Bought MWB "PRO"- -still get PUP.Optional.Conduit.A...shut the doghouse

[not4hire]

Per instructions:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16720  BrowserJavaVersion: 10.25.2
Run by NoTouch at 11:28:09 on 2013-10-27
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4095.2410 [GMT -5:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Program Files (x86)\Online Games Manager\ogmservice.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\rundll32.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files\Logitech\FlowScroll\KhalScroll.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files (x86)\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files (x86)\Motorola\MOTOPRINT Host\PrintService.exe
C:\Program Files (x86)\QuickTime\QTTask.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Logitech\SetPointG\SetPointII.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskeng.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.




BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Logitech Flow Scroll: {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\FlowScroll\32-bit\LogiSmooth.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: Yontoo Layers (Drop Down Deals): {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -
uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [eFax 4.4] "C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe" /R
uRun: [Google Update] "C:\Users\NoTouch\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [sandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [MOTOPRINTUPnPPrintService] C:\Program Files (x86)\Motorola\MOTOPRINT Host\PrintService.exe shell.icon
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NCPROT~1.LNK - C:\Program Files (x86)\SEC\Natural Color Pro\NCProTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe




TCP: NameServer = 192.168.1.254
TCP: Interfaces\{BBF9F091-EADE-4E1C-AB76-D5897FD5207B} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{D739A00B-9635-4EAB-B035-E5B71059EB9F} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{D739A00B-9635-4EAB-B035-E5B71059EB9F}\2375942554039353 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{D739A00B-9635-4EAB-B035-E5B71059EB9F}\2656C6B696E6534376 : DHCPNameServer = 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Logitech Flow Scroll: {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\FlowScroll\LogiSmooth.dll
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
x64-Run: [LogiScrollApp] C:\Program Files\Logitech\FlowScroll\KhalScroll.exe
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\NoTouch\AppData\Roaming\Mozilla\Firefox\Profiles\us6udg93.default\
FF - prefs.js: browser.search.selectedEngine - Ixquick HTTPS

