Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HD vid codec malware -- pop-ups, weird links, redirecting Google to Bing


  • This topic is locked This topic is locked
11 replies to this topic

#1 BenP23

BenP23

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 04 May 2014 - 12:43 PM

Windows 7 - Lenovo SL510 machine

 

My kid went and downloaded something called HD Vid Codec which was suppose to help him view streaming video in HD. It does not do that. Now, when I open Chrome instead of the default Chrome homepage I get a Bing homepage with an advertisement for something called SupraSavings at the top. In addition, random words are underlined and in blue and when you scroll over them a new window appears with an ad or a link to some shaddy looking website. New taps that are advertisements will also appear whenever I click in a search box of any kind. Pop ups for SupraSavings are also appearing in the bottom right corner of the screen from time to time.

 

I don't know how to remove this from my machine and any help would be greatly appreciated. I looked in the security guides but I couldn't find anything. If there is a guide that exists I can walk myself through that other wise some individual help would be great.  

 

Here is the content from the DDS file and the file is also attached. Thank you so much.

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 10.55.2
Run by odp at 13:29:31 on 2014-05-04
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.1913.308 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Outdated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\ibmpmsvc.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe
C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe
C:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Nuance\PaperPort\pptd40nt.exe
C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\ControlCenter4\BrCtrlCntr.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\MySQL\MySQL Notifier 1.1.4\MySQLNotifier.exe
C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
C:\Program Files\ControlCenter4\BrCcUxSys.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\ProgramData\FLEXnet\Connect\11\agent.exe
C:\Windows\system32\taskhost.exe
C:\Users\odp\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\003\nuttkoqiez32.exe
C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe
C:\PROGRA~1\SearchProtect\SearchProtect\bin\cltmng.exe
C:\PROGRA~1\SearchProtect\UI\bin\cltmngui.exe
C:\Users\odp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\odp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\odp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\odp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\odp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\odp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\odp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\odp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\odp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\odp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\odp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\odp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\odp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\odp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\odp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\odp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com/?gd=&ctid=CT3321733&octid=EB_ORIGINAL_CTID&ISID=M9D955135-19F6-4E64-B8CF-727A29465303&SearchSource=55&CUI=&UM=2&UP=SP32482C90-6ACF-4CA6-BFCD-06080D853273&SSPV=
uDefault_Page_URL = hxxp://lenovo.msn.com
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.141\McAfeeMSS_IE.dll
BHO: 2rs3: {10AD2C61-0898-4348-8600-14A342F22AC3} - c:\program files\suprasavings\2rs3.dll
BHO: HDvid-Codec V9.0: {11111111-1111-1111-1111-110511131156} - c:\program files\hdvid-codec v9.0\HDvid-Codec V9.0-bho.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Bucksbee Loyalty Plugin - Air Installer: {86A5A4F7-990C-F0B4-096E-6B6BFDC90EC9} - c:\program files\bucksbee loyalty plugin - air installer\BucksBee Loyalty Plugin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - c:\program files\evernote\evernote\EvernoteIE.dll
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [Google Update] "c:\users\odp\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ISUSPM] c:\programdata\flexnet\connect\11\ISUSPM.exe -scheduler
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
uRun: [MySQL Notifier] c:\program files\mysql\mysql notifier 1.1.4\MySqlNotifier.exe
uRun: [GoogleChromeAutoLaunch_8B20890DE081CD90CF442E7C82A6459C] "c:\users\odp\appdata\local\google\chrome\application\chrome.exe" --no-startup-window
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10m_Plugin.exe -update plugin
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [LENOVO.TPFNF6R] c:\program files\lenovo\hotkey\TPFNF6R.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\client server security agent\pccntmon.exe" -HideWindow
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [IndexSearch] "c:\program files\nuance\paperport\IndexSearch.exe"
mRun: [PaperPort PTD] "c:\program files\nuance\paperport\pptd40nt.exe"
mRun: [PPort12reminder] "c:\program files\nuance\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\12\config\ereg\Ereg.ini"
mRun: [PDFHook] c:\program files\nuance\pdf viewer plus\pdfpro5hook.exe
mRun: [PDF5 Registry Controller] c:\program files\nuance\pdf viewer plus\RegistryController.exe
mRun: [ControlCenter4] c:\program files\controlcenter4\BrCcBoot.exe /autorun
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\odp\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\odp\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\odp\appdata\roaming\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.141\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{871df2be-41d2-4334-ac33-839af16fc8fe}\Icon3E5562ED7.ico
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Clip Image - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=4
IE: Clip selection - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=3
IE: Clip this page - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=1
IE: Clip URL - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: New Note - c:\program files\evernote\evernote\\evernoteieres\NewNote.html
IE: Open with PDF Viewer Plus - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\\evernoteieres\AddNote.html
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{B1D8FD2E-FC5B-4971-AAEF-4FC74EC764F5} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{B1D8FD2E-FC5B-4971-AAEF-4FC74EC764F5}\25F68637023547275656470234166656 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B1D8FD2E-FC5B-4971-AAEF-4FC74EC764F5}\2656C6B696E6534376 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{B1D8FD2E-FC5B-4971-AAEF-4FC74EC764F5}\34570702F402A4F65602D20264255454 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B1D8FD2E-FC5B-4971-AAEF-4FC74EC764F5}\34F6C657D6265737F5D4564727F607F6C6964716E6F5C4962627162797 : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{B1D8FD2E-FC5B-4971-AAEF-4FC74EC764F5}\56672636F63353D223E646D2E4F6274786 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{B1D8FD2E-FC5B-4971-AAEF-4FC74EC764F5}\942796370224F6F6B634166656 : DHCPNameServer = 192.168.200.1 192.168.200.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\searchprotect\searchprotect\bin\spvc32loader.dll  c:\progra~1\google\google~3\go36f4~1.dll 
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\odp\appdata\roaming\mozilla\firefox\profiles\4o29xxeh.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - component: c:\program files\common files\spigot\wtxpcom\components\WidgiToolbarFF.dll
FF - component: c:\users\odp\appdata\roaming\mozilla\firefox\profiles\4o29xxeh.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\odp\appdata\roaming\mozilla\firefox\profiles\4o29xxeh.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko5.dll
FF - component: c:\users\odp\appdata\roaming\mozilla\firefox\profiles\4o29xxeh.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko6.dll
FF - component: c:\users\odp\appdata\roaming\mozilla\firefox\profiles\4o29xxeh.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko7.dll
FF - component: c:\users\odp\appdata\roaming\mozilla\firefox\profiles\4o29xxeh.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko8.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\users\odp\appdata\local\citrix\plugins\104\npappdetector.dll
FF - plugin: c:\users\odp\appdata\local\google\update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: c:\users\odp\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\odp\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-1-25 231960]
R0 mv64xx;mv64xx;c:\windows\system32\drivers\mv64xx.sys [2010-2-23 277032]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2009-7-16 13480]
R1 MpKslb7287914;MpKslb7287914;c:\programdata\microsoft\microsoft antimalware\definition updates\{5bbc83e1-ef8d-4323-8b1b-0e731964e535}\MpKslb7287914.sys [2014-5-4 39464]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2009-3-10 145936]
R2 CltMngSvc;Search Protect by Conduit Service;c:\progra~1\searchprotect\main\bin\CltMngSvc.exe [2014-4-8 2470688]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2009-10-5 45424]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-5-27 47640]
R2 MySQL56;MySQL56;"C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld" --defaults-file="c:\programdata\mysql\mysql server 5.6\my.ini" mysql56 --> c:/program files/mysql/mysql server 5.6/bin\mysqld [?]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 104264]
R2 nuttkoqiez32;nuttkoqiez32;c:\program files\003\nuttkoqiez32.exe run options=01110010030000000000000000000000 sourceguid=a1d0a8ba-de75-49a5-a1bf-870fc16d4b50 --> c:\program files\003\nuttkoqiez32.exe run options=01110010030000000000000000000000 sourceguid=A1D0A8BA-DE75-49A5-A1BF-870FC16D4B50 [?]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\nuance\paperport\PDFProFiltSrvPP.exe [2010-3-9 144672]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-5-7 57424]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\client server security agent\tmxpflt.sys [2009-5-21 230928]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\client server security agent\tmpreflt.sys [2009-5-21 36368]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2009-3-10 256528]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2009-10-5 62320]
R3 5U877;USB Video Device;c:\windows\system32\drivers\5U877.sys [2010-2-24 125568]
R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2011-6-22 245760]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-9-10 122880]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-6-7 119256]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15 6114816]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2014-3-11 279776]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-2-24 167936]
R3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files\trend micro\client server security agent\TmPfw.exe [2009-12-21 497008]
R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\trend micro\client server security agent\TmProxy.exe [2009-12-21 685320]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 LMIGuardianSvc;LMIGuardianSvc;"c:\program files\logmein\x86\lmiguardiansvc.exe" --> c:\program files\logmein\x86\LMIGuardianSvc.exe [?]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\roxio\digital home 10\RoxioUpnpService10.exe [2009-8-5 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2009-8-5 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2009-8-5 166384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-11-3 30192]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-4-23 108032]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-2-23 58880]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-2-23 137728]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\roxio\digital home 10\RoxioUPnPRenderer10.exe [2009-8-5 313840]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-8-5 1124848]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-20 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-23 1343400]
.
=============== Created Last 30 ================
.
2014-05-04 17:11:44 62576 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5bbc83e1-ef8d-4323-8b1b-0e731964e535}\offreg.dll
2014-05-04 15:56:02 79360 ----a-w- c:\windows\system32\ff_vfw.dll
2014-05-04 15:55:58 -------- d-----w- c:\program files\ffdshow
2014-05-04 15:55:05 -------- d-----w- c:\program files\Optimizer Pro
2014-05-04 15:54:02 -------- d-----w- c:\users\odp\appdata\local\SearchProtect
2014-05-04 15:53:40 -------- d-----w- c:\program files\SearchProtect
2014-05-04 15:52:07 -------- d-----w- c:\program files\suprasavings
2014-05-04 15:49:56 -------- d-----w- c:\program files\003
2014-05-04 15:48:10 -------- d-----w- c:\program files\HDvid-Codec V9.0
2014-05-04 15:47:17 -------- d-----w- c:\program files\hdvidcodec.com
2014-05-04 15:45:07 -------- d-----w- c:\users\odp\appdata\roaming\DropboxMaster
2014-05-04 07:20:20 39464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5bbc83e1-ef8d-4323-8b1b-0e731964e535}\MpKslb7287914.sys
2014-05-04 07:01:32 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-03 14:26:57 8050496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5bbc83e1-ef8d-4323-8b1b-0e731964e535}\mpengine.dll
2014-05-02 05:40:06 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1145f931-1250-4901-af9f-385ffaa65177}\gapaengine.dll
2014-05-02 05:38:51 8050496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-04-24 07:01:13 454656 ----a-w- c:\windows\system32\vbscript.dll
2014-04-23 07:05:09 194048 ----a-w- c:\windows\system32\elshyph.dll
2014-04-22 00:06:45 -------- d-----w- c:\programdata\Oracle
2014-04-22 00:05:04 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-04-09 05:49:21 1212352 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-04-09 05:49:19 27072 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-04-09 05:49:19 234432 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2014-04-09 05:49:19 2048 ----a-w- c:\windows\system32\iologmsg.dll
2014-04-09 05:49:19 149440 ----a-w- c:\windows\system32\drivers\storport.sys
.
==================== Find3M  ====================
.
2014-03-11 13:52:30 104264 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-01 04:10:48 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-01 03:52:43 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-01 03:38:23 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-01 03:37:35 553472 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-01 03:31:30 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 03:14:15 4244480 ----a-w- c:\windows\system32\jscript9.dll
2014-03-01 03:00:08 1964032 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- c:\windows\system32\wininet.dll
2014-02-07 01:07:56 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:04:22 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:04:11 509440 ----a-w- c:\windows\system32\qedit.dll
.
============= FINISH: 13:32:20.36 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:47 PM

Posted 04 May 2014 - 12:49 PM

Hello BenP23,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.

