entrusted Toolbar

**TheHaych** · 2013-07-22, 20:56

I recently lost a laptop to a bad MB. In the process of recovering data from it I took an almost 'game-only' desktop to the Interwebs in search of a product key tool. I installed Belarc's and another with a jellybean name. Between the two I ended up with several unwanted tool bars. I was successful in removing most, but the entrusted toolbar has proven to be quite tenacious. Coincidentally just before this occurred both my FF and IE browsers on this desktop started locking the computer up. So I installed Chrome which seems to be working okay.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.25.2
Run by Mike at 14:09:42 on 2013-07-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8148.6322 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\vVX3000.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN27748668941372276&UM=2&ctid=CT3299568
uDefault_Page_URL = hxxp://www.msn.com
mWinlogon: Userinit = userinit.exe
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [ConduitFloatingPlugin_pcajpdcjfekhfnapaiphaecoajeollnc] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3299568\plugins\TBVerifier.dll",RunConduitFloatingPlugin pcajpdcjfekhfnapaiphaecoajeollnc
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0725DADC-CAD9-4867-8745-00681411B8DC} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [VX3000] C:\Windows\vVX3000.exe
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\abx65to6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3299568&CUI=UN97307957526430501&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3299568&CUI=UN97307957526430501&UM=2&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3299568&SearchSource=2&CUI=UN97307957526430501&UM=2&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\abx65to6.default\extensions\{77beece6-3997-403a-92fa-0055bfcf88e5}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\abx65to6.default\extensions\{77beece6-3997-403a-92fa-0055bfcf88e5}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-07-22 13:24; {77beece6-3997-403a-92fa-0055bfcf88e5}; C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\abx65to6.default\extensions\{77beece6-3997-403a-92fa-0055bfcf88e5}
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - fa27339a000000000000c86000c5a068
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15908
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.512:58:11
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119351&tsp=4951
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-4-20 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-4-20 189936]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-8-6 16152]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-8-14 1030952]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-8-14 378944]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-8-14 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-8-14 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-6-21 46808]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-8-6 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-8-6 161560]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-6-21 413472]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-8-6 363800]
R3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);C:\Windows\System32\drivers\ICCWDT.sys [2010-8-17 26136]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-8-6 355096]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-8-6 786200]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-8-6 646248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-12 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-12 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-1-12 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-1 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2013-07-22 17:25:16 -------- d-----w- C:\Users\Mike\AppData\Local\Conduit
2013-07-22 17:25:06 -------- d-----w- C:\Users\Mike\AppData\Local\CRE
2013-07-22 17:25:06 -------- d-----w- C:\Program Files (x86)\Conduit
2013-07-22 17:24:30 -------- d-----w- C:\Users\Mike\AppData\Roaming\OpenCandy
2013-07-22 17:24:11 -------- d-----w- C:\Users\Mike\AppData\Local\Programs
2013-07-22 17:00:01 -------- d-----w- C:\Program Files (x86)\Belarc
2013-07-22 16:57:51 -------- d-----w- C:\Users\Mike\AppData\Roaming\DSite
2013-07-21 02:49:53 296816 ----a-w- C:\Windows\System32\drivers\volsnap.sys
2013-07-20 16:37:55 -------- d-----w- C:\Windows\System32\MRT
2013-07-20 15:46:48 -------- d-----w- C:\my pictures
2013-07-19 22:52:41 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{43971355-DA29-4163-98B6-7AAA1BB88989}\mpengine.dll
2013-07-11 17:29:54 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
2013-07-09 22:39:30 -------- d-----w- C:\Users\Mike\AppData\Local\NVIDIA
2013-07-09 18:47:18 -------- d-----w- C:\Program Files (x86)\VideoLAN
2013-06-24 03:04:23 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
==================== Find3M ====================
.
2013-06-27 21:51:58 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-06-27 21:51:58 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-06-24 03:04:19 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-06-24 03:04:19 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-06-21 10:23:16 6496544 ----a-w- C:\Windows\System32\nvcpl.dll
2013-06-21 10:23:16 3514656 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-06-21 10:23:11 884512 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-06-21 10:23:10 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-06-21 10:23:10 237856 ----a-w- C:\Windows\System32\nvmctray.dll
2013-06-21 09:16:02 566048 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-06-20 04:17:49 3253909 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-06-16 21:29:19 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-16 21:29:19 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-09 08:59:07 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-05-09 08:59:07 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-05-09 08:59:06 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-05-09 08:58:37 41664 ----a-w- C:\Windows\avastSS.scr
2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-05-06 06:03:49 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-05-06 04:56:35 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-05-02 06:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
.
============= FINISH: 14:10:01.87 ===============

