Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

chrome asking for capcha: Hijack this


  • This topic is locked This topic is locked
31 replies to this topic

#1 dwilmot

dwilmot

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 18 March 2014 - 10:27 PM

Hi Guys,

Newbie here and I am wondering if anyone knows how to solve the problem below. It turns up when I do a search in the Chrome omnibox and when you do the captcha it just brings up another one. Tried a couple of so called solutions on the Chrome Forum but they don't work.

Any ideas please.........

I have run Malware bytes and all is clear.

Have run ADWcleaner and it find the following (see file attached) but when I clean and reboot and  do another scan  they are still there....

 

This message appears in Chrome and IE

 

About this page

Our systems have detected unusual traffic from your computer network. This page checks to see if it's really you sending the requests, and not a robot. 
Why did this happen?

 

Any help please, thanks

DW

 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 dwilmot

dwilmot
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 19 March 2014 - 08:02 PM

Hello Gringo,

Further to our PM here is the file from Hijack this.

It can not get into the host files and when I follow the instructions as to how to fix this, it doesn't work and what I get is this:

 
127.0.0.1       localhost
::1       localhost
 
Below is what I can get of the Hijack this scan and the above turns up at line 01. I tried to remove them a couple of days ago but they are still there.
 
The Google block seems to have gone for the time being but the bogus Yahoo search page is still there.
Look forward to any advice.
Regards
DW
 
LOG BELOW.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:45:35 PM, on 3/19/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16521)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\DTR\Downloads\HijackThis.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.cibc.com/ca/personal.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=2071213
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - (no file)
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2979CD92-AB25-4E72-8F64-FB1A5C4EC2FF}: NameServer = 208.69.150.250,208.69.150.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{77ED06CD-587E-49DE-A205-9D025EFFEAFE}: NameServer = 208.69.150.250,208.69.150.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{79200ED8-5977-4DDA-A35D-641458942123}: NameServer = 208.69.150.250,208.69.150.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB187E3F-21BC-499A-90E6-14C4147FDC05}: NameServer = 208.69.150.250,208.69.150.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{F505D26D-4A51-408C-923E-12FBFE495D22}: NameServer = 208.69.150.250,208.69.150.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA194F5D-73AB-4D4E-AE5E-0A26D0AFDAE0}: NameServer = 208.69.150.250,208.69.150.252
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1ce05c2c2d168b3) (gupdate1ce05c2c2d168b3) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem1ce05c2c369c0c4) (gupdatem1ce05c2c369c0c4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
 
--
End of file - 6890 bytes
 

Edited by Orange Blossom, 20 March 2014 - 03:03 PM.
Merged topics ~ OB


#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,723 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:53 PM

Posted 19 March 2014 - 11:00 PM

Does this concern the same computer as this topic?

 

http://www.bleepingcomputer.com/forums/t/527986/chrome-asking-for-capcha/

 

Orange Blossom :cherry:


Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#4 dwilmot

dwilmot
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 20 March 2014 - 12:28 AM

Hi, 

Yes, but I also have another problem regarding the fake Yahoo search so they both may be included in the Hijackthis file. 

Thanks

DW



#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:53 PM

Posted 20 March 2014 - 05:37 AM

Hello dwilmot


Not having access to the host file in hijackthis only means that you did not run it with admin rights

Right click on the icon and select run as admin




gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 dwilmot

dwilmot
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 20 March 2014 - 12:13 PM

Hi Gringo,

Thanks for that. I have run it as administrator and below is the new report. Is there anything on this report that should not be there?

I wish I knew what to look for. 

Look forward to any advice.

Thanks

DW

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:04:04 AM, on 3/20/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16521)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\DTR\Downloads\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.cibc.com/ca/personal.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [20131224] C:\Program Files\Alwil Software\Avast5\setup\emupdate\921bb343-42d0-44cf-b5cf-b84a98c13d21.exe /check
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - (no file)
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2979CD92-AB25-4E72-8F64-FB1A5C4EC2FF}: NameServer = 208.69.150.250,208.69.150.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{77ED06CD-587E-49DE-A205-9D025EFFEAFE}: NameServer = 208.69.150.250,208.69.150.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{79200ED8-5977-4DDA-A35D-641458942123}: NameServer = 208.69.150.250,208.69.150.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB187E3F-21BC-499A-90E6-14C4147FDC05}: NameServer = 208.69.150.250,208.69.150.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{F505D26D-4A51-408C-923E-12FBFE495D22}: NameServer = 208.69.150.250,208.69.150.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA194F5D-73AB-4D4E-AE5E-0A26D0AFDAE0}: NameServer = 208.69.150.250,208.69.150.252
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1ce05c2c2d168b3) (gupdate1ce05c2c2d168b3) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem1ce05c2c369c0c4) (gupdatem1ce05c2c369c0c4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
 
--
End of file - 7555 bytes


#7 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,723 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:53 PM

Posted 20 March 2014 - 03:05 PM

Hi, 

Yes, but I also have another problem regarding the fake Yahoo search so they both may be included in the Hijackthis file. 

Thanks

DW

Thank you.  Since both topics concern the same computer, I have merged the two.  As the other one was older, the link now will be for that topic number with a slightly adjusted title.  That link is as follows: http://www.bleepingcomputer.com/forums/t/527986/chrome-asking-for-capcha-hijack-this/

 

Back to you Gringo,

 

Orange Blossom :cherry:


Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:53 PM

Posted 22 March 2014 - 09:12 AM


Hello dwilmot



Please download Farbar Recovery Scan Tool and save it to your desktop.


Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 dwilmot

dwilmot
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 22 March 2014 - 06:35 PM

Hi Gringo,

Thanks for the update and below are the 2 files as requested. 

Did you find anything of interest in the Hijackthis log I sent?

Thanks

DW

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by DTR (administrator) on DTR-PC on 22-03-2014 16:13:00
Running from C:\Users\DTR\Downloads
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Andrea Electronics Corporation) C:\Windows\system32\aestsrv.exe
(Creative Labs) C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
(Creative Technology Ltd) C:\Windows\system32\CTsvcCDA.exe
(IDT, Inc.) C:\Windows\system32\STacSV.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Windows\System32\WLTRYSVC.EXE
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Dell Inc.) C:\Windows\System32\bcmwltry.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(IDT, Inc.) C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Windows\system32\WLTRAY.exe [1548288 2007-03-21] (Dell Inc.)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3767096 2014-02-13] (AVAST Software)
HKLM\...\Run: [SigmatelSysTrayApp] - C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-09-07] (IDT, Inc.)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM\...\RunOnce: [20131224] - C:\Program Files\Alwil Software\Avast5\setup\emupdate\921bb343-42d0-44cf-b5cf-b84a98c13d21.exe /check [181136 2014-02-27] (AVAST Software)
HKU\S-1-5-21-3427914818-1164801448-99283304-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)
HKU\S-1-5-21-3427914818-1164801448-99283304-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.cibc.com/ca/personal.html
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - RadioBar Toolbar - {5B291E6C-9A74-4034-971B-A4B007A0B315} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2979CD92-AB25-4E72-8F64-FB1A5C4EC2FF}: [NameServer]208.69.150.250,208.69.150.252
Tcpip\..\Interfaces\{77ED06CD-587E-49DE-A205-9D025EFFEAFE}: [NameServer]208.69.150.250,208.69.150.252
Tcpip\..\Interfaces\{79200ED8-5977-4DDA-A35D-641458942123}: [NameServer]208.69.150.250,208.69.150.252
Tcpip\..\Interfaces\{AB187E3F-21BC-499A-90E6-14C4147FDC05}: [NameServer]208.69.150.250,208.69.150.252
Tcpip\..\Interfaces\{F505D26D-4A51-408C-923E-12FBFE495D22}: [NameServer]208.69.150.250,208.69.150.252
Tcpip\..\Interfaces\{FA194F5D-73AB-4D4E-AE5E-0A26D0AFDAE0}: [NameServer]208.69.150.250,208.69.150.252
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @oberon-media.com/ONCAdapter - C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF Plugin: @real.com/nppl3260;version=6.0.12.69 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.69 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - \Extensions\Fax [2009-10-29]
FF Extension: uTorrentBar Community Toolbar - \Extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} [2011-11-19]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
 
