[Resolved] us.yhs4.search virus redirects to yahoo from Chrome

  • 3 Replies
  • 1835 Views
*

Offline BruceH

  • Bronze Member
  • 2
[Resolved] us.yhs4.search virus redirects to yahoo from Chrome
« on: January 24, 2014, 09:34:26 AM »
This nasty popped up yesterday when I accessed Chrome.  Chrome is a secondary browser which I use to access Google Sheets.  (Bing is my default). I have tried a number of supposed solutions, (some embarrassing in retrospect) and have failed to remove  the virus.  THANK YOU.

Here are my two logs:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 19.09.2012 00:24:31
System Uptime: 24.01.2014 09:12:53 (1 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. |  | NP900X4C-A06US
Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz | CPU Socket - U3E1 | 1701/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 238 GiB total, 153.725 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.06)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 2.0.5
Auslogics File Recovery
BatteryBar (remove only)
Bonjour
BPM Counter 1.6.0.0
Build Tools - amd64
Build Tools - x86
Build Tools Language Resources - amd64
Build Tools Language Resources - x86
Citrix Online Launcher
Citrix XenApp Web Plugin
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Dropbox
Easy Settings
Entity Framework Tools for Visual Studio 2013
ETDWare PS/2-X64 10.7.17.5_WHQL
Google Chrome
Google Update Helper
GoToMeeting 6.0.0.1259
HP Support Solutions Framework
Intel PROSet Wireless
Intel(R) Processor Graphics
Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
Intel® PROSet/Wireless WiFi Software
IrfanView (remove only)
iTunes
Junk Mail filter update
LAME v3.99.3 (for Windows)
LastPass (uninstall only)
Logitech Unifying Software 2.10
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft .NET Framework 4.5 Multi-Targeting Pack
Microsoft .NET Framework 4.5 SDK
Microsoft .NET Framework 4.5.1
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU)
Microsoft .NET Framework 4.5.1 SDK
Microsoft Application Error Reporting
Microsoft C++ REST SDK for Visual Studio 2013
Microsoft Help Viewer 2.1
Microsoft MapPoint North America 2004
Microsoft NuGet - Visual Studio Express 2013 for Windows Desktop
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 32-bit MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Hotmail Connector 64-bit
Microsoft Outlook Social Connector Provider for Windows Live Messenger 64-bit
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2012 Command Line Utilities
Microsoft SQL Server 2012 Data-Tier App Framework
Microsoft SQL Server 2012 Data-Tier App Framework  (x64)
Microsoft SQL Server 2012 Express LocalDB
Microsoft SQL Server 2012 Management Objects
Microsoft SQL Server 2012 Management Objects  (x64)
Microsoft SQL Server 2012 Native Client
Microsoft SQL Server 2012 T-SQL Language Service
Microsoft SQL Server 2012 Transact-SQL ScriptDom
Microsoft SQL Server Compact 4.0 SP1 x64 ENU
Microsoft SQL Server Data Tools - enu (12.0.30919.1)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1)
Microsoft System CLR Types for SQL Server 2012
Microsoft System CLR Types for SQL Server 2012 (x64)
Microsoft Team Foundation Server 2013 Object Model (x64)
Microsoft Team Foundation Server 2013 Object Model Language Pack (x64) - ENU
Microsoft Visual C++  x64 Libraries
Microsoft Visual C++  x86 Libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2013 32bit Compilers - ENU Resources
Microsoft Visual C++ 2013 Core Libraries
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x64 Debug Runtime - 12.0.21005
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86-x64 Compilers
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Debug Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Microsoft Visual Studio 2013 Express Prerequisites x64 - ENU
Microsoft Visual Studio 2013 Preparation
Microsoft Visual Studio 2013 Shell (Minimum)
Microsoft Visual Studio 2013 Shell (Minimum) Interop Assemblies
Microsoft Visual Studio 2013 Shell (Minimum) Resources
Microsoft Visual Studio 2013 Team Explorer Language Pack - ENU
Microsoft Visual Studio Express 2013 for Windows Desktop
Microsoft Visual Studio Express 2013 for Windows Desktop - ENU
Microsoft Visual Studio Ultimate 2013 XAML UI Designer Core
Microsoft Visual Studio Ultimate 2013 XAML UI Designer enu Resources
Movie Maker
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
Paint.NET v3.5.11
Photo Common
Photo Gallery
Prerequisites for SSDT
Prezi Desktop
QuickTime
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft Excel 2010 (KB2826033) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 64-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 64-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition
SHARP MX/DX Series PCL/PS Printer Driver
Skype Click to Call
Skype™ 6.9
SPCA1628 PC Driver
SRS Premium Sound
Stellarium 0.12.4
SUABnR
SUPERAntiSpyware
Team Explorer for Microsoft Visual Studio 2013
