Jump to content

not4hire

Members
 View Profile  See their activity

  • Posts

    11

  • Joined

  • Last visited

Reputation

0 Neutral
  1. not4hire
    All appears to be well...the PUP has been evicted from the doghouse! Check yer Paypal...
  2. not4hire
    Here's the checkup.txt: Results of screen317's Security Check version 0.99.74 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Windows Firewall Disabled! Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 25 Java version out of Date! Adobe Flash Player 11.9.900.117 Adobe Reader XI Mozilla Firefox (24.0) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes' Anti-Malware mbamscheduler.exe Online Games Manager ogmservice.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` ________________________________ Is it okay to close the "Administrator: Security Check" DOS window or is some other arcane magic going to happen? Also, if I donate via Paypal, do you (MrC) get the all the money or does it go to The Corporate Beer Fund? ...standing by....
  3. not4hire
    OH, almost forgot: Is there any way to delete all the reports/logs that I posted above? There's probably not any classified information there, but it kinda feels like I've raised my skirts and exposed me knickers...I don't have anything to steal so I'm not too worried, but......
  4. not4hire
    MrCharlie--I'll be doggoned if you haven't fixed me. At least as far as I can tell after surfing around, playing a couple games, etc. No sign of the dreaded Conduit A after a couple scans so you get a big YAY from me. I'd be glad to buy ya a beer if we lived closer. Thanks for your help!!
  5. not4hire
    Here's the logfile from ADWCleaner: # AdwCleaner v3.010 - Report created 27/10/2013 at 13:54:26 # Updated 20/10/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : NoTouch - NOTOUCH-BLACKHP # Running from : C:\Users\NoTouch\Downloads\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Around the world in 80 days Folder Deleted : C:\ProgramData\boost_interprocess Folder Deleted : C:\ProgramData\quickclick Folder Deleted : C:\ProgramData\Trymedia Folder Deleted : C:\ProgramData\Alawar Stargaze Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iWin Folder Deleted : C:\Program Files (x86)\File Type Helper Folder Deleted : C:\Users\NoTouch\AppData\Local\MyScrapNook_12 Folder Deleted : C:\Users\NoTouch\AppData\LocalLow\Fast Free Converter Folder Deleted : C:\Users\NoTouch\AppData\LocalLow\MyScrapNook_12 Folder Deleted : C:\Users\NoTouch\AppData\Roaming\iWin Folder Deleted : C:\Users\NoTouch\AppData\Roaming\quickclick Folder Deleted : C:\Users\NoTouch\AppData\Roaming\Alawar Stargaze Folder Deleted : C:\Users\NoTouch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video downloader Folder Deleted : C:\Users\UpdatusUser\AppData\LocalLow\Fast Free Converter Folder Deleted : C:\Users\TheLordNotfer\AppData\LocalLow\Fast Free Converter Folder Deleted : C:\Users\NoTouch\AppData\Roaming\Mozilla\Firefox\Profiles\us6udg93.default\Smartbar Folder Deleted : C:\Users\NoTouch\AppData\Roaming\Mozilla\Firefox\Profiles\us6udg93.default\CT3239904 Folder Deleted : C:\Users\NoTouch\AppData\Roaming\Mozilla\Firefox\Profiles\us6udg93.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} Folder Deleted : C:\Users\NoTouch\AppData\Roaming\Mozilla\Firefox\Profiles\us6udg93.default\Extensions\ffxtlbr@funmoods.com Folder Deleted : C:\Users\NoTouch\AppData\Roaming\Mozilla\Firefox\Profiles\us6udg93.default\Extensions\{2421d847-721c-404f-87b4-bbd2b95d1087} File Deleted : C:\Users\NoTouch\AppData\Roaming\Mozilla\Firefox\Profiles\us6udg93.default\Extensions\plugin@yontoo.com.xpi File Deleted : C:\END File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk File Deleted : C:\Users\NoTouch\AppData\Roaming\Mozilla\Firefox\Profiles\us6udg93.default\searchplugins\search.xml File Deleted : C:\Users\NoTouch\AppData\Roaming\Mozilla\Firefox\Profiles\us6udg93.default\user.js ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [extension@FastFreeConverter.com] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1 Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE Key Deleted : HKCU\Software\AppDataLow\Software\smartbar Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\Fast Free Converter Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video downloader Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16720 -\\ Mozilla Firefox v24.0 (en-US) [ File : C:\Users\NoTouch\AppData\Roaming\Mozilla\Firefox\Profiles\us6udg93.default\prefs.js ] Line Deleted : user_pref("CT3239904.1000082.isDisplayHidden", "true"); Line Deleted : user_pref("CT3239904.1000082.isPlayDisplay", "true"); Line Deleted : user_pref("CT3239904.1000234.TWC_TMP_city", "AUSTIN"); Line Deleted : user_pref("CT3239904.1000234.TWC_TMP_country", "US"); Line Deleted : user_pref("CT3239904.1000234.TWC_locId", "USTX0057"); Line Deleted : user_pref("CT3239904.1000234.TWC_location", "Austin, TX"); Line Deleted : user_pref("CT3239904.1000234.TWC_region", "US"); Line Deleted : user_pref("CT3239904.1000234.TWC_temp_dis", "f"); Line Deleted : user_pref("CT3239904.1000234.TWC_wind_dis", "mph"); Line Deleted : user_pref("CT3239904.1000234.weatherData", "{\"icon\":\"26.png\",\"temperature\":\"75°F\",\"temperatureClear\":\"75°F\",\"highTemperature\":\"88°F\",\"lowTemperature\":\"70°F\",\"feelsLike\":\"75°F\",[...] Line Deleted : user_pref("CT3239904.