Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't get rid of Tuvaro - Redirects in Google Chrome


  • This topic is locked This topic is locked
16 replies to this topic

#1 kruseman

kruseman

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 05 April 2014 - 08:07 AM

I have a Windows 7 computer that has picked up avirus or malware of some sort.  Internet Explorer seems to work fine, but when I try to set a homepage in Chrome, I get an error message when I open Chromethat says "Your preferences can not be read"  It also redirects tohttp://www-search.net/search/search.html?ctid=CT3309521&searchsource=69&UM=2&lay=1.  I have tried the removal tutorials like this one(http://malwaretips.com/blogs/www-search-net-removal/) but nothing seems to work. 

 

I have also tried Trojan Killer. 

 

It seems that this was bundled with YTDownloader.  I have looked through the applications and I don't see anything suspicious left to uninstall either.

 

Thanks for any help you can provide. 

 

Here is the DDS Log:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 10.51.2
Run by DeVries at 8:10:14 on 2014-04-05
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2012.685 [GMT -5:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\AppLifeUpdateService2\kjsausvc.exe
C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hudl Mercury\HudlMercury.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uSearch Bar = Preserve
mStart Page = about:blank
mSearch Bar = hxxp://www.google.com
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton internet security\engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton internet security\engine\20.4.0.40\ips\ipsbho.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\20.4.0.40\coieplg.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Hudl Mercury] "c:\program files\hudl mercury\HudlMercury.exe" -startup
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtDCpl.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "c:\program files\roxio\oem\roxio burn\RoxioBurnLauncher.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tdmnot~1.lnk - c:\program files\wave systems corp\trusted drive manager\TdmNotify.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{5DC111B9-B6F8-4D3E-9216-49F1C683C953} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
LSA: Authentication Packages =  msv1_0 wvauth
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.154\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1404000.028\symds.sys [2013-6-14 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1404000.028\symefa.sys [2013-6-14 934488]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.2.1.22\definitions\bashdefs\20140319.001\BHDrvx86.sys [2014-3-18 1098968]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1404000.028\ccsetx86.sys [2013-6-14 134744]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.2.1.22\definitions\ipsdefs\20140404.001\IDSvix86.sys [2014-4-4 395992]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1404000.028\ironx86.sys [2013-6-14 175264]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nis\1404000.028\symnets.sys [2013-6-14 339544]
R2 KjsUpdateService2;AppLife Update Service 2.0;c:\program files\common files\applifeupdateservice2\kjsausvc.exe [2011-8-2 12800]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\20.4.0.40\ccsvchst.exe [2013-6-14 144368]
R2 SMUpd;Search Module Update;c:\program files\common files\goobzo\gbupdate\smu.exe [2013-12-26 1741160]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-12-10 108120]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2011-1-12 273448]
R3 SMUpdd;Search Module UpdateD;c:\program files\common files\goobzo\gbupdate\smw.sys [2013-12-26 31592]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatch12OEM.exe [2010-9-4 219632]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-3-12 108032]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2014-3-2 14848]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxMediaDB12OEM.exe [2010-9-4 1116656]
S3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\drivers\gtkdrv.sys [2014-2-11 16128]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-3-2 49152]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-26 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2014-04-04 23:35:17 -------- d-sh--w- C:\$RECYCLE.BIN
2014-04-04 23:35:12 -------- d-----w- c:\users\devries\appdata\local\temp
2014-04-04 23:19:10 98816 ----a-w- c:\windows\sed.exe
2014-04-04 23:19:10 256000 ----a-w- c:\windows\PEV.exe
2014-04-04 23:19:10 208896 ----a-w- c:\windows\MBR.exe
2014-04-04 22:19:31 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2014-04-04 02:23:22 -------- d-----w- c:\users\devries\appdata\local\Mozilla
2014-04-03 20:42:36 -------- d-----w- c:\program files\Anvisoft
2014-04-03 19:09:49 -------- d-----w- c:\programdata\GridinSoft
2014-04-03 16:54:32 290304 ----a-w- c:\windows\system32\subinacl.exe
2014-04-03 16:54:29 -------- d-----w- c:\program files\common files\Microsoft
2014-04-03 16:54:29 -------- d-----w- c:\program files\Adware-Removal-Tool
2014-04-03 03:01:46 -------- d-----w- c:\programdata\HitmanPro
2014-04-03 02:56:35 -------- d-----w- c:\windows\ERUNT
2014-04-03 02:52:12 -------- d-----w- C:\AdwCleaner
2014-04-02 02:14:32 -------- d-----w- c:\users\devries\appdata\roaming\Malwarebytes
2014-04-02 02:14:26 -------- d-----w- c:\programdata\Malwarebytes
2014-03-24 00:27:45 -------- d-----w- c:\programdata\pastaleads
2014-03-24 00:25:38 -------- d-----w- c:\program files\VideoLAN
2014-03-12 23:42:28 -------- d-----w- C:\history
2014-03-12 23:07:19 -------- d-----w- c:\program files\iPod
2014-03-12 23:07:06 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-12 23:07:06 -------- d-----w- c:\program files\iTunes
2014-03-12 22:52:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2014-03-12 22:52:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2014-03-12 22:52:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2014-03-12 22:52:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2014-03-12 22:52:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
.
==================== Find3M  ====================
.
2014-04-04 02:26:59 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-04 02:26:59 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-01 04:11:20 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-03-01 04:10:48 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-01 03:52:43 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-01 03:38:23 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-01 03:37:35 553472 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-01 03:31:30 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 03:14:15 4244480 ----a-w- c:\windows\system32\jscript9.dll
2014-03-01 03:00:08 1964032 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- c:\windows\system32\wininet.dll
2014-02-11 11:59:04 16128 ----a-w- c:\windows\system32\drivers\gtkdrv.sys
2014-02-07 01:07:56 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:04:22 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:04:11 509440 ----a-w- c:\windows\system32\qedit.dll
2014-01-29 02:06:47 381440 ----a-w- c:\windows\system32\wer.dll
2014-01-28 02:07:07 185344 ----a-w- c:\windows\system32\wwansvc.dll
2014-01-17 21:24:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2014-01-17 21:24:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2014-01-09 02:22:42 5694464 ----a-w- c:\windows\system32\mstscax.dll
2014-01-06 19:23:36 4558848 ----a-w- c:\windows\system32\GPhotos.scr
.
============= FINISH:  8:12:51.30 ===============
 

Attached Files


Edited by kruseman, 05 April 2014 - 08:20 AM.


BC AdBot (Login to Remove)

 


#2 kruseman

kruseman
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 05 April 2014 - 08:16 AM

sorry - double post


Edited by kruseman, 05 April 2014 - 08:22 AM.


#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:03 AM

Posted 05 April 2014 - 04:13 PM





Hello kruseman

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 kruseman

kruseman
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 06 April 2014 - 10:39 AM

Thanks for your reply.

