Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Accidentally infected with PC Utilities Pro Optimizer Pro


  • This topic is locked This topic is locked
12 replies to this topic

#1 LBackover

LBackover

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 22 May 2014 - 04:24 PM

Hello.  I'm using Windows 7 Home Premium.  I went to update CCleaner and accidentally got infected with "PC Utilities Pro – Optimizer Pro".  

 

Chrome and Windows homepage and search looks like it's hijacked (trovi search keeps coming up).  Not sure what else was affected.  

 

Can anyone give me some guidance to see what damage was caused and how to remove and fix?



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:49 PM

Posted 22 May 2014 - 05:12 PM

Hello LBackover,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.

 

 

1

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

2.

Download and run Junkware Removal Tool. ***Your Anti Virus may see this download as malicious, don't worry continue on. 

Please download Junkware Removal Tool to your desktop.

 

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
    the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next Reply.

 

 

3.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 LBackover

LBackover
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 22 May 2014 - 06:47 PM

AdwCleaner[S#].txt

 

# AdwCleaner v3.210 - Report created 22/05/2014 at 18:20:18

# Updated 19/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : LBackover - MININT-3FQ66GK
# Running from : C:\Users\LBackover\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : CltMngSvc
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\2308189059
Folder Deleted : C:\Program Files\HiDefMedia
Folder Deleted : C:\Program Files\SearchProtect
Folder Deleted : C:\Users\LBackover\AppData\Local\SearchProtect
Folder Deleted : C:\Users\LBackover\Documents\Optimizer Pro
 
***** [ Shortcuts ] *****
 
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soft-Now bundle\Soft-Now bundle.lnk
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\ScorpionSaver
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~1\searchprotect\searchprotect\bin\spvc32loader.dll
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2A498D792D0AD2F4DADF03B3C066122B
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C697F962E048A434B8AE269E702964C8
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16866
 
 
-\\ Google Chrome v
 
[ File : C:\Users\LBackover\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
Deleted [Extension] : oclgomenfkljhfkfflghppidonpkljjg
 
*************************
 
AdwCleaner[R0].txt - [3823 octets] - [21/11/2013 14:50:56]
AdwCleaner[R1].txt - [2764 octets] - [22/05/2014 18:16:40]
AdwCleaner[S0].txt - [3896 octets] - [21/11/2013 14:53:58]
AdwCleaner[S1].txt - [2500 octets] - [22/05/2014 18:20:18]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2560 octets] ##########

JRT.txt

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x86
Ran by LBackover on Thu 05/22/2014 at 19:12:09.03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 05/22/2014 at 19:21:05.52
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-05-2014

Ran by LBackover (administrator) on MININT-3FQ66GK on 22-05-2014 19:29:39
Running from C:\Users\LBackover\Downloads
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros) C:\Program Files\Dell Wireless\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Symantec Corporation) C:\Program Files\Norton Security Suite\Engine\21.2.0.38\n360.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files\Norton Security Suite\Engine\21.2.0.38\n360.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Atheros Commnucations) C:\Program Files\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files\Dell Wireless\Bluetooth Suite\AthBtTray.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Google Inc.) C:\Users\LBackover\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Box, Inc.) C:\Program Files\Box Sync\BoxSync.exe
(Dropbox, Inc.) C:\Users\LBackover\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Users\LBackover\AppData\Local\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Box, Inc.) C:\Program Files\Box Sync\BoxSyncHelper.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\AllShareFrameworkManagerDMS.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\AllShareFrameworkDMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Google Inc.) C:\Users\LBackover\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\LBackover\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\LBackover\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\LBackover\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\LBackover\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\LBackover\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\LBackover\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\LBackover\AppData\Local\Google\Chrome\Application\chrome.exe
(Google) C:\Users\LBackover\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1873192 2010-08-12] (Synaptics Incorporated)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files\Dell Wireless\Bluetooth Suite\BtvStack.exe [470176 2010-07-30] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files\Dell Wireless\Bluetooth Suite\AthBtTray.exe [289952 2010-07-30] (Atheros Commnucations)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-06-08] (Intel Corporation)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [309688 2012-10-11] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-3264056709-3722974489-2320898588-1003\...\Run: [MusicManager] => C:\Users\LBackover\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7382528 2014-03-03] (Google Inc.)
HKU\S-1-5-21-3264056709-3722974489-2320898588-1003\...\Run: [Google Update] => C:\Users\LBackover\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-03-11] (Google Inc.)
HKU\S-1-5-21-3264056709-3722974489-2320898588-1003\...\Policies\Explorer: [NoInstrumentation] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Box Sync.lnk
ShortcutTarget: Box Sync.lnk -> C:\Program Files\Box Sync\BoxSync.exe (Box, Inc.)
Startup: C:\Users\LBackover\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\LBackover\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {88CBC5C6-B062-44DC-A527-78E836377692} URL = https://www.google.com/search?q={searchTerms}
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: samsung.com/SamsungLinkPCPlugin - C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll (Samsung)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\LBackover\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\LBackover\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\LBackover\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\LBackover\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\LBackover\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\LBackover\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\LBackover\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-11-05]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ []
 
Chrome: 
=======
CHR StartupUrls: "https://www.google.com/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\LBackover\AppData\Local\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\LBackover\AppData\Local\Google\Chrome\Application\34.0.1847.137\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\LBackover\AppData\Local\Google\Chrome\Application\34.0.1847.137\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Users\LBackover\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\LBackover\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\LBackover\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-12]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\LBackover\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-04-24]
CHR Extension: (20-20 3D Viewer for Virtual Studio) - C:\Users\LBackover\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbhljkhbideandpbhpinhedfgdhkpdc [2014-04-30]
CHR Extension: (Search by Image (by Google)) - C:\Users\LBackover\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2013-09-16]
CHR Extension: (WhoIs) - C:\Users\LBackover\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibhnaioakffcmagdeoigioijcblhfiib [2013-11-06]
CHR Extension: (Zoho CRM) - C:\Users\LBackover\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigppphkaknhndejgcmckacpipcioacn [2013-05-28]
CHR Extension: (Quick SEO - PageRank, Backlinks & Alexa Tool) - C:\Users\LBackover\AppData\Local\Google\Chrome\User Data\Default\Extensions\mimhmidgldhoghjoehfigallmmndjkef [2013-05-30]
CHR Extension: (Hangouts) - C:\Users\LBackover\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-04-24]
CHR Extension: (Google Wallet) - C:\Users\LBackover\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Security Suite\Engine\21.2.0.38\Exts\Chrome.crx [2014-04-03]
 
========================== Services (Whitelisted) =================
 
R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\AllShareFrameworkManagerDMS.exe [401800 2013-09-10] (Samsung)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files\Dell Wireless\Ath_CoexAgent.exe [151552 2010-05-24] (Atheros)
R2 AtherosSvc; C:\Program Files\Dell Wireless\Bluetooth Suite\adminservice.exe [38560 2010-07-30] (Atheros Commnucations)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
S2 DellDigitalDelivery; C:\Program Files\Dell Digital Delivery\DeliveryService.exe [150920 2011-05-04] (Dell Products, LP.)
R2 N360; C:\Program Files\Norton Security Suite\Engine\21.2.0.38\N360.exe [265040 2014-03-14] (Symantec Corporation)
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [574536 2013-09-23] (Copyright 2013 SAMSUNG)
 