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll
FF - plugin: C:\Users\NoTouch\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Users\NoTouch\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\NoTouch\AppData\Roaming\Mozilla\Firefox\Profiles\us6udg93.default\extensions\{2421d847-721c-404f-87b4-bbd2b95d1087}\plugins\np-mswmp.dll
FF - plugin: C:\Users\NoTouch\AppData\Roaming\Mozilla\Firefox\Profiles\us6udg93.default\extensions\{2421d847-721c-404f-87b4-bbd2b95d1087}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: C:\Users\NoTouch\AppData\Roaming\Mozilla\Firefox\Profiles\us6udg93.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll
FF - plugin: C:\Users\NoTouch\AppData\Roaming\Mozilla\Firefox\Profiles\us6udg93.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: C:\Users\NoTouch\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\NoTouch\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\NoTouch\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc -
FF - user.js: extentions.y2layers.installId - 0266ce4f-7ace-47b7-9d18-4b3d88e73e75
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,BuzzdockTease,DropDownDeals,
/* Do Not Edit - START: _64Members_ */
// created Tue Apr 09 2013 14:06:40 GMT-0500 (Central Daylight Time)
pref(extensions.toolbar.mindspark._64Members_.defaults.exist,true);
.
/* Do Not Edit - END: _64Members_ */
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-1-26 75904]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-1-26 38016]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-27 28600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-26 203264]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-2-23 440392]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-2-23 440392]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-27 105856]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-18 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-18 701512]
R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2013-7-31 137528]
R2 ogmservice;Online Games Manager;C:\Program Files (x86)\Online Games Manager\ogmservice.exe [2013-8-8 559552]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-1-26 1119768]
R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2013-4-17 65657]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-9-8 25928]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-1-26 1002848]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-1-26 349800]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2013-10-16 200552]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-1-26 38456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\System32\drivers\motoandroid.sys [2013-3-26 32768]
S3 PAC207;SoC PC-Camera;C:\Windows\System32\drivers\PFC027.SYS [2006-12-5 572416]
S3 SIVDRIVER;SIV Kernel Driver;C:\Windows\System32\drivers\SIVX64.sys [2011-6-30 57312]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2011-5-13 146920]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-9-4 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-4 1255736]
.
=============== Created Last 30 ================
.
2013-10-21 15:22:03    --------    d-----w-    C:\Users\NoTouch\AppData\Roaming\Ghost Ship Studios
2013-10-20 00:15:57    --------    d-----w-    C:\Program Files (x86)\Nightmare Adventures - The Witch's Prison
2013-10-19 22:57:55    --------    d-----w-    C:\Program Files (x86)\Surface - The Pantheon
2013-10-19 19:33:40    --------    d-----w-    C:\Program Files (x86)\Found - A Hidden Object Adventure
2013-10-19 19:31:58    --------    d-----w-    C:\Program Files (x86)\2 Planets Fire & Ice
2013-10-18 16:10:32    --------    d-----w-    C:\Users\NoTouch\AppData\Roaming\LegacyInteractive
2013-10-18 15:38:54    --------    d-----w-    C:\Users\NoTouch\AppData\Roaming\8floor
2013-10-17 06:05:17    --------    d-----w-    C:\Windows\SysWow64\AGEIA
2013-10-17 06:02:29    --------    d-----w-    C:\Program Files (x86)\Sherlock Holmes VS Arsene Lupin
2013-10-17 05:49:26    --------    d-----w-    C:\Program Files (x86)\Sherlock Holmes - The Mystery of the Persian Carpet
2013-10-17 05:48:26    --------    d-----w-    C:\Program Files (x86)\The Lost Cases of 221B Baker St
2013-10-14 17:41:48    --------    d-----w-    C:\Program Files (x86)\Found - A Hidden Object Adventure - Free to Play
2013-10-14 03:07:55    --------    d-----w-    C:\Users\NoTouch\AppData\Roaming\Mind Elevator Games
2013-10-13 07:04:01    --------    d-----w-    C:\Program Files (x86)\Jewel Legends - Magical Kingdom
2013-10-09 11:26:07    633856    ----a-w-    C:\Windows\System32\comctl32.dll
2013-10-09 11:25:59    3155968    ----a-w-    C:\Windows\System32\win32k.sys
2013-10-07 17:07:38    --------    d-----w-    C:\Users\NoTouch\AppData\Roaming\AlawarEntertainment