 

Here are the logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by DeVries (administrator) on DEVRIES-PC on 06-04-2014 10:37:05
Running from C:\Users\DeVries\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Kinetic Jump Software, LLC) C:\Program Files\Common Files\AppLifeUpdateService2\kjsausvc.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Search Module Ltd.) C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
(Broadcom Corporation) C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
() C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Agile Sports Technologies) C:\Program Files\Hudl Mercury\HudlMercury.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe [2691072 2009-08-26] (Realtek Semiconductor Corp.)
HKLM\...\Run: [WavXMgr] - C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe [147840 2010-07-21] (Wave Systems Corp.)
HKLM\...\Run: [USCService] - C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe [34232 2010-06-22] (Broadcom Corporation)
HKLM\...\Run: [RemoteControl9] - C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM\...\Run: [PDVD9LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink Corp.)
HKLM\...\Run: [RoxWatchTray] - C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-09-04] (Sonic Solutions)
HKLM\...\Run: [Desktop Disc Tool] - C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [518640 2010-09-03] ()
HKLM\...\Run: [Microsoft Default Manager] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [hpqSRMon] - C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-4212753321-3749259480-28454050-1001\...\Run: [Hudl Mercury] - C:\Program Files\Hudl Mercury\HudlMercury.exe [3401368 2014-03-12] (Agile Sports Technologies)
Lsa: [Authentication Packages] msv1_0 wvauth