==================== Drivers (Whitelisted) ====================
 
R3 acpials; C:\Windows\System32\DRIVERS\acpials.sys [7680 2009-07-13] (Microsoft Corporation)
R3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [37224 2010-07-30] (Atheros)
S3 bcm; C:\Windows\System32\DRIVERS\drxvi314.sys [318464 2010-07-08] (Beceem communications pvt ltd.)
S3 bcmbusctr; C:\Windows\System32\DRIVERS\BcmBusCtr.sys [51456 2010-07-08] (Beceem communications pvt ltd.)
R1 BHDrvx86; C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140510.001\BHDrvx86.sys [1101616 2014-05-09] (Symantec Corporation)
R3 BRCMDECO; C:\Windows\System32\DRIVERS\BRCMHD32.sys [116224 2010-08-10] (Broadcom Corporation)
R3 BTATH_A2DP; C:\Windows\System32\drivers\btath_a2dp.sys [256360 2010-07-30] (Atheros)
R3 BTATH_BUS; C:\Windows\System32\DRIVERS\btath_bus.sys [28200 2010-07-30] (Atheros)
R3 BTATH_HCRP; C:\Windows\System32\DRIVERS\btath_hcrp.sys [177704 2010-07-30] (Atheros)
R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [46952 2010-07-30] (Atheros)
R3 BTATH_RCP; C:\Windows\System32\DRIVERS\btath_rcp.sys [143080 2010-07-30] (Atheros)
R3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [230760 2010-07-30] (Atheros)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1502000.026\ccSetx86.sys [127064 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-11-21] (Symantec Corporation)
R1 IDSVix86; C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140521.001\IDSvix86.sys [395992 2014-03-25] (Symantec Corporation)
S3 LAN9500; C:\Windows\System32\DRIVERS\lan9500-x86-n51f.sys [57344 2009-06-22] (SMSC)
R3 LSM303DLH; C:\Windows\System32\DRIVERS\LSM303DLH.sys [28272 2010-09-21] (STMicroelectronics)
R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [64912 2012-02-22] (McAfee, Inc.)
S3 NAVENG; C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140522.001\NAVENG.SYS [93272 2014-04-21] (Symantec Corporation)
S3 NAVEX15; C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140522.001\NAVEX15.SYS [1612376 2014-04-21] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\N360\1502000.026\SRTSP.SYS [664280 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1502000.026\SRTSPX.SYS [32344 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\1502000.026\SYMDS.SYS [367704 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1502000.026\SYMEFA.SYS [936152 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2013-11-05] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1502000.026\Ironx86.SYS [206936 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360\1502000.026\SYMNETS.SYS [447704 2014-02-17] (Symantec Corporation)
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog32.sys [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 PCTINDIS5; \??\C:\Windows\system32\PCTINDIS5.SYS [X]
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-22 19:29 - 2014-05-22 19:31 - 00021564 _____ () C:\Users\LBackover\Downloads\FRST.txt
2014-05-22 19:29 - 2014-05-22 19:29 - 00000000 ____D () C:\FRST
2014-05-22 19:28 - 2014-05-22 19:28 - 01056768 _____ (Farbar) C:\Users\LBackover\Downloads\FRST.exe
2014-05-22 19:21 - 2014-05-22 19:21 - 00000660 _____ () C:\Users\LBackover\Desktop\JRT.txt
2014-05-22 19:11 - 2014-05-22 19:11 - 00000000 ____D () C:\Users\LBackover\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2014-05-22 19:08 - 2014-05-22 19:26 - 00000000 ____D () C:\Users\LBackover\Desktop\Comp Fix 2014-05
2014-05-22 18:57 - 2014-05-22 18:57 - 01016261 _____ (Thisisu) C:\Users\LBackover\Downloads\JRT.exe
2014-05-22 18:54 - 2014-05-22 19:10 - 00000112 _____ () C:\Windows\setupact.log
2014-05-22 18:54 - 2014-05-22 18:54 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-22 18:53 - 2014-05-22 18:53 - 00002714 _____ () C:\Windows\PFRO.log
2014-05-22 18:18 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-05-22 18:15 - 2014-05-22 18:15 - 01326389 _____ () C:\Users\LBackover\Downloads\AdwCleaner.exe
2014-05-22 17:53 - 2014-05-22 17:53 - 00001836 _____ () C:\Users\LBackover\Documents\cc_20140522_175307.reg
2014-05-22 17:16 - 2014-05-22 17:16 - 00029180 _____ () C:\Users\LBackover\Documents\cc_20140522_171557.reg
2014-05-22 16:38 - 2014-05-22 16:38 - 00929416 _____ (CNET Download.com) C:\Users\LBackover\Downloads\cbsidlm-cbsi188-AdwCleaner-SEO-75851221.exe
2014-05-22 16:24 - 2014-05-22 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soft-Now bundle
2014-05-22 16:22 - 2014-05-22 16:22 - 00000000 ____D () C:\Program Files\sweetpacks bundle uninstaller_CCleaner_1504492
2014-05-21 18:50 - 2014-05-21 18:50 - 00000000 ____D () C:\Users\LBackover\AppData\Roaming\Mozilla
2014-05-15 10:51 - 2014-05-22 14:52 - 00011986 _____ () C:\Users\LBackover\Desktop\Table Top Notes.xlsx
2014-05-15 10:51 - 2014-05-15 10:51 - 00000579 _____ () C:\Users\LBackover\Desktop\Table Top Notes.txt
2014-05-15 08:56 - 2014-05-15 08:56 - 00000791 _____ () C:\Users\LBackover\Desktop\GFD Ad Copy.GFD Ad Copy
2014-05-13 14:08 - 2014-05-13 14:08 - 17352880 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-05-07 09:34 - 2014-05-07 09:34 - 00884672 _____ (Google Inc.) C:\Users\LBackover\Downloads\googledrivesync (1).exe
2014-05-07 09:11 - 2014-05-07 09:11 - 00010240 _____ () C:\Users\LBackover\Downloads\Quick Merchant Overview for Louis Backover Merchants (6588000000508796) - May 7, 2014.xls.xls
2014-05-05 17:07 - 2014-05-05 17:07 - 00000493 _____ () C:\Users\LBackover\Desktop\Kellmer and Cipollone MS Notes 2014-05-05.txt
2014-05-02 21:32 - 2014-05-02 21:32 - 00000000 ____D () C:\Users\LBackover\AppData\Roaming\DropboxMaster
2014-05-02 09:42 - 2014-05-02 09:42 - 00010752 _____ () C:\Users\LBackover\Downloads\Quick Merchant Overview for Louis Backover Merchants (6588000000508796) - May 2, 2014.xls.xls
2014-04-30 22:08 - 2014-04-30 22:08 - 00884696 _____ (Google Inc.) C:\Users\LBackover\Downloads\GoogleVoiceAndVideoSetup.exe
2014-04-30 13:50 - 2014-04-30 13:50 - 00010752 _____ () C:\Users\LBackover\Downloads\Quick Merchant Overview for Louis Backover - Option A (6588000000508804) - Apr 30, 2014.xls.xls
2014-04-29 10:03 - 2014-04-29 10:03 - 00000000 ____D () C:\Users\LBackover\Desktop\Micro Housing
2014-04-26 07:09 - 2014-04-26 07:09 - 01600402 _____ () C:\Users\LBackover\Desktop\Ritz stone color 02.jpeg
2014-04-26 07:08 - 2014-04-26 07:08 - 01208648 _____ () C:\Users\LBackover\Desktop\Ritz stone color 01.jpeg
2014-04-23 09:31 - 2014-05-22 18:42 - 00000586 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3264056709-3722974489-2320898588-1003.job
2014-04-22 19:43 - 2014-04-22 19:43 - 00000000 ____D () C:\Users\dub_cm_auto
2014-04-22 18:45 - 2014-04-22 18:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-22 18:45 - 2014-04-14 20:13 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-04-22 18:45 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-22 18:45 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-22 18:45 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-22 18:44 - 2014-04-22 18:45 - 00004117 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log
 