 

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

2.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 BenP23

BenP23
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 04 May 2014 - 01:34 PM

Thanks you for the quick reply. Here are the contents of the files you requested. Thanks agai

 

# AdwCleaner v3.206 - Report created 04/05/2014 at 14:03:14
# Updated 04/05/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : odp - ODPTMP10221001
# Running from : C:\Users\odp\Downloads\AdwCleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : CltMngSvc
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Folder Deleted : C:\Program Files\003
Folder Deleted : C:\Program Files\BrowseToSave
Folder Deleted : C:\Program Files\EasyLife
Folder Deleted : C:\Program Files\HDvidCodec.com
Folder Deleted : C:\Program Files\Optimizer Pro
Folder Deleted : C:\Program Files\SearchProtect
Folder Deleted : C:\Program Files\SupraSavings
Folder Deleted : C:\Program Files\YTD Toolbar
Folder Deleted : C:\Program Files\HDvid-Codec V9.0
Folder Deleted : C:\Users\odp\AppData\Local\SearchProtect
Folder Deleted : C:\Users\odp\AppData\Roaming\SendSpace
Folder Deleted : C:\Users\odp\AppData\Roaming\Mozilla\Firefox\Profiles\4o29xxeh.default\Extensions\fca3238e-0f52-4634-8e93-c36d211b2ea9@c1c012cf-93b0-488e-a2c5-453d23bec199.com
Folder Deleted : C:\Users\odp\AppData\Roaming\Mozilla\Firefox\Profiles\4o29xxeh.default\Extensions\SupraSavings@jetpack
Folder Deleted : C:\Users\odp\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh
Folder Deleted : C:\Users\odp\AppData\Local\Google\Chrome\User Data\Default\Extensions\afjegdojkkoghnbiollpogeeimocanmk
File Deleted : C:\Users\odp\Desktop\Optimizer Pro.lnk
File Deleted : C:\Users\odp\AppData\Roaming\Mozilla\Firefox\Profiles\4o29xxeh.default\searchplugins\EasyLife.xml
File Deleted : C:\Users\odp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\odp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Deleted : C:\Windows\Tasks\HDvid-Codec V9.0-chromeinstaller.job
File Deleted : C:\Windows\System32\Tasks\HDvid-Codec V9.0-chromeinstaller
File Deleted : C:\Windows\Tasks\HDvid-Codec V9.0-codedownloader.job
File Deleted : C:\Windows\System32\Tasks\HDvid-Codec V9.0-codedownloader
File Deleted : C:\Windows\Tasks\HDvid-Codec V9.0-enabler.job
File Deleted : C:\Windows\System32\Tasks\HDvid-Codec V9.0-enabler
File Deleted : C:\Windows\Tasks\HDvid-Codec V9.0-firefoxinstaller.job
File Deleted : C:\Windows\System32\Tasks\HDvid-Codec V9.0-firefoxinstaller
File Deleted : C:\Windows\Tasks\HDvid-Codec V9.0-updater.job
File Deleted : C:\Windows\System32\Tasks\HDvid-Codec V9.0-updater
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F17E3A1-9380-4775-B145-F0BD86482D84}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CDE38857-EBE4-464B-8513-01626A4F1F88}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CDE38857-EBE4-464B-8513-01626A4F1F88}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D5FE688C-3751-479B-9902-C7E5E47F903B}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5FE688C-3751-479B-9902-C7E5E47F903B}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DBFBB2B9-4A59-46A4-A281-58759AD2FE2E}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DBFBB2B9-4A59-46A4-A281-58759AD2FE2E}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C47F5A44-86EC-43BC-9889-80D6AB09D331}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C47F5A44-86EC-43BC-9889-80D6AB09D331}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BC7F8C11-647F-4097-9091-6AB150D58798}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC7F8C11-647F-4097-9091-6AB150D58798}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.old.Start Page]
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_48c708f2
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0051356.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0051356.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0051356.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0051356.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0B79C149-3B19-40DE-92BF-1A3AD9C1DA9D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{229C56BB-A36A-4323-8C82-B136DF45697D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33E2B3CB-322E-4CBE-89F2-C06F5A35DB46}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{51080E66-F357-4F2A-9BFC-2456695883B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{537AD3CF-DE2B-4A1C-8279-C946B7E490D4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5BF7365D-25FF-40F3-8DEE-06ABEDF177CC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A10A1344-B533-4C9E-BE4E-4C5BC4953047}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA94BCE1-7E60-422D-9E7D-B853BC03FE78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BDCE611F-FDAA-4B10-A8E8-220A7897A69F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D0F1E414-1FAE-466C-B122-DE735B7BFF9D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E458510C-1DD5-4A05-8C4C-53BEF69C05E7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511131156}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522132256}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555135556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566136656}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544134456}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511131156}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10AD2C61-0898-4348-8600-14A342F22AC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33388391-92a6-4394-a595-f9c84984173d}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{664948d7-b90c-4329-9a60-cbbce15501c0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8b3652fe-411d-4942-ae7d-31a2c93dab8c}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9a50c8d3-8fce-49f9-9b16-10847de698a6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{01BD49D7-C76B-4310-8BEB-14D7E5F322C6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{01BD49D7-C76B-4310-8BEB-14D7E5F322C6}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\suprasavings
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\Supra Savings
Key Deleted : HKCU\Software\AppDataLow\Software\suprasavings
Key Deleted : HKCU\Software\AppDataLow\Software\HDvid-Codec V9.0
Key Deleted : HKLM\Software\installedbrowserextensions
Key Deleted : HKLM\Software\LevelQualityWatcher
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\suprasavings
Key Deleted : HKLM\Software\HDvid-Codec V9.0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\suprasavings
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HDvid-Codec V9.0
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16521
 
 
-\\ Mozilla Firefox v13.0.1 (en-US)
 
[ File : C:\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\y4tpggbo.default\prefs.js ]
 
 
[ File : C:\Users\odp\AppData\Roaming\Mozilla\Firefox\Profiles\4o29xxeh.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Users\odp\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://movies.netflix.com/WiSearch?oq=12+o+clock+high&ac_posn=-1&ac_rec=false&ac_count=-1&ac_match=false&v1={searchTerms}&search_submit=
Deleted [Search Provider] : hxxp://www.policymattersohio.org/search-results?cx=001700493604819089975%3Am4xys0wmyay&cof=FORID%3A9&ie=UTF-8&q={searchTerms}&sa=GO
Deleted [Search Provider] : hxxp://www.artofmanliness.com/search-results?cx=007683775889793086658%3Aql5awm4scyk&cof=FORID%3A10&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=artofmanliness.com%2F&ref=artofmanliness.com%2Fman-knowledge&ss=259j35085j4
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}&search=&qsrc=0&o=10181&l=dir
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3321733&octid=EB_ORIGINAL_CTID&ISID=M9D955135-19F6-4E64-B8CF-727A29465303&SearchSource=58&CUI=&UM=2&UP=SP32482C90-6ACF-4CA6-BFCD-06080D853273&q={searchTerms}&SSPV=
Deleted [Startup_urls] : hxxp://search.conduit.com/?gd=&ctid=CT3321733&octid=EB_ORIGINAL_CTID&ISID=M9D955135-19F6-4E64-B8CF-727A29465303&SearchSource=55&CUI=&UM=2&UP=SP32482C90-6ACF-4CA6-BFCD-06080D853273&SSPV=
Deleted [Homepage] : hxxp://search.conduit.com/?gd=&ctid=CT3321733&octid=EB_ORIGINAL_CTID&ISID=M9D955135-19F6-4E64-B8CF-727A29465303&SearchSource=55&CUI=&UM=2&UP=SP32482C90-6ACF-4CA6-BFCD-06080D853273&SSPV=
Deleted [Extension] : afjegdojkkoghnbiollpogeeimocanmk
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
Deleted [Extension] : iilfecopjcmjdgfffklfdkhbkpkmcglh
 