Update for  (KB2504637)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 64-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 64-Bit Edition
Verizon Wireless Software Upgrade Assistant - Samsung(ar)
Verizon Wireless Software Utility Application for Android - Samsung
VLC media player 2.1.2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Software Development Kit
Windows Software Development Kit DirectX x64 Remote
Windows Software Development Kit DirectX x86 Remote
Windows Software Development Kit for Windows Store Apps
Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
Windows XP Targeting with C++
Wondershare PDF Converter Pro (Build 4.0.1)
Wondershare Video Converter Ultimate(Build 6.7.0.10)
Wondershare Video Editor(Build 3.1.2)
.
==== Event Viewer Messages From Past Week ========
.
24.01.2014 09:13:02, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  cdrom
24.01.2014 09:12:59, Error: Service Control Manager [7000]  - The SPCA1628 Video Camera Service service failed to start due to the following error:  The system cannot find the file specified.
24.01.2014 09:12:57, Error: Service Control Manager [7000]  - The sbapifs service failed to start due to the following error:  The system cannot find the file specified.
23.01.2014 23:37:12, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
23.01.2014 23:37:12, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
23.01.2014 23:37:12, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
23.01.2014 23:37:12, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
23.01.2014 23:37:11, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
23.01.2014 23:37:11, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
23.01.2014 23:37:03, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
23.01.2014 23:37:01, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD cdrom CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss SABI SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf
23.01.2014 23:37:01, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
23.01.2014 23:37:01, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
23.01.2014 23:37:01, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
23.01.2014 23:37:01, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
23.01.2014 23:37:01, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
23.01.2014 23:37:01, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
23.01.2014 23:37:01, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
23.01.2014 23:37:01, Error: Service Control Manager [7001]  - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
23.01.2014 23:37:01, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
23.01.2014 23:37:01, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
23.01.2014 23:37:01, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
23.01.2014 18:15:01, Error: Service Control Manager [7034]  - The Skype C2C Service service terminated unexpectedly.  It has done this 1 time(s).
23.01.2014 17:12:27, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
23.01.2014 16:30:02, Error: Microsoft Antimalware [1005]  - Microsoft Antimalware scan has encountered an error and terminated.     Scan ID: {407A5386-5B20-4AC2-AAE0-3F2DC94D6A28}     Scan Type: Antimalware     Scan Parameters: Custom Scan     User: Bruce-PC\Bruce     Error Code: 0x80508023     Error description: The program could not find the malware and other potentially unwanted software on this computer.
.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428
Run by Bruce at 10:12:24 on 2014-01-24
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.7814.5362 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_94_ActiveX.exe
C:\Users\Bruce\Downloads\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
mWinlogon: Userinit = userinit.exe,
BHO: Wondershare Video Converter Ultimate: {65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF} - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRIEPlugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
uRun: [GoogleChromeAutoLaunch_78889DA718BE62794E02424229F81C4D] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{BFF6B2A0-1801-4FFC-8780-BC18931B1D40} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{BFF6B2A0-1801-4FFC-8780-BC18931B1D40}\14E64627F6E696363734F6E637472757364796F6E6 : DHCPNameServer = 192.168.17.1
TCP: Interfaces\{BFF6B2A0-1801-4FFC-8780-BC18931B1D40}\74275656E66496265627 : DHCPNameServer = 172.16.0.58 172.16.0.88 172.16.0.101
TCP: Interfaces\{BFF6B2A0-1801-4FFC-8780-BC18931B1D40}\D4052434 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{BFF6B2A0-1801-4FFC-8780-BC18931B1D40}\D4052434F5548545F5548545 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{BFF6B2A0-1801-4FFC-8780-BC18931B1D40}\D4052434F58416C6C6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{DF5E569D-6183-4A1D-A507-7C8F0A5B64B7} : DHCPNameServer = 192.168.42.129