==================== One Month Modified Files and Folders =======
 
2014-05-22 19:31 - 2014-05-22 19:29 - 00021564 _____ () C:\Users\LBackover\Downloads\FRST.txt
2014-05-22 19:29 - 2014-05-22 19:29 - 00000000 ____D () C:\FRST
2014-05-22 19:28 - 2014-05-22 19:28 - 01056768 _____ (Farbar) C:\Users\LBackover\Downloads\FRST.exe
2014-05-22 19:27 - 2011-02-24 22:18 - 01774987 _____ () C:\Windows\WindowsUpdate.log
2014-05-22 19:26 - 2014-05-22 19:08 - 00000000 ____D () C:\Users\LBackover\Desktop\Comp Fix 2014-05
2014-05-22 19:26 - 2011-03-04 13:09 - 00000000 ____D () C:\Users\LBackover\AppData\Roaming\gSyncit
2014-05-22 19:21 - 2014-05-22 19:21 - 00000660 _____ () C:\Users\LBackover\Desktop\JRT.txt
2014-05-22 19:18 - 2011-02-24 20:28 - 00730320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-22 19:18 - 2009-07-14 00:34 - 00014416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-22 19:18 - 2009-07-14 00:34 - 00014416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-22 19:12 - 2012-04-15 00:00 - 00000000 ___RD () C:\Users\LBackover\Dropbox
2014-05-22 19:12 - 2012-04-14 23:54 - 00000000 ____D () C:\Users\LBackover\AppData\Roaming\Dropbox
2014-05-22 19:11 - 2014-05-22 19:11 - 00000000 ____D () C:\Users\LBackover\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2014-05-22 19:11 - 2011-03-11 10:14 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-22 19:11 - 2011-02-24 20:54 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2014-05-22 19:10 - 2014-05-22 18:54 - 00000112 _____ () C:\Windows\setupact.log
2014-05-22 19:10 - 2013-11-23 16:50 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-05-22 19:10 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-22 19:08 - 2012-04-14 23:56 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-22 18:57 - 2014-05-22 18:57 - 01016261 _____ (Thisisu) C:\Users\LBackover\Downloads\JRT.exe
2014-05-22 18:54 - 2014-05-22 18:54 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-22 18:53 - 2014-05-22 18:53 - 00002714 _____ () C:\Windows\PFRO.log
2014-05-22 18:48 - 2011-04-27 10:39 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3264056709-3722974489-2320898588-1003UA.job
2014-05-22 18:42 - 2014-04-23 09:31 - 00000586 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3264056709-3722974489-2320898588-1003.job
2014-05-22 18:39 - 2013-11-21 14:50 - 00000000 ____D () C:\AdwCleaner
2014-05-22 18:39 - 2011-03-11 10:14 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-22 18:20 - 2014-05-22 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soft-Now bundle
2014-05-22 18:15 - 2014-05-22 18:15 - 01326389 _____ () C:\Users\LBackover\Downloads\AdwCleaner.exe
2014-05-22 17:53 - 2014-05-22 17:53 - 00001836 _____ () C:\Users\LBackover\Documents\cc_20140522_175307.reg
2014-05-22 17:16 - 2014-05-22 17:16 - 00029180 _____ () C:\Users\LBackover\Documents\cc_20140522_171557.reg
2014-05-22 16:52 - 2011-03-05 16:32 - 00000000 ____D () C:\Users\LBackover\AppData\Local\CrashDumps
2014-05-22 16:52 - 2011-02-24 22:14 - 00000000 ____D () C:\Windows\Panther
2014-05-22 16:38 - 2014-05-22 16:38 - 00929416 _____ (CNET Download.com) C:\Users\LBackover\Downloads\cbsidlm-cbsi188-AdwCleaner-SEO-75851221.exe
2014-05-22 16:35 - 2013-11-23 18:06 - 00000975 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-22 16:35 - 2013-11-23 18:06 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-22 16:22 - 2014-05-22 16:22 - 00000000 ____D () C:\Program Files\sweetpacks bundle uninstaller_CCleaner_1504492
2014-05-22 14:58 - 2011-03-03 11:00 - 00000000 ____D () C:\Users\LBackover\Documents\Bluetooth Folder
2014-05-22 14:52 - 2014-05-15 10:51 - 00011986 _____ () C:\Users\LBackover\Desktop\Table Top Notes.xlsx
2014-05-22 14:48 - 2011-04-27 10:39 - 00000872 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3264056709-3722974489-2320898588-1003Core.job
2014-05-21 18:50 - 2014-05-21 18:50 - 00000000 ____D () C:\Users\LBackover\AppData\Roaming\Mozilla
2014-05-16 19:40 - 2013-11-23 17:55 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-16 19:40 - 2011-06-24 07:35 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-05-15 10:51 - 2014-05-15 10:51 - 00000579 _____ () C:\Users\LBackover\Desktop\Table Top Notes.txt
2014-05-15 08:56 - 2014-05-15 08:56 - 00000791 _____ () C:\Users\LBackover\Desktop\GFD Ad Copy.GFD Ad Copy
2014-05-13 14:08 - 2014-05-13 14:08 - 17352880 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-05-13 14:08 - 2013-12-11 01:08 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-13 14:08 - 2011-05-17 17:41 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-13 13:52 - 2012-04-14 23:55 - 00000000 ____D () C:\Users\LBackover\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-12 10:13 - 2012-01-16 16:23 - 00000000 ___RD () C:\Program Files\Skype
2014-05-07 13:28 - 2012-01-16 16:23 - 00000000 ____D () C:\Users\LBackover\AppData\Roaming\Skype
2014-05-07 09:37 - 2012-07-04 12:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-05-07 09:34 - 2014-05-07 09:34 - 00884672 _____ (Google Inc.) C:\Users\LBackover\Downloads\googledrivesync (1).exe
2014-05-07 09:11 - 2014-05-07 09:11 - 00010240 _____ () C:\Users\LBackover\Downloads\Quick Merchant Overview for Louis Backover Merchants (6588000000508796) - May 7, 2014.xls.xls
2014-05-05 17:07 - 2014-05-05 17:07 - 00000493 _____ () C:\Users\LBackover\Desktop\Kellmer and Cipollone MS Notes 2014-05-05.txt
2014-05-02 21:32 - 2014-05-02 21:32 - 00000000 ____D () C:\Users\LBackover\AppData\Roaming\DropboxMaster
2014-05-02 09:42 - 2014-05-02 09:42 - 00010752 _____ () C:\Users\LBackover\Downloads\Quick Merchant Overview for Louis Backover Merchants (6588000000508796) - May 2, 2014.xls.xls
2014-04-30 22:08 - 2014-04-30 22:08 - 00884696 _____ (Google Inc.) C:\Users\LBackover\Downloads\GoogleVoiceAndVideoSetup.exe
2014-04-30 13:50 - 2014-04-30 13:50 - 00010752 _____ () C:\Users\LBackover\Downloads\Quick Merchant Overview for Louis Backover - Option A (6588000000508804) - Apr 30, 2014.xls.xls
2014-04-29 12:56 - 2014-01-19 21:04 - 00000000 ___HD () C:\Users\LBackover\Desktop\.picasaoriginals
2014-04-29 10:03 - 2014-04-29 10:03 - 00000000 ____D () C:\Users\LBackover\Desktop\Micro Housing
2014-04-26 07:09 - 2014-04-26 07:09 - 01600402 _____ () C:\Users\LBackover\Desktop\Ritz stone color 02.jpeg
2014-04-26 07:08 - 2014-04-26 07:08 - 01208648 _____ () C:\Users\LBackover\Desktop\Ritz stone color 01.jpeg
2014-04-24 18:45 - 2011-12-23 11:43 - 00000000 ____D () C:\Users\LBackover\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-04-23 09:31 - 2011-03-03 18:03 - 00000000 ____D () C:\Users\LBackover\AppData\Local\Citrix
2014-04-22 19:43 - 2014-04-22 19:43 - 00000000 ____D () C:\Users\dub_cm_auto
2014-04-22 18:46 - 2013-11-05 13:29 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-22 18:45 - 2014-04-22 18:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-22 18:45 - 2014-04-22 18:44 - 00004117 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log
2014-04-22 18:45 - 2011-05-06 21:39 - 00000000 ____D () C:\Program Files\Java
 