Chrome: 
=======
CHR HomePage: 
CHR DefaultSearchKeyword: google
CHR DefaultNewTabURL: 
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\DTR\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility for IJ) - C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
CHR Plugin: (Oberon com adapter) - C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Torrent Search) - C:\Users\DTR\AppData\Local\Google\Chrome\User Data\Default\Extensions\afbpdhiclgghnffhkinjikglgmolhpee [2014-01-30]
CHR Extension: (Google Docs) - C:\Users\DTR\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-30]
CHR Extension: (Google Drive) - C:\Users\DTR\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-30]
CHR Extension: (YouTube) - C:\Users\DTR\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-30]
CHR Extension: (Google Search) - C:\Users\DTR\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-30]
CHR Extension: (Google Maps) - C:\Users\DTR\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-01-30]
CHR Extension: (Google Wallet) - C:\Users\DTR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-20]
CHR Extension: (Gmail) - C:\Users\DTR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-30]
 
========================== Services (Whitelisted) =================
 
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-02-13] (AVAST Software)
R2 Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [72704 2007-12-12] (Creative Labs)
R2 Creative Service for CDROM Access; C:\Windows\system32\CTsvcCDA.exe [44032 2007-04-08] (Creative Technology Ltd)
S2 gupdate1ce05c2c2d168b3; C:\Program Files\Google\Update\GoogleUpdate.exe [116648 2013-02-07] (Google Inc.)
S3 gupdatem1ce05c2c369c0c4; C:\Program Files\Google\Update\GoogleUpdate.exe [116648 2013-02-07] (Google Inc.)
S4 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [202544 2007-10-09] (SupportSoft, Inc.)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [1724416 2007-03-21] (Dell Inc.)
 
==================== Drivers (Whitelisted) ====================
 
S3 ASPI; C:\Windows\System32\DRIVERS\ASPI32.sys [84832 2002-07-17] (Adaptec)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-02-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2013-12-02] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2013-12-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-02-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410784 2014-02-13] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [64168 2014-02-13] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2014-01-06] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2013-09-13] (Disc Soft Ltd)
R3 dvd43llh; C:\Windows\System32\DRIVERS\dvd43llh.sys [18816 2010-07-29] (RIF)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [65896 2014-01-14] (FTDI Ltd.)
R3 HP8207_8307; C:\Windows\System32\DRIVERS\HP8207_8307.sys [13952 2010-02-05] (Windows ® Win 7 DDK provider)
S3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [6144 2007-01-09] (Chic)
S3 SaiH0461; C:\Windows\System32\DRIVERS\SaiH0461.sys [136832 2008-03-26] (Saitek)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [11232 2011-01-26] ()
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2011-03-18] (AnchorFree Inc)
S3 NPF; system32\drivers\npf.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-22 16:13 - 2014-03-22 16:13 - 00015810 _____ () C:\Users\DTR\Downloads\FRST.txt
2014-03-22 16:12 - 2014-03-22 16:13 - 00000000 ____D () C:\FRST
2014-03-22 16:11 - 2014-03-22 16:11 - 01145856 _____ (Farbar) C:\Users\DTR\Downloads\FRST.exe
2014-03-21 13:20 - 2014-03-22 08:32 - 00008244 _____ () C:\Windows\setupact.log
2014-03-21 13:20 - 2014-03-21 13:20 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-20 15:38 - 2014-03-20 15:38 - 00000039 _____ () C:\Users\DTR\AppData\Roaming\mbam.context.scan
2014-03-20 10:07 - 2014-03-20 10:07 - 00001067 _____ () C:\Users\DTR\Desktop\JRT - Shortcut.lnk
2014-03-20 10:07 - 2014-03-20 10:07 - 00001045 _____ () C:\Users\DTR\Downloads\JRT - Shortcut.lnk
2014-03-20 10:04 - 2014-03-20 10:04 - 00007556 _____ () C:\Users\DTR\Downloads\hijackthis.log
2014-03-19 22:20 - 2014-03-19 22:21 - 00001113 _____ () C:\Users\DTR\Downloads\AdwCleanerS1.txt
2014-03-19 13:02 - 2014-03-19 13:02 - 00003183 _____ () C:\Users\DTR\Desktop\Sophos Virus Removal Tool.lnk
2014-03-19 13:02 - 2014-03-19 13:02 - 00000000 ____D () C:\Users\DTR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-03-19 13:02 - 2014-03-19 13:02 - 00000000 ____D () C:\ProgramData\Sophos
2014-03-19 13:02 - 2014-03-19 13:02 - 00000000 ____D () C:\Program Files\Sophos
2014-03-19 12:59 - 2014-03-19 13:00 - 86587304 _____ (Sophos Limited) C:\Users\DTR\Downloads\Sophos Virus Removal Tool.exe
2014-03-19 12:25 - 2014-03-19 12:26 - 100899096 _____ (Microsoft Corporation) C:\Users\DTR\Downloads\msert.exe
2014-03-19 08:39 - 2014-03-19 08:40 - 01037734 _____ (Thisisu) C:\Users\DTR\Downloads\JRT.exe
2014-03-18 21:50 - 2014-03-18 21:57 - 00000000 ____D () C:\Users\DTR\Downloads\backups
2014-03-18 20:34 - 2014-03-18 20:34 - 00000000 ____D () C:\Users\DTR\AppData\Roaming\SUPERAntiSpyware.com
2014-03-18 20:32 - 2014-03-18 20:32 - 18349216 _____ (SUPERAntiSpyware) C:\Users\DTR\Downloads\SUPERAntiSpyware.exe
2014-03-18 18:35 - 2014-03-18 18:35 - 01950720 _____ () C:\Users\DTR\Downloads\AdwCleaner.exe
2014-03-18 14:43 - 2014-03-18 15:15 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-03-15 11:19 - 2014-03-22 15:24 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-15 11:19 - 2014-03-22 12:57 - 00000876 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-15 11:18 - 2014-03-15 11:18 - 00847832 _____ (Google Inc.) C:\Users\DTR\Downloads\GoogleEarthPluginSetup.exe
2014-03-13 08:52 - 2014-02-03 19:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 16:00 - 2014-03-12 16:00 - 00388608 _____ (Trend Micro Inc.) C:\Users\DTR\Downloads\HijackThis.exe
2014-03-12 15:52 - 2014-03-18 19:49 - 00000000 ____D () C:\AdwCleaner
2014-03-12 11:54 - 2014-02-28 21:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 11:54 - 2014-02-28 21:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 11:54 - 2014-02-28 21:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 11:54 - 2014-02-28 20:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 11:54 - 2014-02-28 20:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 11:54 - 2014-02-28 20:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 11:54 - 2014-02-28 20:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 11:54 - 2014-02-28 20:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 11:54 - 2014-02-28 20:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 11:54 - 2014-02-28 20:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 11:54 - 2014-02-28 20:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 11:54 - 2014-02-28 20:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 11:54 - 2014-02-28 20:31 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 11:54 - 2014-02-28 20:25 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 11:54 - 2014-02-28 20:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 11:54 - 2014-02-28 20:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 11:54 - 2014-02-28 20:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 11:54 - 2014-02-28 20:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 11:54 - 2014-02-28 19:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 11:54 - 2014-02-28 19:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 11:54 - 2014-02-28 19:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 11:54 - 2014-02-28 19:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 11:54 - 2014-02-03 19:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 11:53 - 2014-02-06 18:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 11:53 - 2014-01-28 19:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 11:53 - 2014-01-27 19:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-11 15:33 - 2014-03-11 16:02 - 00000000 ____D () C:\ProgramData\OBDwiz
2014-03-11 15:33 - 2014-03-11 16:01 - 00002563 _____ () C:\Users\Public\Desktop\OBDwiz.lnk
2014-03-11 15:33 - 2014-03-11 16:01 - 00000000 ____D () C:\Program Files\OBDwiz
2014-03-11 15:33 - 2014-03-11 15:33 - 00000000 ____D () C:\ProgramData\OCTech, LLC
2014-03-11 15:24 - 2014-03-11 15:24 - 00000000 ____D () C:\Program Files\DIFX
2014-03-09 13:22 - 2014-03-09 13:22 - 00009747 _____ () C:\Users\DTR\Downloads\download
2014-03-06 14:02 - 2014-03-06 14:02 - 00688344 _____ (RaMMicHaeL) C:\Users\DTR\Downloads\unchecky_setup.exe
2014-03-05 10:01 - 2014-03-05 10:01 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-03-02 23:51 - 2007-09-07 11:25 - 00102400 _____ (IDT, Inc.) C:\Windows\system32\stacsv.exe
2014-03-02 23:51 - 2007-09-07 11:24 - 04947968 _____ (IDT, Inc.) C:\Windows\system32\stacgui.cpl
2014-03-02 23:51 - 2007-08-29 14:25 - 00643072 _____ (Andrea Electronics Corporation) C:\Windows\system32\aestecap.dll
2014-03-02 23:51 - 2007-08-29 14:25 - 00131072 _____ (Andrea Electronics Corporation) C:\Windows\system32\aestacap.dll
2014-03-02 23:51 - 2007-04-10 19:02 - 01601536 _____ (SigmaTel, Inc.) C:\Windows\system32\stlang.dll
2014-03-02 23:38 - 2003-02-02 21:06 - 00153088 _____ () C:\Windows\system32\UNRAR3.dll
2014-03-02 23:38 - 2002-03-06 02:00 - 00075264 _____ () C:\Windows\system32\unacev2.dll
2014-03-02 22:43 - 2014-03-02 22:44 - 00000000 ____D () C:\Users\DTR\Downloads\Banking transfers
2014-02-27 15:23 - 2014-01-08 19:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
 