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-07-22 14:15:32
-----------------------------
14:15:32.550 OS Version: Windows x64 6.1.7601 Service Pack 1
14:15:32.550 Number of processors: 4 586 0x3A09
14:15:32.565 ComputerName: FIRE UserName: Mike
14:15:33.720 Initialize success
14:15:33.782 AVAST engine defs: 13072201
14:15:46.247 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:15:46.247 Disk 0 Vendor: Hitachi_ MS2O Size: 953869MB BusType: 3
14:15:46.325 Disk 0 MBR read successfully
14:15:46.325 Disk 0 MBR scan
14:15:46.325 Disk 0 Windows 7 default MBR code
14:15:46.325 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:15:46.340 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
14:15:46.356 Disk 0 scanning C:\Windows\system32\drivers
14:15:50.490 Service scanning
14:16:01.254 Modules scanning
14:16:01.254 Disk 0 trace - called modules:
14:16:01.269 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
14:16:01.269 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80075ed790]
14:16:01.269 3 CLASSPNP.SYS[fffff88000fc743f] -> nt!IofCallDriver -> [0xfffffa800722e950]
14:16:01.269 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80075ec050]
14:16:02.049 AVAST engine scan C:\Windows
14:16:03.641 AVAST engine scan C:\Windows\system32
14:17:09.644 AVAST engine scan C:\Windows\system32\drivers
14:17:15.198 AVAST engine scan C:\Users\Mike
14:19:22.042 AVAST engine scan C:\ProgramData
14:19:42.291 Scan finished successfully
14:21:35.484 Disk 0 MBR has been saved successfully to "C:\Users\Mike\Desktop\MBR.dat"
14:21:35.500 The log file has been saved successfully to "C:\Users\Mike\Desktop\aswMBR.txt"

**ken545** · 2013-07-23, 12:18

Most times having to many toolbars can cause browsers to hang up, sometimes you get them from not reading when your installing a program and just clicking on next, and sometimes there installed without you realizing it.

Go here and download AdwCleaner to your desktop

Double click on AdwCleaner.exe to run the tool.
Click on Delete
A logfile will automatically open after the scan has finished.
Please post the content of that logfile in your reply.
You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

Download Junkware Removal Tool to your desktop

shut down your protection software now to avoid potential conflicts.
run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
the tool will open and start scanning your system
please be patient as this can take a while to complete depending on your system's specifications
on completion, a log (JRT.txt) is saved to your desktop and will automatically open
post the contents of JRT.txt into your next message.