2013-10-03 18:24:32    --------    d-----w-    C:\Program Files (x86)\Eternal Journey - New Atlantis
2013-10-03 18:20:05    --------    d-----w-    C:\Program Files (x86)\Dark Manor - A Hidden Object Mystery
2013-10-02 16:12:36    --------    d-----w-    C:\ProgramData\Motorola
2013-10-02 16:12:17    --------    d-----w-    C:\Program Files (x86)\Motorola Mobility
2013-10-02 16:12:17    --------    d-----w-    C:\Program Files (x86)\Common Files\MSSoap
2013-10-02 16:12:00    --------    d-----w-    C:\Program Files\Motorola Inc
2013-10-01 16:49:45    --------    d-----r-    C:\Users\NoTouch\AppData\Roaming\Brother
2013-10-01 16:49:05    --------    d-----w-    C:\ProgramData\Brother
2013-09-29 20:55:34    --------    d-----w-    C:\Users\NoTouch\AppData\Roaming\Digital Quarter
2013-09-27 16:36:57    --------    d-----w-    C:\Program Files (x86)\Fearful Tales - Hansel and Gretel
.
==================== Find3M  ====================
.
2013-10-09 01:05:18    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 01:05:18    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-07 11:37:35    83160    ----a-w-    C:\Windows\System32\drivers\avnetflt.sys
2013-10-07 11:37:35    28600    ----a-w-    C:\Windows\System32\drivers\avkmgr.sys
2013-10-07 11:37:35    105856    ----a-w-    C:\Windows\System32\drivers\avgntflt.sys
2013-09-22 23:28:06    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-09-22 23:27:49    2876928    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-09-22 23:27:48    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-09-22 23:27:48    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-09-22 22:55:10    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-09-22 22:54:51    3959296    ----a-w-    C:\Windows\System32\jscript9.dll
2013-09-22 22:54:50    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-09-22 22:54:50    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-09-21 03:38:39    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-09-21 03:30:24    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-09-21 02:48:36    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-21 02:39:47    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-09-14 01:10:19    497152    ----a-w-    C:\Windows\System32\drivers\afd.sys
2013-09-08 02:30:37    1903552    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14    327168    ----a-w-    C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58    231424    ----a-w-    C:\Windows\SysWow64\mswsock.dll
2013-09-04 12:12:11    343040    ----a-w-    C:\Windows\System32\drivers\usbhub.sys
2013-09-04 12:11:51    325120    ----a-w-    C:\Windows\System32\drivers\usbport.sys
2013-09-04 12:11:49    99840    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2013-09-04 12:11:43    52736    ----a-w-    C:\Windows\System32\drivers\usbehci.sys
2013-09-04 12:11:43    30720    ----a-w-    C:\Windows\System32\drivers\usbuhci.sys
2013-09-04 12:11:42    25600    ----a-w-    C:\Windows\System32\drivers\usbohci.sys
2013-09-04 12:11:40    7808    ----a-w-    C:\Windows\System32\drivers\usbd.sys
2013-08-29 02:17:48    5549504    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35    1732032    ----a-w-    C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28    243712    ----a-w-    C:\Windows\System32\wow64.dll
2013-08-29 02:16:14    859648    ----a-w-    C:\Windows\System32\tdh.dll
2013-08-29 02:13:28    878080    ----a-w-    C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45    3969472    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45    3914176    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30    1292192    ----a-w-    C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16    619520    ----a-w-    C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17    640512    ----a-w-    C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-08-28 01:12:33    461312    ----a-w-    C:\Windows\System32\scavengeui.dll
2013-08-05 02:25:45    155584    ----a-w-    C:\Windows\System32\drivers\ataport.sys
2013-08-02 02:14:57    215040    ----a-w-    C:\Windows\System32\winsrv.dll
2013-08-02 02:13:34    424448    ----a-w-    C:\Windows\System32\KernelBase.dll
2013-08-02 01:50:42    274944    ----a-w-    C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17    338432    ----a-w-    C:\Windows\System32\conhost.exe
2013-08-02 00:59:09    112640    ----a-w-    C:\Windows\System32\smss.exe
2013-08-02 00:43:05    6144    ---ha-w-    C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05    4608    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05    3584    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-08-01 12:09:36    983488    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
.
============= FINISH: 11:29:23.59 ===============