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}"); Line Deleted : user_pref("CT3239904.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}"); Line Deleted : user_pref("CT3239904.FirstTime", "true"); Line Deleted : user_pref("CT3239904.FirstTimeFF3", "true"); Line Deleted : user_pref("CT3239904.UserID", "UN34693415818641068"); Line Deleted : user_pref("CT3239904.addressBarTakeOverEnabledInHidden", "true"); Line Deleted : user_pref("CT3239904.autoDisableScopes", -1); Line Deleted : user_pref("CT3239904.countryCode", "US"); Line Deleted : user_pref("CT3239904.defaultSearch", "false"); Line Deleted : user_pref("CT3239904.enableAlerts", "false"); Line Deleted : user_pref("CT3239904.enableFix404ByUser", "FALSE"); Line Deleted : user_pref("CT3239904.enableSearchFromAddressBar", "false"); Line Deleted : user_pref("CT3239904.firstTimeDialogOpened", "true"); Line Deleted : user_pref("CT3239904.fixPageNotFoundError", "true"); Line Deleted : user_pref("CT3239904.fixPageNotFoundErrorByUser", "true"); Line Deleted : user_pref("CT3239904.fixPageNotFoundErrorInHidden", "true"); Line Deleted : user_pref("CT3239904.fixUrls", true); Line Deleted : user_pref("CT3239904.fullUserID", "UN34693415818641068.XX.20130626064245"); Line Deleted : user_pref("CT3239904.hxxp___pinterest_aot_im.isEnabled", "WQ=="); Line Deleted : user_pref("CT3239904.installId", "conduitinstaller.exe"); Line Deleted : user_pref("CT3239904.installType", "ConduitNSISIntegration"); Line Deleted : user_pref("CT3239904.isCheckedStartAsHidden", true); Line Deleted : user_pref("CT3239904.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}"); Line Deleted : user_pref("CT3239904.isFirstTimeToolbarLoading", "false"); Line Deleted : user_pref("CT3239904.isNewTabEnabled", false); Line Deleted : user_pref("CT3239904.isPerformedSmartBarTransition", "true"); Line Deleted : user_pref("CT3239904.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}"); Line Deleted : user_pref("CT3239904.lastVersion", "10.21.1.507"); Line Deleted : user_pref("CT3239904.migrateAppsAndComponents", true); Line Deleted : user_pref("CT3239904.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxps%3A%2F%2Fforums.malwarebytes.org%2Findex.php%3Fshowtopic%3D135601\",\"EB_MAIN_FRAME_TITLE\":\"Bought[...] Line Deleted : user_pref("CT3239904.openThankYouPage", "false"); Line Deleted : user_pref("CT3239904.openUninstallPage", "false"); Line Deleted : user_pref("CT3239904.search.searchAppId", "129878973612432233"); Line Deleted : user_pref("CT3239904.search.searchCount", "0"); Line Deleted : user_pref("CT3239904.searchInNewTabEnabled", "false"); Line Deleted : user_pref("CT3239904.searchInNewTabEnabledByUser", "false"); Line Deleted : user_pref("CT3239904.searchInNewTabEnabledInHidden", "true"); Line Deleted : user_pref("CT3239904.searchSuggestEnabledByUser", "false"); Line Deleted : user_pref("CT3239904.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}"); Line Deleted : user_pref("CT3239904.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}"); Line Deleted : user_pref("CT3239904.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}"); Line Deleted : user_pref("CT3239904.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3239904\"}"); Line Deleted : user_pref("CT3239904.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"SocialSearchBar_App \"}"); Line Deleted : user_pref("CT3239904.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}"); Line Deleted : user_pref("CT3239904.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}"); Line Deleted : user_pref("CT3239904.serviceLayer_services_Configuration_lastUpdate", "1382895717674"); Line Deleted : user_pref("CT3239904.serviceLayer_services_app.twitter.user-barackobama_lastUpdate", "1348829975648"); Line Deleted : user_pref("CT3239904.serviceLayer_services_app.twitter.user-britneyspears_lastUpdate", "1348829975660"); Line Deleted : user_pref("CT3239904.serviceLayer_services_app.twitter.user-eonline_lastUpdate", "1348829975684"); Line Deleted : user_pref("CT3239904.serviceLayer_services_app.twitter.user-justinbieber_lastUpdate", "1348829975674"); Line Deleted : user_pref("CT3239904.serviceLayer_services_app.twitter.user-mariahcarey_lastUpdate", "1348829975699"); Line Deleted : user_pref("CT3239904.serviceLayer_services_app.twitter.user-mileycyrus_lastUpdate", "1348829975637"); Line Deleted : user_pref("CT3239904.serviceLayer_services_app.twitter.user-ryanseacrest_lastUpdate", "1348829975779"); Line Deleted : user_pref("CT3239904.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1377371318256"); Line Deleted : user_pref("CT3239904.serviceLayer_services_appsMetadata_lastUpdate", "1377371318252"); Line Deleted : user_pref("CT3239904.serviceLayer_services_getTwitterExtraInfo_lastUpdate", "1377371321648"); Line Deleted : user_pref("CT3239904.