**TheHaych** · 2013-07-23, 20:22

# AdwCleaner v2.306 - Logfile created 07/23/2013 at 14:01:21
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Mike - FIRE
# Boot Mode : Normal
# Running from : C:\Users\Mike\Downloads\AdwCleaner (1).exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcajpdcjfekhfnapaiphaecoajeollnc
File Deleted : C:\END
File Deleted : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\abx65to6.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\abx65to6.default\searchplugins\Babylon.xml
File Deleted : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\abx65to6.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\abx65to6.default\searchplugins\delta.xml
File Deleted : C:\Windows\Tasks\DSite.job
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\BrowserProtect
Folder Deleted : C:\Users\Mike\AppData\Local\Conduit
Folder Deleted : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcajpdcjfekhfnapaiphaecoajeollnc
Folder Deleted : C:\Users\Mike\AppData\Local\Temp\CT3299568
Folder Deleted : C:\Users\Mike\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Mike\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Mike\AppData\Roaming\DSite
Folder Deleted : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\abx65to6.default\CT3299568
Folder Deleted : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\abx65to6.default\extensions\{77beece6-3997-403a-92fa-0055bfcf88e5}
Folder Deleted : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\abx65to6.default\Smartbar
Folder Deleted : C:\Users\Mike\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pcajpdcjfekhfnapaiphaecoajeollnc
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3299568
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\d57dcdeb73fe510
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pcajpdcjfekhfnapaiphaecoajeollnc
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&CUI=UN27748668941372276&UM=2&ctid=CT3299568 --> hxxp://www.google.com

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\abx65to6.default\prefs.js

C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\abx65to6.default\user.js ... Deleted !