*************************
 
AdwCleaner[R0].txt - [14068 octets] - [04/05/2014 13:58:21]
AdwCleaner[S0].txt - [14224 octets] - [04/05/2014 14:03:14]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14285 octets] ##########
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:04-05-2014
Ran by odp (administrator) on ODPTMP10221001 on 04-05-2014 14:23:17
Running from C:\Users\odp\Downloads
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Lenovo) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
() C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
() C:\Program Files\Trend Micro\BM\TMBMSRV.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Oracle Corporation) C:\Program Files\MySQL\MySQL Notifier 1.1.4\MySQLNotifier.exe
(Google Inc.) C:\Users\odp\AppData\Local\Google\Chrome\Application\chrome.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe
(Google Inc.) C:\Users\odp\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\odp\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\odp\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\odp\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\odp\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\odp\AppData\Local\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\odp\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
(Google Inc.) C:\Users\odp\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\odp\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\odp\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\odp\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\odp\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7612960 2009-07-10] (Realtek Semiconductor)
HKLM\...\Run: [TPHOTKEY] => C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [68976 2009-03-13] (Lenovo Group Limited)
HKLM\...\Run: [LENOVO.TPFNF6R] => C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe [62752 2009-08-19] (Lenovo Group Limited)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-07] (Intel Corporation)
HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [244208 2009-08-05] (Sonic Solutions)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-11-25] (Synaptics Incorporated)
HKLM\...\Run: [OfficeScanNT Monitor] => C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe [935208 2009-06-02] (Trend Micro Inc.)
HKLM\...\Run: [LogMeIn GUI] => "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-11-03] (Google)
HKLM\...\Run: [IndexSearch] => C:\Program Files\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort12reminder] => C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PDFHook] => C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [PDF5 Registry Controller] => C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [ControlCenter4] => C:\Program Files\ControlCenter4\BrCcBoot.exe [139264 2010-10-22] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-3969232694-1999126572-695026536-1003\...\Run: [Google Update] => C:\Users\odp\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-09-08] (Google Inc.)
HKU\S-1-5-21-3969232694-1999126572-695026536-1003\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-3969232694-1999126572-695026536-1003\...\Run: [MobileDocuments] => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-3969232694-1999126572-695026536-1003\...\Run: [GoogleDriveSync] => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-3969232694-1999126572-695026536-1003\...\Run: [MySQL Notifier] => C:\Program Files\MySQL\MySQL Notifier 1.1.4\MySqlNotifier.exe [762368 2013-07-05] (Oracle Corporation)
HKU\S-1-5-21-3969232694-1999126572-695026536-1003\...\Run: [GoogleChromeAutoLaunch_8B20890DE081CD90CF442E7C82A6459C] => C:\Users\odp\AppData\Local\Google\Chrome\Application\chrome.exe [841032 2014-04-23] (Google Inc.)
HKU\S-1-5-21-3969232694-1999126572-695026536-1003\...\MountPoints2: {58102d1d-1750-11e0-91e7-60eb6902ce08} - E:\LaunchU3.exe -a
HKU\S-1-5-21-3969232694-1999126572-695026536-1003\...\MountPoints2: {c1313b12-218b-11df-a499-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-21-3969232694-1999126572-695026536-1003\...\MountPoints2: {dd09a251-ad31-11e1-a243-60eb6902ce08} - E:\LaunchU3.exe -a
AppInit_DLLs: c:\progra~1\google\google~3\go36f4~1.dll => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-11-03] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico ()
Startup: C:\Users\odp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\odp\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\odp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - Backup.Old.DefaultScope {2D0B6168-B2EE-41B1-B811-6EE646729B00}
SearchScopes: HKCU - Backup.Old.DefaultScope {A217BDFC-B750-4F89-A784-561EAE59E948}
SearchScopes: HKCU - {02858B5A-2E94-1B12-0ADF-2B8B6C40471C} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKCU - {2D0B6168-B2EE-41B1-B811-6EE646729B00} URL = 
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Bucksbee Loyalty Plugin - Air Installer - {86A5A4F7-990C-F0B4-096E-6B6BFDC90EC9} - C:\Program Files\Bucksbee Loyalty Plugin - Air Installer\BucksBee Loyalty Plugin.dll (Freecause Inc.)
BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF ProfilePath: C:\Users\odp\AppData\Roaming\Mozilla\Firefox\Profiles\4o29xxeh.default
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com/
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.18 - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\odp\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\odp\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\odp\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\odp\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\odp\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml
FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011-01-20]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-06-17]
 
Chrome: 
=======
CHR HomePage: hxxp://search.conduit.com/?gd=&ctid=CT3321733&octid=EB_ORIGINAL_CTID&ISID=M9D955135-19F6-4E64-B8CF-727A29465303&SearchSource=55&CUI=&UM=2&UP=SP32482C90-6ACF-4CA6-BFCD-06080D853273&SSPV=
CHR StartupUrls: "hxxp://search.conduit.com/?gd=&ctid=CT3321733&octid=EB_ORIGINAL_CTID&ISID=M9D955135-19F6-4E64-B8CF-727A29465303&SearchSource=55&CUI=&UM=2&UP=SP32482C90-6ACF-4CA6-BFCD-06080D853273&SSPV="
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchProvider: Conduit Search
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Users\odp\AppData\Local\Google\Chrome\User Data\PepperFlash\11.8.800.97\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\odp\AppData\Local\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\odp\AppData\Local\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Users\odp\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\odp\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U35) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Veetle TV Player) - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
CHR Plugin: (Veetle TV Core) - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Java Deployment Toolkit 6.0.350.10) - C:\Windows\system32\npdeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Extension: (Angry Birds) - C:\Users\odp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2013-05-28]
CHR Extension: (Adblock Plus) - C:\Users\odp\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-05-28]
CHR Extension: (Strict Workflow) - C:\Users\odp\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd [2013-05-28]
CHR Extension: (Zen Spring) - C:\Users\odp\AppData\Local\Google\Chrome\User Data\Default\Extensions\iccigcodfkejfabfbepnfoddhnlmimgo [2013-05-28]
CHR Extension: (Cake Cafe) - C:\Users\odp\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh [2014-05-04]
CHR Extension: (Delicious Bookmarks Extension) - C:\Users\odp\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnaelnkmidnndgikjbiifihgklnocljd [2013-05-28]
CHR Extension: (Harvard Referencing) - C:\Users\odp\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnbmlbimbgkpnhmfgcmooaedkjnbhbim [2013-05-28]
CHR Extension: (Hangouts) - C:\Users\odp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2013-07-31]
CHR Extension: (Pocket (formerly Read It Later)) - C:\Users\odp\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2013-05-28]
CHR Extension: (Google Wallet) - C:\Users\odp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (FantasyLink) - C:\Users\odp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pghfoglbgdeknkjcmilhkidfdkgenfdi [2014-03-08]
CHR Extension: (Evernote Web Clipper) - C:\Users\odp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2013-05-28]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2010-11-22]
CHR StartMenuInternet: Google Chrome - C:\Users\odp\AppData\Local\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1524512 2007-10-26] (Cisco Systems, Inc.)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2012-10-29] (Flexera Software, Inc.)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-11-03] (Google)
R2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [45424 2009-07-03] (Lenovo Group Limited)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R2 MySQL56; C:\ProgramData\MySQL\MySQL Server 5.6\my.ini [14253 2013-08-28] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 ntrtscan; C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe [1262888 2009-05-22] (Trend Micro Inc.)
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
S3 Roxio UPnP Renderer 10; C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-08-05] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-08-05] (Sonic Solutions)
S2 RoxLiveShare10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [309744 2009-08-05] (Sonic Solutions)
R2 SUService; c:\Program Files\Lenovo\System Update\SUService.exe [15872 2009-09-25] (Lenovo Group Limited)
R3 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [341256 2009-06-21] ()
R2 tmlisten; C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe [1325128 2009-05-22] (Trend Micro Inc.)
R3 TmPfw; C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe [497008 2009-03-10] (Trend Micro Inc.)
R3 TmProxy; C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe [685320 2009-03-10] (Trend Micro Inc.)
S2 LMIGuardianSvc; "C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe" [X]
S2 nuttkoqiez32; C:\Program Files\003\nuttkoqiez32.exe run options=01110010030000000000000000000000 sourceguid=A1D0A8BA-DE75-49A5-A1BF-870FC16D4B50 [X]
 
==================== Drivers (Whitelisted) ====================
 
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306300 2007-10-26] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [127376 2007-01-31] (Deterministic Networks, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 MpKsl4e1d3c6e; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5BBC83E1-EF8D-4323-8B1B-0E731964E535}\MpKsl4e1d3c6e.sys [39464 2014-05-04] (Microsoft Corporation)
R0 mv64xx; C:\Windows\System32\DRIVERS\mv64xx.sys [277032 2009-05-19] (Marvell Semiconductor, Inc.)
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [67664 2010-08-20] ()
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [177232 2010-08-20] ()
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [57424 2010-08-20] ()
R2 TmFilter; C:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [230928 2009-12-04] (Trend Micro Inc.)
R1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [145936 2009-03-10] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys [36368 2009-12-04] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [83728 2009-03-10] (Trend Micro Inc.)
R2 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [256528 2009-03-10] (Trend Micro Inc.)
R2 VSApiNt; C:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys [1322680 2009-12-04] (Trend Micro Inc.)
S2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [X]
S4 LMIRfsClientNP; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-04 14:23 - 2014-05-04 14:26 - 00027514 _____ () C:\Users\odp\Downloads\FRST.txt
2014-05-04 14:22 - 2014-05-04 14:23 - 00000000 ____D () C:\FRST
2014-05-04 14:21 - 2014-05-04 14:22 - 01051648 _____ (Farbar) C:\Users\odp\Downloads\FRST.exe
2014-05-04 14:00 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-05-04 13:58 - 2014-05-04 14:05 - 00000000 ____D () C:\AdwCleaner
2014-05-04 13:53 - 2014-05-04 13:54 - 01313617 _____ () C:\Users\odp\Downloads\AdwCleaner (1).exe
2014-05-04 13:32 - 2014-05-04 13:32 - 00025610 _____ () C:\Users\odp\Desktop\dds.txt
2014-05-04 13:32 - 2014-05-04 13:32 - 00009896 _____ () C:\Users\odp\Desktop\attach.txt
2014-05-04 13:27 - 2014-05-04 13:28 - 00688992 ____R (Swearware) C:\Users\odp\Downloads\dds.com
2014-05-04 12:36 - 2014-05-04 12:36 - 00015879 _____ () C:\Users\odp\Downloads\hijackthis.log
2014-05-04 12:33 - 2014-05-04 12:34 - 00388608 _____ (Trend Micro Inc.) C:\Users\odp\Downloads\HiJackThis.exe
2014-05-04 11:56 - 2014-05-04 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
2014-05-04 11:56 - 2012-04-09 00:40 - 00079360 _____ () C:\Windows\system32\ff_vfw.dll
2014-05-04 11:55 - 2014-05-04 11:56 - 00000000 ____D () C:\Program Files\ffdshow
2014-05-04 11:45 - 2014-05-04 11:45 - 00000000 ____D () C:\Users\odp\AppData\Roaming\DropboxMaster
2014-05-04 11:39 - 2014-05-04 11:40 - 00534096 _____ () C:\Users\odp\Downloads\HDvid-codec-Chrome.exe
2014-05-04 03:01 - 2014-04-29 10:47 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-04 03:01 - 2014-04-29 10:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-24 03:01 - 2013-12-21 04:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-23 14:14 - 2014-03-01 00:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-23 14:14 - 2014-02-28 23:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-23 14:14 - 2014-02-28 23:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-23 14:14 - 2014-02-28 23:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-23 14:14 - 2014-02-28 23:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-23 14:14 - 2014-02-28 23:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-23 14:14 - 2014-02-28 23:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-23 14:14 - 2014-02-28 23:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-23 14:14 - 2014-02-28 23:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-23 14:14 - 2014-02-28 23:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-23 14:14 - 2014-02-28 23:31 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-23 14:14 - 2014-02-28 23:25 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-23 14:14 - 2014-02-28 23:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-23 14:14 - 2014-02-28 23:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-23 14:14 - 2014-02-28 23:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-23 14:14 - 2014-02-28 23:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-23 14:14 - 2014-02-28 22:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-23 14:14 - 2014-02-28 22:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-23 14:14 - 2014-02-28 22:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-23 14:14 - 2014-02-28 22:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-23 03:05 - 2014-04-23 03:05 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-04-23 03:05 - 2014-04-23 03:05 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-04-23 03:05 - 2014-04-23 03:05 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-04-23 03:05 - 2014-04-23 03:05 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-23 03:05 - 2014-04-23 03:05 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-23 03:05 - 2014-04-23 03:05 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-04-23 03:05 - 2014-04-23 03:05 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-23 03:05 - 2014-04-23 03:05 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-04-23 03:05 - 2014-04-23 03:05 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-23 03:05 - 2014-04-23 03:05 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-04-23 03:05 - 2014-04-23 03:05 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-04-23 03:05 - 2014-04-23 03:05 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-04-23 03:05 - 2014-04-23 03:05 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-04-23 03:05 - 2014-04-23 03:05 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-04-23 03:05 - 2014-04-23 03:05 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-04-23 03:05 - 2014-04-23 03:05 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-04-23 03:05 - 2014-04-23 03:05 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-04-23 03:05 - 2014-04-23 03:05 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-23 03:05 - 2014-04-23 03:05 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-04-23 03:05 - 2014-04-23 03:05 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-04-23 03:05 - 2014-04-23 03:05 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-04-23 03:05 - 2014-04-23 03:05 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-23 03:05 - 2014-04-23 03:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-04-23 03:05 - 2014-04-23 03:05 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-04-23 03:05 - 2014-04-23 03:05 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-04-23 03:05 - 2014-04-23 03:05 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-04-23 03:05 - 2014-04-23 03:05 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-04-23 03:05 - 2014-04-23 03:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-04-23 03:05 - 2014-04-23 03:05 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-04-23 03:05 - 2014-04-23 03:05 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-23 03:05 - 2014-04-23 03:05 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-04-23 03:05 - 2014-04-23 03:05 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-04-23 03:05 - 2014-04-23 03:05 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-04-21 20:06 - 2014-04-21 20:06 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-21 20:06 - 2014-04-21 20:06 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-04-21 20:06 - 2014-04-21 20:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-21 20:05 - 2014-04-21 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-21 20:05 - 2014-04-21 20:04 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-21 20:05 - 2014-04-21 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-21 20:05 - 2014-04-21 20:04 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-04-09 01:49 - 2014-03-04 05:17 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 01:49 - 2014-02-03 22:07 - 00234432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 01:49 - 2014-02-03 22:07 - 00149440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 01:49 - 2014-02-03 22:07 - 00027072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 01:49 - 2014-02-03 22:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 01:49 - 2014-01-23 22:18 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
 