==================== One Month Modified Files and Folders =======
 
2014-03-22 16:13 - 2014-03-22 16:13 - 00015810 _____ () C:\Users\DTR\Downloads\FRST.txt
2014-03-22 16:13 - 2014-03-22 16:12 - 00000000 ____D () C:\FRST
2014-03-22 16:11 - 2014-03-22 16:11 - 01145856 _____ (Farbar) C:\Users\DTR\Downloads\FRST.exe
2014-03-22 16:03 - 2014-02-04 15:03 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-22 15:59 - 2013-07-10 20:07 - 01526430 _____ () C:\Windows\WindowsUpdate.log
2014-03-22 15:24 - 2014-03-15 11:19 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-22 12:57 - 2014-03-15 11:19 - 00000876 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-22 08:41 - 2009-10-28 13:23 - 00010048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-22 08:41 - 2009-10-28 13:23 - 00010048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-22 08:32 - 2014-03-21 13:20 - 00008244 _____ () C:\Windows\setupact.log
2014-03-22 08:32 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-21 14:07 - 2007-12-28 18:09 - 00000000 ___RD () C:\UnZipped folder  on backup tools see zip drv
2014-03-21 14:02 - 2007-12-30 13:36 - 00000000 ____D () C:\Users\DTR\AppData\Roaming\Media Player Classic
2014-03-21 13:20 - 2014-03-21 13:20 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-20 21:15 - 2009-08-03 10:50 - 00000000 ____D () C:\Users\DTR\AppData\Roaming\uTorrent
2014-03-20 16:25 - 2013-11-13 22:37 - 00000000 ____D () C:\Jaguar files
2014-03-20 16:16 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-03-20 15:52 - 2013-07-20 10:51 - 00000000 ___HD () C:\UnZipped folder  on backup tools
2014-03-20 15:38 - 2014-03-20 15:38 - 00000039 _____ () C:\Users\DTR\AppData\Roaming\mbam.context.scan
2014-03-20 10:07 - 2014-03-20 10:07 - 00001067 _____ () C:\Users\DTR\Desktop\JRT - Shortcut.lnk
2014-03-20 10:07 - 2014-03-20 10:07 - 00001045 _____ () C:\Users\DTR\Downloads\JRT - Shortcut.lnk
2014-03-20 10:04 - 2014-03-20 10:04 - 00007556 _____ () C:\Users\DTR\Downloads\hijackthis.log
2014-03-19 22:21 - 2014-03-19 22:20 - 00001113 _____ () C:\Users\DTR\Downloads\AdwCleanerS1.txt
2014-03-19 15:03 - 2009-10-28 14:21 - 00779306 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-19 13:02 - 2014-03-19 13:02 - 00003183 _____ () C:\Users\DTR\Desktop\Sophos Virus Removal Tool.lnk
2014-03-19 13:02 - 2014-03-19 13:02 - 00000000 ____D () C:\Users\DTR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-03-19 13:02 - 2014-03-19 13:02 - 00000000 ____D () C:\ProgramData\Sophos
2014-03-19 13:02 - 2014-03-19 13:02 - 00000000 ____D () C:\Program Files\Sophos
2014-03-19 13:00 - 2014-03-19 12:59 - 86587304 _____ (Sophos Limited) C:\Users\DTR\Downloads\Sophos Virus Removal Tool.exe
2014-03-19 12:26 - 2014-03-19 12:25 - 100899096 _____ (Microsoft Corporation) C:\Users\DTR\Downloads\msert.exe
2014-03-19 09:43 - 2010-03-16 16:52 - 00007636 _____ () C:\Users\DTR\AppData\Local\resmon.resmoncfg
2014-03-19 08:40 - 2014-03-19 08:39 - 01037734 _____ (Thisisu) C:\Users\DTR\Downloads\JRT.exe
2014-03-18 21:57 - 2014-03-18 21:50 - 00000000 ____D () C:\Users\DTR\Downloads\backups
2014-03-18 20:34 - 2014-03-18 20:34 - 00000000 ____D () C:\Users\DTR\AppData\Roaming\SUPERAntiSpyware.com
2014-03-18 20:32 - 2014-03-18 20:32 - 18349216 _____ (SUPERAntiSpyware) C:\Users\DTR\Downloads\SUPERAntiSpyware.exe
2014-03-18 19:49 - 2014-03-12 15:52 - 00000000 ____D () C:\AdwCleaner
2014-03-18 18:41 - 2012-10-12 19:37 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-18 18:35 - 2014-03-18 18:35 - 01950720 _____ () C:\Users\DTR\Downloads\AdwCleaner.exe
2014-03-18 15:15 - 2014-03-18 14:43 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-03-16 21:55 - 2009-07-13 19:03 - 56098816 _____ () C:\Windows\system32\config\software.bak
2014-03-16 21:55 - 2009-07-13 19:03 - 00262144 _____ () C:\Windows\system32\config\default.bak
2014-03-16 21:55 - 2009-07-13 19:03 - 00053248 _____ () C:\Windows\system32\config\sam.bak
2014-03-16 21:55 - 2009-07-13 19:03 - 00028672 _____ () C:\Windows\system32\config\security.bak
2014-03-16 16:04 - 2005-10-09 16:31 - 00000000 ____D () C:\SLIM
2014-03-15 17:28 - 2013-02-07 23:08 - 00000000 ____D () C:\Program Files\Google
2014-03-15 15:46 - 2008-02-03 13:45 - 00114688 _____ () C:\Users\DTR\Desktop\Utility bills.xls
2014-03-15 11:26 - 2014-01-30 20:58 - 00002131 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-15 11:18 - 2014-03-15 11:18 - 00847832 _____ (Google Inc.) C:\Users\DTR\Downloads\GoogleEarthPluginSetup.exe
2014-03-13 19:18 - 2013-08-14 16:13 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-13 19:12 - 2009-11-10 21:44 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-13 08:46 - 2009-07-13 21:33 - 00326072 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 08:43 - 2011-03-24 18:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-12 16:00 - 2014-03-12 16:00 - 00388608 _____ (Trend Micro Inc.) C:\Users\DTR\Downloads\HijackThis.exe
2014-03-12 12:03 - 2012-04-12 06:34 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-12 12:03 - 2011-06-07 08:27 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-11 16:02 - 2014-03-11 15:33 - 00000000 ____D () C:\ProgramData\OBDwiz
2014-03-11 16:01 - 2014-03-11 15:33 - 00002563 _____ () C:\Users\Public\Desktop\OBDwiz.lnk
2014-03-11 16:01 - 2014-03-11 15:33 - 00000000 ____D () C:\Program Files\OBDwiz
2014-03-11 15:33 - 2014-03-11 15:33 - 00000000 ____D () C:\ProgramData\OCTech, LLC
2014-03-11 15:24 - 2014-03-11 15:24 - 00000000 ____D () C:\Program Files\DIFX
2014-03-09 13:22 - 2014-03-09 13:22 - 00009747 _____ () C:\Users\DTR\Downloads\download
2014-03-07 11:25 - 2007-01-18 15:59 - 00000000 ____D () C:\TYC WEB SITE
2014-03-06 22:11 - 2008-02-01 23:16 - 00000000 ____D () C:\Paint Shop Pro
2014-03-06 16:42 - 2014-01-05 14:28 - 00000000 ____D () C:\Windows\ERUNT
2014-03-06 14:02 - 2014-03-06 14:02 - 00688344 _____ (RaMMicHaeL) C:\Users\DTR\Downloads\unchecky_setup.exe
2014-03-05 10:43 - 2008-01-05 16:42 - 00000000 ____D () C:\Program Files\Recuva
2014-03-05 10:35 - 2009-07-13 21:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-03-05 10:01 - 2014-03-05 10:01 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-03-04 23:07 - 2013-09-02 13:13 - 00000000 ____D () C:\ProgramData\Rosetta Stone
2014-03-04 17:45 - 2008-05-07 11:12 - 00000000 ____D () C:\Users\DTR\AppData\Roaming\FileZilla
2014-03-03 20:43 - 2001-10-15 18:03 - 00000000 ____D () C:\temp1
2014-03-03 19:09 - 2012-01-19 20:03 - 00000000 ____D () C:\Users\DTR\AppData\Roaming\DAEMON Tools Lite
2014-03-02 23:44 - 2009-07-13 19:37 - 00000000 __RSD () C:\Windows\Media
2014-03-02 23:36 - 2009-07-13 19:37 - 00000000 ___RD () C:\Users\Public
2014-03-02 22:44 - 2014-03-02 22:43 - 00000000 ____D () C:\Users\DTR\Downloads\Banking transfers
2014-03-01 11:44 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\rescache
2014-02-28 23:45 - 2013-07-09 22:12 - 00000000 ____D () C:\Users\DTR\AppData\Roaming\vlc
2014-02-28 21:30 - 2014-03-12 11:54 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-28 21:11 - 2014-03-12 11:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-28 21:10 - 2014-03-12 11:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-28 20:52 - 2014-03-12 11:54 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-28 20:51 - 2014-03-12 11:54 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-28 20:47 - 2014-03-12 11:54 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-28 20:43 - 2014-03-12 11:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-28 20:43 - 2014-03-12 11:54 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-28 20:40 - 2014-03-12 11:54 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-28 20:38 - 2014-03-12 11:54 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-28 20:38 - 2014-03-12 11:54 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-28 20:37 - 2014-03-12 11:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-28 20:31 - 2014-03-12 11:54 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-02-28 20:25 - 2014-03-12 11:54 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-28 20:16 - 2014-03-12 11:54 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-28 20:14 - 2014-03-12 11:54 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-28 20:03 - 2014-03-12 11:54 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-28 20:00 - 2014-03-12 11:54 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-28 19:57 - 2014-03-12 11:54 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-28 19:32 - 2014-03-12 11:54 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-28 19:27 - 2014-03-12 11:54 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-28 19:25 - 2014-03-12 11:54 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-28 16:36 - 2009-10-28 13:26 - 00000000 ____D () C:\Users\DTR
2014-02-27 15:27 - 2007-12-26 17:54 - 00000000 ____D () C:\Users\DTR\AppData\Local\Adobe
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-03-20 09:12
 