 

 

and:

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/2/2011 9:21:18 PM
System Uptime: 10/27/2013 8:22:36 AM (3 hours ago)
.
Motherboard: FOXCONN |  | 2AB1
Processor: AMD Athlon II X4 640 Processor | CPU 1 | 3000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 918 GiB total, 662.056 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 1.675 GiB free.
E: is CDROM (UDF)
F: is FIXED (NTFS) - 466 GiB total, 21.651 GiB free.
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP321: 10/10/2013 3:00:26 AM - Windows Update
RP322: 10/13/2013 9:40:48 PM - Windows Backup
RP323: 10/17/2013 1:04:22 AM - Installed NVIDIA GAME System Software 2.8.1
RP324: 10/21/2013 6:09:55 AM - Windows Backup
.
==== Installed Programs ======================
.
2 Planets Fire & Ice
7 Wonders: Ancient Alien Makeover
7 Wonders: Magical Mystery Tour
7 Wonders: Treasures of Seven
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.02)
Amazon Kindle
Amazon Music Importer
Amazon Send to Kindle
Amnesia: The Dark Descent
Ancient Quest of Saqqarah
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
Auslogics Duplicate File Finder
Avadon: The Black Fortress
Avira Free Antivirus
Azada ®
Azada: Ancient Magic ™
Azada: Elementa Collector's Edition
Azada: In Libro
Big Fish Casino
Big Fish: Game Manager
BIT.TRIP RUNNER
Blio
Blocks That Matter
Bonjour
Canon Auto Update Service
Canon DIGITAL CAMERA Solution Disk Software Guide
CANON iMAGE GATEWAY MyCamera Download Plugin
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon PowerShot SX150 IS Camera User Guide
Canon Utilities CameraWindow DC 8
Canon Utilities CameraWindow Launcher
Canon Utilities Movie Uploader for YouTube
Canon Utilities MyCamera
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Cave Quest
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
City of Fools
Cogs
Company of Heroes
Company of Heroes: Opposing Fronts
Company of Heroes: Tales of Valor
Cradle of Egypt
Cradle of Rome
Cradle of Rome 2
Crysis®
CyberLink DVD Suite Deluxe
D3DX10
Dark Manor: A Hidden Object Mystery
Darksiders
DarksidersInstaller
Deep Blue Sea
Dustforce
DVD Menu Pack for HP MediaSmart Video
EA Download Manager
EA Download Manager UI
eFax Messenger
Enchanted Cavern 2
eReg
Eternal Journey: New Atlantis
Fearful Tales: Hansel and Gretel
Fierce Tales: The Dog's Heart
Fishdom 3
Found: A Hidden Object Adventure
Found: A Hidden Object Adventure - Free to Play
Frozen Synapse
GameFly
Google Earth Plug-in
Google Talk Plugin
Google Update Helper
Gratuitous Space Battles
Heroes of Hellas 3: Athens
Hewlett-Packard ACLM.NET v1.2.1.1
HP Auto
HP Client Services
HP Customer Experience Enhancements
HP Games
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart SmartMenu
HP MediaSmart Video
HP MediaSmart/TouchSmart Netflix
HP MovieStore
HP Odometer
HP Product Detection
HP Setup
HP Setup Manager
HP Support Assistant
HP Support Information
HP Update
HP Vision Hardware Diagnostics
Hulu Desktop
Inbetween Land
Internet TV for Windows Media Center
iTunes
iTunes Agent 1.3.4
Jamestown
Java 7 Update 25
Java Auto Updater
Jewel Legends: Magical Kingdom
Jewel Legends: Tree of Life
Jewel Match 3
Jewel Quest Heritage
Jewel Quest II
Jewel Quest III
Jewel Quest Mysteries: The Oracle of Ur
Jewel Quest Mysteries: The Seventh Gate
Jewel Quest Mysteries: Trail of the Midnight Heart
Jewel Quest Solitaire
Jigsaw Puzzles: Fabulous Foods!
Junk Mail filter update
Just Cause
Just Cause 2
Kobo
LabelPrint
Laruaville
LightScribe System Software
LIMBO
Logitech Flow Scroll 4.0
Logitech Harmony Remote Software 7
Logitech SetPoint 6.32
Lost in Night
Magic Encyclopedia
Magic Encyclopedia: Illusions
Magic Encyclopedia: Moon Light
Magic Match Adventures
Malwarebytes Anti-Malware version 1.75.0.1300
Medal of Honor
Metro 2033
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 4.0 Refresh
MixPad Audio Mixer
MotoHelper MergeModules
MOTOPRINT Host
Motorola Device Manager
Motorola Device Software Update
Motorola Mobile Drivers Installation 6.2.0
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
Natural Color Pro
Night In The Opera
Nightmare Adventures: The Witch's Prison
Nightmare Realm
NVIDIA 3D Vision Driver 311.06
NVIDIA Control Panel 311.06
NVIDIA GAME System Software 2.8.1
NVIDIA Graphics Driver 311.06
NVIDIA Install Application
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.11.3
NVIDIA Update Components
Online Games Manager v1.21
OpenAL
Patchworkz™
PDF Complete Special Edition
Phenomenon: City of Cyan
Phenomenon: Meteorite
PhotoNow!
PictureMover
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Portal 2
Power2Go
PowerDirector
PressReader
PunkBuster Services
QuickTime
Ralink RT2860 Wireless LAN Card
Realtek High Definition Audio Driver
Recovery Manager
Red Faction: Armageddon
Remote Control USB Driver
RHEM1
RHEM2
RHEM3
Rochard
RoxioNow Player
Saints Row: The Third
Samsung_MonSetup
Sandboxie 4.06 (64-bit)
Sea of Lies: Mutiny of the Heart Survey
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Shaban
Shadowgrounds
Shadowgrounds Editor
Shadowgrounds: Survivor
Shatter
Sherlock Holmes VS Arsene Lupin
Sherlock Holmes VS Jack the Ripper
Sherlock Holmes: The Mystery of the Persian Carpet
Skype™ 5.10
Sniper Ghost Warrior 2
Sniper: Ghost Warrior
Space Pirates and Zombies
SpaceChem
Spotify
Steam
Stellarium 0.11.1
Steve the Sheriff 2: The Case of the Missing Thing ™
Steve The Sheriff ™
Surface: The Pantheon
Swords and Soldiers HD
The Binding Of Isaac
The Bridge
The Fool
The Legend of Sleepy Hollow: Jar of Marbles III - Free to Play
The Lost Cases of 221B Baker St.
The Path of Hercules
The Tiny Bang Story
The Treasures of Montezuma 2
Thief 2
Thief Gold
Thief: Deadly Shadows
Titan Quest
Torchlight
Torchlight Editor
Tower of Elements
TRAUMA
Trine
Twisted Lands: Insomniac
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update Installer for WildTangent Games App
Vessel
Video Downloader
Video Downloader version 2.0
VideoPad Video Editor
Voxatron 0.1.3
Warhammer 40,000: Dawn of War - Game of the Year Edition
WavePad Sound Editor
WildTangent Games App (HP Games)
WinDirStat 1.1.2
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Wings of Horus
Wizorb
Zen Bound® 2
Zen Puzzle Garden Demo 1.28
Zinio Reader 4
.
==== Event Viewer Messages From Past Week ========
.
10/27/2013 8:26:15 AM, Error: Service Control Manager [7038]  - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:  Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
10/27/2013 8:26:15 AM, Error: Service Control Manager [7000]  - The NVIDIA Update Service Daemon service failed to start due to the following error:  The service did not start due to a logon failure.
10/25/2013 8:21:38 AM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk7\DR7.
10/24/2013 5:58:15 AM, Error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{D739A00B-9635-4EAB-B035-E5B71059EB9F} because another computer on the network has the same name.  The server could not start.
10/23/2013 2:19:27 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D3DCB472-7261-43CE-924B-0704BD730D5F}  and APPID  {D3DCB472-7261-43CE-924B-0704BD730D5F}  to the user NoTouch-blackHP\NoTouch SID (S-1-5-21-3161691985-4228853739-3942633469-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
10/23/2013 2:19:27 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {145B4335-FE2A-4927-A040-7C35AD3180EF}  and APPID  {145B4335-FE2A-4927-A040-7C35AD3180EF}  to the user NoTouch-blackHP\NoTouch SID (S-1-5-21-3161691985-4228853739-3942633469-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
10/22/2013 9:27:58 AM, Error: Schannel [36887]  - The following fatal alert was received: 80.
.
==== End Of File ===========================