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1377371317790"); Line Deleted : user_pref("CT3239904.serviceLayer_services_location_lastUpdate", "1372172957992"); Line Deleted : user_pref("CT3239904.serviceLayer_services_login_10.13.1.89_lastUpdate", "1354752328078"); Line Deleted : user_pref("CT3239904.serviceLayer_services_login_10.14.65.43_lastUpdate", "1363608793377"); Line Deleted : user_pref("CT3239904.serviceLayer_services_login_10.15.0.562_lastUpdate", "1366327044530"); Line Deleted : user_pref("CT3239904.serviceLayer_services_login_10.15.2.523_lastUpdate", "1371242101692"); Line Deleted : user_pref("CT3239904.serviceLayer_services_login_10.16.2.509_lastUpdate", "1372172961894"); Line Deleted : user_pref("CT3239904.serviceLayer_services_login_10.16.4.519_lastUpdate", "1374591898830"); Line Deleted : user_pref("CT3239904.serviceLayer_services_login_10.16.70.505_lastUpdate", "1377829340132"); Line Deleted : user_pref("CT3239904.serviceLayer_services_login_10.19.2.505_lastUpdate", "1378870887452"); Line Deleted : user_pref("CT3239904.serviceLayer_services_login_10.20.0.513_lastUpdate", "1380256033938"); Line Deleted : user_pref("CT3239904.serviceLayer_services_login_10.20.1.508_lastUpdate", "1382501469270"); Line Deleted : user_pref("CT3239904.serviceLayer_services_login_10.21.1.507_lastUpdate", "1382894800430"); Line Deleted : user_pref("CT3239904.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1377371317906"); Line Deleted : user_pref("CT3239904.serviceLayer_services_searchAPI_lastUpdate", "1382895717606"); Line Deleted : user_pref("CT3239904.serviceLayer_services_serviceMap_lastUpdate", "1382895717459"); Line Deleted : user_pref("CT3239904.serviceLayer_services_toolbarContextMenu_lastUpdate", "1377371317848"); Line Deleted : user_pref("CT3239904.serviceLayer_services_toolbarSettings_lastUpdate", "1382894800636"); Line Deleted : user_pref("CT3239904.serviceLayer_services_translation_lastUpdate", "1382895717110"); Line Deleted : user_pref("CT3239904.settingsINI", true); Line Deleted : user_pref("CT3239904.shouldFirstTimeDialog", "false"); Line Deleted : user_pref("CT3239904.showToolbarPermission", "false"); Line Deleted : user_pref("CT3239904.smartbar.CTID", "CT3239904"); Line Deleted : user_pref("CT3239904.smartbar.Uninstall", "0"); Line Deleted : user_pref("CT3239904.smartbar.homepage", true); Line Deleted : user_pref("CT3239904.smartbar.isHidden", true); Line Deleted : user_pref("CT3239904.smartbar.toolbarName", "SocialSearchBar_App "); Line Deleted : user_pref("CT3239904.startPage", "false"); Line Deleted : user_pref("CT3239904.toolbarBornServerTime", "28-9-2012"); Line Deleted : user_pref("CT3239904.toolbarCurrentServerTime", "27-10-2013"); Line Deleted : user_pref("CT3239904.toolbarLoginClientTime", "Tue Mar 26 2013 06:10:56 GMT-0500 (Central Daylight Time)"); Line Deleted : user_pref("CT3239904_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1382880397124,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]"); Line Deleted : user_pref("extensions.enabledAddons", "DeviceDetection%40logitech.com:1.24.0.9,ffxtlbr%40funmoods.com:1.5.0,imgflashblocker%40shimon.chohen:0.7,%7Bab91efd4-6975-4081-8552-1b3922ed79e2%7D:1.0.6.1,%7BE6[...] Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.hp.user.defined", true); Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.initialized", true); Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.installation.contextKey", ""); Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.installation.installDate", "2012081320"); Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.installation.partnerId", "9Nxdm003YYus"); Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.installation.partnerSubId", "CIOtkMi_5LECFchgTAodnGkAFg"); Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.installation.success", true); Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.installation.toolbarId", "8E5B688E-192C-42AE-9CF9-91DF1FAFD348"); Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.lastActivePing", "1382880396983"); Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.options.defaultSearch", false); Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.options.homePageEnabled", false); Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.options.keywordEnabled", false); Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.options.tabEnabled", false); Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.weather.location", "73301"); Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.initialized", true); Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.contextKey", ""); Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.installDate", "2013040914"); Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerId", "^XP^xdm002^S05013^us"); Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerSubId", "CMa12tejvrYCFQM6nAodzjwARA"); Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.success", true); Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.toolbarId", "80A57CCD-CC75-4F43-955D-44BDF415A706"); Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.lastActivePing", "1365534400573"); Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.defaultSearch", false); Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.homePageEnabled", false); Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.keywordEnabled", false); Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.tabEnabled", false); Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.weather.location", "73301"); Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "televisionfanatic@mindspark.com"); Line Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "Buzzdock,Buzzdock,BuzzdockTease,DropDownDeals,"); Line