Some content of TEMP:
====================
C:\Users\LBackover\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxvxjuh.dll
C:\Users\LBackover\AppData\Local\temp\nscFCE.exe
C:\Users\LBackover\AppData\Local\temp\nsh9779.exe
C:\Users\LBackover\AppData\Local\temp\nsnB1CF.exe
C:\Users\LBackover\AppData\Local\temp\nssA485.exe
C:\Users\LBackover\AppData\Local\temp\nsx1D56.exe
C:\Users\LBackover\AppData\Local\temp\nsx2939.exe
C:\Users\LBackover\AppData\Local\temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-05-10 09:37
 
==================== End Of Log ============================


#4 LBackover

LBackover
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 22 May 2014 - 06:49 PM

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:21-05-2014

Ran by LBackover at 2014-05-22 19:32:44
Running from C:\Users\LBackover\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Norton Security Suite (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Security Suite (Disabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe AIR (Version: 2.6.0.19120 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
AIO_Scan (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AllShare Framework DMS (HKLM\...\{CBE1ADA9-C3F9-4E82-B117-BE5756641749}) (Version: 1.3.18 - Samsung)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft TotalMedia Backup (HKLM\...\{87A54796-0620-4899-BAF7-7778A7FB54CB}) (Version:  - ArcSoft)
Bitcoin (HKCU\...\Bitcoin) (Version: 0.8.6 - Bitcoin project)
Bluetooth Win7 Suite (HKLM\...\{101A497C-7EF6-4001-834D-E5FA1C70FEFA}) (Version: 7.1.0.22 - Atheros Communications)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Box Sync (HKLM\...\{F89A2517-03FA-47DE-B702-6F09F6B7CC45}) (Version: 3.4.25.0 - Box, Inc)
Broadcom CrystalHD Decoder (HKLM\...\{507F2E22-60FC-41AE-936A-0D158162A24F}) (Version: 3.6.1.32 - Broadcom Corporation)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
Button Manager of JMicron (HKLM\...\JMicron) (Version:  - JMicron  Corporation)
C4200 (Version: 130.0.365.000 - Hewlett-Packard) Hidden
c4200_Help (Version: 82.0.210.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.126.0.62 - Conexant)
Copy (Version: 130.0.428.000 - Hewlett-Packard) Hidden
CyberLink PowerDVD 9.5 (HKLM\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3225 - CyberLink Corp.)
CyberLink PowerDVD 9.5 (Version: 9.5.1.3225 - CyberLink Corp.) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell BookStage Setup (HKLM\...\{32C38CC6-376C-4435-8EBC-7DDFA134E9AF}) (Version: 1.0.1077 - K-NFB Reading Inc)
Dell Digital Delivery (HKLM\...\{E9F88884-EECC-455E-BB2A-C784868C1A35}) (Version: 1.6.1001.0 - Dell Products, LP)
Dell MusicStage (HKLM\...\{3BD7DD08-991B-4A2F-A165-614ED14EAADD}) (Version: 1.6.225.0 - Fingertapps)
Dell VideoStage (HKLM\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.1.0.1117 - CyberLink Corp.)
Dell VideoStage (Version: 1.1.0.1117 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Dell WLAN and Bluetooth Client Installation (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Dell Inc.)
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.6.33 - Dropbox, Inc.)
Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)
Google Drive (HKLM\...\{418BAAD1-754D-48B4-B078-46EF4F25AF42}) (Version: 1.15.6556.8063 - Google, Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM\...\{217CEB43-6D22-3E1F-A311-DC0D7BFEE0A2}) (Version: 5.4.1.18709 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Google+ Auto Backup (HKCU\...\Google+ Auto Backup) (Version: 1.0.25.133 - Google, Inc.)
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GoToMeeting 6.3.0.1415 (HKCU\...\GoToMeeting) (Version: 6.3.0.1415 - CitrixOnline)
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
gSyncit (HKLM\...\{693287F6-A602-4558-BF2F-1F696C267F3F}) (Version: 2.5.90 - Fieldston Software)
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart C4200 All-In-One Driver Software 13.0 Rel. 1 (HKLM\...\{14BC5667-22B0-4DC4-8205-597053BBDDC9}) (Version: 13.0 - HP)
HP Product Detection (HKLM\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Inkscape 0.48.2 (HKLM\...\Inkscape) (Version: 0.48.2 - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2230 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.4.1002 - Intel Corporation)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Small Business 2007 (HKLM\...\SMALLBUSINESSR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Small Business 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Search Enhancement Pack (Version: 3.0.133.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music Manager (HKCU\...\MusicManager) (Version:  - Google, Inc.)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
nj.partypoker (HKLM\...\partypokerNJ) (Version:  - partyNJ)
Norton Security Suite (HKLM\...\N360) (Version: 21.2.0.38 - Symantec Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PS_AIO_Software_min (Version: 130.0.365.000 - Hewlett-Packard) Hidden
QuickSet32 (HKLM\...\{C4972073-2BFE-475D-8441-564EA97DA161}) (Version: 10.5.030 - Dell Inc.)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30117 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roxio Burn (HKLM\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Roxio Burn (Version: 1.01 - Roxio) Hidden
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.0.12094_28 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.5.0.12094_28 - Samsung Electronics Co., Ltd.) Hidden
Samsung Link 1.7.0.1309231724 (HKLM\...\8474-7877-9059-0204) (Version: 1.7.0.1309231724 - Copyright 2013 SAMSUNG)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.6.0 - SAMSUNG Electronics Co., Ltd.)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Skype Click to Call (HKLM\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Soft-Now bundle (HKLM\...\Soft-Now bundle) (Version: 2.0.0.5 - Soft-Now)
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SRS Premium Sound APO for Conexant USB Audio (HKLM\...\SRS Premium Sound APO for Conexant USB Audio) (Version:  - )
Status (Version: 130.0.469.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.8.0 - Synaptics Incorporated)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (Version: 9.0.21022 - Microsoft Corporation) Hidden
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
2009-07-13 22:04 - 2013-11-23 16:02 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {16321042-878D-4E6E-84D2-F138732FBE04} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3264056709-3722974489-2320898588-1003UA => C:\Users\LBackover\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-11] (Google Inc.)
Task: {1A7AEAA0-A724-460C-9645-49405A1C7BE4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {21727244-0A9F-414E-AFA5-CDB26FE5001E} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {2745DAF5-D2B2-4C58-830D-C7E977A14E96} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {349F4B88-6453-45E9-81BC-BC727C8E058F} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files\Norton Security Suite\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {3CB396D7-E411-404E-85F0-116BBBCDD802} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-11] (Google Inc.)
Task: {613CC5C4-C4A8-4773-9550-541E9B103BC0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8FF2F756-5812-4C36-B310-D24B7C2EAB13} - System32\Tasks\G2MUpdateTask-S-1-5-21-3264056709-3722974489-2320898588-1003 => C:\Users\LBackover\AppData\Local\Citrix\GoToMeeting\1415\g2mupdate.exe [2014-05-15] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {9107C3C9-A582-476D-B86E-ACAFBCE57108} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {9469C94A-70FF-463D-89F6-3A5599A566D3} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security Suite\Engine\21.2.0.38\WSCStub.exe [2014-03-11] (Symantec Corporation)
Task: {9820E79B-C714-4EBC-880E-5A4CB43C371B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3264056709-3722974489-2320898588-1003Core => C:\Users\LBackover\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-11] (Google Inc.)
Task: {A731C46A-06B0-42B1-AE67-E8CB42568FF7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: {E456D4E9-3FBB-46CF-AB69-15234AF7AB5F} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files\Norton Security Suite\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {E7D55BFD-9E69-4A88-A1C7-3394E61993D4} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {F79548CB-D44C-4509-858B-D05B7E9DECDE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-11] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3264056709-3722974489-2320898588-1003.job => C:\Users\LBackover\AppData\Local\Citrix\GoToMeeting\1415\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3264056709-3722974489-2320898588-1003Core.job => C:\Users\LBackover\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3264056709-3722974489-2320898588-1003UA.job => C:\Users\LBackover\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-15 16:57 - 2013-09-23 17:24 - 00011264 _____ () C:\Program Files\Samsung\Samsung Link\JniSys.dll
2013-11-23 16:50 - 2013-11-23 16:50 - 00541696 ____N () C:\Windows\Temp\sqlite-3.7.2-sqlitejdbc.dll
2013-10-15 16:57 - 2013-09-23 17:24 - 00982528 _____ () C:\Program Files\Samsung\Samsung Link\scone_proxy.dll
2013-10-15 16:57 - 2013-09-23 17:24 - 01025024 _____ () C:\Program Files\Samsung\Samsung Link\scone_stub.dll
2013-09-10 09:59 - 2013-09-10 09:59 - 00038912 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\JNIInterface.dll
2013-09-10 10:00 - 2013-09-10 10:00 - 00119296 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\ASFAPI.dll
2013-09-10 10:02 - 2013-09-10 10:02 - 00013824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\MediaDB_Manager.dll
2013-08-23 14:34 - 2013-08-23 14:34 - 00025600 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\MediaDB.dll
2013-08-23 14:34 - 2013-08-23 14:34 - 00706560 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\ContentDirectoryPresenter.dll