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.net/search.aspx?s=E1Dzadk1,7a8b63e5-2072-484c-ad2e-f462c35fc556,&q={searchTerms}
SearchScopes: HKCU - DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.net/search.aspx?s=E1Dzadk1,7a8b63e5-2072-484c-ad2e-f462c35fc556,&q={searchTerms}
SearchScopes: HKCU - {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.net/search.aspx?s=E1Dzadk1,7a8b63e5-2072-484c-ad2e-f462c35fc556,&q={searchTerms}
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome:
=======
CHR HomePage:
CHR RestoreOnStartup: "sync" : {
      "dictionary" : false,
      "keep_everything_synced" : false,
      "preferences" : false,
      "priority_preferences" : false,
      "search_engines"
CHR DefaultSearchKeyword: www-search.net
CHR DefaultSearchProvider: Search
CHR DefaultSearchURL: http://www-search.net/search.aspx?s=E1Dzadk1,7a8b63e5-2072-484c-ad2e-f462c35fc556,&q={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (Google Wallet) - C:\Users\DeVries\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-05]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 KjsUpdateService2; C:\Program Files\Common Files\AppLifeUpdateService2\kjsausvc.exe [12800 2011-08-02] (Kinetic Jump Software, LLC)
R2 NIS; C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
S3 RoxMediaDB12OEM; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [1116656 2010-09-04] (Sonic Solutions)
S2 RoxWatch12; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [219632 2010-09-04] (Sonic Solutions)
S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [1032192 2010-02-03] (Wave Systems Corp.)
R2 SMUpd; C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe [1741160 2013-12-26] (Search Module Ltd.)
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1273856 2008-11-12] ()
R2 TdmService; C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [1164648 2010-03-29] (Wave Systems Corp.)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\BASHDefs\20140319.001\BHDrvx86.sys [1098968 2014-03-18] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1404000.028\ccSetx86.sys [134744 2013-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-20] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-12-09] (Symantec Corporation)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\IPSDefs\20140404.001\IDSvix86.sys [395992 2014-03-25] (Symantec Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHDA.sys [2748064 2009-11-16] (Realtek Semiconductor Corp.)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\VirusDefs\20140405.003\NAVENG.SYS [93272 2014-03-11] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\VirusDefs\20140405.003\NAVEX15.SYS [1612376 2014-03-11] (Symantec Corporation)
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)
R3 SMUpdd; C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [31592 2013-12-26] ()
R3 SRTSP; C:\Windows\System32\Drivers\NIS\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1404000.028\SRTSPX.SYS [32344 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-14] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1404000.028\Ironx86.SYS [175264 2013-03-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NIS\1404000.028\SYMNETS.SYS [339544 2013-04-24] (Symantec Corporation)
S3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [16128 2014-02-11] (Windows ® Win 7 DDK provider)
R2 WavxDMgr; C:\Windows\System32\DRIVERS\WavxDMgr.sys [229888 2010-01-19] (Wave Systems Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\Users\DeVries\AppData\Local\Temp\catchme.sys [X]
S2 MCSTRM; No ImagePath
U3 mbr; \??\C:\Users\DeVries\AppData\Local\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-06 10:37 - 2014-04-06 10:37 - 00012566 _____ () C:\Users\DeVries\Desktop\FRST.txt
2014-04-06 10:36 - 2014-04-06 10:37 - 00000000 ____D () C:\FRST
2014-04-06 10:36 - 2014-04-06 10:36 - 01145856 _____ (Farbar) C:\Users\DeVries\Desktop\FRST.exe
2014-04-05 08:17 - 2014-04-05 08:17 - 00003077 _____ () C:\Users\DeVries\Desktop\attach.zip
2014-04-05 07:51 - 2014-04-05 07:51 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-05 07:50 - 2014-04-06 10:01 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-05 07:50 - 2014-04-05 13:01 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-04 18:35 - 2014-04-04 18:35 - 00014354 _____ () C:\ComboFix.txt
2014-04-04 18:19 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-04 18:19 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-04 18:19 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-04 18:19 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-04 18:19 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-04 18:19 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-04 18:19 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-04 18:19 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-04 18:18 - 2014-04-04 18:35 - 00000000 ____D () C:\Qoobox
2014-04-04 18:17 - 2014-04-04 18:34 - 00000000 ____D () C:\Windows\erdnt
2014-04-04 17:19 - 2014-04-04 17:19 - 00001099 _____ () C:\Users\Public\Desktop\Trojan Killer.lnk
2014-04-04 17:19 - 2014-04-04 17:19 - 00000000 ____D () C:\Program Files\GridinSoft Trojan Killer
2014-04-03 21:23 - 2014-04-03 21:23 - 00000000 ____D () C:\Users\DeVries\AppData\Local\Mozilla
2014-04-03 21:23 - 2014-04-03 21:23 - 00000000 ____D () C:\ProgramData\Mozilla
2014-04-03 15:53 - 2014-04-05 16:23 - 00001904 _____ () C:\Windows\setupact.log
2014-04-03 15:53 - 2014-04-05 07:44 - 00002254 _____ () C:\Windows\PFRO.log
2014-04-03 15:53 - 2014-04-03 15:53 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-03 15:42 - 2014-04-03 15:52 - 00000000 ____D () C:\Program Files\Anvisoft
2014-04-03 15:41 - 2014-04-03 15:41 - 15843784 _____ (Anvisoft) C:\Users\DeVries\Downloads\csbsetup.exe
2014-04-03 14:09 - 2014-04-03 14:09 - 00000000 ____D () C:\ProgramData\GridinSoft
2014-04-03 11:54 - 2014-04-03 11:58 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2014-04-03 11:54 - 2014-04-03 11:54 - 00290304 _____ (Microsoft Corporation) C:\Windows\system32\subinacl.exe
2014-04-02 22:09 - 2014-04-02 22:09 - 00000280 _____ () C:\Windows\system32\.crusader
2014-04-02 22:01 - 2014-04-03 16:06 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-02 21:56 - 2014-04-02 21:56 - 00000000 ____D () C:\Windows\ERUNT
2014-04-02 21:52 - 2014-04-03 15:16 - 00000000 ____D () C:\AdwCleaner
2014-04-02 21:30 - 2014-04-06 03:16 - 00115697 _____ () C:\Windows\WindowsUpdate.log
2014-04-02 21:27 - 2014-04-02 21:27 - 00255012 _____ () C:\Users\DeVries\Documents\cc_20140402_212722.reg
2014-04-02 19:52 - 2014-04-02 19:52 - 00001991 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-04-02 07:40 - 2014-04-02 07:40 - 00002560 _____ () C:\{548B8DA3-15BA-4575-B5BB-C448149B34A8}
2014-04-02 07:39 - 2014-04-02 07:39 - 00002584 _____ () C:\{526A0A18-180C-4BBB-AA72-D984CCEC2B67}
2014-04-02 07:32 - 2014-04-02 07:32 - 00002568 _____ () C:\{E81B0A5B-8530-4259-B482-4A230D12E9A2}
2014-04-02 07:31 - 2014-04-02 07:31 - 00002464 _____ () C:\{FAA7C303-6C1A-49D9-8118-1470A2D519A9}
2014-04-02 07:30 - 2014-04-02 07:30 - 00002448 _____ () C:\{5C2D9971-7220-43A1-8B3E-337CBE344191}
2014-04-02 07:28 - 2014-04-02 07:28 - 00002560 _____ () C:\{8659C3A3-623B-4E30-9082-FC871F81588D}
2014-04-02 07:27 - 2014-04-02 07:27 - 00002584 _____ () C:\{2B48ADB1-B4F3-49C0-93F6-E6771207B4BD}
2014-04-02 07:26 - 2014-04-02 07:26 - 00002560 _____ () C:\{2A6C97C7-8DE2-4838-980B-AC3D5AC5F0EC}
2014-04-02 07:25 - 2014-04-02 07:25 - 00002584 _____ () C:\{95347C47-4D54-487E-A02A-C441545FDF04}
2014-04-02 07:22 - 2014-04-02 07:22 - 00002560 _____ () C:\{C2FF7BFE-B649-4746-A5C9-CC4CC5095CE7}
2014-04-02 07:21 - 2014-04-02 07:21 - 00002584 _____ () C:\{A2600104-277A-4677-AC48-38096E852FF0}
2014-04-02 07:19 - 2014-04-02 07:19 - 00002256 _____ () C:\{D4128D40-1379-4138-971C-C003CD6F2697}
2014-04-01 21:14 - 2014-04-01 21:14 - 00000000 ____D () C:\Users\DeVries\AppData\Roaming\Malwarebytes
2014-04-01 21:14 - 2014-04-01 21:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-23 22:54 - 2014-03-23 22:54 - 00002856 _____ () C:\{E0143DD5-DEBE-4C5C-B47F-5731D7C320F3}
2014-03-23 21:20 - 2014-03-25 06:06 - 00000000 ____D () C:\Users\DeVries\Desktop\Basketball Awards Night
2014-03-23 19:27 - 2014-03-23 19:27 - 00000000 ____D () C:\ProgramData\pastaleads
2014-03-23 19:25 - 2014-03-23 19:31 - 00000000 ____D () C:\Program Files\VideoLAN
2014-03-23 19:23 - 2014-03-23 19:23 - 00000045 _____ () C:\Users\DeVries\AppData\Roaming\WB.CFG
2014-03-23 18:45 - 2014-03-23 18:45 - 00012197 _____ () C:\Users\DeVries\Desktop\Dan's recertification Records.xlsx
2014-03-16 18:51 - 2014-03-16 18:52 - 00000000 ____D () C:\Users\DeVries\Desktop\LBA Concessions
2014-03-14 14:09 - 2014-03-14 14:31 - 00000000 ____D () C:\Users\DeVries\Desktop\New folder
2014-03-12 23:27 - 2014-02-28 23:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 23:27 - 2014-02-28 23:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 23:27 - 2014-02-28 23:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 23:27 - 2014-02-28 22:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 23:27 - 2014-02-28 22:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 23:27 - 2014-02-28 22:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 23:27 - 2014-02-28 22:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 23:27 - 2014-02-28 22:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 23:27 - 2014-02-28 22:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 23:27 - 2014-02-28 22:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 23:27 - 2014-02-28 22:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 23:27 - 2014-02-28 22:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 23:27 - 2014-02-28 22:31 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 23:27 - 2014-02-28 22:25 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 23:27 - 2014-02-28 22:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 23:27 - 2014-02-28 22:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 23:27 - 2014-02-28 22:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 23:27 - 2014-02-28 22:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 23:27 - 2014-02-28 21:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 23:27 - 2014-02-28 21:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 23:27 - 2014-02-28 21:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 23:27 - 2014-02-28 21:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 23:27 - 2014-02-06 20:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 23:27 - 2014-02-03 21:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 23:27 - 2014-02-03 21:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 23:27 - 2014-01-28 21:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 23:27 - 2014-01-27 21:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-12 18:09 - 2014-03-12 18:09 - 00001755 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-12 18:07 - 2014-03-12 18:09 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-12 18:07 - 2014-03-12 18:09 - 00000000 ____D () C:\Program Files\iTunes
2014-03-12 18:07 - 2014-03-12 18:07 - 00000000 ____D () C:\Program Files\iPod
2014-03-12 17:52 - 2014-03-12 17:52 - 00001817 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-03-12 17:52 - 2014-03-12 17:52 - 00000000 ____D () C:\Program Files\QuickTime
2014-03-09 18:40 - 2014-03-29 15:22 - 00000000 ____D () C:\Users\DeVries\Desktop\Dereck James -2014
2014-03-08 16:14 - 2014-03-08 16:15 - 00000000 ____D () C:\Users\DeVries\Desktop\DJ Senior Pix