Deleted : user_pref("extentions.y2layers.installId", "0266ce4f-7ace-47b7-9d18-4b3d88e73e75"); Line Deleted : user_pref("id_igivetoolbar.variables.tracking_enabled_template", "%3Chtml%3E%0D%0A%3Chead%3E%0D%0A%09%0D%0A%0D%0A%09%3Cscript%20language%3D%22javascript%22%3E%20%0D%0A%09%09//%20This%20JS%20code%20imp[...] Line Deleted : user_pref("id_igivetoolbar_tool.variabletracking_enabled", "%0D%0A%3Chtml%3E%0D%0A%3Chead%3E%0D%0A%09%3Cscript%20language%3D%22javascript%22%3E%20%0D%0A%09%09//%20This%20JS%20code%20implements%20inter[...] Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2); Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3239904"); Line Deleted : user_pref("smartbar.machineId", "JPDSXOLSBEGMQ8JHJ5FX+ROSAYZZEX7RDVNEVN9SM5LLXVYTF6UDVH+VCS//ZPP5TRJQ5TV9B8F5FOFIKU8LDG"); [ File : C:\Users\TheLordNotfer\AppData\Roaming\Mozilla\Firefox\Profiles\838v5h47.default\prefs.js ] ************************* AdwCleaner[R0].txt - [21140 octets] - [27/10/2013 13:31:49] AdwCleaner[s0].txt - [21194 octets] - [27/10/2013 13:54:26] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [21255 octets] ########## _____________________________________________________________________________________ And after a QuickScan by MWB, the log file: Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2013.10.27.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16721 NoTouch :: NOTOUCH-BLACKHP [administrator] Protection: Enabled 10/27/2013 2:10:24 PM mbam-log-2013-10-27 (14-10-24).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 304277 Time elapsed: 5 minute(s), 30 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ___________________________________________________ I will reserve comment about how things are working for awhile...while I see How Things Are Working. But I did recognize a lot of stuff I was suspicious of in the files that were "cleaned". I DID notice that after the ADWare mandatory reboot that I got back to the browser MUCH sooner--I hope that is a result that continues. Thanks, MrC!! I'll repost a bit later with BOO! or a YAY! Steve(notfer)
  6. not4hire
    Per instructions: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16720 BrowserJavaVersion: 10.25.2 Run by NoTouch at 11:28:09 on 2013-10-27 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2410 [GMT -5:00] . AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\Sandboxie\SbieSvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe C:\Program Files (x86)\Online Games Manager\ogmservice.exe C:\Program Files (x86)\PDF Complete\pdfsvc.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\SysWOW64\PnkBstrB.exe C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\WUDFHost.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\Dwm.exe C:\Windows\System32\rundll32.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe C:\Windows\PixArt\Pac207\Monitor.exe C:\Program Files\Logitech\FlowScroll\KhalScroll.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Program Files\Sandboxie\SbieCtrl.exe C:\Program Files (x86)\SEC\Natural Color Pro\NCProTray.exe C:\Program Files (x86)\Motorola\MOTOPRINT Host\PrintService.exe C:\Program Files (x86)\QuickTime\QTTask.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Logitech\SetPointG\SetPointII.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\system32\taskeng.exe C:\Windows\system32\notepad.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: Logitech Flow Scroll: {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\FlowScroll\32-bit\LogiSmooth.dll BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll BHO: Yontoo Layers (Drop Down Deals): {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent uRun: [eFax 4.4] "C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe" /R uRun: [Google Update] "C:\Users\NoTouch\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [sandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe" mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [MOTOPRINTUPnPPrintService] C:\Program Files (x86)\Motorola\MOTOPRINT Host\PrintService.exe shell.icon mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NCPROT~1.LNK - C:\Program Files (x86)\SEC\Natural Color Pro\NCProTray.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe TCP: NameServer = 192.168.1.254 TCP: Interfaces\{BBF9F091-EADE-4E1C-AB76-D5897FD5207B} : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{D739A00B-9635-4EAB-B035-E5B71059EB9F} : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{D739A00B-9635-4EAB-B035-E5B71059EB9F}\2375942554039353 : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{D739A00B-9635-4EAB-B035-E5B71059EB9F}\2656C6B696E6534376 : DHCPNameServer = 192.168.2.