==================== One Month Modified Files and Folders =======
 
2014-05-04 14:26 - 2014-05-04 14:23 - 00027514 _____ () C:\Users\odp\Downloads\FRST.txt
2014-05-04 14:24 - 2010-02-24 17:49 - 01715596 _____ () C:\Windows\WindowsUpdate.log
2014-05-04 14:23 - 2014-05-04 14:22 - 00000000 ____D () C:\FRST
2014-05-04 14:22 - 2014-05-04 14:21 - 01051648 _____ (Farbar) C:\Users\odp\Downloads\FRST.exe
2014-05-04 14:21 - 2010-10-22 08:10 - 00000000 ____D () C:\Users\odp\AppData\Roaming\Dropbox
2014-05-04 14:20 - 2011-01-05 17:52 - 00000000 ___RD () C:\Users\odp\Dropbox
2014-05-04 14:18 - 2009-07-21 01:30 - 00816966 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-04 14:16 - 2010-11-03 15:56 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-04 14:15 - 2010-11-03 15:56 - 00000876 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-04 14:15 - 2010-11-03 15:20 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3969232694-1999126572-695026536-1003UA.job
2014-05-04 14:10 - 2010-05-27 17:18 - 00000031 _____ () C:\tmuninst.ini
2014-05-04 14:10 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-04 14:10 - 2009-07-14 00:39 - 00252878 _____ () C:\Windows\setupact.log
2014-05-04 14:09 - 2013-07-31 21:04 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3969232694-1999126572-695026536-1006UA.job
2014-05-04 14:09 - 2010-10-23 03:29 - 00015151 _____ () C:\Windows\TMFilter.log
2014-05-04 14:09 - 2010-05-28 05:31 - 00145670 _____ () C:\Windows\PFRO.log
2014-05-04 14:05 - 2014-05-04 13:58 - 00000000 ____D () C:\AdwCleaner
2014-05-04 13:54 - 2014-05-04 13:53 - 01313617 _____ () C:\Users\odp\Downloads\AdwCleaner (1).exe
2014-05-04 13:32 - 2014-05-04 13:32 - 00025610 _____ () C:\Users\odp\Desktop\dds.txt
2014-05-04 13:32 - 2014-05-04 13:32 - 00009896 _____ () C:\Users\odp\Desktop\attach.txt
2014-05-04 13:28 - 2014-05-04 13:27 - 00688992 ____R (Swearware) C:\Users\odp\Downloads\dds.com
2014-05-04 12:36 - 2014-05-04 12:36 - 00015879 _____ () C:\Users\odp\Downloads\hijackthis.log
2014-05-04 12:35 - 2010-05-27 13:56 - 00000000 ____D () C:\Users\odp\AppData\Local\VirtualStore
2014-05-04 12:34 - 2014-05-04 12:33 - 00388608 _____ (Trend Micro Inc.) C:\Users\odp\Downloads\HiJackThis.exe
2014-05-04 11:56 - 2014-05-04 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
2014-05-04 11:56 - 2014-05-04 11:55 - 00000000 ____D () C:\Program Files\ffdshow
2014-05-04 11:45 - 2014-05-04 11:45 - 00000000 ____D () C:\Users\odp\AppData\Roaming\DropboxMaster
2014-05-04 11:45 - 2011-01-05 17:52 - 00001029 _____ () C:\Users\odp\Desktop\Dropbox.lnk
2014-05-04 11:45 - 2010-10-22 08:12 - 00000000 ____D () C:\Users\odp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-04 11:40 - 2014-05-04 11:39 - 00534096 _____ () C:\Users\odp\Downloads\HDvid-codec-Chrome.exe
2014-05-04 10:53 - 2010-11-03 15:55 - 00000868 _____ () C:\Windows\Tasks\Google Software Updater.job
2014-05-04 03:27 - 2009-07-14 00:34 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-04 03:27 - 2009-07-14 00:34 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-03 21:09 - 2013-07-31 21:04 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3969232694-1999126572-695026536-1006Core.job
2014-05-03 19:42 - 2010-11-03 15:20 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3969232694-1999126572-695026536-1003Core.job
2014-04-29 10:47 - 2014-05-04 03:01 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 10:14 - 2014-05-04 03:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-25 17:38 - 2010-11-03 15:21 - 00002372 _____ () C:\Users\odp\Desktop\Google Chrome.lnk
2014-04-23 04:06 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache
2014-04-23 03:07 - 2013-11-28 04:01 - 00510440 _____ () C:\Windows\IE11_main.log
2014-04-23 03:05 - 2014-04-23 03:05 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-04-23 03:05 - 2014-04-23 03:05 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-04-23 03:05 - 2014-04-23 03:05 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-04-23 03:05 - 2014-04-23 03:05 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-23 03:05 - 2014-04-23 03:05 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-23 03:05 - 2014-04-23 03:05 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-04-23 03:05 - 2014-04-23 03:05 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-23 03:05 - 2014-04-23 03:05 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-04-23 03:05 - 2014-04-23 03:05 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-23 03:05 - 2014-04-23 03:05 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-04-23 03:05 - 2014-04-23 03:05 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-04-23 03:05 - 2014-04-23 03:05 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-04-23 03:05 - 2014-04-23 03:05 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-04-23 03:05 - 2014-04-23 03:05 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-04-23 03:05 - 2014-04-23 03:05 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-04-23 03:05 - 2014-04-23 03:05 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-04-23 03:05 - 2014-04-23 03:05 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-04-23 03:05 - 2014-04-23 03:05 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-23 03:05 - 2014-04-23 03:05 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-04-23 03:05 - 2014-04-23 03:05 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-04-23 03:05 - 2014-04-23 03:05 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-04-23 03:05 - 2014-04-23 03:05 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-23 03:05 - 2014-04-23 03:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-04-23 03:05 - 2014-04-23 03:05 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-04-23 03:05 - 2014-04-23 03:05 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-04-23 03:05 - 2014-04-23 03:05 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-04-23 03:05 - 2014-04-23 03:05 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-04-23 03:05 - 2014-04-23 03:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-04-23 03:05 - 2014-04-23 03:05 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-04-23 03:05 - 2014-04-23 03:05 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-23 03:05 - 2014-04-23 03:05 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-04-23 03:05 - 2014-04-23 03:05 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-04-23 03:05 - 2014-04-23 03:05 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-04-21 20:06 - 2014-04-21 20:06 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-21 20:06 - 2014-04-21 20:06 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-04-21 20:05 - 2014-04-21 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-21 20:04 - 2014-04-21 20:06 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-21 20:04 - 2014-04-21 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-21 20:04 - 2014-04-21 20:05 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-21 20:04 - 2014-04-21 20:05 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-04-21 20:04 - 2010-02-24 17:48 - 00000000 ____D () C:\Program Files\Java
2014-04-09 03:13 - 2010-02-24 18:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-09 03:10 - 2013-08-17 12:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 03:05 - 2011-05-17 12:48 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
Some content of TEMP:
====================
C:\Users\odp\AppData\Local\Temp\dlLogic.exe
C:\Users\odp\AppData\Local\Temp\dltr.exe
C:\Users\odp\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgl5m7t.dll
C:\Users\odp\AppData\Local\Temp\GCVerifier.dll
C:\Users\odp\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\odp\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\odp\AppData\Local\Temp\nsk34AB.exe
C:\Users\odp\AppData\Local\Temp\nsp2CCD.exe
C:\Users\odp\AppData\Local\Temp\nspD1FC.exe
C:\Users\odp\AppData\Local\Temp\nspD72B.exe
C:\Users\odp\AppData\Local\Temp\nsuCC9E.exe
C:\Users\odp\AppData\Local\Temp\nsv4B67.exe
C:\Users\odp\AppData\Local\Temp\Quarantine.exe
C:\Users\odp\AppData\Local\Temp\setup.exe
C:\Users\odp\AppData\Local\Temp\SkypeSetup.exe
C:\Users\odp\AppData\Local\Temp\verifier.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-04-29 20:34
 
==================== End Of Log ============================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:04-05-2014
Ran by odp at 2014-05-04 14:29:29
Running from C:\Users\odp\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Trend Micro Client/Server Security Agent Anti-spyware (Disabled - Out of date) {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: Trend Micro Personal Firewall (Disabled) {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
 