==================== End Of Log ============================  

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by DTR at 2014-03-22 16:13:45
Running from C:\Users\DTR\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30303 - BitTorrent Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Any Video Converter Professional 3.3.0 (HKLM\...\Any Video Converter Professional_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Auslogics BoostSpeed (HKLM\...\{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1) (Version: 6.4.2.0 - Auslogics Labs Pty Ltd)
Auslogics Registry Cleaner (HKLM\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: 3.4.2.0 - Auslogics Labs Pty Ltd)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2013 - Avast Software)
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon MG2200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2200_series) (Version: 1.00 - Canon Inc.)
Canon MG2200 series On-screen Manual (HKLM\...\Canon MG2200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
Canopus DV Codec (HKLM\...\Canopus DV Codec) (Version:  - )
Catalyst Control Center - Branding (HKLM\...\{EFBE2318-89B7-4A5F-8912-23DB04761C31}) (Version: 1.00.0000 - ATI)
Catalyst Control Center Core Implementation (Version: 2007.0721.2247.38911 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2007.0721.2247.38911 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2007.0721.2247.38911 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2007.0721.2247.38911 - ATI) Hidden
Catalyst Control Center Localization Chinese Standard (Version: 2007.0721.2247.38911 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (Version: 2007.0721.2247.38911 - ATI) Hidden
Catalyst Control Center Localization Danish (Version: 2007.0721.2247.38911 - ATI) Hidden
Catalyst Control Center Localization Dutch (Version: 2007.0721.2247.38911 - ATI) Hidden
Catalyst Control Center Localization Finnish (Version: 2007.0721.2247.38911 - ATI) Hidden
Catalyst Control Center Localization French (Version: 2007.0721.2247.38911 - ATI) Hidden
Catalyst Control Center Localization German (Version: 2007.0721.2247.38911 - ATI) Hidden
Catalyst Control Center Localization Italian (Version: 2007.0721.2247.38911 - ATI) Hidden
Catalyst Control Center Localization Japanese (Version: 2007.0721.2247.38911 - ATI) Hidden
Catalyst Control Center Localization Korean (Version: 2007.0721.2247.38911 - ATI) Hidden
Catalyst Control Center Localization Norwegian (Version: 2007.0721.2247.38911 - ATI) Hidden
Catalyst Control Center Localization Portuguese (Version: 2007.0721.2247.38911 - ATI) Hidden
Catalyst Control Center Localization Russian (Version: 2007.0721.2247.38911 - ATI) Hidden
Catalyst Control Center Localization Spanish (Version: 2007.0721.2247.38911 - ATI) Hidden
Catalyst Control Center Localization Swedish (Version: 2007.0721.2247.38911 - ATI) Hidden
CCC Help Chinese Standard (Version: 2007.0721.2246.38911 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2007.0721.2246.38911 - ATI) Hidden
CCC Help Danish (Version: 2007.0721.2246.38911 - ATI) Hidden
CCC Help Dutch (Version: 2007.0721.2246.38911 - ATI) Hidden
CCC Help English (Version: 2007.0721.2246.38911 - ATI) Hidden
CCC Help Finnish (Version: 2007.0721.2246.38911 - ATI) Hidden
CCC Help French (Version: 2007.0721.2246.38911 - ATI) Hidden
CCC Help German (Version: 2007.0721.2246.38911 - ATI) Hidden
CCC Help Italian (Version: 2007.0721.2246.38911 - ATI) Hidden
CCC Help Japanese (Version: 2007.0721.2246.38911 - ATI) Hidden
CCC Help Korean (Version: 2007.0721.2246.38911 - ATI) Hidden
CCC Help Norwegian (Version: 2007.0721.2246.38911 - ATI) Hidden
CCC Help Portuguese (Version: 2007.0721.2246.38911 - ATI) Hidden
CCC Help Russian (Version: 2007.0721.2246.38911 - ATI) Hidden
CCC Help Spanish (Version: 2007.0721.2246.38911 - ATI) Hidden
CCC Help Swedish (Version: 2007.0721.2246.38911 - ATI) Hidden
ccc-core-static (Version: 2007.0721.2247.38911 - ATI) Hidden
ccc-utility (Version: 2007.0721.2247.38911 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
Combined Community Codec Pack 2010-10-10 (HKLM\...\Combined Community Codec Pack_is1) (Version: 2010.10.10.0 - CCCP Project)
Copy Utility (HKLM\...\Copy Utility) (Version:  - )
CSE HTML Validator Lite v14.00 (HKLM\...\CSEHTMLVALIDATORLITE140_is1) (Version: 14.0.2.1 - AI Internet Solutions LLC)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.47.1.0337 - Disc Soft Ltd)
Dell Resource CD (HKLM\...\{2764CA82-DFB9-4498-AF85-719340BF5305}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.1.08060 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 9.1.18.6 - Synaptics)
Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.102.15.61 - Dell Inc.)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
DVD43 v4.6.0 (HKLM\...\DVD43_is1) (Version:  - )
EPSON Attach To Email (HKLM\...\InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}) (Version: 1.01.0000 - SEIKO EPSON)
EPSON Attach To Email (Version: 1.01.0000 - SEIKO EPSON) Hidden
EPSON Perfection V500P User's Guide (HKLM\...\Silent Package Run-Time Sample) (Version:  - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
FileZilla Client 3.7.4.1 (HKLM\...\FileZilla Client) (Version: 3.7.4.1 - Tim Kosse)