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Logitech Flow Scroll: {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\FlowScroll\LogiSmooth.dll x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe x64-Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background x64-Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe x64-Run: [LogiScrollApp] C:\Program Files\Logitech\FlowScroll\KhalScroll.exe x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\NoTouch\AppData\Roaming\Mozilla\Firefox\Profiles\us6udg93.default\ FF - prefs.js: browser.search.selectedEngine - Ixquick HTTPS FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll FF - plugin: C:\Users\NoTouch\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll FF - plugin: C:\Users\NoTouch\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Users\NoTouch\AppData\Roaming\Mozilla\Firefox\Profiles\us6udg93.default\extensions\{2421d847-721c-404f-87b4-bbd2b95d1087}\plugins\np-mswmp.dll FF - plugin: C:\Users\NoTouch\AppData\Roaming\Mozilla\Firefox\Profiles\us6udg93.default\extensions\{2421d847-721c-404f-87b4-bbd2b95d1087}\plugins\npConduitFirefoxPlugin.dll FF - plugin: C:\Users\NoTouch\AppData\Roaming\Mozilla\Firefox\Profiles\us6udg93.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll FF - plugin: C:\Users\NoTouch\AppData\Roaming\Mozilla\Firefox\Profiles\us6udg93.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll FF - plugin: C:\Users\NoTouch\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\NoTouch\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Users\NoTouch\AppData\Roaming\Mozilla\plugins\npo1d.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ---- FIREFOX POLICIES ---- FF - user.js: general.useragent.extra.brc - FF - user.js: extentions.y2layers.installId - 0266ce4f-7ace-47b7-9d18-4b3d88e73e75 FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,BuzzdockTease,DropDownDeals, /* Do Not Edit - START: _64Members_ */ // created Tue Apr 09 2013 14:06:40 GMT-0500 (Central Daylight Time) pref(extensions.toolbar.mindspark._64Members_.defaults.exist,true); . /* Do Not Edit - END: _64Members_ */ . ============= SERVICES / DRIVERS =============== . R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-1-26 75904] R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-1-26 38016] R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-27 28600] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-26 203264] R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-2-23 440392] R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-2-23 440392] R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-27 105856] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528] R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-18 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-18 701512] R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2013-7-31 137528] R2 ogmservice;Online Games Manager;C:\Program Files (x86)\Online Games Manager\ogmservice.exe [2013-8-8 559552] R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-1-26 1119768] R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2013-4-17 65657] R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-9-8 25928] R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-1-26 1002848] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-1-26 349800] R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2013-10-16 200552] R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144] R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576] R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840] R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528] R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-1-26 38456] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\System32\drivers\motoandroid.sys [2013-3-26 32768] S3 PAC207;SoC PC-Camera;C:\Windows\System32\drivers\PFC027.SYS [2006-12-5 572416] S3 SIVDRIVER;SIV Kernel Driver;C:\Windows\System32\drivers\SIVX64.sys [2011-6-30 57312] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872] S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640] S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2011-5-13 146920] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-9-4 59392] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-4 1255736] . =============== Created Last 30 ================ . 2013-10-21 15:22:03 -------- d-----w- C:\Users\NoTouch\AppData\Roaming\Ghost Ship Studios 2013-10-20 00:15:57 -------- d-----w- C:\Program Files (x86)\Nightmare Adventures - The Witch's Prison 2013-10-19 22:57:55 -------- d-----w- C:\Program Files (x86)\Surface - The Pantheon 2013-10-19 19:33:40 -------- d-----w- C:\Program Files (x86)\Found - A Hidden Object Adventure 2013-10-19 19:31:58 -------- d-----w- C:\Program Files (x86)\2 Planets Fire & Ice 2013-10-18 16:10:32 -------- d-----w- C:\Users\NoTouch\AppData\Roaming\LegacyInteractive 2013-10-18 15:38:54 -------- d-----w- C:\Users\NoTouch\AppData\Roaming\8floor 2013-10-17 06:05:17 -------- d-----w- C:\Windows\SysWow64\AGEIA 2013-10-17 06:02:29 -------- d-----w- C:\Program Files (x86)\Sherlock Holmes VS Arsene Lupin 2013-10-17 05:49:26 -------- d-----w- C:\Program Files (x86)\Sherlock