WordExtra\teMP.dat
c:\users\Team Formation\g2ax_customer_downloadhelper_win32_x86.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-11 to 2014-04-11  )))))))))))))))))))))))))))))))
.
.
2014-04-11 11:59 . 2014-04-11 11:59 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2014-04-11 11:59 . 2014-04-11 11:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-04 04:25 . 2014-04-04 04:25 -------- d-----w- c:\users\Team Formation\AppData\Local\BrowserSafeguard
2014-04-03 20:01 . 2014-04-04 12:21 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2014-04-03 20:00 . 2014-04-03 20:00 -------- d-----w- c:\windows\system32\msmq
2014-03-25 12:01 . 2014-03-13 16:08 2155152 ----a-w- c:\windows\system32\Incinerator64.dll
2014-03-20 16:04 . 2014-03-28 03:04 -------- d-----w- c:\windows\system32\drivers\N360x64\1502000.026
2014-03-20 13:20 . 2014-03-20 13:20 -------- d-----w- c:\windows\system32\drivers\NSTx64\7DE07000.02B
2014-03-15 12:53 . 2014-03-15 12:53 254640 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10236.bin
2014-03-12 12:29 . 2013-10-24 22:34 868448 ----a-w- c:\program files\Windows Defender\MpClient.dll
2014-03-12 12:29 . 2013-10-24 22:34 28032 ----a-w- c:\program files\Windows Defender\mpuxhostproxy.dll
2014-03-12 12:29 . 2013-10-24 22:34 1571328 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2014-03-12 12:29 . 2013-10-24 22:34 1330792 ----a-w- c:\program files\Windows Defender\MSASCui.exe
2014-03-12 12:29 . 2013-10-24 22:34 118776 ----a-w- c:\program files\Windows Defender\MpOAV.dll
2014-03-12 12:29 . 2013-10-24 22:34 507392 ----a-w- c:\program files\Windows Defender\MpRtp.dll
2014-03-12 12:29 . 2013-10-24 22:34 348376 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2014-03-12 12:29 . 2013-10-24 22:33 661040 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll
2014-03-12 12:27 . 2013-12-07 06:36 19751936 ----a-w- c:\windows\system32\shell32.dll
2014-03-12 12:27 . 2014-02-05 23:41 595968 ----a-w- c:\windows\system32\qedit.dll
2014-03-12 12:27 . 2014-02-05 23:37 496640 ----a-w- c:\windows\SysWow64\qedit.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-10 14:10 . 2012-12-16 21:07 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-04-04 12:21 . 2013-05-17 02:28 16152 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2014-03-13 16:25 . 2013-06-10 18:12 57584 ----a-w- c:\windows\system32\iolobtdfg.exe
2014-03-13 16:25 . 2013-06-10 18:12 26184 ----a-w- c:\windows\system32\smrgdf.exe
2014-03-13 16:08 . 2013-06-10 18:13 2097984 ----a-w- c:\windows\SysWow64\Incinerator32.dll
2014-03-04 22:52 . 2013-11-16 16:10 78304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-04 22:52 . 2013-11-16 16:10 694240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-12 23:30 . 2014-02-12 12:56 2032640 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-01-12 23:30 . 2014-02-12 12:56 2238976 ----a-w- c:\windows\system32\d3d10warp.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3}]
2014-02-18 16:17 86800 ----a-w- c:\program files (x86)\SavingsBull\IEOptimizer.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{232423f5-99f3-4682-ab7b-3b7e7f1d1556}]
2013-05-20 09:21 231712 ----a-w- c:\program files (x86)\Vafmusic5\prxtbVaf0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2012-06-02 20:25 298568 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{8BA97046-C600-4264-B367-5DEFD9FC505F}]
c:\users\Team Formation\AppData\Roaming\WordExtra\temp.dat [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{90a1b331-c2b4-4933-9f63-ba7b84d60d58}]
2013-05-16 12:13 231712 ----a-w- c:\program files (x86)\MixiDJ_V44\prxtbMixi.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{E606052C-E26E-EA9D-835B-BABA8BA9F1F9}"= "c:\program files (x86)\Popup Blocker\popup_blockerWO.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{e606052c-e26e-ea9d-835b-baba8ba9f1f9}]
[HKEY_CLASSES_ROOT\XBTB09856.XBTB09856.1]
[HKEY_CLASSES_ROOT\TypeLib\{2CF341D2-9C6B-40f1-8170-63E6559D2984}]
[HKEY_CLASSES_ROOT\XBTB09856.XBTB09856]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2013-10-10 21:26 1021448 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2013-10-10 21:26 1021448 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2013-10-10 21:26 1021448 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Driver Support"="c:\program files (x86)\Driver Support\Driver Support\DriverSupport.exe" [2014-02-28 4680568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2013-10-10 1056264]
"YTDownloader"="c:\program files (x86)\YTDownloader\YTDownloader.exe" [2013-12-20 2049896]
"BrowserSafeguard"="c:\program files (x86)\Browsersafeguard\BrowserSafeguard.exe" [BU]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Norton Download Manager{N360P211018-SHPD-FSD40014}"="c:\program files (x86)\Norton One\Engine\3.2.2.12\ccSvcHst.exe" [2012-12-05 143928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
R2 SPDRIVER_1.0.0.24;SPDRIVER_1.0.0.24;c:\program files (x86)\ShopperPro\JSDriver\1.0.0.24\jsdrv.sys;c:\program files (x86)\ShopperPro\JSDriver\1.0.0.24\jsdrv.sys [x]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrUsbSIb.sys [x]
R3 GoToAssist Remote Support Customer;GoToAssist Remote Support Customer;c:\program files (x86)\Citrix\GoToAssist Remote Support Customer\594\g2ax_service.exe Start=service;c:\program files (x86)\Citrix\GoToAssist Remote Support Customer\594\g2ax_service.exe Start=service [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