Deleted : user_pref("CT3299568.1000082.isPlayDisplay", "true");
Deleted : user_pref("CT3299568.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Deleted : user_pref("CT3299568.1000234.TWC_TMP_city", "GREENSBORO");
Deleted : user_pref("CT3299568.1000234.TWC_TMP_country", "US");
Deleted : user_pref("CT3299568.1000234.TWC_country", "UNITED STATES");
Deleted : user_pref("CT3299568.1000234.TWC_locId", "USNC0280");
Deleted : user_pref("CT3299568.1000234.TWC_location", "Greensboro, NC");
Deleted : user_pref("CT3299568.1000234.TWC_region", "US");
Deleted : user_pref("CT3299568.1000234.TWC_temp_dis", "f");
Deleted : user_pref("CT3299568.1000234.TWC_wind_dis", "mph");
Deleted : user_pref("CT3299568.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3299568.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3299568.FF19Solved", "true");
Deleted : user_pref("CT3299568.FirstTime", "true");
Deleted : user_pref("CT3299568.FirstTimeFF3", "true");
Deleted : user_pref("CT3299568.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT329[...]
Deleted : user_pref("CT3299568.UserID", "UN97307957526430501");
Deleted : user_pref("CT3299568.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3299568.autoDisableScopes", -1);
Deleted : user_pref("CT3299568.browser.search.defaultthis.engineName", "true");
Deleted : user_pref("CT3299568.countryCode", "US");
Deleted : user_pref("CT3299568.defaultSearch", "true");
Deleted : user_pref("CT3299568.embeddedsData", "[{\"appId\":\"130114658590951660\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT3299568.enableAlerts", "true");
Deleted : user_pref("CT3299568.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT3299568.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3299568.fixPageNotFoundError", "true");
Deleted : user_pref("CT3299568.fixPageNotFoundErrorByUser", "true");
Deleted : user_pref("CT3299568.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3299568.fixUrls", true);
Deleted : user_pref("CT3299568.fullUserID", "UN97307957526430501.IN.20130722132444");
Deleted : user_pref("CT3299568.installDate", "22/07/2013 13:24:44");
Deleted : user_pref("CT3299568.installId", "stub.exe");
Deleted : user_pref("CT3299568.installSessionId", "{876DE437-2FA4-484C-9A2E-FE3A2B5A193E}");
Deleted : user_pref("CT3299568.installSp", "TRUE");
Deleted : user_pref("CT3299568.installType", "conduitnsisintegration");
Deleted : user_pref("CT3299568.installUsage", "2013-07-22T20:39:51.5163033+03:00");
Deleted : user_pref("CT3299568.installUsageEarly", "2013-07-22T20:39:51.0631696+03:00");
Deleted : user_pref("CT3299568.installerVersion", "1.5.4.4");
Deleted : user_pref("CT3299568.isCheckedStartAsHidden", true);
Deleted : user_pref("CT3299568.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3299568.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT3299568.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3299568.keyword", "true");
Deleted : user_pref("CT3299568.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
Deleted : user_pref("CT3299568.lastVersion", "10.16.70.5");
Deleted : user_pref("CT3299568.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Deleted : user_pref("CT3299568.migrateAppsAndComponents", true);
Deleted : user_pref("CT3299568.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
Deleted : user_pref("CT3299568.openThankYouPage", "false");
Deleted : user_pref("CT3299568.openUninstallPage", "true");
Deleted : user_pref("CT3299568.originalHomepage", "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=FA27C8600[...]
Deleted : user_pref("CT3299568.originalSearchAddressUrl", "");
Deleted : user_pref("CT3299568.originalSearchEngine", "Delta Search");
Deleted : user_pref("CT3299568.originalSearchEngineName", "Ask.com");
Deleted : user_pref("CT3299568.revertSettingsEnabled", "false");
Deleted : user_pref("CT3299568.search.searchAppId", "130114658590951660");
Deleted : user_pref("CT3299568.search.searchCount", "0");
Deleted : user_pref("CT3299568.searchFromAddressBarEnabledByUser", "true");
Deleted : user_pref("CT3299568.searchInNewTabEnabledByUser", "true");
Deleted : user_pref("CT3299568.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3299568.searchRevert", "false");
Deleted : user_pref("CT3299568.searchSuggestEnabledByUser", "true");
Deleted : user_pref("CT3299568.searchUserMode", "2");
Deleted : user_pref("CT3299568.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3299568.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3299568.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3299568.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3299568.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3299568.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3299568.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3299568.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Deleted : user_pref("CT3299568.serviceLayer_services_Configuration_lastUpdate", "1374514789723");