==================== One Month Modified Files and Folders =======

2014-04-06 10:37 - 2014-04-06 10:37 - 00012566 _____ () C:\Users\DeVries\Desktop\FRST.txt
2014-04-06 10:37 - 2014-04-06 10:36 - 00000000 ____D () C:\FRST
2014-04-06 10:36 - 2014-04-06 10:36 - 01145856 _____ (Farbar) C:\Users\DeVries\Desktop\FRST.exe
2014-04-06 10:28 - 2012-06-05 07:20 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-06 10:01 - 2014-04-05 07:50 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-06 03:16 - 2014-04-02 21:30 - 00115697 _____ () C:\Windows\WindowsUpdate.log
2014-04-05 16:35 - 2011-01-12 15:57 - 00786514 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-05 16:34 - 2012-05-10 10:01 - 00074240 ___SH () C:\Users\DeVries\Documents\Thumbs.db
2014-04-05 16:31 - 2011-01-24 09:32 - 00000000 ____D () C:\Users\DeVries\AppData\Roaming\Adobe
2014-04-05 16:23 - 2014-04-03 15:53 - 00001904 _____ () C:\Windows\setupact.log
2014-04-05 13:01 - 2014-04-05 07:50 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-05 08:17 - 2014-04-05 08:17 - 00003077 _____ () C:\Users\DeVries\Desktop\attach.zip
2014-04-05 07:52 - 2009-07-13 23:34 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-05 07:52 - 2009-07-13 23:34 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-05 07:51 - 2014-04-05 07:51 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-05 07:51 - 2011-01-24 09:49 - 00000000 ____D () C:\Users\DeVries\AppData\Local\Google
2014-04-05 07:50 - 2012-12-14 17:17 - 00000000 ____D () C:\Users\DeVries\AppData\Local\Deployment
2014-04-05 07:50 - 2012-12-14 17:17 - 00000000 ____D () C:\Users\DeVries\AppData\Local\Apps\2.0
2014-04-05 07:50 - 2011-01-24 09:49 - 00000000 ____D () C:\Program Files\Google
2014-04-05 07:45 - 2011-01-24 09:31 - 00000000 _____ () C:\Users\DeVries\AppData\Local\WavXMapDrive.bat
2014-04-05 07:44 - 2014-04-03 15:53 - 00002254 _____ () C:\Windows\PFRO.log
2014-04-05 07:44 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-04 18:35 - 2014-04-04 18:35 - 00014354 _____ () C:\ComboFix.txt
2014-04-04 18:35 - 2014-04-04 18:18 - 00000000 ____D () C:\Qoobox
2014-04-04 18:35 - 2009-07-13 21:37 - 00000000 __RHD () C:\Users\Default
2014-04-04 18:35 - 2009-07-13 21:37 - 00000000 ___RD () C:\Users\Public
2014-04-04 18:34 - 2014-04-04 18:17 - 00000000 ____D () C:\Windows\erdnt
2014-04-04 18:33 - 2009-07-13 21:04 - 00000215 _____ () C:\Windows\system.ini
2014-04-04 17:19 - 2014-04-04 17:19 - 00001099 _____ () C:\Users\Public\Desktop\Trojan Killer.lnk
2014-04-04 17:19 - 2014-04-04 17:19 - 00000000 ____D () C:\Program Files\GridinSoft Trojan Killer
2014-04-03 21:26 - 2012-06-05 07:20 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-04-03 21:26 - 2011-06-03 13:28 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-04-03 21:26 - 2011-02-01 20:16 - 00000000 ____D () C:\Users\DeVries\AppData\Local\Adobe
2014-04-03 21:23 - 2014-04-03 21:23 - 00000000 ____D () C:\Users\DeVries\AppData\Local\Mozilla
2014-04-03 21:23 - 2014-04-03 21:23 - 00000000 ____D () C:\ProgramData\Mozilla
2014-04-03 16:06 - 2014-04-02 22:01 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-03 15:53 - 2014-04-03 15:53 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-03 15:52 - 2014-04-03 15:42 - 00000000 ____D () C:\Program Files\Anvisoft
2014-04-03 15:46 - 2011-05-12 18:44 - 00000000 ____D () C:\Users\DeVries\AppData\Local\CrashDumps
2014-04-03 15:46 - 2011-01-12 17:29 - 00000000 ____D () C:\Windows\Panther
2014-04-03 15:41 - 2014-04-03 15:41 - 15843784 _____ (Anvisoft) C:\Users\DeVries\Downloads\csbsetup.exe
2014-04-03 15:16 - 2014-04-02 21:52 - 00000000 ____D () C:\AdwCleaner
2014-04-03 14:58 - 2009-07-13 21:37 - 00000000 ____D () C:\Program Files\Common Files\System
2014-04-03 14:57 - 2011-01-24 09:31 - 00000000 ____D () C:\Users\DeVries
2014-04-03 14:09 - 2014-04-03 14:09 - 00000000 ____D () C:\ProgramData\GridinSoft
2014-04-03 11:58 - 2014-04-03 11:54 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2014-04-03 11:54 - 2014-04-03 11:54 - 00290304 _____ (Microsoft Corporation) C:\Windows\system32\subinacl.exe
2014-04-02 22:09 - 2014-04-02 22:09 - 00000280 _____ () C:\Windows\system32\.crusader
2014-04-02 21:56 - 2014-04-02 21:56 - 00000000 ____D () C:\Windows\ERUNT
2014-04-02 21:27 - 2014-04-02 21:27 - 00255012 _____ () C:\Users\DeVries\Documents\cc_20140402_212722.reg
2014-04-02 19:52 - 2014-04-02 19:52 - 00001991 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-04-02 19:52 - 2011-01-24 13:58 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-04-02 19:51 - 2011-02-01 20:17 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-02 19:51 - 2011-01-24 13:58 - 00000000 ____D () C:\Program Files\Adobe
2014-04-02 19:48 - 2011-02-01 17:26 - 00000000 ____D () C:\Program Files\Yahoo!