==================== Installed Programs ======================
 
 Registry Patch to arrange icons in Device and Printers folder of Windows 7 (HKLM\...\W7DevOR) (Version: 1.00 - )
 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
µTorrent (HKLM\...\uTorrent) (Version: 2.2.1 - )
2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.0.0.4080 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.0.0.4080 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (HKLM\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.2.152.26 - Adobe Systems Incorporated)
Adobe Reader X (10.1.3) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-9460CDN (HKLM\...\{979742CC-2CBB-49D8-9BEE-C2F7875F5393}) (Version: 1.0.21.0 - Brother Industries, Ltd.)
Bucksbee Loyalty Plugin - Air Installer (HKLM\...\Bucksbee Loyalty Plugin - Air Installer) (Version:  - )
Cisco Systems VPN Client 5.0.02.0090 (HKLM\...\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}) (Version: 5.0.2 - Cisco Systems, Inc.)
Citrix Online Launcher (HKLM\...\{E1B40232-F73B-4BF9-A819-E352CCC1EDEF}) (Version: 1.0.122 - Citrix)
Create Recovery Media (HKLM\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.6.31 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Evernote v. 5.0.2 (HKLM\...\{C2EECB42-2C7F-11E3-8960-00163E98E7D0}) (Version: 5.0.2.1392 - Evernote Corp.)
ffdshow v1.2.4422 [2012-04-09] (HKLM\...\ffdshow_is1) (Version: 1.2.4422.0 - )
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Google Apps (HKLM\...\{C8E95BF5-C07F-4D98-BB42-F58FC98BC03E}) (Version: 1.2.279.2381 - Google Inc.)
Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
Google Talk Plugin (HKLM\...\{6D2A900D-EB39-3386-8D9F-3B8F069C57A5}) (Version: 4.2.1.14031 - Google)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
GoToMeeting 4.8.0.723 (HKCU\...\GoToMeeting) (Version: 4.8.0.723 - CitrixOnline)
Graboid Video 3.11 (HKLM\...\Graboid Video) (Version: 3.11 - Graboid Inc.)
iCloud (HKLM\...\{925F1DB6-E86E-4378-9091-D1F68B0583C9}) (Version: 2.1.2.8 - Apple Inc.)
Integrated Camera Driver Installer Package Ver.1.0.1.2 (HKLM\...\{C3CD17B4-08B0-492D-8A4C-81716D33E520}) (Version: 1.0.1.2 - RICOH)
Integrated Camera TWAIN (HKLM\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.8.601 - Chicony Electronics Co.,Ltd.)
Intel PROSet Wireless (Version:  - ) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1872 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{CCAFF072-4DDB-4846-963D-15F02A8E9472}) (Version: 13.00.0000 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
InterVideo WinDVD 8 (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0.20.172 - InterVideo Inc.)
InterVideo WinDVD 8 (Version: 8.0.20.172 - InterVideo Inc.) Hidden
iTunes (HKLM\...\{11E568E0-3244-4BCB-875E-F334269DFDCB}) (Version: 11.0.3.42 - Apple Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JMicron Flash Media Controller Driver (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.29.02 - JMicron Technology Corp.)
KONICA MINOLTA C360Series (HKLM\...\KONICA MINOLTA C360Series Installer) (Version:  - KONICA MINOLTA)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.01 - )
Malwarebytes Anti-Malware version 1.70.0.1100 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.70.0.1100 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.40303 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.40308 - Microsoft Corporation) Hidden
MobileMe Control Panel (HKLM\...\{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 13.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 13.0.1 (x86 en-US)) (Version: 13.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 13.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MySQL Connector C++ 1.1.3 (HKLM\...\{327A4781-7E7E-4509-864B-0DC900D6482A}) (Version: 1.1.3 - Oracle and/or its affiliates)
MySQL Connector J (HKLM\...\{4C5FFB59-6222-45CA-9257-EFB93D5E1756}) (Version: 5.1.26 - Oracle Corporation)
MySQL Connector Net 6.7.4 (HKLM\...\{D6952EDA-6AC4-4480-A060-BD6025B15BAD}) (Version: 6.7.4 - Oracle)
MySQL Connector Python v1.0.11 for Python v2.7 (HKLM\...\{CCCE494D-ACAC-4D3E-91FF-63D30CF04E0B}) (Version: 1.0.11 - Oracle)
MySQL Connector/ODBC 5.2 32bit (community edition) (HKLM\...\{12A47162-DE00-4A9D-A82B-2EC881139B10}) (Version: 5.2.5 - Oracle Corporation)
MySQL Documents 5.6 (HKLM\...\{4C102489-D4F3-4324-B573-0802120B1D80}) (Version: 5.6.13 - Oracle Corporation)
MySQL Examples and Samples 5.6 (HKLM\...\{7FC20482-AE94-4DF1-90C1-09EDEC416970}) (Version: 5.6.13 - Oracle Corporation)
MySQL For Excel 1.1.1 (HKLM\...\{88C06BF4-9A84-42FE-A0B2-CB3A49DDBBF0}) (Version: 1.1.1 - Oracle)
MySQL Installer (HKLM\...\{14A17206-6DC0-4896-A3BC-879B743543B8}) (Version: 1.3.2.0 - Oracle Corporation)
MySQL Notifier 1.1.4 (HKLM\...\{D7C3E617-EB02-47B3-8D0E-BF3E00D873D5}) (Version: 1.1.4 - Oracle)
MySQL Server 5.6 (HKLM\...\{A28E1945-C99C-469B-8B75-0120C8CD2D45}) (Version: 5.6.13 - Oracle Corporation)
MySQL Utilities (HKLM\...\{6A494EFD-CFC6-4534-9E14-26D3F7D888DE}) (Version: 1.3.4 - Oracle)
MySQL Workbench 6.0 CE (HKLM\...\{0BBFADE9-0CA5-4AA3-BC90-629CE53952CF}) (Version: 6.0.6 - Oracle Corporation)
Nuance PaperPort 12 (HKLM\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
Octoshape add-in for Adobe Flash Player (HKCU\...\Octoshape add-in for Adobe Flash Player) (Version:  - )
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 5.32.00 - )
PaperPort Image Printer (HKLM\...\{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}) (Version: 1.00.0001 - Nuance Communications, Inc.)
PrimoPDF -- by Nitro PDF Software (HKLM\...\PrimoPDF) (Version: 5.0.0.19 - Nitro PDF Software)
Python 2.7.3 (HKLM\...\{C0C31BCC-56FB-42a7-8766-D29E1BD74C7C}) (Version: 2.7.3150 - Python Software Foundation)
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
R for Windows 2.15.2 (HKLM\...\R for Windows 2.15.2_is1) (Version: 2.15.2 - R Core Team)
Realtek 8136 8168 8169 Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5892 - Realtek Semiconductor Corp.)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
RocketDock 1.3.5 (HKLM\...\RocketDock_is1) (Version:  - Punk Software)
Roxio Activation Module (Version: 1.0 - Roxio) Hidden
Roxio Central Audio (Version: 3.8.0 - Roxio) Hidden
Roxio Central Copy (Version: 3.8.0 - Roxio) Hidden
Roxio Central Core (Version: 3.8.0 - Roxio) Hidden
Roxio Central Data (Version: 3.8.0 - Roxio) Hidden
Roxio Central Tools (Version: 3.8.0 - Roxio) Hidden
Roxio Creator Small Business Edition (HKLM\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Roxio Creator Small Business Edition (Version: 10.3.081 - Roxio) Hidden
Roxio Express Labeler 3 (Version: 3.2.1 - Roxio) Hidden
Scansoft PDF Professional (Version:  - ) Hidden
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden
Sonic Icons for Lenovo (HKLM\...\{B334D9AE-1393-423E-97C0-3BDC3360E692}) (Version: 2.0.0 - Lenovo)
Spotify (HKLM\...\Spotify) (Version: 0.5.2 - )
Spyware Doctor 7.0 (HKLM\...\Spyware Doctor) (Version: 7.0 - PC Tools)
Strawberry Perl (HKLM\...\{C6A30EE4-6CA4-1014-8046-759D36F7176A}) (Version: 5.18.1001 - strawberryperl.com project)
SupraSavings (Version: 1.0.0.0 - SupraSavings) Hidden <==== ATTENTION
System Update (HKLM\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.00.0009 - Lenovo)
Tableau Public 7.0 (HKLM\...\{C3EC0200-E7E1-416E-8FC5-FE5512E7B12A}) (Version: 7.0.403 - Tableau Software)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.10 - )
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.55 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.17.0 - )
Trend Micro Client/Server Security Agent (HKLM\...\OfficeScanNT) (Version: 16.0.1331 - Trend Micro)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
uTorrentBar Toolbar (HKLM\...\uTorrentBar Toolbar) (Version:  - ) <==== ATTENTION
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Veetle TV 0.9.18 (HKLM\...\Veetle TV) (Version: 0.9.18 - Veetle, Inc)
Virtual DJ - Atomix Productions (HKLM\...\Virtual DJ - Atomix Productions) (Version:  - )
VirtualDJ Home FREE (HKLM\...\{19192A84-6172-4312-A661-D8F9A34585AB}) (Version: 7.0.4.1 - Atomix Productions)
VLC media player 1.0.1 (HKLM\...\VLC media player) (Version: 1.0.1 - VideoLAN Team)
Windows Driver Package - Intel hdc  (06/04/2009 7.0.0.1013) (HKLM\...\1AE98C75AE2DD1284F66876FA76F46BFDF6B9D31) (Version: 06/04/2009 7.0.0.1013 - Intel)
Windows Driver Package - Intel System  (06/04/2009 1.0.0.0002) (HKLM\...\E7B58217635B8F723D4744A328A4B3237DB35FA9) (Version: 06/04/2009 1.0.0.0002 - Intel)
Windows Driver Package - Lenovo 1.55 (08/18/2009 1.55) (HKLM\...\112AA64E0C8CC704E307FE914F7DEC1C0035598E) (Version: 08/18/2009 1.55 - Lenovo)
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (07/10/2009 6.0.1.5892) (HKLM\...\8FE0BAC9C97DE6D9A2B7BB6B689E7F9460D0624B) (Version: 07/10/2009 6.0.1.5892 - Realtek Semiconductor Corp.)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
Xerox Support Centre (HKLM\...\Xerox_Support_Centre) (Version:  - )
YTD Toolbar v7.0 (HKLM\...\{0C1B3A6B-B467-474D-97E4-D8BAC3E839CD}) (Version: 7.0 - Spigot, Inc.)
 