Deleted : user_pref("CT3299568.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1374514790382");
Deleted : user_pref("CT3299568.serviceLayer_services_appsMetadata_lastUpdate", "1374516189791");
Deleted : user_pref("CT3299568.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1374514790314");
Deleted : user_pref("CT3299568.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1374514789[...]
Deleted : user_pref("CT3299568.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1374514790410")[...]
Deleted : user_pref("CT3299568.serviceLayer_services_login_10.16.70.5_lastUpdate", "1374514790411");
Deleted : user_pref("CT3299568.serviceLayer_services_menu_bfd1c71334f926ecd0bf043e0f822c7e_lastUpdate", "13745[...]
Deleted : user_pref("CT3299568.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1374514790356");
Deleted : user_pref("CT3299568.serviceLayer_services_searchAPI_lastUpdate", "1374514789757");
Deleted : user_pref("CT3299568.serviceLayer_services_serviceMap_lastUpdate", "1374514789607");
Deleted : user_pref("CT3299568.serviceLayer_services_toolbarContextMenu_lastUpdate", "1374514790277");
Deleted : user_pref("CT3299568.serviceLayer_services_toolbarSettings_lastUpdate", "1374516189732");
Deleted : user_pref("CT3299568.serviceLayer_services_translation_lastUpdate", "1374514790481");
Deleted : user_pref("CT3299568.settingsINI", true);
Deleted : user_pref("CT3299568.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3299568.showToolbarPermission", "false");
Deleted : user_pref("CT3299568.smartbar.CTID", "CT3299568");
Deleted : user_pref("CT3299568.smartbar.Uninstall", "0");
Deleted : user_pref("CT3299568.smartbar.homepage", "true");
Deleted : user_pref("CT3299568.smartbar.toolbarName", "entrusted11 ");
Deleted : user_pref("CT3299568.startPage", "true");
Deleted : user_pref("CT3299568.toolbarBornServerTime", "22-7-2013");
Deleted : user_pref("CT3299568.toolbarCurrentServerTime", "22-7-2013");
Deleted : user_pref("CT3299568.toolbarLoginClientTime", "Mon Jul 22 2013 13:39:50 GMT-0400 (Eastern Standard T[...]
Deleted : user_pref("CT3299568.versionFromInstaller", "10.16.70.5");
Deleted : user_pref("CT3299568.xpeMode", "3");
Deleted : user_pref("CT3299568_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3299568&CUI=UN97307957[...]
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "entrusted11 Customized Web Search");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3299568[...]
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3299568");
Deleted : user_pref("browser.search.defaultenginename", "entrusted11 Customized Web Search");
Deleted : user_pref("browser.search.defaultthis.engineName", "entrusted11 Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3299568&CUI[...]
Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3299568&CUI=UN9730795752643[...]
Deleted : user_pref("extensions.delta.admin", false);
Deleted : user_pref("extensions.delta.aflt", "babsst");
Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Deleted : user_pref("extensions.delta.autoRvrt", "false");
Deleted : user_pref("extensions.delta.dfltLng", "en");
Deleted : user_pref("extensions.delta.excTlbr", false);
Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Deleted : user_pref("extensions.delta.id", "fa27339a000000000000c86000c5a068");
Deleted : user_pref("extensions.delta.instlDay", "15908");
Deleted : user_pref("extensions.delta.instlRef", "sst");
Deleted : user_pref("extensions.delta.newTab", false);
Deleted : user_pref("extensions.delta.prdct", "delta");
Deleted : user_pref("extensions.delta.prtnrId", "delta");
Deleted : user_pref("extensions.delta.rvrt", "false");
Deleted : user_pref("extensions.delta.smplGrp", "none");
Deleted : user_pref("extensions.delta.tlbrId", "base");
Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Deleted : user_pref("extensions.delta.vrsn", "1.8.21.5");
Deleted : user_pref("extensions.delta.vrsnTs", "1.8.21.512:58:11");
Deleted : user_pref("extensions.delta.vrsni", "1.8.21.5");
Deleted : user_pref("extensions.delta_i.babExt", "");
Deleted : user_pref("extensions.delta_i.babTrack", "affID=119351&tsp=4951");
Deleted : user_pref("extensions.delta_i.srcExt", "ss");
Deleted : user_pref("extensions.ffxtlbr@delta.com.install-event-fired", true);
Deleted : user_pref("extensions.toolbar@ask.com.install-event-fired", true);
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3299568&SearchSource=2&CU[...]
Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3299568");
Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3299568&CUI=UN973079575[...]
Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3299568");
Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3299568");
Deleted : user_pref("smartbar.machineId", "QJ16Z3EVJL4IRXYJ31D3LFFVM/BBV9958YMLPAOXLWFY9GDJKR03FL/PG7S2PUIUPV6[...]
Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3299568&CUI=UN973079575264[...]