2014-04-02 19:44 - 2014-01-12 19:59 - 00000000 ____D () C:\Windows\Minidump
2014-04-02 07:40 - 2014-04-02 07:40 - 00002560 _____ () C:\{548B8DA3-15BA-4575-B5BB-C448149B34A8}
2014-04-02 07:39 - 2014-04-02 07:39 - 00002584 _____ () C:\{526A0A18-180C-4BBB-AA72-D984CCEC2B67}
2014-04-02 07:32 - 2014-04-02 07:32 - 00002568 _____ () C:\{E81B0A5B-8530-4259-B482-4A230D12E9A2}
2014-04-02 07:31 - 2014-04-02 07:31 - 00002464 _____ () C:\{FAA7C303-6C1A-49D9-8118-1470A2D519A9}
2014-04-02 07:30 - 2014-04-02 07:30 - 00002448 _____ () C:\{5C2D9971-7220-43A1-8B3E-337CBE344191}
2014-04-02 07:28 - 2014-04-02 07:28 - 00002560 _____ () C:\{8659C3A3-623B-4E30-9082-FC871F81588D}
2014-04-02 07:27 - 2014-04-02 07:27 - 00002584 _____ () C:\{2B48ADB1-B4F3-49C0-93F6-E6771207B4BD}
2014-04-02 07:26 - 2014-04-02 07:26 - 00002560 _____ () C:\{2A6C97C7-8DE2-4838-980B-AC3D5AC5F0EC}
2014-04-02 07:25 - 2014-04-02 07:25 - 00002584 _____ () C:\{95347C47-4D54-487E-A02A-C441545FDF04}
2014-04-02 07:22 - 2014-04-02 07:22 - 00002560 _____ () C:\{C2FF7BFE-B649-4746-A5C9-CC4CC5095CE7}
2014-04-02 07:21 - 2014-04-02 07:21 - 00002584 _____ () C:\{A2600104-277A-4677-AC48-38096E852FF0}
2014-04-02 07:19 - 2014-04-02 07:19 - 00002256 _____ () C:\{D4128D40-1379-4138-971C-C003CD6F2697}
2014-04-02 06:25 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\TAPI
2014-04-01 21:14 - 2014-04-01 21:14 - 00000000 ____D () C:\Users\DeVries\AppData\Roaming\Malwarebytes
2014-04-01 21:14 - 2014-04-01 21:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-01 09:34 - 2011-01-31 22:10 - 00000000 ____D () C:\Users\DeVries\Documents\Outlook Files
2014-03-29 15:22 - 2014-03-09 18:40 - 00000000 ____D () C:\Users\DeVries\Desktop\Dereck James -2014
2014-03-29 10:14 - 2011-02-01 23:01 - 00000000 ____D () C:\Users\DeVries\Documents\phone&address
2014-03-26 06:38 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-03-26 06:35 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-25 06:06 - 2014-03-23 21:20 - 00000000 ____D () C:\Users\DeVries\Desktop\Basketball Awards Night
2014-03-24 22:13 - 2011-01-24 17:13 - 00000000 ____D () C:\Users\DeVries\AppData\Local\Windows Live
2014-03-23 22:54 - 2014-03-23 22:54 - 00002856 _____ () C:\{E0143DD5-DEBE-4C5C-B47F-5731D7C320F3}
2014-03-23 20:38 - 2011-02-01 23:01 - 00000000 ____D () C:\Users\DeVries\Documents\Jill's
2014-03-23 19:31 - 2014-03-23 19:25 - 00000000 ____D () C:\Program Files\VideoLAN
2014-03-23 19:27 - 2014-03-23 19:27 - 00000000 ____D () C:\ProgramData\pastaleads
2014-03-23 19:23 - 2014-03-23 19:23 - 00000045 _____ () C:\Users\DeVries\AppData\Roaming\WB.CFG
2014-03-23 19:17 - 2011-01-26 23:10 - 00000000 ____D () C:\ProgramData\Norton
2014-03-23 18:49 - 2009-07-13 23:53 - 00032614 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-23 18:45 - 2014-03-23 18:45 - 00012197 _____ () C:\Users\DeVries\Desktop\Dan's recertification Records.xlsx
2014-03-22 10:32 - 2011-02-01 23:01 - 00000000 ____D () C:\Users\DeVries\Documents\JOB
2014-03-18 03:04 - 2013-08-10 03:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 03:01 - 2011-02-01 17:07 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-17 19:11 - 2013-10-19 20:13 - 00000000 ____D () C:\Users\DeVries\AppData\Local\Kjs.AppLife.Update
2014-03-16 18:52 - 2014-03-16 18:51 - 00000000 ____D () C:\Users\DeVries\Desktop\LBA Concessions
2014-03-16 18:52 - 2012-05-23 16:40 - 00000000 ____D () C:\Users\DeVries\Desktop\Kirby Family
2014-03-16 18:16 - 2011-02-01 23:01 - 00000000 ____D () C:\Users\DeVries\Documents\Baseball
2014-03-14 14:31 - 2014-03-14 14:09 - 00000000 ____D () C:\Users\DeVries\Desktop\New folder
2014-03-13 03:25 - 2009-07-13 23:33 - 00465904 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 03:24 - 2011-01-12 16:15 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 03:04 - 2011-01-26 22:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-12 18:09 - 2014-03-12 18:09 - 00001755 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-12 18:09 - 2014-03-12 18:07 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-12 18:09 - 2014-03-12 18:07 - 00000000 ____D () C:\Program Files\iTunes
2014-03-12 18:07 - 2014-03-12 18:07 - 00000000 ____D () C:\Program Files\iPod
2014-03-12 18:07 - 2011-01-24 11:05 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-03-12 17:55 - 2011-01-24 11:05 - 00000000 ____D () C:\ProgramData\Apple
2014-03-12 17:52 - 2014-03-12 17:52 - 00001817 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-03-12 17:52 - 2014-03-12 17:52 - 00000000 ____D () C:\Program Files\QuickTime
2014-03-09 17:02 - 2014-02-14 17:24 - 00000000 ____D () C:\Users\DeVries\Documents\Quicken 2
2014-03-08 16:15 - 2014-03-08 16:14 - 00000000 ____D () C:\Users\DeVries\Desktop\DJ Senior Pix