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\Windows\System32\drivers\SABI.sys [2013-8-27 13824]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-12-5 659968]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-2-21 1014096]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-2-21 1104208]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-12-5 135952]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [2013-12-17 46904]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-11-25 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-11-25 701512]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 134944]
R2 SamsungDeviceConfigurationWinService;SamsungDeviceConfiguration;C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [2013-8-27 31624]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2011-12-8 594704]
R3 acpials;ALS Sensor Filter;C:\Windows\System32\drivers\acpials.sys [2011-4-12 9728]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-12-5 195584]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-11-30 94720]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-11-30 747008]
R3 ETD;Samsung PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2012-6-7 293712]
R3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2012-2-14 60928]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-11-25 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-9-18 648808]
R3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);C:\Windows\System32\drivers\rusb3hub.sys [2012-5-10 104448]
R3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);C:\Windows\System32\drivers\rusb3xhc.sys [2012-5-10 221184]
R3 WsAudio_Device;WsAudio_Device;C:\Windows\System32\drivers\VirtualAudio.sys [2013-11-27 31080]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-12-5 195584]
S3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2012-2-21 1304912]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-10-28 107288]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-10-29 57840]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2013-2-5 1512448]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-11 111616]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-12-8 273168]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-10-28 204568]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 VsEtwService120;Visual Studio ETW Event Collection Service;C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [2013-10-4 87728]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-8-23 1255736]
.
=============== Created Last 30 ================
.
2014-01-24 04:33:35   --------   d-----w-   C:\Users\Bruce\AppData\Local\CrashDumps
2014-01-24 04:27:03   --------   d-----w-   C:\Program Files\Enigma Software Group
2014-01-24 04:26:36   --------   d-----w-   C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-01-24 04:26:36   --------   d-----w-   C:\Program Files (x86)\Common Files\Wise Installation Wizard
2014-01-24 04:05:38   --------   d-----w-   C:\Users\Bruce\AppData\Local\NPE
2014-01-24 04:05:38   --------   d-----w-   C:\ProgramData\Norton
2014-01-24 03:55:19   --------   d-----w-   C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-24 03:53:24   91352   ----a-w-   C:\Windows\System32\drivers\mbamchameleon.sys
2014-01-24 03:40:03   --------   d-----w-   C:\Windows\pss
2014-01-23 19:58:50   --------   d-----w-   C:\ProgramData\Sophos
2014-01-23 19:34:27   --------   d-----w-   C:\SUPERDelete
2014-01-23 17:36:09   965000   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5C6BD568-A38B-4B1B-BCCA-08E9CED88420}\gapaengine.dll
2014-01-23 17:35:50   10315576   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{20371295-E823-440D-89D5-9A067CEC483B}\mpengine.dll
2014-01-22 21:17:36   --------   d-----w-   C:\Windows\SysWow64\modules
2014-01-22 21:17:36   --------   d-----w-   C:\Windows\SysWow64\js
2014-01-22 21:17:36   --------   d-----w-   C:\Windows\SysWow64\images
2014-01-22 21:17:36   --------   d-----w-   C:\Windows\SysWow64\html
2014-01-22 21:17:36   --------   d-----w-   C:\Windows\SysWow64\css
2014-01-22 21:17:03   --------   d-----w-   C:\Program Files (x86)\The Weather Channel
2014-01-22 16:49:35   10315576   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-15 16:02:28   --------   d--h--w-   C:\Windows\msdownld.tmp
2014-01-15 12:39:59   99840   ----a-w-   C:\Windows\System32\drivers\usbccgp.sys
2014-01-15 12:39:59   7808   ----a-w-   C:\Windows\System32\drivers\usbd.sys
2014-01-15 12:39:59   53248   ----a-w-   C:\Windows\System32\drivers\usbehci.sys
2014-01-15 12:39:59   343040   ----a-w-   C:\Windows\System32\drivers\usbhub.sys
2014-01-15 12:39:59   325120   ----a-w-   C:\Windows\System32\drivers\usbport.sys
2014-01-15 12:39:59   30720   ----a-w-   C:\Windows\System32\drivers\usbuhci.sys
2014-01-15 12:39:59   25600   ----a-w-   C:\Windows\System32\drivers\usbohci.sys
2014-01-15 12:39:58   376768   ----a-w-   C:\Windows\System32\drivers\netio.sys