==================== Restore Points  =========================
 
15-04-2014 07:00:50 Windows Update
16-04-2014 07:00:17 Windows Update
17-04-2014 07:00:17 Windows Update
18-04-2014 07:01:06 Windows Update
19-04-2014 19:33:22 Windows Update
20-04-2014 07:01:37 Windows Update
22-04-2014 00:00:40 Removed Java™ 6 Update 35
22-04-2014 00:03:51 Installed Java 7 Update 55
22-04-2014 07:01:37 Windows Update
23-04-2014 07:01:12 Windows Update
24-04-2014 07:00:27 Windows Update
25-04-2014 07:00:21 Windows Update
28-04-2014 07:32:01 Windows Update
02-05-2014 05:37:27 Windows Update
04-05-2014 07:00:37 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 22:04 - 2009-06-10 17:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {29F72169-14D0-4CDB-A1E0-902EDE0FE58F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3969232694-1999126572-695026536-1003UA => C:\Users\odp\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-08] (Google Inc.)
Task: {52E0C04F-CFC6-453C-8E7C-4F08D3235CE3} - System32\Tasks\JavaUpdateSched => C:\Windows\System32\jusched.exe
Task: {6765E6F5-AF75-4888-BBF2-C4F927B2517D} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()
Task: {6C5F71DA-16DE-4422-9BD4-FB2A481A1E99} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {816F46BA-2CCD-41B0-AB53-4E1C06E3E6D3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3969232694-1999126572-695026536-1006UA => C:\Users\Claire\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-12] (Google Inc.)
Task: {A26ED5E5-6533-4914-8481-A00D48A9AF28} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3969232694-1999126572-695026536-1006Core => C:\Users\Claire\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-12] (Google Inc.)
Task: {A2C68ED4-B110-4983-B3B6-7829AA356F9A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-03] (Google Inc.)
Task: {A4570C9E-0338-4AEF-85BA-54B11BFB1456} - System32\Tasks\{564D3DEA-6C0E-4558-B598-0C6A703CF6ED} => C:\Program Files\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {BC236294-DCF0-4BDD-B2CE-EB6248C594B6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-03] (Google Inc.)
Task: {D7004B89-284D-461A-A680-23EBC247A5B2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F4313B29-56A3-451F-9B1A-4F95980AF63A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3969232694-1999126572-695026536-1003Core => C:\Users\odp\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-08] (Google Inc.)
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3969232694-1999126572-695026536-1003Core.job => C:\Users\odp\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3969232694-1999126572-695026536-1003UA.job => C:\Users\odp\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3969232694-1999126572-695026536-1006Core.job => C:\Users\Claire\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3969232694-1999126572-695026536-1006UA.job => C:\Users\Claire\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-10-22 08:05 - 2010-08-24 17:47 - 00011264 _____ () C:\Windows\System32\KOAZ8J_L.DLL
2010-10-22 08:05 - 2010-08-24 17:48 - 00011264 _____ () C:\Windows\System32\KOAZ8A_L.DLL
2010-10-22 08:06 - 2010-08-24 17:48 - 00011264 _____ () C:\Windows\System32\KOAZ8W_L.DLL
2010-05-27 17:48 - 2009-07-30 21:44 - 00176235 _____ () C:\Windows\System32\Primomonnt.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 00087328 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 01241888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2007-10-26 14:28 - 2007-10-26 14:28 - 00197408 _____ () C:\Windows\system32\vpnapi.dll
2013-07-10 19:11 - 2013-07-10 19:11 - 10948096 _____ () C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe
2009-12-21 16:17 - 2009-03-10 22:03 - 00533768 _____ () C:\Program Files\Trend Micro\Client Server Security Agent\TmPfwCtl.dll
2010-05-27 17:18 - 2009-06-21 03:35 - 00341256 _____ () C:\Program Files\Trend Micro\BM\TMBMSRV.exe
2011-06-22 11:13 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2014-04-25 17:37 - 2014-04-23 20:33 - 00065352 _____ () C:\Users\odp\AppData\Local\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
2014-04-25 17:37 - 2014-04-23 20:33 - 00674632 _____ () C:\Users\odp\AppData\Local\Google\Chrome\Application\34.0.1847.131\libglesv2.dll
2014-04-25 17:37 - 2014-04-23 20:33 - 00093000 _____ () C:\Users\odp\AppData\Local\Google\Chrome\Application\34.0.1847.131\libegl.dll
2014-04-25 17:37 - 2014-04-23 20:33 - 04081480 _____ () C:\Users\odp\AppData\Local\Google\Chrome\Application\34.0.1847.131\pdf.dll
2014-04-25 17:37 - 2014-04-23 20:33 - 00390472 _____ () C:\Users\odp\AppData\Local\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
2014-04-25 17:37 - 2014-04-23 20:33 - 01647432 _____ () C:\Users\odp\AppData\Local\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
2014-05-04 14:18 - 2014-05-04 14:18 - 00041984 _____ () c:\users\odp\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgl5m7t.dll
2013-10-18 19:55 - 2013-10-18 19:55 - 25100288 _____ () C:\Users\odp\AppData\Roaming\Dropbox\bin\libcef.dll
2013-09-26 13:50 - 2013-09-26 13:50 - 00433664 _____ () C:\Program Files\Evernote\Evernote\libxml2.dll
2013-09-26 13:49 - 2013-09-26 13:49 - 00315392 _____ () C:\Program Files\Evernote\Evernote\libtidy.dll
2014-04-22 17:34 - 1980-01-01 01:00 - 00181760 _____ () C:\Users\odp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2014.410.434.1_0\plugin\ace.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: MpKslb7287914
Description: MpKslb7287914
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: MpKslb7287914
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/04/2014 02:26:32 PM) (Source: Application Error) (User: )
Description: Faulting application name: agent.exe, version: 11.60.100.23865, time stamp: 0x4a00a9ad
Faulting module name: agent.exe, version: 11.60.100.23865, time stamp: 0x4a00a9ad
Exception code: 0xc0000005
Fault offset: 0x0009e213
Faulting process id: 0xec4
Faulting application start time: 0xagent.exe0
Faulting application path: agent.exe1
Faulting module path: agent.exe2
Report Id: agent.exe3
 
Error: (05/04/2014 02:12:58 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/05/04 14:12:58.418]: [00002272]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.68]
 
Error: (05/04/2014 02:11:49 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/05/04 14:11:49.263]: [00002272]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.68]
 
Error: (05/04/2014 02:11:10 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/05/04 14:11:10.092]: [00002272]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.68]
 
Error: (05/04/2014 02:10:31 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/05/04 14:10:31.012]: [00002272]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.68]
 
Error: (05/04/2014 00:09:17 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 90080108
 
Error: (05/04/2014 11:54:07 AM) (Source: MsiInstaller) (User: ODPTMP10221001)
Description: Product: SupraSavings -- Error 1925. You do not have sufficient privileges to complete this installation for all users of the machine.  Log on as administrator and then retry this installation.
 
Error: (05/04/2014 11:52:49 AM) (Source: Application Error) (User: )
Description: Faulting application name: MsiExec.exe, version: 5.0.7601.17514, time stamp: 0x4ce792c4
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x1a48
Faulting application start time: 0xMsiExec.exe0
Faulting application path: MsiExec.exe1
Faulting module path: MsiExec.exe2
Report Id: MsiExec.exe3
 
Error: (05/04/2014 11:24:04 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
 
Error: (05/04/2014 03:23:59 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/05/04 03:23:59.030]: [00002416]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.68]
 
 
System errors:
=============
Error: (05/04/2014 02:20:21 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service hung on starting.
 
Error: (05/04/2014 02:11:44 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Network Inspection service failed to start due to the following error: 
%%1053
 
Error: (05/04/2014 02:11:44 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft Network Inspection service to connect.
 
Error: (05/04/2014 02:10:21 PM) (Source: Service Control Manager) (User: )
Description: The nuttkoqiez32 service failed to start due to the following error: 
%%2
 
Error: (05/04/2014 02:10:15 PM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error: 
%%2
 
Error: (05/04/2014 02:10:15 PM) (Source: Service Control Manager) (User: )
Description: The LMIGuardianSvc service failed to start due to the following error: 
%%2
 
Error: (05/04/2014 03:20:15 AM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error: 
%%2
 
Error: (05/04/2014 03:20:15 AM) (Source: Service Control Manager) (User: )
Description: The LMIGuardianSvc service failed to start due to the following error: 
%%2
 
Error: (05/04/2014 03:18:57 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TmProxy service.
 
Error: (04/25/2014 03:20:09 AM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
Error: (02/06/2012 02:22:15 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 153 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 85%
Total physical RAM: 1912.86 MB
Available physical RAM: 285.73 MB
Total Pagefile: 3825.72 MB
Available Pagefile: 1162.28 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.55 MB
 
==================== Drives ================================
 
Drive c: (Windows7_OS) (Fixed) (Total:221.95 GB) (Free:115.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:3.04 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 77B98A54)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=222 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:47 PM

Posted 04 May 2014 - 09:07 PM

1.

Uninstalling A Program Through "add/remove"

Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

SupraSavings
uTorrentBar Toolbar


Additional instructions can be found here if needed.

 

 

2.

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Attached File  fixlist.txt   3KB   4 downloads

 

How is the machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 BenP23

BenP23
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 05 May 2014 - 06:38 PM

Sorry for the delay in getting back to you. Here is what I've done so far.

 

Uninstall - looked for a SupraSavings icon in that menu but I couldn't find anything. I did find an icon for the uTorrent tool bar but when I tried to uninstall it a window popped up that said "can't find install.log". That was it. 

 

Below is the text from the Fixlog.

 

The machine seems to be running better. When I opened up chrome this afternoon it did take me to the weird bing page again. But I changed the setting back to opening in a new tab. The underlined links seem to be gone. And when I search in the toolbar it uses google and doesn't force me to use bing. Let me know what you think. Again, thanks for your help.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:06-05-2014
Ran by odp at 2014-05-05 19:31:35 Run:1
Running from C:\Users\odp\Downloads
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
SearchScopes: HKCU - Backup.Old.DefaultScope {A217BDFC-B750-4F89-A784-561EAE59E948}
SearchScopes: HKCU - {2D0B6168-B2EE-41B1-B811-6EE646729B00} URL = 
FF Plugin ProgramFiles/Appdata: C:\Users\odp\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR HomePage: hxxp://search.conduit.com/?gd=&ctid=CT3321733&octid=EB_ORIGINAL_CTID&ISID=M9D955135-19F6-4E64-B8CF-727A29465303&SearchSource=55&CUI=&UM=2&UP=SP32482C90-6ACF-4CA6-BFCD-06080D853273&SSPV=
CHR StartupUrls: "hxxp://search.conduit.com/?gd=&ctid=CT3321733&octid=EB_ORIGINAL_CTID&ISID=M9D955135-19F6-4E64-B8CF-727A29465303&SearchSource=55&CUI=&UM=2&UP=SP32482C90-6ACF-4CA6-BFCD-06080D853273&SSPV="
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchProvider: Conduit Search
CHR Plugin: (Shockwave Flash) - C:\Users\odp\AppData\Local\Google\Chrome\User Data\PepperFlash\11.8.800.97\pepflashplayer.dll No File
CHR Extension: (Cake Cafe) - C:\Users\odp\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh [2014-05-04]
S2 nuttkoqiez32; C:\Program Files\003\nuttkoqiez32.exe run options=01110010030000000000000000000000 sourceguid=A1D0A8BA-DE75-49A5-A1BF-870FC16D4B50 [X]
C:\Users\odp\AppData\Local\Temp\dlLogic.exe
C:\Users\odp\AppData\Local\Temp\dltr.exe
C:\Users\odp\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgl5m7t.dll
C:\Users\odp\AppData\Local\Temp\GCVerifier.dll
C:\Users\odp\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\odp\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\odp\AppData\Local\Temp\nsk34AB.exe
C:\Users\odp\AppData\Local\Temp\nsp2CCD.exe
C:\Users\odp\AppData\Local\Temp\nspD1FC.exe
C:\Users\odp\AppData\Local\Temp\nspD72B.exe
C:\Users\odp\AppData\Local\Temp\nsuCC9E.exe
C:\Users\odp\AppData\Local\Temp\nsv4B67.exe
C:\Users\odp\AppData\Local\Temp\Quarantine.exe
C:\Users\odp\AppData\Local\Temp\setup.exe
C:\Users\odp\AppData\Local\Temp\SkypeSetup.exe
C:\Users\odp\AppData\Local\Temp\verifier.exe
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
 