Garmin USB Drivers (HKLM\...\{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{B1102A25-3AA3-446B-AA0F-A699B07A02FD}) (Version: 1.0.0.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
Intel A/V Codecs V2.0 (HKLM\...\CodInstl) (Version:  - )
Java 7 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 9.3.0 (Basic) (HKLM\...\KLiteCodecPack_is1) (Version: 9.3.0 - )
Laptop Integrated Webcam Driver (1.04.01.1011)   (HKLM\...\Creative OEM002) (Version:  - )
Live! Cam Avatar Creator (HKLM\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.5.3104.1 - Creative)
Live! Cam Avatar v1.0 (HKLM\...\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}) (Version: 1.0 - Creative)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Media Player Classic (HKLM\...\Media Player Classic_is1) (Version: 6.4.9.136 - )
MediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 4.7 - Dell)
MediaJoin (Version: 2.0 - Mystik Media) Hidden
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2000 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C Runtime (Version: 8.0.0 - Microsoft) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Modem Diagnostic Tool (HKLM\...\{F63A3748-B93D-4360-9AD4-B064481A5C7B}) (Version: 1.0.20.0 - Dell)
Moyea FLV Editor Lite version: 1.1.1.846 (HKLM\...\{8E3F691A-4972-47FF-9E09-1981B62A5D5A}_is1) (Version:  - )
Moyea FLV to Video Converter Pro version 1.29.2.11 (HKLM\...\{A777CB31-A5EC-4E32-A462-2E24F45D4D4F}_is1) (Version:  - )
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.4.0 - Mozilla)
Mozilla Thunderbird 24.4.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 24.4.0 (x86 en-US)) (Version: 24.4.0 - Mozilla)
Mp3 Editor For Free v7.1.1 (HKLM\...\Mp3 Editor For Free_is1) (Version:  - Mp3EditorForFree Development Inc.)
MPEG Cutter 1.0 (HKLM\...\MPEG Cutter_is1) (Version:  - spgsoft.com)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Music, Photos & Videos Launcher (HKLM\...\{D7769185-9A7C-48D4-8874-5388743A1DE2}) (Version: 1.00.0000 - Dell Inc.)
MyDriveConnect 3.3.0.1342 (HKLM\...\MyDriveConnect) (Version: 3.3.0.1342 - TomTom)
NBFree Mp3 to Wav Converter v2 (HKLM\...\NBFree Mp3 to Wav Converter v2_is1) (Version: 2 - NBXAudio Inc.)
Need For Speed - Porsche Unleashed 2000 (HKLM\...\{370993B3-3515-427E-A0D6-0511D1548C80}) (Version: 1.0.0 - Electronic Arts)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.44 - BVRP Software, Inc)
NirSoft VideoCacheView (HKLM\...\NirSoft VideoCacheView) (Version:  - )
NWZ-E460 WALKMAN Guide (HKLM\...\{A4D58206-7E8F-41F2-BD94-85009F3AEA28}) (Version: 2.0.2.04130 - Sony Corporation)
OBDwiz (HKLM\...\{10AC45EA-4218-433C-9634-E41309316913}) (Version: 2.16.2 - OCTech, LLC)
OpenOffice.org Installer 1.0 (HKLM\...\{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}) (Version: 1.0.9221 - Sun Microsystems)
OutlookAddinSetup (HKLM\...\{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}) (Version: 1.0.0 - CyberLink)
Product Documentation Launcher (HKLM\...\{89CEAE14-DD0F-448E-9554-15781EC9DB24}) (Version: 1.00.0000 - Dell Inc.)
Quicken 2011 (HKLM\...\{C3D7886E-967C-4D9F-8973-9EEA6AB28E3D}) (Version: 20.1.1.43 - Intuit)
QuickSet (HKLM\...\{0F95AA42-0FF6-4D48-9CA1-64C8D0777500}) (Version: 8.2.14 - Dell Inc.)
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
RealPlayer (HKLM\...\RealPlayer 6.0) (Version:  - RealNetworks)
Recuva (HKLM\...\Recuva) (Version: 1.44 - Piriform)
Rosetta Stone Version 3 (HKLM\...\{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}) (Version: 3.4.7.0 - Rosetta Stone Ltd.)
Skins (Version: 2007.0721.2247.38911 - ATI) Hidden
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.4 - Sophos Limited)
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab (HKLM\...\{1E99F5D7-4262-4C7C-9135-F066E7485811}) (Version: 4.1.14.0 - Husdawg, LLC)
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version:  - )
System Requirements Lab CYRI (HKLM\...\{E5F05232-96B6-4552-A480-785A60A94B21}) (Version: 5.0.6.0 - Husdawg, LLC)
TomTom HOME (HKLM\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
U3Launcher (HKLM\...\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}) (Version: 1.0.0 - U3)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600217) (Version: 1 - Microsoft Corporation)
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Windows Deployment Tools (HKLM\...\{BFC9778E-9765-C94C-C082-C2514F8DEB9B}) (Version: 8.59.25584 - Microsoft)
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00) (HKLM\...\3134FEF0E1D959EC0CC2E458C94B7057B2AC0CC9) (Version: 10/22/2009 2.06.00 - FTDI)
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00) (HKLM\...\88EB56038379B8B7DCFB4D2448A60F52E064B265) (Version: 10/22/2009 2.06.00 - FTDI)
Windows Easy Transfer Companion (Beta) (HKLM\...\{B139DD51-C3F1-4583-98B4-D35F64EA847F}) (Version: 1.0.0.0 - Microsoft Corporation)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Movie Maker 2.6 (HKLM\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4038.0 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WinX DVD Ripper Platinum Thanksgiving Edition 6.5.0 (HKLM\...\WinX DVD Ripper Platinum Thanksgiving Edition_is1) (Version:  - Digiarty Software, Inc.)
WinZip (HKLM\...\WinZip) (Version:  10.0  (6685) - WinZip Computing LP)
Wise Registry Cleaner 7.93 (HKLM\...\Wise Registry Cleaner_is1) (Version: 7.93 - WiseCleaner.com, Inc.)
 