2014-01-15 12:39:58   3156480   ----a-w-   C:\Windows\System32\win32k.sys
2014-01-06 14:38:36   736952   ----a-w-   C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2014-01-03 14:27:37   --------   d-----w-   C:\Program Files (x86)\Abyssmedia
2014-01-03 05:59:18   --------   d-----w-   C:\Users\Bruce\AppData\Roaming\Windows Live Writer
2014-01-03 05:59:18   --------   d-----w-   C:\Users\Bruce\AppData\Local\Windows Live Writer
2013-12-26 20:51:54   159744   ----a-w-   C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2013-12-26 20:51:54   159744   ----a-w-   C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2013-12-26 20:51:54   159744   ----a-w-   C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2013-12-26 20:51:54   159744   ----a-w-   C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2013-12-26 20:51:54   159744   ----a-w-   C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2013-12-26 20:38:24   33240   ----a-w-   C:\Windows\System32\drivers\GEARAspiWDM.sys
2013-12-26 20:37:58   --------   d-----w-   C:\Program Files\iPod
2013-12-26 20:37:57   --------   d-----w-   C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-26 20:37:57   --------   d-----w-   C:\Program Files\iTunes
2013-12-26 20:37:57   --------   d-----w-   C:\Program Files (x86)\iTunes
2013-12-26 20:37:40   --------   d-----w-   C:\Users\Bruce\AppData\Local\Apple
2013-12-26 20:37:03   --------   d-----w-   C:\Program Files\Bonjour
2013-12-26 20:37:03   --------   d-----w-   C:\Program Files (x86)\Bonjour
2013-12-26 18:34:46   57344   ----a-r-   C:\Users\Bruce\AppData\Roaming\Microsoft\Installer\{2E6FA5CA-1597-4219-AF62-D9B061E7C448}\NewShortcut11_98798AFA4B0B41FAA9B8FF8835A64952.exe
2013-12-26 18:34:46   57344   ----a-r-   C:\Users\Bruce\AppData\Roaming\Microsoft\Installer\{2E6FA5CA-1597-4219-AF62-D9B061E7C448}\NewShortcut1_3F3768693B314C7692F69858832BE52C.exe
2013-12-26 18:34:46   53248   ----a-r-   C:\Users\Bruce\AppData\Roaming\Microsoft\Installer\{2E6FA5CA-1597-4219-AF62-D9B061E7C448}\ARPPRODUCTICON.exe
2013-12-26 18:33:29   --------   d-----w-   C:\Program Files\SAMSUNG
2013-12-26 18:32:49   --------   d-----w-   C:\Users\Bruce\AppData\Roaming\VERIZON
2013-12-26 12:46:27   --------   d-----w-   C:\Program Files (x86)\Hp
2013-12-26 12:36:02   99840   ----a-w-   C:\Windows\System32\Spool\prtprocs\x64\HPZPPLHN.DLL
2013-12-26 12:36:02   99840   ----a-w-   C:\Windows\System32\Spool\prtprocs\x64\3_HPZPPLHN.DLL
2013-12-26 12:36:02   99840   ----a-w-   C:\Windows\System32\Spool\prtprocs\x64\2_HPZPPLHN.DLL
2013-12-26 12:36:02   99840   ----a-w-   C:\Windows\System32\Spool\prtprocs\x64\1_HPZPPLHN.DLL
.
==================== Find3M  ====================
.
2014-01-19 07:33:29   270496   ------w-   C:\Windows\System32\MpSigStub.exe
2013-11-26 10:19:07   2724864   ----a-w-   C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23   4096   ----a-w-   C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07   66048   ----a-w-   C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25   48640   ----a-w-   C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02   2724864   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39   139264   ----a-w-   C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09   111616   ----a-w-   C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57   708608   ----a-w-   C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02   5769216   ----a-w-   C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16   553472   ----a-w-   C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12   4243968   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16   1995264   ----a-w-   C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06   1928192   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57   2334208   ----a-w-   C:\Windows\System32\wininet.dll
2013-11-26 06:33:33   1820160   ----a-w-   C:\Windows\SysWow64\wininet.dll
2013-11-25 07:45:44   348160   ----a-w-   C:\Windows\SysWow64\msvcr71.dll
2013-11-25 07:45:44   1700352   ----a-w-   C:\Windows\SysWow64\gdiplus.dll
2013-11-25 07:45:44   1060864   ----a-w-   C:\Windows\SysWow64\mfc71.dll
2013-11-23 18:26:20   417792   ----a-w-   C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34   465920   ----a-w-   C:\Windows\System32\WMPhoto.dll
2013-11-12 20:57:05   12754432   ----a-w-   C:\Program Files (x86)\Common Files\lpuninstall.exe
2013-11-12 02:23:09   2048   ----a-w-   C:\Windows\System32\tzres.dll
2013-11-12 02:07:29   2048   ----a-w-   C:\Windows\SysWow64\tzres.dll
2013-11-04 20:06:46   120200   ----a-w-   C:\Windows\SysWow64\DLLDEV32i.dll
2013-10-30 02:32:01   335360   ----a-w-   C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52   301568   ----a-w-   C:\Windows\SysWow64\msieftp.dll
2013-10-28 06:12:12   204568   ----a-w-   C:\Windows\System32\drivers\ssudmdm.sys
2013-10-28 06:12:10   107288   ----a-w-   C:\Windows\System32\drivers\ssudbus.sys
« Last Edit: January 24, 2014, 09:43:16 AM by Hoov »