Holmes - The Mystery of the Persian Carpet 2013-10-17 05:48:26 -------- d-----w- C:\Program Files (x86)\The Lost Cases of 221B Baker St 2013-10-14 17:41:48 -------- d-----w- C:\Program Files (x86)\Found - A Hidden Object Adventure - Free to Play 2013-10-14 03:07:55 -------- d-----w- C:\Users\NoTouch\AppData\Roaming\Mind Elevator Games 2013-10-13 07:04:01 -------- d-----w- C:\Program Files (x86)\Jewel Legends - Magical Kingdom 2013-10-09 11:26:07 633856 ----a-w- C:\Windows\System32\comctl32.dll 2013-10-09 11:25:59 3155968 ----a-w- C:\Windows\System32\win32k.sys 2013-10-07 17:07:38 -------- d-----w- C:\Users\NoTouch\AppData\Roaming\AlawarEntertainment 2013-10-03 18:24:32 -------- d-----w- C:\Program Files (x86)\Eternal Journey - New Atlantis 2013-10-03 18:20:05 -------- d-----w- C:\Program Files (x86)\Dark Manor - A Hidden Object Mystery 2013-10-02 16:12:36 -------- d-----w- C:\ProgramData\Motorola 2013-10-02 16:12:17 -------- d-----w- C:\Program Files (x86)\Motorola Mobility 2013-10-02 16:12:17 -------- d-----w- C:\Program Files (x86)\Common Files\MSSoap 2013-10-02 16:12:00 -------- d-----w- C:\Program Files\Motorola Inc 2013-10-01 16:49:45 -------- d-----r- C:\Users\NoTouch\AppData\Roaming\Brother 2013-10-01 16:49:05 -------- d-----w- C:\ProgramData\Brother 2013-09-29 20:55:34 -------- d-----w- C:\Users\NoTouch\AppData\Roaming\Digital Quarter 2013-09-27 16:36:57 -------- d-----w- C:\Program Files (x86)\Fearful Tales - Hansel and Gretel . ==================== Find3M ==================== . 2013-10-09 01:05:18 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-10-09 01:05:18 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-10-07 11:37:35 83160 ----a-w- C:\Windows\System32\drivers\avnetflt.sys 2013-10-07 11:37:35 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys 2013-10-07 11:37:35 105856 ----a-w- C:\Windows\System32\drivers\avgntflt.sys 2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-09-22 23:27:48 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-09-22 23:27:48 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-09-22 22:55:10 2241024 ----a-w- C:\Windows\System32\wininet.dll 2013-09-22 22:54:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll 2013-09-22 22:54:50 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-09-22 22:54:50 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-09-21 03:38:39 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-09-21 03:30:24 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-09-21 02:48:36 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-09-21 02:39:47 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys 2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll 2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll 2013-09-04 12:12:11 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys 2013-09-04 12:11:51 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys 2013-09-04 12:11:49 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys 2013-09-04 12:11:43 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys 2013-09-04 12:11:43 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys 2013-09-04 12:11:42 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys 2013-09-04 12:11:40 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys 2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll 2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll 2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll 2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll 2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll 2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll 2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll 2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll 2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys 2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll 2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll 2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe 2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe 2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2013-08-01 12:09:36 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys . ============= FINISH: 11:29:23.59 =============== and: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 9/2/2011 9:21:18 PM System Uptime: 10/27/2013 8:22:36 AM (3 hours ago) . Motherboard: FOXCONN | | 2AB1 Processor: AMD Athlon II X4 640 Processor | CPU 1 | 3000/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 918 GiB total, 662.056 GiB free. D: is FIXED (NTFS) - 14 GiB total, 1.675 GiB free. E: is CDROM (UDF) F: is FIXED (NTFS) - 466 GiB total, 21.651 GiB free. G: is Removable H: is Removable I: is Removable J: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP321: 10/10/2013 3:00:26 AM - Windows Update RP322: 10/13/2013 9:40:48 PM - Windows Backup RP323: 10/17/2013 1:04:22 AM - Installed NVIDIA GAME System Software 2.8.1 RP324: 10/21/2013 6:09:55 AM - Windows Backup . ==== Installed Programs ====================== . 