2013-09-10 10:01 - 2013-09-10 10:01 - 00589824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\DMS_Manager.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00038912 _____ () C:\Windows\system32\boost_date_time-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00012800 _____ () C:\Windows\system32\boost_system-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00046592 _____ () C:\Windows\system32\boost_thread-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00227840 _____ () C:\Windows\system32\boost_serialization-vc90-mt-1_47.dll
2013-12-10 17:06 - 2013-12-10 17:06 - 10683392 _____ () C:\Users\LBackover\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
2013-12-10 17:06 - 2013-12-10 17:06 - 07741952 _____ () C:\Users\LBackover\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
2013-12-10 17:06 - 2013-12-10 17:06 - 02248192 _____ () C:\Users\LBackover\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
2013-12-10 17:06 - 2013-12-10 17:06 - 01681408 _____ () C:\Users\LBackover\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
2014-03-03 14:13 - 2014-03-03 14:13 - 00117248 _____ () C:\Users\LBackover\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
2014-03-03 14:13 - 2014-03-03 14:13 - 00231936 _____ () C:\Users\LBackover\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
2014-03-03 14:14 - 2014-03-03 14:14 - 00253440 _____ () C:\Users\LBackover\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
2014-03-03 14:13 - 2014-03-03 14:13 - 00344064 _____ () C:\Users\LBackover\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
2013-12-10 17:06 - 2013-12-10 17:06 - 00026624 _____ () C:\Users\LBackover\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
2014-02-15 14:05 - 2014-02-15 14:05 - 00387584 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\Python.Runtime\9582c0f6046af1b2c3bee545df8f8a01\Python.Runtime.ni.dll
2013-01-03 19:12 - 2013-01-03 19:12 - 00285184 _____ () C:\Program Files\Box Sync\_hashlib.pyd
2013-01-03 19:12 - 2013-01-03 19:12 - 00040960 _____ () C:\Program Files\Box Sync\_socket.pyd
2013-01-03 19:12 - 2013-01-03 19:12 - 00721920 _____ () C:\Program Files\Box Sync\_ssl.pyd
2013-01-03 19:12 - 2013-01-03 19:12 - 00686592 _____ () C:\Program Files\Box Sync\unicodedata.pyd
2013-01-03 19:12 - 2013-01-03 19:12 - 00070656 _____ () C:\Program Files\Box Sync\_elementtree.pyd
2013-01-03 19:12 - 2013-01-03 19:12 - 00103424 _____ () C:\Program Files\Box Sync\pyexpat.pyd
2013-01-03 19:12 - 2013-01-03 19:12 - 00074240 _____ () C:\Program Files\Box Sync\_ctypes.pyd
2013-01-03 19:12 - 2013-01-03 19:12 - 00098816 _____ () C:\Program Files\Box Sync\win32api.pyd
2013-01-03 19:12 - 2013-01-03 19:12 - 00110080 _____ () C:\Program Files\Box Sync\pywintypes27.dll
2013-01-03 19:12 - 2013-01-03 19:12 - 00041984 _____ () C:\Program Files\Box Sync\_sqlite3.pyd
2013-01-03 19:12 - 2013-01-03 19:12 - 00337920 _____ () C:\Program Files\Box Sync\sqlite3.dll
2013-01-03 19:12 - 2013-01-03 19:12 - 00029184 _____ () C:\Program Files\Box Sync\_testcapi.pyd
2013-01-03 19:12 - 2013-01-03 19:12 - 00108544 _____ () C:\Program Files\Box Sync\win32security.pyd
2013-01-03 19:12 - 2013-01-03 19:12 - 00008192 _____ () C:\Program Files\Box Sync\_win32sysloader.pyd
2013-01-03 19:12 - 2013-01-03 19:12 - 00111616 _____ () C:\Program Files\Box Sync\win32file.pyd
2014-05-22 19:11 - 2014-05-22 19:11 - 00041984 _____ () C:\Users\LBackover\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxvxjuh.dll
2013-10-18 19:55 - 2013-10-18 19:55 - 25100288 _____ () C:\Users\LBackover\AppData\Roaming\Dropbox\bin\libcef.dll
2013-08-23 14:34 - 2013-08-23 14:34 - 01112576 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\DMSManager.dll
2013-08-23 14:34 - 2013-08-23 14:34 - 00107008 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\DCMCDP.dll
2013-08-23 14:34 - 2013-08-23 14:34 - 00102400 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\FolderCDP.dll
2013-08-23 14:34 - 2013-08-23 14:34 - 00077312 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\MetadataFramework.dll
2013-07-23 19:30 - 2013-07-23 19:30 - 00520234 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\sqlite3.dll
2013-07-23 19:30 - 2013-07-23 19:30 - 00450560 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\MoodExtractor.dll
2013-07-23 19:30 - 2013-07-23 19:30 - 05717504 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\DCMImgExtractor.dll
2013-08-14 08:29 - 2013-08-14 08:29 - 00028672 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\AutoChaptering.dll
2013-07-23 19:30 - 2013-07-23 19:30 - 00147456 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\libexpat.dll
2013-08-14 08:29 - 2013-08-14 08:29 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\VideoThumb.dll
2013-07-23 19:30 - 2013-07-23 19:30 - 04671488 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\avcodec-52.dll
2013-07-23 19:30 - 2013-07-23 19:30 - 00070656 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\avutil-50.dll
2013-07-23 19:30 - 2013-07-23 19:30 - 00686080 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\avformat-52.dll
2013-07-23 19:30 - 2013-07-23 19:30 - 00152064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\swscale-0.dll
2013-08-14 08:29 - 2013-08-14 08:29 - 00028160 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\AudioExtractor.dll
2013-08-14 08:29 - 2013-08-14 08:29 - 00064000 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\ID3Driver.dll
2013-07-23 19:30 - 2013-07-23 19:30 - 00366592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\tag.dll
2013-07-23 19:30 - 2013-07-23 19:30 - 00289792 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\libThumbnail.dll
2013-08-14 08:29 - 2013-08-14 08:29 - 00023040 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\RichInfoDriver.dll
2013-08-23 14:34 - 2013-08-23 14:34 - 00017920 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\VideoExtractor.dll
2013-08-14 08:29 - 2013-08-14 08:29 - 00117248 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\ThumbnailMaker.dll
2013-08-14 08:29 - 2013-08-14 08:29 - 01033216 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\ImageMagickWrapper.dll
2013-08-23 14:34 - 2013-08-23 14:34 - 00134144 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\VideoMetadataDriver.dll
2013-08-14 08:29 - 2013-08-14 08:29 - 00290816 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\libKeyFrame.dll
2013-08-14 08:29 - 2013-08-14 08:29 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\SECMetaDriver.dll
2013-08-14 08:29 - 2013-08-14 08:29 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\ImageExtractor.dll
2013-07-23 19:30 - 2013-07-23 19:30 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\photoDriver.dll
2013-07-23 19:30 - 2013-07-23 19:30 - 00399826 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\libexif-12.dll.dll
2013-08-14 08:29 - 2013-08-14 08:29 - 00013824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\TextExtractor.dll
2013-07-23 19:30 - 2013-07-23 19:30 - 00032768 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\Autobackup.dll
2013-07-23 19:30 - 2013-07-23 19:30 - 00055808 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\RosettaAllShare.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00227840 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\boost_serialization-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00038912 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\boost_date_time-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00012800 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\boost_system-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00046592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\boost_thread-vc90-mt-1_47.dll
2013-07-23 19:30 - 2013-07-23 19:30 - 00044032 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\us.dll
2014-02-15 14:07 - 2014-02-15 14:07 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\2b6cfcda2d134768a7313df94cfcc1ee\IsdiInterop.ni.dll
2011-02-24 20:55 - 2010-06-08 11:44 - 00058880 _____ () C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2009-02-26 13:46 - 2009-02-26 13:46 - 00064344 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2014-02-15 14:06 - 2014-02-15 14:06 - 00074752 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\gsyncit.addin\1e2d813f19b01f568ee328e1dac5259c\gsyncit.addin.ni.dll
2014-02-15 14:06 - 2014-02-15 14:06 - 02767360 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\gSyncit.core\ca0e07b6f84a2d1cce3eaa8eace95d79\gSyncit.core.ni.dll
2014-02-15 14:06 - 2014-02-15 14:06 - 00494080 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SQLite\e477404cb56e68d49daff57b23abe6dc\System.Data.SQLite.ni.dll
2011-03-03 08:36 - 2011-03-03 08:36 - 00837632 _____ () C:\Program Files\Fieldston Software\gSyncit\System.Data.SQLite.dll
2011-06-22 11:46 - 2011-06-22 11:46 - 00434016 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2014-05-16 08:56 - 2014-05-07 19:29 - 00065352 _____ () C:\Users\LBackover\AppData\Local\Google\Chrome\Application\34.0.1847.137\chrome_elf.dll
2014-05-16 08:56 - 2014-05-07 19:29 - 04081480 _____ () C:\Users\LBackover\AppData\Local\Google\Chrome\Application\34.0.1847.137\pdf.dll
2014-05-16 08:56 - 2014-05-07 19:29 - 00390472 _____ () C:\Users\LBackover\AppData\Local\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll
2014-05-16 08:56 - 2014-05-07 19:29 - 01647432 _____ () C:\Users\LBackover\AppData\Local\Google\Chrome\Application\34.0.1847.137\ffmpegsumo.dll
2014-04-09 09:32 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\LBackover\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-09 09:32 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\LBackover\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2014-05-16 18:45 - 1980-01-01 01:00 - 00181760 _____ () C:\Users\LBackover\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2014.507.433.1_0\plugin\ace.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\Temp:373E1720
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
Name: AntiLog32
Description: AntiLog32
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: AntiLog32
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
Error: (05/22/2014 07:31:43 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
 