==================== Restore Points  =========================
 
06-03-2014 23:44:13 End of disinfection
06-03-2014 23:47:11 after 
07-03-2014 16:10:28 Windows Update
11-03-2014 15:12:53 Windows Update
11-03-2014 22:32:27 Installed OBDwiz
11-03-2014 23:01:28 Installed OBDwiz
13-03-2014 06:06:39 Windows Update
14-03-2014 02:12:15 Windows Update
16-03-2014 00:27:54 Removed Google Earth Plug-in.
18-03-2014 15:10:11 Windows Update
19-03-2014 20:01:26 Installed Sophos Virus Removal Tool.
21-03-2014 15:41:31 Windows Update
 
==================== Hosts content: ==========================
 
2006-11-02 03:23 - 2014-01-16 23:46 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {30F53BD9-2E21-4DEF-9D67-3E2FF7D65253} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2009-07-13] (Microsoft Corporation)
Task: {3365FC7A-001A-4E7F-A683-F28C41818838} - System32\Tasks\{3AF7F079-609A-41F0-B9E5-3DD8A34C6B58} => C:\Program Files\NirSoft\VideoCacheView\VideoCacheView.exe [2013-11-06] (NirSoft)
Task: {40476A9B-AACE-46D2-B28A-07FDFB918147} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-07] (Google Inc.)
Task: {980A1AA5-0787-48C0-8918-6353B5715086} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3427914818-1164801448-99283304-1000UA => C:\Users\DTR\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {9B265D72-7045-4D57-AE6F-42D022C1F763} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {9E5D59D3-B023-4693-8948-8023B201D26D} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-02-13] (AVAST Software)
Task: {C47F9EBE-3C33-4845-843F-4B4E49D98E39} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {FFF110DA-8CD6-4AE1-A1C5-17FDC0EC2AD2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-07] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-03-21 13:21 - 2014-03-21 12:29 - 02189312 _____ () C:\Program Files\Alwil Software\Avast5\defs\14032101\algo.dll
2014-03-22 12:57 - 2014-03-22 10:35 - 02189312 _____ () C:\Program Files\Alwil Software\Avast5\defs\14032201\algo.dll
2007-12-12 15:28 - 2007-03-21 12:33 - 00024064 _____ () C:\Windows\System32\WLTRYSVC.EXE
2007-12-12 15:28 - 2007-03-21 12:33 - 00065536 _____ () C:\Windows\System32\bcmwlrmt.dll
2014-02-11 12:29 - 2014-02-11 12:29 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2013-12-02 21:12 - 2013-12-02 21:12 - 19336120 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
2014-03-15 11:26 - 2014-03-14 17:50 - 00051016 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-15 11:26 - 2014-03-14 17:50 - 04061000 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-15 11:26 - 2014-03-14 17:50 - 00394568 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-15 11:26 - 2014-03-14 17:50 - 01647432 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
2014-03-18 14:43 - 2014-03-18 14:43 - 03018864 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2014-03-18 14:43 - 2014-03-18 14:43 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2014-03-18 14:43 - 2014-03-18 14:43 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Ati External Event Utility => 2
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: RoxMediaDB9 => 3
MSCONFIG\Services: RoxWatch9 => 2
MSCONFIG\Services: sprtsvc_dellsupportcenter => 2
MSCONFIG\Services: STacSV => 2
MSCONFIG\Services: stllssvr => 3
MSCONFIG\Services: XAudioService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\Windows\pss\Digital Line Detect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk => C:\Windows\pss\QuickSet.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk => C:\Windows\pss\WinZip Quick Pick.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => 
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DELL Webcam Manager => "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
MSCONFIG\startupreg: DellSupportCenter => "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
MSCONFIG\startupreg: dscactivate => "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
MSCONFIG\startupreg: EEventManager => C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: iTunesHelper => 
MSCONFIG\startupreg: PCMService => "C:\Program Files\Dell\MediaDirect\PCMService.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SigmatelSysTrayApp => %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
MSCONFIG\startupreg: StartCCC => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: UpdReg => C:\Windows\UpdReg.EXE
MSCONFIG\startupreg: VolPanel => "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/22/2014 03:01:33 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/21/2014 01:34:58 PM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 4.0.30319.1022 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 2472.  Message ID: [0x2509].
 
Error: (03/21/2014 01:24:36 PM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/21/2014 01:24:36 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/21/2014 01:24:36 PM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/21/2014 01:24:36 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (03/21/2014 01:24:04 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/21/2014 01:24:04 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot load the property store information.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
 
Error: (03/21/2014 01:24:04 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/21/2014 01:24:04 PM) (Source: Windows Search Service) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
 
System errors:
=============
Error: (03/21/2014 10:29:38 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (03/21/2014 01:25:13 PM) (Source: DCOM) (User: )
Description: {9E175B68-F52A-11D8-B9A5-505054503030}
 
Error: (03/21/2014 01:24:44 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (03/21/2014 01:24:44 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.
 
Error: (03/21/2014 10:15:26 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (03/20/2014 04:26:15 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (03/19/2014 10:28:57 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (03/19/2014 08:53:05 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
 
Microsoft Office Sessions:
=========================
Error: (03/22/2014 03:01:33 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\OBDwiz\driver\dpinstx64.exe
 
Error: (03/21/2014 01:34:58 PM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 4.0.30319.1022 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 2472.  Message ID: [0x2509].
 