*

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • 27183
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] us.yhs4.search virus redirects to yahoo from Chrome
« Reply #1 on: January 24, 2014, 09:52:30 AM »
Hello, welcome to SpywareHammer.

I go by Hoov, and I will be helping you with your problem. I must ask you to do a few things for me.

First, tell me everything that you have done, if anything, to try and fix this problem.Also tell me any other problems you are having, no matter how small or long you have been dealing with them.

Second, please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

Third, follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go.

Fourth, Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

Fifth, if we start this fix, I need you to stick with me until the end. Just because your computer is running better does not mean it is fixed.

Before we start trying to fix your computer, you need to make sure your data is backed up. Also let me know of any software you have running that encrypts your harddrive.

One last thing, I need you to tell me if this computer belongs to a school or to a company or orginization of some kind. If it does, please let me know. Also tell me if there is an IT department responsible for this computer.

Now onto trying to fix your computer.


Just so that you know, the instructions below are just a first place to start. I am starting there because you mention trying to repair this, but did not say what. If these instructions do not work, please tell me what you have tried.

I am not entirely sure you have a Virus. us.yhs4.search is the first part of the address of the Yahoo Search page. Please open Chrome and go to the settings (Icon looks like three horizontal lines on the right side of the browser next to the address bar).

Now look at the second section where it says On Startup and select Open the New Tab page .

Now go down to the fourth section where it says Search and in the left drop down menu select whatever you want other than Yahoo.

Now close Chrome.

1.Download and scan with CCleaner
When you get to the website, there is a dark grey box on the left side with two tabs along the top. Inside this Dark Grey box is a light grey box. Below that light grey box is where the download links are at. The pay amount is for paid support.
2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
3. Then select the items you wish to clean up.
In the Windows Tab:

    • Clean all entries in the "Internet Explorer" section except Cookies if you want to keep those.
    • Clean all the entries in the "Windows Explorer" section.
    • Clean all entries in the "System" section.
    • Clean all entries in the "Advanced" section.
    • Clean any others that you choose.


    In the Applications Tab
      • Clean all except cookies in the Firefox/Mozilla section if you use it.
      • Clean all in the Opera section if you use it.
      • Clean Sun Java in the Internet Section.
      • Clean any others that you choose.


      4. Click the "Run Cleaner" button.
      5. A pop up box will appear advising this process will permanently delete files from your system.
      6. Click "OK" and it will scan and clean your system.
      7. Click "exit" when done.

      Now open Chrome again and see if it behaves properly. Let me know how it goes.

      Former Consumer Security MVP
      2011-2014

      If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

      *

      Offline BruceH

      • Bronze Member
      • 2
      Re: [In Progress] us.yhs4.search virus redirects to yahoo from Chrome
      « Reply #2 on: January 24, 2014, 11:24:33 AM »
      I followed your instructions and Chrome appears to be working normally (redirect to Yahoo is no longer there). Thank you, Hoov.  Deep sigh of relief!

      *

      Offline Hoov

      • Malware Removal Mentors
      • Administrator
      • Diamond Member
      • 27183
      • Unwilling part owner of Gov't. Motors and Chrysler
        • Hoov's Personal Site
      Re: [In Progress] us.yhs4.search virus redirects to yahoo from Chrome
      « Reply #3 on: January 24, 2014, 11:50:21 AM »
      You are welcome.

      Are you having any other problems, any questions or concerns?

      Former Consumer Security MVP
      2011-2014

      If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!