 
Microsoft Office Sessions:
=========================
Error: (05/20/2014 09:59:37 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 417088 seconds with 33420 seconds of active time.  This session ended with a crash.
 
Error: (05/18/2014 10:21:42 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 127 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error: (05/18/2014 10:19:15 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1755 seconds with 660 seconds of active time.  This session ended with a crash.
 
Error: (04/29/2014 01:31:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 60 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (04/29/2014 01:30:09 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4258 seconds with 1020 seconds of active time.  This session ended with a crash.
 
Error: (03/05/2014 09:51:43 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 21 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (03/05/2014 09:44:51 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3004 seconds with 1080 seconds of active time.  This session ended with a crash.
 
Error: (02/28/2014 10:27:07 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 169991 seconds with 1020 seconds of active time.  This session ended with a crash.
 
Error: (02/26/2014 10:14:34 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6497 seconds with 2760 seconds of active time.  This session ended with a crash.
 
Error: (02/15/2014 01:34:37 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 141 seconds with 60 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 73%
Total physical RAM: 2035.87 MB
Available physical RAM: 534 MB
Total Pagefile: 4071.73 MB
Available Pagefile: 2367.11 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.09 MB
 
==================== Drives ================================
 
Drive c: (OSDisk) (Fixed) (Total:284.42 GB) (Free:191.36 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:13.67 GB) (Free:8.59 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 6106DBAB)
Partition 1: (Active) - (Size=284 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=14 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#5 LBackover

LBackover
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 22 May 2014 - 06:57 PM

Thanks for looking into this.

 

I was scrolling through my program folders and noticed a few that shouldn't be there:  Anvisoft (empty); Soft-Now Bundle; SUPERAntiSpyware.  I have not opened any of the programs.