-\\ Google Chrome v28.0.1500.72

File : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.35] : icon_url = "hxxp://search.conduit.com/fav.ico",
Deleted [l.38] : keyword = "search.conduit.com",
Deleted [l.42] : search_url = "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN52[...]
Deleted [l.43] : suggest_url = "hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}&CUI=U[...]
Deleted [l.2354] : homepage = "hxxp://search.conduit.com/?ctid=CT3299568&SearchSource=48&CUI=UN52886836432113275&UM[...]
Deleted [l.3058] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3299568&SearchSource=48&CUI[...]

*************************

AdwCleaner[S1].txt - [16099 octets] - [23/07/2013 14:01:21]

########## EOF - C:\AdwCleaner[S1].txt - [16160 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.2 (07.22.2013:2)
OS: Windows 7 Home Premium x64
Ran by Mike on Tue 07/23/2013 at 14:13:27.52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software

\Microsoft\Internet Explorer\SearchScopes\{0B78EFC0-19E2-4F37-8536

-956BF7BE5618}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software

\Microsoft\Internet Explorer\SearchScopes\{F91F3FFC-1A21-4CE7-

AA9E-0BE47C4DD186}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\strongvault online

backup"
Successfully deleted: [Folder] "C:\Users\Mike\appdata\local

\strongvault"
Successfully deleted: [Folder] "C:\Users\Mike\appdata\local

\strongvault online backup"
Successfully deleted: [Folder] "C:\Program Files (x86)\strongvault