 
 
 
 
 
 
 
 
 
 
 
*****************
 
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Error setting value.
===================================
Permissions for "HKCU\Software\Microsoft\Internet Explorer\Main":
 
Owner: NT AUTHORITY\SYSTEM
 
DACL(NP):
 
ODPTMP10221001\odp ALLOW FULL (OI-CI-I)
NT AUTHORITY\SYSTEM ALLOW FULL (OI-CI-I)
BUILTIN\Administrators ALLOW FULL (OI-CI-I)
NT AUTHORITY\RESTRICTED ALLOW READ (OI-CI-I)
 
===================================
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2D0B6168-B2EE-41B1-B811-6EE646729B00} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{2D0B6168-B2EE-41B1-B811-6EE646729B00} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\Backup.Old.DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2D0B6168-B2EE-41B1-B811-6EE646729B00} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{2D0B6168-B2EE-41B1-B811-6EE646729B00} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A217BDFC-B750-4F89-A784-561EAE59E948} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{A217BDFC-B750-4F89-A784-561EAE59E948} => Key not found.
CHR HomePage: hxxp://search.conduit.com/?gd=&ctid=CT3321733&octid=EB_ORIGINAL_CTID&ISID=M9D955135-19F6-4E64-B8CF-727A29465303&SearchSource=55&CUI=&UM=2&UP=SP32482C90-6ACF-4CA6-BFCD-06080D853273&SSPV= ==> The Chrome "Settings" can be used to fix the entry.
CHR StartupUrls: "hxxp://search.conduit.com/?gd=&ctid=CT3321733&octid=EB_ORIGINAL_CTID&ISID=M9D955135-19F6-4E64-B8CF-727A29465303&SearchSource=55&CUI=&UM=2&UP=SP32482C90-6ACF-4CA6-BFCD-06080D853273&SSPV=" ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchKeyword: conduit.search ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchProvider: Conduit Search ==> The Chrome "Settings" can be used to fix the entry.
C:\Users\odp\AppData\Local\Google\Chrome\User Data\PepperFlash\11.8.800.97\pepflashplayer.dll not found.
C:\Users\odp\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh => Moved successfully.
nuttkoqiez32 => Service deleted successfully.
C:\Users\odp\AppData\Local\Temp\dlLogic.exe => Moved successfully.
C:\Users\odp\AppData\Local\Temp\dltr.exe => Moved successfully.
C:\Users\odp\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgl5m7t.dll => Moved successfully.
C:\Users\odp\AppData\Local\Temp\GCVerifier.dll => Moved successfully.
C:\Users\odp\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Users\odp\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe => Moved successfully.
C:\Users\odp\AppData\Local\Temp\nsk34AB.exe => Moved successfully.
C:\Users\odp\AppData\Local\Temp\nsp2CCD.exe => Moved successfully.
C:\Users\odp\AppData\Local\Temp\nspD1FC.exe => Moved successfully.
C:\Users\odp\AppData\Local\Temp\nspD72B.exe => Moved successfully.
C:\Users\odp\AppData\Local\Temp\nsuCC9E.exe => Moved successfully.
C:\Users\odp\AppData\Local\Temp\nsv4B67.exe => Moved successfully.
C:\Users\odp\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\odp\AppData\Local\Temp\setup.exe => Moved successfully.
C:\Users\odp\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\odp\AppData\Local\Temp\verifier.exe => Moved successfully.
C:\ProgramData\TEMP => ":DFC5A2B2" ADS removed successfully.
 
==== End of Fixlog ====


#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:47 PM

Posted 05 May 2014 - 08:44 PM

1.

Download and run Junkware Removal Tool. ***Your Anti Virus may see this download as malicious, don't worry continue on. 

Please download Junkware Removal Tool to your desktop.

 

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
    the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next Reply.

 

2.

 ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:47 PM

Posted 08 May 2014 - 07:31 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 BenP23

BenP23
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 10 May 2014 - 03:36 PM

Hello - Yes, I'm still here. Sorry for the delay in getting back to you. Below is the text from the Junkware removal tool. I am not including the text from the ESET online scanner at this time because it is still scanning but going really slow. It is 3 hours and 30 minutes in and it is only 47 percent done. Once it is finished I will post it. I just wanted to respond now so you don't close the thread yet.

 

Overall the machine seems to be doing fine but I'm willing to keep doing things if you see things that need to be fixed. 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x86
Ran by odp on Sat 05/10/2014 at 12:33:44.85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3969232694-1999126572-695026536-1003\Software\Microsoft\Internet Explorer\Main\\Start Page
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\utorrentbar
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\Users\odp\AppData\LocalLow\FCTB000100770
Successfully deleted: [Folder] "C:\Users\odp\appdata\locallow\ytd"
Successfully deleted: [Folder] "C:\Program Files\utorrentbar"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 05/10/2014 at 12:40:15.50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#9 BenP23

BenP23
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 12 May 2014 - 06:21 PM

Here is the content from the ESET text file you requested. Let me know what you think and thanks again for all your help

 