 

Hope that helps.



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:49 PM

Posted 22 May 2014 - 07:58 PM

How is the machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 LBackover

LBackover
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 22 May 2014 - 08:29 PM

The browser pages do not seem to be hijacked anymore.  Seems zippier overall.  I never saw any other problems - I posted to the board for help about 5 min after being tricked into the bad download.  Soft-Now Bundle; SUPERAntiSpyware are still in the program folders though and still not opened either but I am sure the SUPERAntiSpyware is malware - I had it a long time ago.  Any other things to do?



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:49 PM

Posted 22 May 2014 - 08:36 PM

 

SUPERAntiSpyware

That is a anti malware program and a pretty good one to. You can use it if you want.

 

Lets run a couple other scans to make sure no leftovers.

 

1.

Please download Malwarebytes Anti-Malware mbamicontw5.gif and save it to your desktop.

  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Double-click on the renamed file to install, then follow these instructions for doing a Quick Scan in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.


Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • After completing the scan, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.


Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).

 

2.

 ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is  checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 LBackover

LBackover
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 23 May 2014 - 11:20 AM

Malwarebytes log

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/23/2014
Scan Time: 7:50:14 AM
Logfile: malwarebytes log.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.05.23.06
Rootkit Database: v2014.05.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: LBackover
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 258942
Time Elapsed: 22 min, 52 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.LevelQualityWatcher.A, HKU\S-1-5-21-3264056709-3722974489-2320898588-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Level Quality Watcher, Quarantined, [587a2b298eede15595ab069017ebd52b], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 1
PUP.Optional.Conduit.A, C:\Users\LBackover\AppData\Local\temp\CT3325809, Quarantined, [f6dc371d017a85b1d7efa3d2c83a659b], 
 
Files: 1
PUP.Optional.Conduit.A, C:\Users\LBackover\AppData\Local\temp\CT3325809\ddt.csf, Quarantined, [f6dc371d017a85b1d7efa3d2c83a659b], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

Malwarebytes protection history

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Update, 5/23/2014 7:46:24 AM, SYSTEM, MININT-3FQ66GK, Manual, Rootkit Database, 2014.2.20.1, 2014.5.21.1, 
Protection, 5/23/2014 7:46:27 AM, SYSTEM, MININT-3FQ66GK, Protection, Malware Protection, Starting, 
Protection, 5/23/2014 7:46:27 AM, SYSTEM, MININT-3FQ66GK, Protection, Malware Protection, Started, 
Protection, 5/23/2014 7:46:27 AM, SYSTEM, MININT-3FQ66GK, Protection, Malicious Website Protection, Starting, 
Protection, 5/23/2014 7:46:40 AM, SYSTEM, MININT-3FQ66GK, Protection, Malicious Website Protection, Started, 
Update, 5/23/2014 7:46:49 AM, SYSTEM, MININT-3FQ66GK, Manual, Malware Database, 2014.3.4.9, 2014.5.23.6, 
Protection, 5/23/2014 7:46:50 AM, SYSTEM, MININT-3FQ66GK, Protection, Refresh, Starting, 
Protection, 5/23/2014 7:46:50 AM, SYSTEM, MININT-3FQ66GK, Protection, Malicious Website Protection, Stopping, 
Protection, 5/23/2014 7:46:50 AM, SYSTEM, MININT-3FQ66GK, Protection, Malicious Website Protection, Stopped, 
Protection, 5/23/2014 7:47:07 AM, SYSTEM, MININT-3FQ66GK, Protection, Refresh, Success, 
Protection, 5/23/2014 7:47:07 AM, SYSTEM, MININT-3FQ66GK, Protection, Malicious Website Protection, Starting, 
Protection, 5/23/2014 7:47:07 AM, SYSTEM, MININT-3FQ66GK, Protection, Malicious Website Protection, Started, 
 
(end)

Malwarebytes Scan History

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/23/2014
Scan Time: 7:50:14 AM
Logfile: Malwarebytes scan history.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.05.23.06
Rootkit Database: v2014.05.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: LBackover
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 258942
Time Elapsed: 22 min, 52 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.LevelQualityWatcher.A, HKU\S-1-5-21-3264056709-3722974489-2320898588-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Level Quality Watcher, Quarantined, [587a2b298eede15595ab069017ebd52b], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 1
PUP.Optional.Conduit.A, C:\Users\LBackover\AppData\Local\temp\CT3325809, Quarantined, [f6dc371d017a85b1d7efa3d2c83a659b], 
 
Files: 1
PUP.Optional.Conduit.A, C:\Users\LBackover\AppData\Local\temp\CT3325809\ddt.csf, Quarantined, [f6dc371d017a85b1d7efa3d2c83a659b], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

Eset Log

 

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=10.00.9200.16521 (win8_gdr_soc_ie.130216-2100)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=385757c437ec5346bf936aa369d8d7ba
# engine=18381
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-05-23 03:55:51
# local_time=2014-05-23 11:55:51 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 66 85 23325948 152405342 0 0
# scanned=162579
# found=15
# cleaned=15
# scan_time=12115
sh=0BC47DE01BA10961EE0D7D6C95A9916DA748A5C7 ft=1 fh=39158cfce6f871c9 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\Main\bin\CltMngSvc.exe.vir"
sh=68BF1E0437E11832B4DC5E9923DCA5FFB92914AC ft=1 fh=fe3fcc60a0369b2a vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\Main\bin\SPTool.dll.vir"
sh=74ADF35C3A3456993B5D72F70AE1EDEB28987C80 ft=1 fh=90d7e36e3b85c7e4 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\Main\bin\uninstall.exe.vir"
sh=4929EB5864840E7F5A0ACA7FA5723D703F4B5E73 ft=1 fh=ce188f0b56e64136 vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe.vir"
sh=8A0819C25BB2568FF451BED451955B4E69E724D7 ft=1 fh=7bc6a5dd57c41934 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC32.dll.vir"
sh=01E8A066B023DAACD6FE9CBC35372A56BE6EC5B1 ft=1 fh=832dcd421f4cfd2d vn="a variant of Win64/Conduit.SearchProtect.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir"
sh=FB7948E63D42672E50D4A521CDB6DBACD615D773 ft=1 fh=fc81cec60cf9c6da vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\UI\bin\cltmngui.exe.vir"
sh=6B4F3E6EB3AAE1D1E9250E006C1EA18854A5BDED ft=1 fh=03f7934c7f4ba60d vn="a variant of Win32/BitCoinMiner.BJ potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files\Bitcoin\bitcoin-qt.exe"
sh=7EB8BEEC49636AAE2BD754EB51A31BDC8516E721 ft=1 fh=6a73ba54031a6efe vn="a variant of Win32/BitCoinMiner.BJ potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files\Bitcoin\daemon\bitcoind.exe"
sh=19876B0C21073CE7AC4725124851FC36B7EA7301 ft=1 fh=31b372839de59c7b vn="a variant of Win32/CNETInstaller.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\LBackover\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KYUHBHBH\cbsidlm-cbsi188-AdwCleaner-SEO-75851221.exe"
sh=43AF91DC5DEE0C6EBD3896493BD21C2A695B37CB ft=1 fh=39261060eb4f8e5f vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\LBackover\AppData\Local\temp\nsh8BA0.tmp"
sh=C7241007662586F5DE3A9F9927CFBD9D52A52AC9 ft=1 fh=a7692001af61d921 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\LBackover\AppData\Local\temp\nsc90B0\SpSetup.exe"
sh=A9B758508DB40D5AF2C5FC3F9C0987D1E2BD447C ft=0 fh=0000000000000000 vn="probably a variant of Android/HtcLog.C potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\LBackover\Desktop\Samsung S3 Data\Phone\TitaniumBackup\com.carrieriq.tmobile-ebf442babc1fd28ed796d08df7a14dc7.apk.gz"
sh=19876B0C21073CE7AC4725124851FC36B7EA7301 ft=1 fh=31b372839de59c7b vn="a variant of Win32/CNETInstaller.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\LBackover\Downloads\cbsidlm-cbsi188-AdwCleaner-SEO-75851221.exe"
sh=6525F85F423A8ACB9DE261FCE7C1BFDCAF0651EC ft=1 fh=e751b5239200023c vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\LBackover\Downloads\ccsetup404.exe"