online backup"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"

~~~ FireFox

Successfully deleted: [Folder] C:\Users\Mike\AppData\Roaming

\mozilla\firefox\profiles\abx65to6.default\extensions

\couponamazing@jetpack
Emptied folder: C:\Users\Mike\AppData\Roaming\mozilla\firefox

\profiles\abx65to6.default\minidumps [16 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 07/23/2013 at 14:16:20.21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

**TheHaych** · 2013-07-23, 20:37

Upon reboot there may be a problem?

A warning titled "RunDLL" states:

There was a problem starting C;\Program Files(x86)\Conduit\CT3299568\plugins\TBVerifier.dll

This specified module could not be found

P.S. Also to clarify my first post. FF and IE were having a problem randomly locking the machine up for perhaps 60 sec at a time. However, it also caused a BSOD twice. I have that message. I ran an MS hotfix based on the MS findings, but it didn't seem to help or hurt the situation because it is still randomly locking up when I have either of those browsers up. If I'm using the machine to game wouldn't know there's a problem.

**ken545** · 2013-07-23, 21:01

Go here and delete this
C:\Program Files(x86)\Conduit<-------

Please download Malwarebytes Anti-Malware to your desktop.

Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan as shown below.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.

**TheHaych** · 2013-07-24, 18:43

I went to look for \Conduit in Program Files (x86) and Program Files and didn't find it.

I installed and ran Malware Bytes.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.24.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Mike :: FIRE [administrator]

7/24/2013 12:36:15 PM
mbam-log-2013-07-24 (12-36-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 245431
Time elapsed: 1 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Mike\AppData\Local\Temp\is1590112554\SuperLyrics_1060-2024_v116.exe (PUP.LyricsAd) -> Quarantined and deleted successfully.
C:\Users\Mike\Local Settings\Temporary Internet Files\Content.IE5\053QEG13\pack[1].7z (Adware.BProtector) -> Quarantined and deleted successfully.

(end)

**ken545** · 2013-07-24, 19:00

Great,

Do this , you need the 64 bit version

Download and Run SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64 Bit Version

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
Code:
```
:folderfind
Conduit
:filefind
Conduit
:regfind
Conduit
```
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

**TheHaych** · 2013-07-24, 20:45

Looks like it found it only in the registry.

SystemLook 30.07.11 by jpshortstuff
Log created at 14:43 on 24/07/2013 by Mike
Administrator - Elevation successful

========== folderfind ==========

Searching for "Conduit"
No folders found.

========== filefind ==========

Searching for "Conduit"
No files found.

========== regfind ==========

Searching for "Conduit"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ConduitFloatingPlugin_pcajpdcjfekhfnapaiphaecoajeollnc"=""C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3299568\plugins\TBVerifier.dll",RunConduitFloatingPlugin pcajpdcjfekhfnapaiphaecoajeollnc"
[HKEY_USERS\S-1-5-21-2252180016-650088479-3489461328-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"ConduitFloatingPlugin_pcajpdcjfekhfnapaiphaecoajeollnc"=""C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3299568\plugins\TBVerifier.dll",RunConduitFloatingPlugin pcajpdcjfekhfnapaiphaecoajeollnc"

-= EOF =-

**ken545** · 2013-07-24, 21:23

Hey,

Those two entries need to be fixed , they are whats causing you the error for conduit, but there may be more to fix, not sure, run this quick scan and post the log and then we can use this tool to remove both those entries

OTL by OldTimer

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
  Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

**TheHaych** · 2013-07-25, 02:51

OTL logfile created on: 7/24/2013 8:41:45 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mike\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.96 Gb Total Physical Memory | 6.66 Gb Available Physical Memory | 83.75% Memory free
15.91 Gb Paging File | 14.33 Gb Available in Paging File | 90.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 814.98 Gb Free Space | 87.50% Space Free | Partition Type: NTFS

Computer Name: FIRE | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Mike\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Windows\vVX3000.exe (Microsoft Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\c57eba08ab60f48e7d57228849d92a34\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\89fe719039385377f6b5ad8d0070aa6b\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\5ff75dafe0bda546dc6c71d2cb2d5257\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\6e3778958a8bfd03bf0f2f60c4e25623\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c25666b99761bc42322bae2e59968df8\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV:64bit: - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (ICCWDT) -- C:\Windows\SysNative\drivers\ICCWDT.sys (Intel Corporation)
DRV:64bit: - (VX3000) -- C:\Windows\SysNative\drivers\VX3000.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{21A51130-7285-49FE-B3F6-2385CC71CDEA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{21A51130-7285-49FE-B3F6-2385CC71CDEA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2252180016-650088479-3489461328-1000\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2252180016-650088479-3489461328-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKU\S-1-5-21-2252180016-650088479-3489461328-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2252180016-650088479-3489461328-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2252180016-650088479-3489461328-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..extensions.enabledAddons: %7Bbee6eb20-01e0-ebd1-da83-080329fb9a3a%7D:1.35
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/06/21 07:54:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/08/13 17:20:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\mozilla\Extensions
[2013/07/24 12:34:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\mozilla\Firefox\Profiles\abx65to6.default\extensions
[2013/07/03 17:19:17 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Mike\AppData\Roaming\mozilla\Firefox\Profiles\abx65to6.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2013/07/24 12:34:15 | 000,534,063 | ---- | M] () (No name found) -- C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\abx65to6.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/07/22 06:43:57 | 000,818,491 | ---- | M] () (No name found) -- C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\abx65to6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/07/22 12:58:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\Extensions
[2013/07/03 18:08:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/07/03 18:08:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN52886836432113275&ctid=CT3299568&UM=2
CHR - default_search_provider: suggest_url = http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}&CUI=UN52886836432113275&UM=2
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2252180016-650088479-3489461328-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2252180016-650088479-3489461328-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2252180016-650088479-3489461328-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2252180016-650088479-3489461328-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2252180016-650088479-3489461328-1001..\Run: [ConduitFloatingPlugin_pcajpdcjfekhfnapaiphaecoajeollnc] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3299568\plugins\TBVerifier.dll",RunConduitFloatingPlugin pcajpdcjfekhfnapaiphaecoajeollnc File not found
O4 - HKU\S-1-5-21-2252180016-650088479-3489461328-1001..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-2252180016-650088479-3489461328-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2252180016-650088479-3489461328-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0725DADC-CAD9-4867-8745-00681411B8DC}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/24 12:35:17 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Malwarebytes