[MrCharlie]

Welcome to the forum, please follow this procedure: 

 

Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Make sure you click on download buttons that look like this, not "sponsored ad links":

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• When it's done you'll see: Pending: Please uncheck elements you don't want removed.
• Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
• Look over the log especially under Files/Folders for any program you want to save.
• If there's a program you may want to save, just uncheck it from AdwCleaner.
• If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
• If you're ready to clean it all up.....click the Clean button.
• After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
• Copy and paste the contents of that logfile in your next reply.
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.
• Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
• To restore an item that has been deleted:
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

[not4hire]

Here's the logfile from ADWCleaner:

 

# AdwCleaner v3.010 - Report created 27/10/2013 at 13:54:26
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : NoTouch - NOTOUCH-BLACKHP
# Running from : C:\Users\NoTouch\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Around the world in 80 days
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\quickclick
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\ProgramData\Alawar Stargaze
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iWin
Folder Deleted : C:\Program Files (x86)\File Type Helper
Folder Deleted : C:\Users\NoTouch\AppData\Local\MyScrapNook_12
Folder Deleted : C:\Users\NoTouch\AppData\LocalLow\Fast Free Converter
Folder Deleted : C:\Users\NoTouch\AppData\LocalLow\MyScrapNook_12
Folder Deleted : C:\Users\NoTouch\AppData\Roaming\iWin
Folder Deleted : C:\Users\NoTouch\AppData\Roaming\quickclick
Folder Deleted : C:\Users\NoTouch\AppData\Roaming\Alawar Stargaze
Folder Deleted : C:\Users\NoTouch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video downloader
Folder Deleted : C:\Users\UpdatusUser\AppData\LocalLow\Fast Free Converter
Folder Deleted : C:\Users\TheLordNotfer\AppData\LocalLow\Fast Free Converter
Folder Deleted : C:\Users\NoTouch\AppData\Roaming\Mozilla\Firefox\Profiles\us6udg93.default\Smartbar
Folder Deleted : C:\Users\NoTouch\AppData\Roaming\Mozilla\Firefox\Profiles\us6udg93.default\CT3239904
Folder Deleted : C:\Users\NoTouch\AppData\Roaming\Mozilla\Firefox\Profiles\us6udg93.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Users\NoTouch\AppData\Roaming\Mozilla\Firefox\Profiles\us6udg93.default\Extensions\ffxtlbr@funmoods.com
Folder Deleted : C:\Users\NoTouch\AppData\Roaming\Mozilla\Firefox\Profiles\us6udg93.default\Extensions\{2421d847-721c-404f-87b4-bbd2b95d1087}
File Deleted : C:\Users\NoTouch\AppData\Roaming\Mozilla\Firefox\Profiles\us6udg93.default\Extensions\plugin@yontoo.com.xpi
File Deleted : C:\END
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\NoTouch\AppData\Roaming\Mozilla\Firefox\Profiles\us6udg93.default\searchplugins\search.xml
File Deleted : C:\Users\NoTouch\AppData\Roaming\Mozilla\Firefox\Profiles\us6udg93.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [extension@FastFreeConverter.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Fast Free Converter
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video downloader
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\NoTouch\AppData\Roaming\Mozilla\Firefox\Profiles\us6udg93.default\prefs.js ]

Line Deleted : user_pref("CT3239904.1000082.isDisplayHidden", "true");
Line Deleted : user_pref("CT3239904.1000082.isPlayDisplay", "true");