R4 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [x]
R4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
R4 SymELAM;Symantec ELAM Driver;c:\windows\system32\drivers\N360x64\1502000.026\SymELAM.sys;c:\windows\SYSNATIVE\drivers\N360x64\1502000.026\SymELAM.sys [x]
S0 amd_sata;amd_sata;c:\windows\System32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\System32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1502000.026\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1502000.026\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1502000.026\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1502000.026\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140319.001\BHDrvx64.sys;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140319.001\BHDrvx64.sys [x]
S1 ccSet_MCLIENT;Norton One Settings Manager;c:\windows\system32\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys [x]
S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1502000.026\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1502000.026\ccSetx64.sys [x]
S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DE07000.02B\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NSTx64\7DE07000.02B\ccSetx64.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys;c:\windows\SYSNATIVE\drivers\ElRawDsk.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140410.003\IDSvia64.sys;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140410.003\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1502000.026\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1502000.026\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1502000.026\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1502000.026\SYMNETS.SYS [x]
S2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [x]
S2 MCLIENT;Norton One;c:\program files (x86)\Norton One\Engine\3.2.2.12\ccSvcHst.exe;c:\program files (x86)\Norton One\Engine\3.2.2.12\ccSvcHst.exe [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\21.2.0.38\N360.exe;c:\program files (x86)\Norton 360\Engine\21.2.0.38\N360.exe [x]
S2 NCO;Norton Identity Safe;c:\program files (x86)\Norton Identity Safe\Engine\2014.7.0.43\NST.exe;c:\program files (x86)\Norton Identity Safe\Engine\2014.7.0.43\NST.exe [x]
S2 PDFsFilter;PDFsFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys;c:\windows\SYSNATIVE\DRIVERS\PDFsFilter.sys [x]
S2 sbmntr;sbmntr;c:\progra~2\YTDOWN~1\sbmntr.sys;c:\progra~2\YTDOWN~1\sbmntr.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\System32\drivers\usbfilter.sys;c:\windows\SYSNATIVE\drivers\usbfilter.sys [x]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
apphost REG_MULTI_SZ   apphostsvc
iissvcs REG_MULTI_SZ   w3svc was
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-06 16:39 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2013-09-05 14:04 215416 ----a-w- c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-06 10:58]
.
2014-04-04 c:\windows\Tasks\DriverUpdate Startup.job
- c:\program files (x86)\DriverUpdate\DriverUpdate.exe [2013-05-23 13:25]
.
2014-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-15 03:44]
.
2014-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-15 03:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2013-10-10 21:12 1294344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2013-10-10 21:12 1294344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2013-10-10 21:12 1294344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-03-26 21720]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://start.mysearchdial.com/?f=1&a=solimmsd&cd=2XzuyEtN2Y1L1QzuyE0CyBtB0BzyzyyE0C0AtDtAyC0FzyyDtN0D0Tzu0CyDzytAtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1B1F1I1L1H1H1B1Q&cr=1931833727&ir=
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - (no file)
BHO-{e8d2756f-0b75-4c78-aa58-4936ac18bb16} - (no file)
BHO-{fcaf637f-ec75-44ce-b102-e96aa2901a21} - (no file)
BHO-{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MCLIENT]
"ImagePath"="\"c:\program files (x86)\Norton One\Engine\3.2.2.12\ccSvcHst.exe\" /s \"MCLIENT\" /m \"c:\program files (x86)\Norton One\Engine\3.2.2.12\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\21.2.0.38\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\21.2.0.38\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NCO]
"ImagePath"="\"c:\program files (x86)\Norton Identity Safe\Engine\2014.7.0.43\NST.exe\" /s \"NCO\" /m \"c:\program files (x86)\Norton Identity Safe\Engine\2014.7.0.43\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1502000.026\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton 360\Engine\21.2.0.38;c:\program files (x86)\Norton 360\Engine64\21.2.0.38"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2014-04-11  07:03:21
ComboFix-quarantined-files.txt  2014-04-11 12:03
.
Pre-Run: 852,608,622,592 bytes free
Post-Run: 852,411,404,288 bytes free
.
- - End Of File - - F93C28B663E1F89116AB1D926C46A295
5FB38429D5D77768867C76DCBDB35194


#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 PM

Posted 11 April 2014 - 08:44 AM

Then run MBAM as instructed.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 PM

Posted 08 May 2014 - 04:18 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users