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-03-30 08:40

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by DeVries at 2014-04-06 10:38:00
Running from C:\Users\DeVries\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Photoshop 7.0.1 (HKLM\...\Adobe Photoshop 7.0.1) (Version: 7.0.1 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AppLifeSetup (Version: 1.0.0 - Microsoft) Hidden
AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )
Bing Rewards Client Installer (Version: 16.0.345.0 - Microsoft Corporation) Hidden
BioAPI Framework (Version: 1.0.1 - Dell Inc.) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (Version: 50.0.165.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{2E98C5B7-D64C-4D7E-BFC3-A7D078569F28}) (Version: 12.25.02 - Broadcom Corporation)
CyberLink PowerDVD 9.5 (HKLM\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3225 - CyberLink Corp.)
CyberLink PowerDVD 9.5 (Version: 9.5.1.3225 - CyberLink Corp.) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{92C42EDD-6524-4577-B2EB-6C68C63B6D4A}) (Version:  - Microsoft)
Dell Backup and Recovery Manager (HKLM\...\{4688EB75-28E2-4731-9BCB-55E624F7CD45}) (Version: 1.3 - Dell Inc.)
Dell Control Point (Version: 1.6.468.86 - Broadcom Corporation) Hidden
Dell ControlPoint Security Manager (HKLM\...\{F4487649-7368-4217-AEA3-1E04DB3E2C5C}) (Version: 1.6.468.86 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
Dell Embassy Trust Suite by Wave Systems (Version: 03.05.04.002 - Wave Systems Corp) Hidden
Dell Security Device Driver Pack (HKLM\...\{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}) (Version: 1.4.055 - Dell Inc.)
Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.465.000 - Hewlett-Packard) Hidden
DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden
DocMgr (Version: 130.0.000.000 - Hewlett-Packard) Hidden
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Document Manager Lite (Version: 06.09.00.159 - Wave Systems Corp.) Hidden
EMBASSY Security Center (Version: 04.00.00.101 - Wave Systems Corp) Hidden
EMBASSY Security Setup (Version: 04.00.00.090 - Wave Systems Corp) Hidden
ESC Home Page Plugin (Version: 04.00.00.018 - Wave Systems Corp) Hidden
ExamView Assessment Suite (HKLM\...\ExamView Pro) (Version:  - )
Fax (Version: 130.0.418.000 - Hewlett-Packard) Hidden
ffdshow v1.1.3721 [2011-01-07] (HKLM\...\ffdshow_is1) (Version: 1.1.3721.0 - )
Gemalto (Version: 01.01.00.0000 - Wave Systems Corp) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Product Detection (HKLM\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hudl Mercury (HKLM\...\{BB93E1B1-1149-4303-9504-45993A2489CB}_is1) (Version: 1.3.3 - Agile Sports Technologies, Inc.)
Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Default Manager (Version: 2.2.114.0 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Internet Security (HKLM\...\NIS) (Version: 20.4.0.40 - Symantec Corporation)
NTRU TCG Software Stack (Version: 2.1.29 - NTRU Cryptosystems) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Photo Story 3 for Windows (HKLM\...\{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}) (Version: 3.0.1115.11 - Microsoft Corporation)
PhotoShowExpress (Version: 2.0.028 - Sonic Solutions) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Preboot Manager (Version: 03.00.00.154 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 06.04.00.065 - Wave Systems Corp.) Hidden
Quicken 2011 (HKLM\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5876 - Realtek Semiconductor Corp.)
Rhapsody (HKLM\...\Rhapsody) (Version:  - )
Roxio Activation Module (Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (Version: 1.3.3 - Roxio) Hidden
Roxio Burn (Version: 1.6 - Roxio) Hidden
Roxio Creator Starter (HKLM\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.40.0 - Roxio)
Roxio Creator Starter (Version: 1.0.311 - Roxio) Hidden
Roxio Creator Starter (Version: 5.0.0 - Roxio) Hidden
Roxio Express Labeler 3 (Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Security Wizards (Version: 01.07.00.026 - Your Company Name) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SimCity 3000 (HKLM\...\SimCity 3000) (Version:  - )
SmartWebPrinting (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden
Status (Version: 130.0.469.000 - Hewlett-Packard) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TrayApp (Version: 130.0.422.000 - Hewlett-Packard) Hidden
Trojan Killer (HKLM\...\GridinSoft Trojan Killer) (Version: 2.2.2.4 - GridinSoft LLC)
Trusted Drive Manager (Version: 3.3.3.104 - Wave Systems Corp.) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DA2F7ECE-6629-4A80-9CDE-EC95261B75E2}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5D357893-40BA-4323-86BA-D97C66CD72F4}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version:  - Microsoft)
UPEK TouchChip Fingerprint Reader (Version: 1.2.0 - Dell Inc.) Hidden
Wave Infrastructure Installer (Version: 07.01.31.0000 - Wave Systems Corp) Hidden
Wave Support Software (Version: 05.10.00.073 - Wave Systems Corp) Hidden
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

01-04-2014 14:32:05 Scheduled Checkpoint
04-04-2014 23:22:51 ComboFix created restore point

==================== Hosts content: ==========================

2014-04-04 18:33 - 2014-04-04 18:33 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {05A3DF6B-8EE6-421C-B93A-41A4DBC2587D} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {2583380D-699F-4E89-BDD1-3102AC7E1A6D} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {2BF2B6B0-FF8B-4EE6-98CE-624023A0F440} - System32\Tasks\iWebar-chromeinstaller => C:\Program Files\iWebar\iWebar-chromeinstaller.exe
Task: {3F058E4C-B80A-431D-A4B3-1EBDA947E858} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-03] (Adobe Systems Incorporated)
Task: {5845936C-159E-4722-AE62-B045BF7DC3C9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-05] (Google Inc.)
Task: {61B3F049-5654-4734-812A-BADF91E36FC8} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {61E51ACD-7D64-4CD0-97D0-D4CFC632F8E9} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {6E1F0ED9-4D08-4506-B970-6BF230526CD6} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {82E0F5A1-7A59-45E2-B841-4EE94AB7E02D} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {85E26B4A-21FA-4A88-AACA-944E076F96E4} - System32\Tasks\Object Browser-chromeinstaller => C:\Program Files\Object Browser\Object Browser-chromeinstaller.exe
Task: {8DAF6BA3-2183-420F-BE4E-8443191AF5E5} - System32\Tasks\SMW_UpdateTask_Time_313030373330323336312d5b4a4a416c34232a2a6c555a => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0
Task: {A3A8E95F-8AD6-49F5-99E5-AA8624141DD8} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {C2C33F5C-FE95-4917-B4D9-981F1A8F98D7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-05] (Google Inc.)
Task: {DEED91D5-ACDB-4105-B6F0-6640C0357B8C} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe [2013-06-03] (Symantec Corporation)
Task: {ECEEE710-5C24-470E-87BE-7E14DCB36723} - \YTDownloaderUpd No Task File
Task: {FAD4C8C5-0024-4334-AC4B-055856C9C2AE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FE7B38C7-6BE1-4E7E-B684-AED24880EC8E} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-14 22:02 - 2012-05-30 09:51 - 00699280 ____R () C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-01-19 13:44 - 2010-01-19 13:44 - 00249856 _____ () C:\Windows\system32\wxvault.dll
2010-03-02 13:46 - 2010-03-02 13:46 - 00010752 _____ () C:\Windows\system32\Wavx_ESC_Logging.dll
2008-11-12 14:24 - 2008-11-12 14:24 - 00004608 _____ () C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll
2010-09-03 02:28 - 2010-09-03 02:28 - 00518640 _____ () C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2010-08-30 04:34 - 2010-08-30 04:34 - 00375280 _____ () c:\program files\common files\roxio shared\dllshared\SQLite352.dll
2013-12-26 08:39 - 2013-12-26 08:39 - 01004392 _____ () C:\Program Files\Common Files\Goobzo\GBUpdate\smci32.dll
2014-04-05 07:51 - 2014-03-14 19:50 - 00051016 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-04-05 07:51 - 2014-03-14 19:50 - 00716616 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-04-05 07:51 - 2014-03-14 19:50 - 00100168 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\libegl.dll
2013-12-26 08:39 - 2013-12-26 08:39 - 00436584 _____ () C:\Program Files\Common Files\Goobzo\GBUpdate\smei32.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1

==================== Safe Mode (whitelisted) ===================

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/06/2014 00:40:43 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 90080108

Error: (04/05/2014 11:52:30 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 90080108

Error: (04/05/2014 08:14:36 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (04/04/2014 06:27:36 PM) (Source: Application Error) (User: )
Description: Faulting application name: HudlMercury.exe, version: 1.4.3.372, time stamp: 0x5320b6fb
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb10c6
Exception code: 0xe0434352
Fault offset: 0x0000812f
Faulting process id: 0xe98
Faulting application start time: 0xHudlMercury.exe0
Faulting application path: HudlMercury.exe1
Faulting module path: HudlMercury.exe2
Report Id: HudlMercury.exe3

Error: (04/04/2014 06:27:33 PM) (Source: .NET Runtime) (User: )
Description: Application: HudlMercury.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Win32Exception
Stack:
   at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.DoApplicationModel()
   at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.Run(System.String[])
   at AgileSports.Hudl.Mercury.Startup.Main(System.String[])

Error: (04/03/2014 04:35:13 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

System errors:
=============
Error: (04/05/2014 10:20:07 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk1\DR3, has a bad block.