Line Deleted : user_pref("CT3239904.1000234.TWC_TMP_city", "AUSTIN");
Line Deleted : user_pref("CT3239904.1000234.TWC_TMP_country", "US");
Line Deleted : user_pref("CT3239904.1000234.TWC_locId", "USTX0057");
Line Deleted : user_pref("CT3239904.1000234.TWC_location", "Austin, TX");
Line Deleted : user_pref("CT3239904.1000234.TWC_region", "US");
Line Deleted : user_pref("CT3239904.1000234.TWC_temp_dis", "f");
Line Deleted : user_pref("CT3239904.1000234.TWC_wind_dis", "mph");
Line Deleted : user_pref("CT3239904.1000234.weatherData", "{\"icon\":\"26.png\",\"temperature\":\"75°F\",\"temperatureClear\":\"75°F\",\"highTemperature\":\"88°F\",\"lowTemperature\":\"70°F\",\"feelsLike\":\"75°F\",[...]
Line Deleted : user_pref("CT3239904.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3239904.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3239904.FirstTime", "true");
Line Deleted : user_pref("CT3239904.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3239904.UserID", "UN34693415818641068");
Line Deleted : user_pref("CT3239904.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3239904.autoDisableScopes", -1);
Line Deleted : user_pref("CT3239904.countryCode", "US");
Line Deleted : user_pref("CT3239904.defaultSearch", "false");
Line Deleted : user_pref("CT3239904.enableAlerts", "false");
Line Deleted : user_pref("CT3239904.enableFix404ByUser", "FALSE");
Line Deleted : user_pref("CT3239904.enableSearchFromAddressBar", "false");
Line Deleted : user_pref("CT3239904.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3239904.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3239904.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3239904.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3239904.fixUrls", true);
Line Deleted : user_pref("CT3239904.fullUserID", "UN34693415818641068.XX.20130626064245");
Line Deleted : user_pref("CT3239904.hxxp___pinterest_aot_im.isEnabled", "WQ==");
Line Deleted : user_pref("CT3239904.installId", "conduitinstaller.exe");
Line Deleted : user_pref("CT3239904.installType", "ConduitNSISIntegration");
Line Deleted : user_pref("CT3239904.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3239904.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3239904.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3239904.isNewTabEnabled", false);
Line Deleted : user_pref("CT3239904.isPerformedSmartBarTransition", "true");
Line Deleted : user_pref("CT3239904.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

Line Deleted : user_pref("CT3239904.lastVersion", "10.21.1.507");
Line Deleted : user_pref("CT3239904.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT3239904.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxps%3A%2F%2Fforums.malwarebytes.org%2Findex.php%3Fshowtopic%3D135601\",\"EB_MAIN_FRAME_TITLE\":\"Bought[...]
Line Deleted : user_pref("CT3239904.openThankYouPage", "false");
Line Deleted : user_pref("CT3239904.openUninstallPage", "false");

Line Deleted : user_pref("CT3239904.search.searchAppId", "129878973612432233");
Line Deleted : user_pref("CT3239904.search.searchCount", "0");
Line Deleted : user_pref("CT3239904.searchInNewTabEnabled", "false");
Line Deleted : user_pref("CT3239904.searchInNewTabEnabledByUser", "false");
Line Deleted : user_pref("CT3239904.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3239904.searchSuggestEnabledByUser", "false");
Line Deleted : user_pref("CT3239904.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3239904.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3239904.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3239904.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3239904\"}");