2 Planets Fire & Ice 7 Wonders: Ancient Alien Makeover 7 Wonders: Magical Mystery Tour 7 Wonders: Treasures of Seven Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader XI (11.0.02) Amazon Kindle Amazon Music Importer Amazon Send to Kindle Amnesia: The Dark Descent Ancient Quest of Saqqarah Apple Application Support Apple Mobile Device Support Apple Software Update ATI Catalyst Install Manager Auslogics Duplicate File Finder Avadon: The Black Fortress Avira Free Antivirus Azada ® Azada: Ancient Magic ™ Azada: Elementa Collector's Edition Azada: In Libro Big Fish Casino Big Fish: Game Manager BIT.TRIP RUNNER Blio Blocks That Matter Bonjour Canon Auto Update Service Canon DIGITAL CAMERA Solution Disk Software Guide CANON iMAGE GATEWAY MyCamera Download Plugin CANON iMAGE GATEWAY Task for ZoomBrowser EX Canon MOV Decoder Canon MOV Encoder Canon MovieEdit Task for ZoomBrowser EX Canon PowerShot SX150 IS Camera User Guide Canon Utilities CameraWindow DC 8 Canon Utilities CameraWindow Launcher Canon Utilities Movie Uploader for YouTube Canon Utilities MyCamera Canon Utilities PhotoStitch Canon Utilities ZoomBrowser EX Canon ZoomBrowser EX Memory Card Utility Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All Cave Quest ccc-core-static ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish City of Fools Cogs Company of Heroes Company of Heroes: Opposing Fronts Company of Heroes: Tales of Valor Cradle of Egypt Cradle of Rome Cradle of Rome 2 Crysis® CyberLink DVD Suite Deluxe D3DX10 Dark Manor: A Hidden Object Mystery Darksiders DarksidersInstaller Deep Blue Sea Dustforce DVD Menu Pack for HP MediaSmart Video EA Download Manager EA Download Manager UI eFax Messenger Enchanted Cavern 2 eReg Eternal Journey: New Atlantis Fearful Tales: Hansel and Gretel Fierce Tales: The Dog's Heart Fishdom 3 Found: A Hidden Object Adventure Found: A Hidden Object Adventure - Free to Play Frozen Synapse GameFly Google Earth Plug-in Google Talk Plugin Google Update Helper Gratuitous Space Battles Heroes of Hellas 3: Athens Hewlett-Packard ACLM.NET v1.2.1.1 HP Auto HP Client Services HP Customer Experience Enhancements HP Games HP MediaSmart DVD HP MediaSmart Music HP MediaSmart Photo HP MediaSmart SmartMenu HP MediaSmart Video HP MediaSmart/TouchSmart Netflix HP MovieStore HP Odometer HP Product Detection HP Setup HP Setup Manager HP Support Assistant HP Support Information HP Update HP Vision Hardware Diagnostics Hulu Desktop Inbetween Land Internet TV for Windows Media Center iTunes iTunes Agent 1.3.4 Jamestown Java 7 Update 25 Java Auto Updater Jewel Legends: Magical Kingdom Jewel Legends: Tree of Life Jewel Match 3 Jewel Quest Heritage Jewel Quest II Jewel Quest III Jewel Quest Mysteries: The Oracle of Ur Jewel Quest Mysteries: The Seventh Gate Jewel Quest Mysteries: Trail of the Midnight Heart Jewel Quest Solitaire Jigsaw Puzzles: Fabulous Foods! Junk Mail filter update Just Cause Just Cause 2 Kobo LabelPrint Laruaville LightScribe System Software LIMBO Logitech Flow Scroll 4.0 Logitech Harmony Remote Software 7 Logitech SetPoint 6.32 Lost in Night Magic Encyclopedia Magic Encyclopedia: Illusions Magic Encyclopedia: Moon Light Magic Match Adventures Malwarebytes Anti-Malware version 1.75.0.1300 Medal of Honor Metro 2033 Microsoft .NET Framework 1.1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Starter 2010 - English Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft WSE 3.0 Runtime Microsoft XNA Framework Redistributable 4.0 Refresh MixPad Audio Mixer MotoHelper MergeModules MOTOPRINT Host Motorola Device Manager Motorola Device Software Update Motorola Mobile Drivers Installation 6.2.0 Movie Theme Pack for HP MediaSmart Video Mozilla Firefox 24.0 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2758694) Natural Color Pro Night In The Opera Nightmare Adventures: The Witch's Prison Nightmare Realm NVIDIA 3D Vision Driver 311.06 NVIDIA Control Panel 311.06 NVIDIA GAME System Software 2.8.1 NVIDIA Graphics Driver 311.06 NVIDIA Install Application NVIDIA PhysX NVIDIA Stereoscopic 3D Driver NVIDIA Update 1.11.3 NVIDIA Update Components Online Games Manager v1.21 OpenAL Patchworkz™ PDF Complete Special Edition Phenomenon: City of Cyan Phenomenon: Meteorite PhotoNow! PictureMover PlayReady PC Runtime amd64 PlayReady PC Runtime x86 Portal 2 Power2Go PowerDirector PressReader PunkBuster Services QuickTime Ralink RT2860 Wireless LAN Card Realtek High Definition Audio Driver Recovery Manager Red Faction: Armageddon Remote Control USB Driver RHEM1 RHEM2 RHEM3 Rochard RoxioNow Player Saints Row: The Third Samsung_MonSetup Sandboxie 4.06 (64-bit) Sea of Lies: Mutiny of the Heart Survey Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2) Shaban Shadowgrounds Shadowgrounds Editor Shadowgrounds: Survivor Shatter Sherlock Holmes VS Arsene Lupin Sherlock Holmes VS Jack the Ripper Sherlock Holmes: The Mystery of the Persian Carpet Skype™ 5.10 Sniper Ghost Warrior 2 Sniper: Ghost Warrior Space Pirates and Zombies SpaceChem Spotify Steam Stellarium 0.11.1 Steve the Sheriff 2: The Case of the Missing Thing ™ Steve The Sheriff ™ Surface: The Pantheon Swords and Soldiers HD The Binding Of Isaac The Bridge The Fool The Legend of Sleepy Hollow: Jar of Marbles III - Free to Play The Lost Cases of 221B Baker St. The Path of Hercules The Tiny Bang Story The Treasures of Montezuma 2 Thief 2 Thief Gold Thief: Deadly Shadows Titan Quest Torchlight Torchlight Editor Tower of Elements TRAUMA Trine Twisted Lands: Insomniac Unity Web Player Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2836939) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) Update Installer for WildTangent Games App Vessel Video Downloader Video Downloader version 2.0 VideoPad Video Editor Voxatron 0.1.3 Warhammer 40,000: Dawn of War - Game of the Year Edition WavePad Sound Editor WildTangent Games App (HP Games) WinDirStat 1.1.2 Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Wings of Horus Wizorb Zen Bound® 2 Zen Puzzle Garden Demo 1.28 Zinio Reader 4 . ==== Event Viewer Messages From Past Week ======== . 