#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:49 PM

Posted 23 May 2014 - 05:13 PM

Please run MBAM again and post its log along with how the machine is running?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 LBackover

LBackover
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 27 May 2014 - 08:28 AM

Sorry for the delay, I was in travel over the holiday weekend.  Here' the MBAM log..  Seems to be working okay.  Friday morning the machine seemed zippy.  Now it seems a bit very sluggish.  I have to say it seems that most operations take a long time to complete (open apps files and time to complete actions within applications; Opening a browser or new tabs in a browser takes a while).  Here's the log file.
 
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/24/2014
Scan Time: 2:38:47 PM
Logfile: malwarebytes log2.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.05.24.05
Rootkit Database: v2014.05.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: LBackover
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 260481
Time Elapsed: 34 min, 20 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:49 PM

Posted 27 May 2014 - 04:57 PM

Hello, LBackover.

Congratulations! You now appear clean! :cool:

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

We Need to Clean Up Our Mess

 

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.

  • Download OTC by OldTimer and save it to your desktop.
  • Double click OTC_Icon.jpg icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big CleanUp.jpg button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.


 

Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:

  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista.

 

 

One of the most common questions found when cleaning malware is "how did my machine get infected?"

There are a variety of reasons, but the most common ones are that you are not practicing Safe Internet, you are not running the proper security software or that your computer's security settings are set too low.

Below I have outlined a series of categories that outline how you can increase the security of your computer to help reduce the chance of being infected again in the future.

Do not use P2P programs
Peer-to-peer or file-sharing programs (such as uTorrent, Limewire and Bitorrent) are probably the primary route of infection nowadays. These programs allow file sharing between users as the name(s) suggest.  It is almost impossible to know whether the file you’re downloading through P2P programs is safe.

It is therefore possible to be infected by downloading infected files via peer-to-peer programs and so I recommend that you do not use these programs. Should you wish to use them, they must be used with extreme care. Some further reading on this subject, along with included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

In addition, P2P programs facilitate cyber crime and help distribute pirated software, movies and other illegal material.

Practice Safe Internet
Another one of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on.  Whether these things are files or sites it doesn't really matter.  If something is out to get you, and you click on it, it most likely will. 

Below are a list of simple precautions to take to keep your computer clean and running securely:

  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that.  Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  • If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean.  For the casual computer user, you will almost never receive a valid attachment of this type.
  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is.  The email could be from someone you know who is themselves infected with malware which is trying to infect everyone in their address book. A key thing to look out for here is: does the email sound as though it’s from the person you know? Often, the email may simply have a web link or a “Run this file to make your PC run fast” message in it.
  • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!.  These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software.  For an example of these types of pop-ups, or Foistware, you should read this article: Foistware, And how to avoid it.
    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. Removal instructions for a lot of these "rogues" can be found here.
  • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message  or alert.  When you click on them, though, they instead bring you to another site that is trying to push a product on you, or will download a file to your PC without your knowledge.  You can check to see if it's a real alert by right-clicking on the window.  If there is a menu that comes up saying Add to Favorites... you know it's a fake. DO NOT click on these windows, instead close them by finding the open window on your http://en.wikipedia.org/wiki/Taskbar#Screenshots '>Taskbar, right click and chose close.
  • Do not visit pornographic websites.  I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites.  I am not saying all adult sites do this, but a lot do, as this can often form part of their funding.
  • When using an Instant Messaging program be cautious about clicking on links people send to you.  It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection.  Instead when you receive a message that contains a link you should message back to the person asking if it is legit.
  • Stay away from Warez and Crack sites! As with Peer-2-Peer programs, in addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download files from a site, and are not sure if they are legitimate, you can use tools such as BitDefender Traffic Light, Norton Safe Web, or McAfee SiteAdvisor to look up info on the site and stay protected against malicious sites. Please be sure to only choose and install one of those tool bars.
  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money.  By reading the agreement there is a good chance you can spot this and not install the software.
    Sometimes even legitimate programs will try to bundle extra, unwanted, software with the program you want - this is done to raise money for the program. Be sure to untick any boxes which may indicate that other programs will be downloaded.


Keep Windows up-to-date
Microsoft continually releases security and stability updates for its supported operating systems and you should always apply these to help keep your PC secure.

  • Windows XP users
    You should visit Windows Update to check for the latest updates to your system. The latest service pack (SP3) can be obtained directly from Microsoft here.
  • Windows Vista users
    You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP2) can be obtained directly from Microsoft here.
  • Windows 7 users
    You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP1) can be obtained directly from Microsoft here



Keep your browser secure
Most modern browsers have come on in leaps and bounds with their inbuilt, default security. The best way to keep your browser secure nowadays is simply to keep it up-to-date.

The latest versions of the three common browsers can be found below:


Use an AntiVirus Software
It is very important that your computer has an up-to-date anti-virus software on it which has a real-time agent running.  This alone can save you a lot of trouble with malware in the future. 
See this link for a listing of some online & their stand-alone antivirus programs: Virus, Spyware, and Malware Protection and Removal Resources, a couple of free Anti-Virus programs you may be interested in are Microsoft Security Essentials and Avast.

It is imperative that you update your Antivirus software at least once a week (even more if you wish).  If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.  If you use a commercial antivirus program you must make sure you keep renewing your subscription.  Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.

Use a Firewall
I can not stress how important it is that you use a Firewall on your computer.  Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.

All versions of Windows starting from XP have an in-built firewall. With Windows XP this firewall will protect you from incoming traffic (i.e. hackers). Starting with Windows Vista, the firewall was beefed up to also protect you against outgoing traffic (i.e. malicious programs installed on your machine should be blocked from sending data, such as your bank details and passwords, out).

In addition, if you connect to the internet via a router, this will normally have a firewall in-built.

Some people will recommend installing a different firewall (instead of the Windows’ built one), this is personal choice, but the message is to definitely have one! For a tutorial on Firewalls and a listing of some available ones see this link: Understanding and Using Firewalls

Install an Anti-Malware program
Recommended, and free, Anti-Malware programs are Malwarebytes Anti-Malware and SuperAntiSpyware.

You should regularly (perhaps once a week) scan your computer with an Anti-Malware program just as you would with an antivirus software.

Make sure your applications have all of their updates
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you.  Therefore, it is very important to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities (such as Adobe Reader and Java).  You can check these by visiting Secunia Software Inspector.

Follow this list and your potential for being infected again will reduce dramatically.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:49 PM

Posted 29 May 2014 - 06:36 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users