Error: (03/21/2014 01:24:36 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/21/2014 01:24:36 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/21/2014 01:24:36 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/21/2014 01:24:36 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer
 
Error: (03/21/2014 01:24:04 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore
 
Error: (03/21/2014 01:24:04 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
 
Error: (03/21/2014 01:24:04 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt
 
Error: (03/21/2014 01:24:04 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
4700
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-02-28 13:29:34.079
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-28 13:29:33.393
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-28 13:29:32.738
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-28 13:29:26.217
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6000.16386_none_32a3e3ecf533e7fe\fveapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-28 13:29:25.562
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6000.16386_none_32a3e3ecf533e7fe\fveapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-28 13:29:24.922
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6000.16386_none_32a3e3ecf533e7fe\fveapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-28 13:28:41.398
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6000.16386_none_ec55d170f27a97bb\bcrypt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-28 13:28:40.727
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6000.16386_none_ec55d170f27a97bb\bcrypt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-28 13:28:40.072
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6000.16386_none_ec55d170f27a97bb\bcrypt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-28 13:27:28.390
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\Backup\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6000.16386_none_ec55d170f27a97bb_bcrypt.dll_e2f091ac because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 40%
Total physical RAM: 3454 MB
Available physical RAM: 2038.63 MB
Total Pagefile: 6906.3 MB
Available Pagefile: 5540.08 MB
Total Virtual: 2047.88 MB
Available Virtual: 1900.29 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:136.48 GB) (Free:29.45 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.82 GB) NTFS
Drive f: (Italian Audio Co) (CDROM) (Total:0.14 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: E0000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:53 PM

Posted 23 March 2014 - 09:35 AM



Hello dwilmot

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 dwilmot

dwilmot
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 23 March 2014 - 12:20 PM

Hello Gringo, Thanks for the update. below are the 2 files as requested. You will see the the ADW Cleaner file is S3. That is because I have run this application a few times a couple of weeks ago when I started to get this Chrome and Yahoo problem. Looking at a ADWcleaner log from the 12th March it looks the same as the one below......... Up until last night I thought the problem was gone BUT suddenly the Chrome problem turned up as did the Yahoo bogus search........ ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16521 -\\ Mozilla Firefox v [ File : C:\Users\DTR\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs0\prefs.js ] -\\ Google Chrome v33.0.1750.154 [ File : C:\Users\DTR\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [874 octets] - [12/03/2014 15:53:04] AdwCleaner[R1].txt - [933 octets] - [18/03/2014 18:35:37] AdwCleaner[R2].txt - [1051 octets] - [18/03/2014 18:47:55] AdwCleaner[R3].txt - [1172 octets] - [18/03/2014 19:48:30] AdwCleaner[R4].txt - [1232 octets] - [23/03/2014 09:23:49] AdwCleaner[R5].txt - [1353 octets] - [23/03/2014 09:40:10] AdwCleaner[S0].txt - [993 octets] - [18/03/2014 18:40:25] AdwCleaner[S1].txt - [1113 octets] - [18/03/2014 18:52:55] AdwCleaner[S2].txt - [1294 octets] - [23/03/2014 09:26:11] AdwCleaner[S3].txt - [1274 octets] - [23/03/2014 09:44:16] ########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1334 octets] ########## JRT Log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.2 (02.20.2014:1) OS: Windows 7 Home Premium x86 Ran by DTR on Sun 03/23/2014 at 9:51:23.59 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sun 03/23/2014 at 9:55:13.37 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:53 PM

Posted 24 March 2014 - 12:15 PM


Hello dwilmot

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 dwilmot

dwilmot
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 24 March 2014 - 10:15 PM

Hi Gringo,

Thanks for the new info.

I have done as requested regarding Combofix.

It took about 20 minutes to scan. When it had finished it said it had created a log in C:\Combofix.txt

Well I couldn't find any such file BUT I had copied it to the desktop so I had a copy. I did find in Program Files a file titled Qoobox but the requested txt file wasn't in there either.

After the repair the desktop wallpaper  was black so it had changed my desktop appearance which I have now restored.

Internet explorer will not go online.............. IE is working on my other laptop.

Chrome seems fine. As for the problem it hasn't appeared again BUT as I said all will be fine for a couple of days or hours and then bang the Capcha problem is back as is the bogus Yahoo search. Will see what happens over the next few hours.

 

 

 

 

Here is the log file.

 