Line Deleted : user_pref("CT3239904.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"SocialSearchBar_App \"}");
Line Deleted : user_pref("CT3239904.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3239904.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3239904.serviceLayer_services_Configuration_lastUpdate", "1382895717674");
Line Deleted : user_pref("CT3239904.serviceLayer_services_app.twitter.user-barackobama_lastUpdate", "1348829975648");
Line Deleted : user_pref("CT3239904.serviceLayer_services_app.twitter.user-britneyspears_lastUpdate", "1348829975660");
Line Deleted : user_pref("CT3239904.serviceLayer_services_app.twitter.user-eonline_lastUpdate", "1348829975684");
Line Deleted : user_pref("CT3239904.serviceLayer_services_app.twitter.user-justinbieber_lastUpdate", "1348829975674");
Line Deleted : user_pref("CT3239904.serviceLayer_services_app.twitter.user-mariahcarey_lastUpdate", "1348829975699");
Line Deleted : user_pref("CT3239904.serviceLayer_services_app.twitter.user-mileycyrus_lastUpdate", "1348829975637");
Line Deleted : user_pref("CT3239904.serviceLayer_services_app.twitter.user-ryanseacrest_lastUpdate", "1348829975779");
Line Deleted : user_pref("CT3239904.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1377371318256");
Line Deleted : user_pref("CT3239904.serviceLayer_services_appsMetadata_lastUpdate", "1377371318252");
Line Deleted : user_pref("CT3239904.serviceLayer_services_getTwitterExtraInfo_lastUpdate", "1377371321648");
Line Deleted : user_pref("CT3239904.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1377371317790");
Line Deleted : user_pref("CT3239904.serviceLayer_services_location_lastUpdate", "1372172957992");
Line Deleted : user_pref("CT3239904.serviceLayer_services_login_10.13.1.89_lastUpdate", "1354752328078");
Line Deleted : user_pref("CT3239904.serviceLayer_services_login_10.14.65.43_lastUpdate", "1363608793377");
Line Deleted : user_pref("CT3239904.serviceLayer_services_login_10.15.0.562_lastUpdate", "1366327044530");
Line Deleted : user_pref("CT3239904.serviceLayer_services_login_10.15.2.523_lastUpdate", "1371242101692");
Line Deleted : user_pref("CT3239904.serviceLayer_services_login_10.16.2.509_lastUpdate", "1372172961894");
Line Deleted : user_pref("CT3239904.serviceLayer_services_login_10.16.4.519_lastUpdate", "1374591898830");
Line Deleted : user_pref("CT3239904.serviceLayer_services_login_10.16.70.505_lastUpdate", "1377829340132");
Line Deleted : user_pref("CT3239904.serviceLayer_services_login_10.19.2.505_lastUpdate", "1378870887452");
Line Deleted : user_pref("CT3239904.serviceLayer_services_login_10.20.0.513_lastUpdate", "1380256033938");
Line Deleted : user_pref("CT3239904.serviceLayer_services_login_10.20.1.508_lastUpdate", "1382501469270");
Line Deleted : user_pref("CT3239904.serviceLayer_services_login_10.21.1.507_lastUpdate", "1382894800430");
Line Deleted : user_pref("CT3239904.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1377371317906");
Line Deleted : user_pref("CT3239904.serviceLayer_services_searchAPI_lastUpdate", "1382895717606");
Line Deleted : user_pref("CT3239904.serviceLayer_services_serviceMap_lastUpdate", "1382895717459");
Line Deleted : user_pref("CT3239904.serviceLayer_services_toolbarContextMenu_lastUpdate", "1377371317848");
Line Deleted : user_pref("CT3239904.serviceLayer_services_toolbarSettings_lastUpdate", "1382894800636");
Line Deleted : user_pref("CT3239904.serviceLayer_services_translation_lastUpdate", "1382895717110");
Line Deleted : user_pref("CT3239904.settingsINI", true);
Line Deleted : user_pref("CT3239904.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3239904.showToolbarPermission", "false");
Line Deleted : user_pref("CT3239904.smartbar.CTID", "CT3239904");
Line Deleted : user_pref("CT3239904.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3239904.smartbar.homepage", true);
Line Deleted : user_pref("CT3239904.smartbar.isHidden", true);
Line Deleted : user_pref("CT3239904.smartbar.toolbarName", "SocialSearchBar_App ");
Line Deleted : user_pref("CT3239904.startPage", "false");
Line Deleted : user_pref("CT3239904.toolbarBornServerTime", "28-9-2012");
Line Deleted : user_pref("CT3239904.toolbarCurrentServerTime", "27-10-2013");
Line Deleted : user_pref("CT3239904.toolbarLoginClientTime", "Tue Mar 26 2013 06:10:56 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT3239904_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1382880397124,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("extensions.enabledAddons", "DeviceDetection%40logitech.com:1.24.0.9,ffxtlbr%40funmoods.com:1.5.0,imgflashblocker%40shimon.chohen:0.7,%7Bab91efd4-6975-4081-8552-1b3922ed79e2%7D:1.0.6.1,%7BE6[...]

Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.hp.user.defined", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.installation.contextKey", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.installation.installDate", "2012081320");
Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.installation.partnerId", "9Nxdm003YYus");
Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.installation.partnerSubId", "CIOtkMi_5LECFchgTAodnGkAFg");
Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.installation.toolbarId", "8E5B688E-192C-42AE-9CF9-91DF1FAFD348");
Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.lastActivePing", "1382880396983");
Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.options.defaultSearch", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.options.homePageEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.options.keywordEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.options.tabEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.weather.location", "73301");

Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.contextKey", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.installDate", "2013040914");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerId", "^XP^xdm002^S05013^us");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerSubId", "CMa12tejvrYCFQM6nAodzjwARA");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.toolbarId", "80A57CCD-CC75-4F43-955D-44BDF415A706");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.lastActivePing", "1365534400573");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.defaultSearch", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.homePageEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.keywordEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.tabEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.weather.location", "73301");
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "televisionfanatic@mindspark.com");
Line Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "Buzzdock,Buzzdock,BuzzdockTease,DropDownDeals,");
Line Deleted : user_pref("extentions.y2layers.installId", "0266ce4f-7ace-47b7-9d18-4b3d88e73e75");
Line Deleted : user_pref("id_igivetoolbar.variables.tracking_enabled_template", "%3Chtml%3E%0D%0A%3Chead%3E%0D%0A%09%0D%0A%0D%0A%09%3Cscript%20language%3D%22javascript%22%3E%20%0D%0A%09%09//%20This%20JS%20code%20imp[...]
Line Deleted : user_pref("id_igivetoolbar_tool.variabletracking_enabled", "%0D%0A%3Chtml%3E%0D%0A%3Chead%3E%0D%0A%09%3Cscript%20language%3D%22javascript%22%3E%20%0D%0A%09%09//%20This%20JS%20code%20implements%20inter[...]
Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2);

Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3239904");
Line Deleted : user_pref("smartbar.machineId", "JPDSXOLSBEGMQ8JHJ5FX+ROSAYZZEX7RDVNEVN9SM5LLXVYTF6UDVH+VCS//ZPP5TRJQ5TV9B8F5FOFIKU8LDG");

[ File : C:\Users\TheLordNotfer\AppData\Roaming\Mozilla\Firefox\Profiles\838v5h47.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [21140 octets] - [27/10/2013 13:31:49]
AdwCleaner[s0].txt - [21194 octets] - [27/10/2013 13:54:26]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [21255 octets] ##########

_____________________________________________________________________________________

 

 

And after a QuickScan by MWB, the log file:

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.27.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
NoTouch :: NOTOUCH-BLACKHP [administrator]

Protection: Enabled

10/27/2013 2:10:24 PM
mbam-log-2013-10-27 (14-10-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 304277
Time elapsed: 5 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

___________________________________________________

 

I will reserve comment about how things are working for awhile...while I see How Things Are Working.

 

But I did recognize a lot of stuff I was suspicious of in the files that were "cleaned". I DID notice that after the ADWare mandatory reboot that I got back to
the browser MUCH sooner--I hope that is a result that continues.

 

Thanks, MrC!! I'll repost a bit later with BOO! or a  YAY!

 

Steve(notfer)

[MrCharlie]

OK...Let me know.......MrC

[not4hire]

MrCharlie--I'll be doggoned if you haven't fixed me. At least as far as I can tell after surfing around, playing a couple games, etc.

 

No sign of the dreaded Conduit A after  a couple scans so you get a big YAY from me. I'd be glad to buy ya a beer if we lived closer. Thanks for your help!!

[not4hire]

OH, almost forgot: Is there any way to delete all the reports/logs that I posted above? There's probably not any classified information there, but it kinda feels like I've raised my skirts and exposed me knickers...I don't have anything to steal so I'm not too worried, but......

[MrCharlie]

OH, almost forgot: Is there any way to delete all the reports/logs that I posted above? There's probably not any classified information there, but it kinda feels like I've raised my skirts and exposed me knickers...I don't have anything to steal so I'm not too worried, but......

You would have to contact a moderator or administration for that: (LDTate, Maurice Naggar or AdvancedSetup)

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• If you get Unsupported operating system. Aborting now, just reboot and try again.
• A Notepad document should open automatically called checkup.txt.
• Please Post the contents of that document.
• Do Not Attach It!!!

MrC

[not4hire]

Here's the checkup.txt:

 

Results of screen317's Security Check version 0.99.74  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 Windows Firewall Disabled!  
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 25  
 Java version out of Date!
 Adobe Flash Player 11.9.900.117  
 Adobe Reader XI  
 Mozilla Firefox (24.0)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 Online Games Manager ogmservice.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 

________________________________

 

Is it okay to close the "Administrator: Security Check"  DOS window or is some other arcane magic going to happen?

 

Also, if I donate via Paypal, do you (MrC) get the all the money or does it go to The Corporate Beer Fund?

 

...standing by....

[MrCharlie]

Is it okay to close the "Administrator: Security Check" DOS window or is some other arcane magic going to happen?

Yes it's OK to close it

Also, if I donate via Paypal, do you (MrC) get the all the money or does it go to The Corporate Beer Fund?

It goes to me

~~~~~~~~~~~~~~~~~~~~~~~~~~~

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:

-------------------------------

Java 7 Update 25 <----please update, should be Update 45

Java version out of Date! <--------Go to control panel > Java > Update Tab > Update Now

Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

 

----------------------------------

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /



Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.
Run FRST and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.

-----------------------------

Please download OTC to your desktop.
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again. (also HERE)

Good Luck and Thanks for using the forum, MrC

[not4hire]

All appears to be well...the PUP has been evicted from the doghouse!

 

Check yer Paypal...

[MrCharlie]

OK..Thanks MrC

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!