Error: (04/05/2014 10:20:03 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk1\DR3, has a bad block.

Error: (04/05/2014 10:19:59 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk1\DR3, has a bad block.

Error: (04/05/2014 10:19:54 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk1\DR3, has a bad block.

Error: (04/05/2014 10:19:50 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk1\DR3, has a bad block.

Error: (04/05/2014 10:19:46 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk1\DR3, has a bad block.

Error: (04/05/2014 10:19:43 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk1\DR3, has a bad block.

Error: (04/05/2014 10:19:39 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk1\DR3, has a bad block.

Error: (04/05/2014 10:19:35 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk1\DR3, has a bad block.

Error: (04/05/2014 10:19:31 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk1\DR3, has a bad block.

Microsoft Office Sessions:
=========================
Error: (04/06/2014 00:40:43 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 90080108

Error: (04/05/2014 11:52:30 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 90080108

Error: (04/05/2014 08:14:36 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (04/04/2014 06:27:36 PM) (Source: Application Error)(User: )
Description: HudlMercury.exe1.4.3.3725320b6fbKERNELBASE.dll6.1.7601.1822951fb10c6e04343520000812fe9801cf5053b8774a21C:\Program Files\Hudl Mercury\HudlMercury.exeC:\Windows\system32\KERNELBASE.dllb3d51e32-bc50-11e3-8bd9-b8ac6f347c62

Error: (04/04/2014 06:27:33 PM) (Source: .NET Runtime)(User: )
Description: Application: HudlMercury.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Win32Exception
Stack:
   at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.DoApplicationModel()
   at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.Run(System.String[])
   at AgileSports.Hudl.Mercury.Startup.Main(System.String[])

Error: (04/03/2014 04:35:13 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

==================== Memory info ===========================

Percentage of memory in use: 58%
Total physical RAM: 2011.65 MB
Available physical RAM: 839.11 MB
Total Pagefile: 4023.3 MB
Available Pagefile: 2361.32 MB
Total Virtual: 2047.88 MB
Available Virtual: 1905.23 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:884.32 GB) (Free:444.24 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 07EEE9E4)
Partition 1: (Not Active) - (Size=157 MB) - (Type=DE)
Partition 2: (Active) - (Size=47 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=884 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 



#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:03 AM

Posted 07 April 2014 - 07:29 AM



Hello kruseman

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 kruseman

kruseman
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 07 April 2014 - 12:30 PM

Here are the logs.  I still get redirected to a Tuvaro search when I open Google Crhome.  Thanks.

 

# AdwCleaner v3.023 - Report created 07/04/2014 at 12:20:47
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : DeVries - DEVRIES-PC
# Running from : C:\Users\DeVries\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521

-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\DeVries\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [5110 octets] - [02/04/2014 21:52:15]
AdwCleaner[R1].txt - [1066 octets] - [03/04/2014 12:11:53]
AdwCleaner[R2].txt - [1117 octets] - [03/04/2014 15:15:18]
AdwCleaner[R3].txt - [1345 octets] - [07/04/2014 12:19:57]
AdwCleaner[S0].txt - [5450 octets] - [02/04/2014 21:53:20]
AdwCleaner[S1].txt - [1130 octets] - [03/04/2014 12:14:09]
AdwCleaner[S2].txt - [1181 octets] - [03/04/2014 15:16:20]
AdwCleaner[S3].txt - [1270 octets] - [07/04/2014 12:20:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1330 octets] ##########

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x86
Ran by DeVries on Mon 04/07/2014 at 12:23:21.16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 04/07/2014 at 12:26:09.70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:03 AM

Posted 07 April 2014 - 12:57 PM


Hello kruseman

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 kruseman

kruseman
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 07 April 2014 - 06:33 PM

Hi, Here is the ComboFix Report:

 

Nothing seems to change with the computer.  After ComboFix was ran, IE didn't seem to want to go out to any sites besides Google.com.  I reset IE and it seems fine again.  Google Chrome is still redirecting to that Tuvaro Search Page.

 