ComboFix 14-03-24.01 - DTR 03/24/2014  17:36:25.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3454.2244 [GMT -7:00]
Running from: c:\users\DTR\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\iun6002.exe
c:\windows\system32\Packet.dll
c:\windows\system32\WanPacket.dll
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-25 to 2014-03-25  )))))))))))))))))))))))))))))))
.
.
2014-03-25 00:51 . 2014-03-25 00:59 -------- d-----w- c:\users\DTR\AppData\Local\temp
2014-03-24 16:30 . 2014-03-24 16:30 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{38ECF631-7CFE-462D-B301-097A60AF9BDE}\offreg.dll
2014-03-22 23:12 . 2014-03-22 23:14 -------- d-----w- C:\FRST
2014-03-21 15:42 . 2014-03-07 04:35 7969936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{38ECF631-7CFE-462D-B301-097A60AF9BDE}\mpengine.dll
2014-03-19 20:02 . 2014-03-19 20:02 -------- d-----w- c:\programdata\Sophos
2014-03-19 20:02 . 2014-03-19 20:02 73728 ----a-r- c:\users\DTR\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-03-19 20:02 . 2014-03-19 20:02 73728 ----a-r- c:\users\DTR\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-03-19 20:02 . 2014-03-19 20:02 73728 ----a-r- c:\users\DTR\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2014-03-19 20:02 . 2014-03-19 20:02 -------- d-----w- c:\program files\Sophos
2014-03-19 03:34 . 2014-03-19 03:34 -------- d-----w- c:\users\DTR\AppData\Roaming\SUPERAntiSpyware.com
2014-03-18 21:43 . 2014-03-18 22:15 -------- d-----w- c:\program files\Mozilla Thunderbird
2014-03-13 15:52 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-12 22:52 . 2014-03-23 16:44 -------- d-----w- C:\AdwCleaner
2014-03-12 18:53 . 2014-01-28 02:07 185344 ----a-w- c:\windows\system32\wwansvc.dll
2014-03-12 18:53 . 2014-02-07 01:07 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-03-12 18:53 . 2014-01-29 02:06 381440 ----a-w- c:\windows\system32\wer.dll
2014-03-11 22:33 . 2014-03-11 22:33 -------- d-----w- c:\programdata\OCTech, LLC
2014-03-11 22:33 . 2014-03-11 23:02 -------- d-----w- c:\programdata\OBDwiz
2014-03-11 22:33 . 2014-03-11 23:01 -------- d-----w- c:\program files\OBDwiz
2014-03-11 22:24 . 2014-03-11 22:24 -------- d-----w- c:\program files\DIFX
2014-03-05 17:01 . 2014-03-05 17:01 -------- d--h--w- c:\programdata\CanonBJ
2014-03-03 06:51 . 2007-09-07 18:25 102400 ----a-w- c:\windows\system32\stacsv.exe
2014-03-03 06:51 . 2007-09-07 18:24 4947968 ----a-w- c:\windows\system32\stacgui.cpl
2014-03-03 06:51 . 2007-08-29 21:25 131072 ----a-w- c:\windows\system32\aestacap.dll
2014-03-03 06:51 . 2007-08-29 21:25 643072 ----a-w- c:\windows\system32\aestecap.dll
2014-03-03 06:51 . 2007-04-11 02:02 1601536 ----a-w- c:\windows\system32\stlang.dll
2014-03-03 06:38 . 2002-03-06 09:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2014-03-03 06:38 . 2003-02-03 04:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2014-02-27 22:23 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\system32\mstscax.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 19:03 . 2012-04-12 13:34 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-12 19:03 . 2011-06-07 15:27 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-14 06:22 . 2014-01-06 16:58 64168 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-02-14 06:22 . 2011-04-15 05:25 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-02-14 06:22 . 2010-08-26 16:01 43152 ----a-w- c:\windows\avastSS.scr
2014-02-14 06:22 . 2009-09-22 00:53 410784 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-02-14 06:22 . 2009-09-22 00:52 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-02-14 06:22 . 2009-09-22 00:52 270240 ----a-w- c:\windows\system32\aswBoot.exe
2014-01-14 16:52 . 2014-01-14 16:52 74088 ----a-w- c:\windows\system32\drivers\ftser2k.sys
2014-01-14 16:52 . 2014-01-14 16:52 54120 ----a-w- c:\windows\system32\ftserui2.dll
2014-01-14 16:52 . 2014-01-14 16:52 65896 ----a-w- c:\windows\system32\drivers\ftdibus.sys
2014-01-14 16:52 . 2014-01-14 16:52 219496 ----a-w- c:\windows\system32\ftd2xx.dll
2014-01-14 16:52 . 2014-01-14 16:52 201576 ----a-w- c:\windows\system32\FTLang.dll
2014-01-14 16:52 . 2014-01-14 16:52 105832 ----a-w- c:\windows\system32\ftbusui.dll
2014-01-06 16:58 . 2013-03-03 17:17 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-02-14 06:22 259464 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-08-01 3673696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2014-02-14 3767096]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 405504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SophosVirusRemovalTool]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 15:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2012-04-03 23:16 703592 ----a-w- c:\program files\Canon\MyPrinter\BJMyPrt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonQuickMenu]
2012-04-03 21:26 1273448 ----a-w- c:\program files\Canon\Quick Menu\CNQMMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2013-08-01 13:13 3673696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
2007-07-27 22:43 118784 ----a-w- c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2007-10-10 00:56 202544 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-10-10 00:57 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2006-10-12 23:57 102400 ------w- c:\program files\epson\Creativity Suite\Event Manager\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-10-03 17:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-04-16 22:10 184320 ----a-w- c:\program files\Dell\MediaDirect\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-09-07 18:23 405504 ----a-w- c:\program files\Sigmatel\C-Major Audio\WDM\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 18:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 14:32 253816 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 07:00 90112 ----a-w- c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel]
2006-11-27 15:14 180224 ----a-w- c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe"  -osboot
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SigmatelSysTrayApp"=%ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
"dvd43"=c:\program files\dvd43\dvd43_tray.exe
"SynTPEnh"=c:\program files\Synaptics\SynTP\SynTPEnh.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"Windows Mobile Device Center"=%windir%\WindowsMobile\wmdc.exe
.
R2 gupdate1ce05c2c2d168b3;Google Update Service (gupdate1ce05c2c2d168b3);c:\program files\Google\Update\GoogleUpdate.exe [2013-02-08 116648]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-02-14 64168]
R3 gupdatem1ce05c2c369c0c4;Google Update Service (gupdatem1ce05c2c369c0c4);c:\program files\Google\Update\GoogleUpdate.exe [2013-02-08 116648]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-01 108032]
R3 netr73;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr73.sys [2011-10-05 564800]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 SaiH0461;SaiH0461;c:\windows\system32\DRIVERS\SaiH0461.sys [2008-03-26 136832]
R3 SophosVirusRemovalTool;Sophos Virus Removal Tool;c:\program files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [2014-01-15 151848]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2011-01-26 11232]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-06 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-02-14 775952]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-02-14 410784]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-09-13 243128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-08-29 73728]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-02-14 67824]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2013-08-27 93072]
S3 HP8207_8307;HP-HP8207_8307;c:\windows\system32\DRIVERS\HP8207_8307.sys [2010-02-05 13952]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMPROTECTOR
*NewlyCreated* - WS2IFSL
*Deregistered* - aswFsBlk
*Deregistered* - aswTdi
*Deregistered* - pavboot
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ   nosGetPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 18:26 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 19:03]
.
2014-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-08 06:08]
.
2014-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-08 06:08]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = about:blank
mSearch Bar = 
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{2979CD92-AB25-4E72-8F64-FB1A5C4EC2FF}: NameServer = 208.69.150.250,208.69.150.252
TCP: Interfaces\{77ED06CD-587E-49DE-A205-9D025EFFEAFE}: NameServer = 208.69.150.250,208.69.150.252
TCP: Interfaces\{79200ED8-5977-4DDA-A35D-641458942123}: NameServer = 208.69.150.250,208.69.150.252
TCP: Interfaces\{AB187E3F-21BC-499A-90E6-14C4147FDC05}: NameServer = 208.69.150.250,208.69.150.252
TCP: Interfaces\{F505D26D-4A51-408C-923E-12FBFE495D22}: NameServer = 208.69.150.250,208.69.150.252
TCP: Interfaces\{FA194F5D-73AB-4D4E-AE5E-0A26D0AFDAE0}: NameServer = 208.69.150.250,208.69.150.252
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{5B291E6C-9A74-4034-971B-A4B007A0B315} - (no file)
MSConfigStartUp-CanonSolutionMenu - c:\program files\Canon\SolutionMenu\CNSLMAIN.exe
AddRemove-Copy Utility - c:\program files\EPSON\Copy Utility\Uninst.isu
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\system32\STacSV.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Completion time: 2014-03-24  18:05:16 - machine was rebooted
ComboFix-quarantined-files.txt  2014-03-25 01:05
.
Pre-Run: 31,997,169,664 bytes free
Post-Run: 31,879,294,976 bytes free
.
- - End Of File - - D16ED5E03A09847D94608EF2827C64A5
A36C5E4F47E84449FF07ED3517B43A31


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:53 PM

Posted 25 March 2014 - 08:52 AM


Hello dwilmot

first I would like you to go here and click on the fixit button - http://support.microsoft.com/kb/923737


Then I want you to do the following
  • Start Internet Explorer.
  • click on "safety"
  • click on "Delete Browsing History"
  • make sure all boxes are checked
  • click on "Delete"
  • click on "Tools",
  • click "Internet Options".
  • On the "Advanced" tab, click "Reset"
  • put a check mark next to "Delete Personal Settings"
  • click "Reset" to confirm
  • when complete click the "Close" button
  • restart IE
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 dwilmot

dwilmot
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 25 March 2014 - 07:57 PM

Hi Gringo,

Thanks again for the updates.

Sorry for delay in getting back sooner.

I tried the Fixit but that would not run. here is the message I got:

"There is a problem with this Windows Installer Package. A script required for this install to complete could not be run. Contact your support personnel or package vendor".

 

Anyhow I went and reset IE and it is running now and I can surf the web with it.

So do you think that the Google Capcha crap is gone as well as the bogus Yahoo search?

Is there anything else you need me to do?

Thanks

DW






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users