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ca04cfdd2d049c4380fddd3aa4a3119d
# engine=13391
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-03-14 09:55:16
# local_time=2013-03-14 05:55:16 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 42746806 114842907 0 0
# scanned=18043
# found=1
# cleaned=0
# scan_time=1736
sh=BDE434BC951FE761E81D06727FC0265655064EE9 ft=1 fh=c71c0011b6395944 vn="a variant of Win32/SProtector.A application" ac=I fn="C:\Program Files\BrowseToSave\sprotector.dll"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ca04cfdd2d049c4380fddd3aa4a3119d
# engine=13391
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-03-15 01:53:18
# local_time=2013-03-14 09:53:18 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 42761088 114857189 0 0
# scanned=173234
# found=34
# cleaned=34
# scan_time=12885
sh=BDE434BC951FE761E81D06727FC0265655064EE9 ft=1 fh=c71c0011b6395944 vn="a variant of Win32/SProtector.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\BrowseToSave\sprotector.dll"
sh=6ACADAA12AD3C1A938D81C504C931B334321F6A5 ft=1 fh=4b7c49044fd7f166 vn="a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\YTD Toolbar\FF\components\ytdFF.dll"
sh=F737464D6A4F67191C3EAA200EF724775A29C66B ft=1 fh=e97f45836cb29f4f vn="a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\YTD Toolbar\FF\components\ytdFF.dll.10"
sh=CD4E9BF3F1009C1799770C89E0DB8FE5220AD54B ft=1 fh=c87ec612685b4ea3 vn="a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\YTD Toolbar\FF\components\ytdFF.dll.11"
sh=CFD21FBEA8C041A9301C15321F88C3E0019F80E0 ft=1 fh=e702723a4b6e5cb7 vn="a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\YTD Toolbar\FF\components\ytdFF.dll.12"
sh=6ACADAA12AD3C1A938D81C504C931B334321F6A5 ft=1 fh=4b7c49044fd7f166 vn="a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\YTD Toolbar\FF\components\ytdFF.dll.13"
sh=2625EAD93A30880DF1D1FD9CB2994C70B8CECE16 ft=1 fh=4258496f3e1faad7 vn="a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\YTD Toolbar\FF\components\ytdFF.dll.14"
sh=A802011FD737A47CF982A7A87032B5AFFD64684C ft=1 fh=b5723d92bd316f49 vn="a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\YTD Toolbar\FF\components\ytdFF.dll.15"
sh=52F4DF8066B862FCA02A5A6A30AA7748AA768FD5 ft=1 fh=4659e5046bbb7b8c vn="a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\YTD Toolbar\FF\components\ytdFF.dll.16"
sh=3A85ABF26EDF31A28A98C57F3624880BEB619080 ft=1 fh=698a60c8515e364b vn="a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\YTD Toolbar\FF\components\ytdFF.dll.17"
sh=B68CF68DA9ED4A909234D029840F21ED975EBD5B ft=1 fh=a1273e1511974ecb vn="a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\YTD Toolbar\FF\components\ytdFF.dll.18"
sh=464DB7C6D80EA68A68248F0B87FF805C3B7F293F ft=1 fh=7c80217d3ef5d799 vn="a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\YTD Toolbar\FF\components\ytdFF.dll.19"
sh=515C6E232F209B0D2D3FA01574F2AE686D5EA633 ft=1 fh=08439df6361c4804 vn="a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\YTD Toolbar\FF\components\ytdFF.dll.20"
sh=1CDA5B4ECFB2FC895D38C2DB06DC9F80C579D1CD ft=1 fh=4cdf329d8f5f6ad6 vn="a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\YTD Toolbar\FF\components\ytdFF.dll.21"
sh=2594AB1B4CEBFC23BA5136A572E8A65813CD3A52 ft=1 fh=f2d2aa38c0bae466 vn="a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\YTD Toolbar\FF\components\ytdFF.dll.5"
sh=F38BD616D1346EDEC63879270CE03815BEDC5B0A ft=1 fh=053b344a39b9131d vn="a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\YTD Toolbar\FF\components\ytdFF.dll.6"
sh=E688E27D3C54AA13D82B730E9069EBB5F0C306CB ft=1 fh=016daedaa354e748 vn="a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\YTD Toolbar\FF\components\ytdFF.dll.7"
sh=4B8A3CCA8627559F1D5A1C036E9C27801222E9C5 ft=1 fh=e751b1e153a9d32a vn="a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\YTD Toolbar\FF\components\ytdFF.dll.8"
sh=EFBFFA2915C5A28DB206771782604FC9F8F8F621 ft=1 fh=9d11049de89e88fd vn="a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\YTD Toolbar\FF\components\ytdFF.dll.9"
sh=8E79CD1B4E07D5BC1B7253661A5B0D870564AC96 ft=1 fh=f651f8d70b02061e vn="a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\YTD Toolbar\IE\7.0\ytdToolbarIE.dll"
sh=7EC40EC841E450A02A16CC7C23967FDFA1C21A04 ft=1 fh=1b72a9911659b17d vn="Win32/InstalleRex.H.Gen application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\odp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\995UJUDO\agent_setup[1].exe"
sh=D2318EF337DD62DCADFA5EBE097FC28D730C71B4 ft=1 fh=8d421902bc437c33 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Users\odp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GU3LZXC0\512264994a160[1].exe"
sh=13D25BD999108AF453134FC2ECCE927DB89D4A1F ft=1 fh=b9e34cebe6fb2f8d vn="a variant of Win32/SProtector.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\odp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZV1INF45\search_defender_166[1].exe"
sh=9CC024B6CAF758BA9215813A79224D2AFE2BCA38 ft=1 fh=560eef38c1ec8e05 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Users\odp\AppData\Local\Temp\airB0CC.exe"
sh=E89F14F399D513BF628450BC2D2A45551B6E4DEA ft=1 fh=b4d9d6617213a8e3 vn="a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\odp\AppData\Local\Temp\SearchSettings.exe.680464567"
sh=9BC097429B54DA7D4E36D169EBAA39E01DAE1300 ft=1 fh=45bff5b41c089004 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Users\odp\AppData\Local\Temp\YontooSetup-S.exe"
sh=5856E32EA8F7167C823109DEA2C228B86A82A679 ft=1 fh=c71c001118767864 vn="Win32/Toolbar.BHO.B application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\odp\AppData\LocalLow\FCTB000100770\Toolbar\Toolbar.dll"
sh=0889DB2596E13E49AF813E509C820DEFE4BA8F21 ft=1 fh=ffe45a05dcca009b vn="Win32/InstalleRex.E.Gen application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\odp\Downloads\ANV1.rar.exe"
sh=6A8AD4DB5E232B17019C2BD72B461C2618953F6F ft=1 fh=07aaf0da34f0455e vn="Win32/InstallMate.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\odp\Downloads\DownloadSetup.exe"
sh=D678D09672D71BF02C6892BD18D56716D7354858 ft=1 fh=71396cb173e4c662 vn="a variant of Win32/MediaGet application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\odp\Downloads\galaxy_2_galaxy_a_hi_tech_jazz_compilation_mp3_192kbps.exe"
sh=D3B8D725DCFC7360C597408CCF2B56A4D4E6F865 ft=1 fh=5a26f58005703774 vn="Win32/Graboid application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\odp\Downloads\GraboidVideoSetup-3.11.exe"
sh=59A03998DE8AD8569B2109913A16BD5AE8B44E0A ft=1 fh=87b4b085465a1d6a vn="Win32/Adware.1ClickDownload.C application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\odp\Downloads\Twelve_O_Clock_High.exe"
sh=7E60B8163E021ED5EE522316C72210C7BCF7DF71 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask application (deleted - quarantined)" ac=C fn="C:\Windows\Installer\ad6eaed.msi"
sh=0522485D9BD0F38D6E06A0742F94696AA2256D1F ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi application (deleted - quarantined)" ac=C fn="C:\Windows\Installer\f5591b3.msi"
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ca04cfdd2d049c4380fddd3aa4a3119d
# engine=18210
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-05-10 10:03:42
# local_time=2014-05-10 06:03:42 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 25309169 151304213 0 0
# scanned=205575
# found=37
# cleaned=37
# scan_time=18060
sh=321FFA63BC10C82EBF9D52BBC8DFAD1635A7D88D ft=1 fh=6345b32e772ed437 vn="Win32/AdWare.Adpeak.F application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\003\nuttkoqiez32.exe.vir"
sh=3FDA53F88C2B98DE37AC2C2080502BE2E576E901 ft=1 fh=3800e8a51d246518 vn="Win32/SProtector.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\BrowseToSave\uninstall.exe.vir"
sh=58B5ECA6356C4BE712A4376A3941E693B83E3C3F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\HDvid-Codec V9.0\51356.crx.vir"
sh=00A559F12816F1E9B5C6C6AEDF07D52556898077 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\HDvid-Codec V9.0\51356.xpi.vir"
sh=C6E6C6BFD587F54FFB4464037BE5C8C66EDA344F ft=1 fh=3a4703d3f014ef1d vn="a variant of Win32/Toolbar.CrossRider.AA potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\HDvid-Codec V9.0\HDvid-Codec V9.0-bg.exe.vir"
sh=D7D5A8E6041E50654053239E94CE03655724FF96 ft=1 fh=c71c001136629799 vn="a variant of Win32/Toolbar.CrossRider.AA potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\HDvid-Codec V9.0\HDvid-Codec V9.0-bho.dll.vir"
sh=EBD8B7D8C2F80DFFB697ABB457B37120B7FEC9C4 ft=1 fh=c71c0011c30048ca vn="a variant of Win32/Toolbar.CrossRider.AA potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\HDvid-Codec V9.0\HDvid-Codec V9.0-buttonutil.dll.vir"
sh=5EDB9B7497D066F095D29956308E5423E973E2FE ft=1 fh=3d74ec2933ed1ae8 vn="a variant of Win32/Toolbar.CrossRider.AA potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\HDvid-Codec V9.0\HDvid-Codec V9.0-buttonutil.exe.vir"
sh=FB80B1888C7F90248C42091279CC620DFAB02BD8 ft=1 fh=962b46e8ba2d9591 vn="a variant of Win32/Toolbar.CrossRider.AA potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\HDvid-Codec V9.0\HDvid-Codec V9.0-codedownloader.exe.vir"
sh=4AE3DABD84C3A57771F049E490F7FF5F695690C9 ft=1 fh=27fa93204183485e vn="a variant of Win32/Toolbar.CrossRider.AC potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\HDvid-Codec V9.0\HDvid-Codec V9.0-enabler.exe.vir"
sh=97550743FBEA49C1312E50689F69F65A941ECBE8 ft=1 fh=17db78a4396a87f4 vn="a variant of Win32/Toolbar.CrossRider.AC potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\HDvid-Codec V9.0\HDvid-Codec V9.0-updater.exe.vir"
sh=49448B5DE799AECA9D7B98080F94861551BA6A9B ft=1 fh=7e05902df47f29df vn="Win32/Toolbar.CrossRider.AB potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\HDvid-Codec V9.0\utils.exe.vir"
sh=C333FF75FA536C3EBEC7C14007F57D63FA062C88 ft=1 fh=0de28d41e92b06b2 vn="a variant of Win32/Packed.ScrambleWrapper.K potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\HDvidCodec.com\hdvidextsetup.exe.vir"
sh=519A8691D28EB09172F5342CE60A92741C3988E9 ft=1 fh=0b74d7c2c83300bb vn="a variant of Win32/SpeedingUpMyPC application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Optimizer Pro\OptimizerPro.exe.vir"
sh=F6B4EBA433A08E784F21798F4942A4DFE0CABEBC ft=1 fh=d64082093cf98dd6 vn="a variant of Win32/AdWare.SpeedingUpMyPC.D application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Optimizer Pro\OptProLauncher.exe.vir"
sh=A3ABA0F8882DB45E47F801D1ABF70918B80C6F11 ft=1 fh=d558369f8c59f0c4 vn="a variant of Win32/Adware.SpeedingUpMyPC.C application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Optimizer Pro\OptProSmartScan.exe.vir"
sh=53708CCF2410434187CA268A7A724A3992C0FC65 ft=1 fh=a6207637a02e9db4 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\Main\bin\CltMngSvc.exe.vir"
sh=D30BAC56E88EDAEF64D8813330D1FB24921088FA ft=1 fh=5da947440ba8911d vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\Main\bin\SPTool.dll.vir"
sh=4539C49EE54EF49172ADAA38B553E38FDF347C80 ft=1 fh=ab01c90ebcba11aa vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\Main\bin\uninstall.exe.vir"
sh=1E3BA56AFE7F70CA844E8330E38FD662A4B41790 ft=1 fh=9c60344bfd510269 vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe.vir"
sh=33093FCFDCE7C07DD5886ECC4DA42672E5314B09 ft=1 fh=d3cea830025d3e5f vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC32.dll.vir"
sh=3D6705DAB5126B0393B6FF5C26484B0899A3D125 ft=1 fh=51586fa0d05d1c4e vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir"
sh=DE134CEDD3AE537C91B6196D66BFCB0FD7DFE550 ft=1 fh=a9eb9770e77ea827 vn="a variant of Win64/Conduit.SearchProtect.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir"
sh=856E28D7768BB8C0CD7F1E4355A810D8DB55F6B0 ft=1 fh=1f4105694a25c3d7 vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\UI\bin\cltmngui.exe.vir"
sh=DC790DFB6D4E0C15D927A3B20EFC147F44D4F5E7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\odp\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh\1.26.22_0\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=DC790DFB6D4E0C15D927A3B20EFC147F44D4F5E7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\odp\AppData\Roaming\Mozilla\Firefox\Profiles\4o29xxeh.default\Extensions\fca3238e-0f52-4634-8e93-c36d211b2ea9@c1c012cf-93b0-488e-a2c5-453d23bec199.com\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=99BAE826DDAB59E162AF5E02E2E2644A43421453 ft=1 fh=6f7f2a0ee2f0a16e vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Users\odp\AppData\Local\Temp\setup.exe.xBAD"
sh=2FA069A3668D712D0362632EB829F655384A3403 ft=1 fh=e3d95cd50b0b04c5 vn="Win32/AdWare.1ClickDownload.AR application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\odp\AppData\Local\Google\Chrome\User Data\Default\File System\006\t\00\00000000"
sh=012AE7E3389548A664C5519DA0E0706552785CD4 ft=1 fh=ee6e82168d86a290 vn="Win32/AdWare.1ClickDownload.AR application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\odp\AppData\Local\Google\Chrome\User Data\Default\File System\007\t\00\00000000"
sh=1D05F40721A499CDC6AA0944B9757B2A6E3FE6A6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\odp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5YYUNCZJ\monetizationLoader[1].js"
sh=C4420C6E94B8CAACCB3811384280D8A93CB0A37D ft=1 fh=25f111c507a31a21 vn="Win32/Toolbar.Conduit.R potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\odp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H08XH54U\sp-downloader[1].exe"
sh=FEC19241949864DE766A2D193BC81E3366E379E4 ft=1 fh=ac6e9bcd558de938 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\odp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZCNXKJZ6\SPSetup[1].exe"
sh=8E104BA4F55265AAD3D63BC8A8364E02FE037429 ft=1 fh=cdd052684d4c9bcf vn="probably a variant of Win32/SProtector.E potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\odp\AppData\Local\Temp\is-SHCTJ.tmp\OptProCrash.dll"
sh=FEC19241949864DE766A2D193BC81E3366E379E4 ft=1 fh=ac6e9bcd558de938 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\odp\AppData\Local\Temp\nskCC21\SpSetup.exe"
sh=436AC45CB8D7B9BC8E9E9176A6FBF96447BC9BDB ft=1 fh=d9f3cc1eb56be017 vn="a variant of Win32/AirAdInstaller.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\odp\Downloads\setup.exe"
sh=8B45D98B3D2AD42ACD832B4C4EC83D9E51CECDBE ft=1 fh=c47817d02d04bbc3 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\odp\Downloads\YTDSetup (1).exe"
sh=8B45D98B3D2AD42ACD832B4C4EC83D9E51CECDBE ft=1 fh=c47817d02d04bbc3 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\odp\Downloads\YTDSetup.exe"


#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:47 PM

Posted 12 May 2014 - 08:06 PM

Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.

  • Extract the ZIP archive and double-click "mbar.exe" to start the tool.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"

[/*]

 

 

How is the machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:47 PM

Posted 16 May 2014 - 07:41 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 1-2 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:47 PM

Posted 21 May 2014 - 05:40 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users