ComboFix 14-04-06.01 - DeVries 04/07/2014  17:43:47.2.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2012.1148 [GMT -5:00]
Running from: c:\users\DeVries\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1AS5Y045\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\erdnt\cache\userinit.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-07 to 2014-04-07  )))))))))))))))))))))))))))))))
.
.
2014-04-07 22:52 . 2014-04-07 22:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-04 02:23 . 2014-04-04 02:23 -------- d-----w- c:\users\DeVries\AppData\Local\Mozilla
2014-04-03 20:42 . 2014-04-03 20:52 -------- d-----w- c:\program files\Anvisoft
2014-04-03 19:09 . 2014-04-03 19:09 -------- d-----w- c:\programdata\GridinSoft
2014-04-03 16:54 . 2014-04-03 16:54 290304 ----a-w- c:\windows\system32\subinacl.exe
2014-04-03 16:54 . 2014-04-03 16:58 -------- d-----w- c:\program files\Adware-Removal-Tool
2014-04-03 16:54 . 2014-04-03 16:54 -------- d-----w- c:\program files\Common Files\Microsoft
2014-04-03 03:01 . 2014-04-03 21:06 -------- d-----w- c:\programdata\HitmanPro
2014-04-03 02:56 . 2014-04-03 02:56 -------- d-----w- c:\windows\ERUNT
2014-04-03 02:52 . 2014-04-07 17:20 -------- d-----w- C:\AdwCleaner
2014-04-02 02:14 . 2014-04-02 02:14 -------- d-----w- c:\users\DeVries\AppData\Roaming\Malwarebytes
2014-04-02 02:14 . 2014-04-02 02:14 -------- d-----w- c:\programdata\Malwarebytes
2014-03-24 00:27 . 2014-03-24 00:27 -------- d-----w- c:\programdata\pastaleads
2014-03-24 00:25 . 2014-03-24 00:31 -------- d-----w- c:\program files\VideoLAN
2014-03-12 23:42 . 2014-03-12 23:42 -------- d-----w- C:\history
2014-03-12 23:07 . 2014-03-12 23:07 -------- d-----w- c:\program files\iPod
2014-03-12 23:07 . 2014-03-12 23:09 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-12 23:07 . 2014-03-12 23:09 -------- d-----w- c:\program files\iTunes
2014-03-12 22:52 . 2014-03-12 22:52 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2014-03-12 22:52 . 2014-03-12 22:52 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2014-03-12 22:52 . 2014-03-12 22:52 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2014-03-12 22:52 . 2014-03-12 22:52 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2014-03-12 22:52 . 2014-03-12 22:52 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2014-03-12 22:52 . 2014-03-12 22:52 -------- d-----w- c:\program files\QuickTime
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-07 22:34 . 2011-01-24 14:31 0 ----a-w- c:\users\DeVries\AppData\Local\WavXMapDrive.bat
2014-04-04 02:26 . 2012-06-05 12:20 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-04 02:26 . 2011-06-03 18:28 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-17 21:24 . 2014-01-17 21:24 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2014-01-17 21:24 . 2014-01-17 21:24 69632 ----a-w- c:\windows\system32\QuickTime.qts
2014-01-16 09:06 . 2014-01-16 09:06 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-01-16 09:06 . 2014-01-16 09:06 645120 ----a-w- c:\windows\system32\jsIntl.dll
2014-01-16 09:06 . 2014-01-16 09:06 62464 ----a-w- c:\windows\system32\tdc.ocx
2014-01-16 09:06 . 2014-01-16 09:06 34816 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-01-16 09:06 . 2014-01-16 09:06 337408 ----a-w- c:\windows\system32\html.iec
2014-01-16 09:06 . 2014-01-16 09:06 24576 ----a-w- c:\windows\system32\licmgr10.dll
2014-01-16 09:06 . 2014-01-16 09:06 194048 ----a-w- c:\windows\system32\elshyph.dll
2014-01-16 09:06 . 2014-01-16 09:06 182272 ----a-w- c:\windows\system32\msls31.dll
2014-01-16 09:06 . 2014-01-16 09:06 151552 ----a-w- c:\windows\system32\iexpress.exe
2014-01-16 09:06 . 2014-01-16 09:06 139264 ----a-w- c:\windows\system32\wextract.exe
2014-01-16 09:06 . 2014-01-16 09:06 13312 ----a-w- c:\windows\system32\mshta.exe
2014-01-16 09:06 . 2014-01-16 09:06 1051136 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-01-16 09:06 . 2014-01-16 09:06 86016 ----a-w- c:\windows\system32\iesysprep.dll
2014-01-16 09:06 . 2014-01-16 09:06 74240 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-01-16 09:06 . 2014-01-16 09:06 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-01-16 09:06 . 2014-01-16 09:06 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-01-16 09:06 . 2014-01-16 09:06 36352 ----a-w- c:\windows\system32\imgutil.dll
2014-01-16 09:06 . 2014-01-16 09:06 111616 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-01-09 02:22 . 2014-03-03 12:05 5694464 ----a-w- c:\windows\system32\mstscax.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2010-03-29 18:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2010-03-29 18:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hudl Mercury"="c:\program files\Hudl Mercury\HudlMercury.exe" [2014-03-12 3401368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtDCpl.exe" [2009-08-26 2691072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-28 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-28 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-28 170520]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2010-07-21 147840]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-06-22 34232]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-09-04 240112]
"Desktop Disc Tool"="c:\program files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-09-03 518640]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-13 43848]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-1-24 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2010-3-29 132456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ    msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-09-04 219632]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2013-05-06 65200]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-01 108032]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-09-04 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-27 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1404000.028\SYMDS.SYS [2013-05-21 367704]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1404000.028\SYMEFA.SYS [2013-05-23 934488]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\BASHDefs\20140319.001\BHDrvx86.sys [2014-03-19 1098968]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1404000.028\ccSetx86.sys [2013-04-16 134744]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\IPSDefs\20140405.001\IDSvix86.sys [2014-03-25 395992]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1404000.028\Ironx86.SYS [2013-03-05 175264]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NIS\1404000.028\SYMNETS.SYS [2013-04-25 339544]
S2 KjsUpdateService2;AppLife Update Service 2.0;c:\program files\Common Files\AppLifeUpdateService2\kjsausvc.exe [2011-08-02 12800]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [2013-05-21 144368]
S2 SMUpd;Search Module Update;c:\program files\Common Files\Goobzo\GBUpdate\smu.exe [2013-12-26 1741160]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-12-09 108120]
S3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-06-20 273448]
S3 SMUpdd;Search Module UpdateD;c:\program files\Common Files\Goobzo\GBUpdate\smw.sys [2013-12-26 31592]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-07 17:17 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-05 02:26]
.
2014-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-07 17:17]
.
2014-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-07 17:17]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
mStart Page = about:blank
mSearch Bar = hxxp://www.google.com
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
TCP: DhcpNameServer = 192.168.1.1
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(576)
c:\windows\system32\wvauth.DLL
.
- - - - - - - > 'Explorer.exe'(3648)
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\program files\Roxio\OEM\Roxio Burn\RBVirtualFolder.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\program files\Microsoft Mouse and Keyboard Center\itype.exe
c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\windows\system32\conhost.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2014-04-07  18:22:18 - machine was rebooted
ComboFix-quarantined-files.txt  2014-04-07 23:22
ComboFix2.txt  2014-04-04 23:35
.
Pre-Run: 476,145,152,000 bytes free
Post-Run: 475,772,653,568 bytes free
.
- - End Of File - - D010BCA6280325BE1BBDF6DD9FE987C1
CDB4DE4BBD714F152979DA2DCBEF57EB

 

Thanks for your help. 
 



#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:03 AM

Posted 07 April 2014 - 07:10 PM


Hello kruseman

We need to reset Chrome back to defaults to completely clear out what is going on.

We can keep the bookmarks by exporting them - Export Bookmarks


Then I need you to go Google Sync and sign into your account

scroll down untill you see the "Stop and Clear" button and click on button

At the prompt click on "Ok"

Now we need to uninstall chrome

I want you to uninstall Chrome and if asked about user data or settings then remove this also

restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome

After you have Chrome reinstalled please check things out and let me know how it is doing.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 kruseman

kruseman
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 09 April 2014 - 08:07 PM

I did all of this and still got the redirect and and an error about not being able to load the Preferences list because it was corrupt.

Thanks.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:03 AM

Posted 09 April 2014 - 10:02 PM

I would like you to rerun FRST for me and send me a new report

If you cannot find it here is the link again.

Please download the Farbar Recovery Scan Tool from here:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ - Click on the BLUE download buttons only - ( The GREEN ones are ads)

save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it.
When the tool opens click Yes to disclaimer.
Press the Scan button.
It will make a log (FRST.txt) in the same directory the tool is run.

Please attach that log to your reply.
The first time the tool is run, it makes a second log (Addition.txt).
Please attach that to your reply as well



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:03 AM

Posted 12 April 2014 - 08:51 AM


Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 kruseman

kruseman
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 12 April 2014 - 10:44 PM

Hi, I will have time to try it again tomorrow and will post back. Thanks.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:03 AM

Posted 13 April 2014 - 07:18 AM

no problem and I will see you then


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 kruseman

kruseman
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 15 April 2014 - 09:35 PM

Sorry, I was unable to finish this. Was working on this for a friend. They have it now and have uninstalled Google Chrome and are proceeding from there.

Thanks for the assistance up to this point.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users