10/27/2013 8:26:15 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 10/27/2013 8:26:15 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure. 10/25/2013 8:21:38 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk7\DR7. 10/24/2013 5:58:15 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{D739A00B-9635-4EAB-B035-E5B71059EB9F} because another computer on the network has the same name. The server could not start. 10/23/2013 2:19:27 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user NoTouch-blackHP\NoTouch SID (S-1-5-21-3161691985-4228853739-3942633469-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 10/23/2013 2:19:27 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user NoTouch-blackHP\NoTouch SID (S-1-5-21-3161691985-4228853739-3942633469-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 10/22/2013 9:27:58 AM, Error: Schannel [36887] - The following fatal alert was received: 80. . ==== End Of File ===========================
  7. not4hire
    Thanks for the prompt response. Obviously, I want to remove this PUP from the doghouse and then nail the door shut. The default actions above are kind of "Ignorance is bliss..." so I will avail myself of the Option 2 in "Available Assistance..." thread. Thanks!
  8. not4hire
    Thanks in advance for any help! I just purchased the "PRO" version, thinking that I would be safe from the PUP.Optional.Conduit.A infection. I got tired of removing it with the free version, but every scan reveals it still to be on my computer. I am absolutely willing to follow the instructions given by MrCharlie to user "Stephaniek1" if this series of steps will clean out this ....thing- -permanently. I would think that once it is removed, the paid-for PRO would protect me from RE-infection. But it apparently doesn't. I don't want a refund or anything, as I believe it to be a good product, but I also expect to be protected from getting the malware/trojan/virus in the future. Please comment....Thanks again....Steve
  9. not4hire
    BINGO!! It's Bitdefender--see this link: http://forum.bitdefender.com/index.php?showtopic=13130 I'm working on this as this is written--running a new BD update and scan. I hope it works and will report. Thanks for the help!!
  10. not4hire
    BUMP!! PLease help...
  11. not4hire
    Please find MBAM log file and HIJACKTHIS log files below. For the last 5-6 days, I have been unable to open my Firefox browser. If I do a Windows RESTORE (to a previous date) when the Browser WAS working, then I'm OK. IE still works, but I hate it and only use when I have to --. i.e. to open webpages that are not FF friendly. Task Mgr does NOT show that FF is running--when I click FF on my desktop, I get the hourglass for a few seconds, then nothing. My Bitdefender antivirus does not indicate infection nor does MBAM. I do get a MS message at startup that Norton Firewall is not enabled, but Bitdefender tells me to turn it off. I have tried to UNinstall all old AV programs but PCTOOLS Spydoctor (which brought things to a C R A W L )still seems to be hanging in---WTF? I get my internet thru Time Warner Cable --FYI Please ask anything I have probably forgotten... Thanks in advance--Steve -------------------- Malwarebytes' Anti-Malware 1.36 Database version: 1987 Windows 5.1.2600 Service Pack 2 4/15/2009 11:53:51 AM mbam-log-2009-04-15 (11-53-51).txt Scan type: Quick Scan Objects scanned: 95442 Time elapsed: 6 minute(s), 46 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:12:49 AM, on 4/15/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\HP\KBD\KBD.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cybernet1.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\webhelper.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [EVGAPrecision] "C:\Program Files\EVGA Precision\EVGAPrecision.exe" /s O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM') O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Jewel%20Quest%202/Images/stg_drm.ocx O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxor2/sis/mjolauncher.cab O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} (GameTap Web Updater) - http://cnn-5.vo.llnwd.net/c1/static/cab_he...pWebUpdater.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Tibet%20Quest/Images/armhelper.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shock...ash/swflash.cab O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.