[2013/07/24 12:35:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/24 12:35:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/07/24 12:35:00 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/07/24 12:35:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/07/23 14:13:26 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/07/23 14:11:02 | 000,560,934 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Mike\Desktop\JRT.exe
[2013/07/22 16:58:54 | 000,000,000 | ---D | C] -- C:\Kaplan
[2013/07/22 14:07:28 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Mike\Desktop\aswMBR.exe
[2013/07/22 14:07:04 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Mike\Desktop\dds.scr
[2013/07/22 13:25:06 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\CRE
[2013/07/22 13:24:11 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Programs
[2013/07/22 13:00:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belarc
[2013/07/20 12:37:55 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/07/20 11:46:48 | 000,000,000 | ---D | C] -- C:\my pictures
[2013/07/15 15:33:32 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\dvdcss
[2013/07/11 22:15:43 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/07/11 22:15:43 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/07/11 22:15:42 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/07/11 22:15:42 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/07/11 22:15:42 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/07/11 22:15:42 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/07/11 22:15:42 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/07/11 22:15:42 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/07/11 22:15:42 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/07/11 22:15:42 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/07/11 22:15:42 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/07/11 22:15:41 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/07/11 22:15:41 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/07/11 22:15:41 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/07/11 22:15:40 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/07/11 13:29:52 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/07/11 13:29:52 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/07/11 13:29:52 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2013/07/11 13:29:52 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2013/07/11 13:29:18 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/07/09 18:55:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013/07/09 18:53:57 | 027,781,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013/07/09 18:53:57 | 025,256,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013/07/09 18:53:57 | 021,102,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013/07/09 18:53:57 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013/07/09 18:53:57 | 009,239,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013/07/09 18:53:57 | 007,687,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013/07/09 18:53:57 | 007,641,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013/07/09 18:53:57 | 006,324,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013/07/09 18:53:57 | 002,953,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013/07/09 18:53:57 | 002,777,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013/07/09 18:53:57 | 002,363,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013/07/09 18:53:57 | 002,002,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013/07/09 18:53:57 | 001,832,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6432049.dll
[2013/07/09 18:53:57 | 001,511,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6432049.dll
[2013/07/09 18:53:57 | 000,925,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2013/07/09 18:53:57 | 000,572,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2013/07/09 18:53:57 | 000,570,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2013/07/09 18:53:57 | 000,467,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2013/07/09 18:53:57 | 000,465,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2013/07/09 18:53:57 | 000,266,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2013/07/09 18:53:57 | 000,218,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2013/07/09 18:53:57 | 000,214,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2013/07/09 18:53:57 | 000,194,848 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2013/07/09 18:53:57 | 000,181,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2013/07/09 18:53:57 | 000,031,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2013/07/09 18:39:30 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\NVIDIA
[2013/07/09 14:47:35 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\vlc
[2013/07/09 14:47:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/07/09 14:47:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013/07/03 18:08:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2013/07/24 20:29:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/24 19:52:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/24 18:52:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/24 14:43:12 | 000,028,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/24 14:43:12 | 000,028,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/24 14:40:40 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/24 14:40:40 | 000,660,280 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/24 14:40:40 | 000,121,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/24 14:35:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/24 14:35:49 | 2112,557,055 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/24 12:35:01 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/23 14:11:05 | 000,560,934 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Mike\Desktop\JRT.exe
[2013/07/23 14:01:36 | 000,000,171 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/07/22 14:45:16 | 000,002,451 | ---- | M] () -- C:\Users\Mike\Desktop\attach.zip
[2013/07/22 14:21:35 | 000,000,512 | ---- | M] () -- C:\Users\Mike\Desktop\MBR.dat
[2013/07/22 14:09:06 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Mike\Desktop\aswMBR.exe
[2013/07/22 14:07:06 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Mike\Desktop\dds.scr
[2013/07/21 07:15:06 | 000,002,279 | ---- | M] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/07/21 07:14:54 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/07/20 12:37:29 | 000,772,990 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/07/20 12:14:01 | 581,853,914 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/07/19 18:47:15 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/07/19 18:47:13 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/07/12 13:30:10 | 000,275,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/09 18:39:18 | 000,001,347 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2013/07/09 14:47:29 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/06/27 17:51:58 | 001,030,952 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/06/27 17:51:58 | 000,378,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/06/27 17:51:58 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/06/27 17:51:58 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013/06/27 17:51:58 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013/06/27 17:51:58 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum

========== Files Created - No Company Name ==========

[2013/07/24 12:35:01 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/23 14:01:28 | 000,000,171 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/07/22 14:45:16 | 000,002,451 | ---- | C] () -- C:\Users\Mike\Desktop\attach.zip
[2013/07/22 14:21:35 | 000,000,512 | ---- | C] () -- C:\Users\Mike\Desktop\MBR.dat
[2013/07/21 07:14:54 | 000,002,255 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/07/20 22:49:13 | 000,313,886 | ---- | C] () -- C:\Users\Mike\Desktop\Windows6.1-KB2632149-x64.msu
[2013/07/09 18:39:18 | 000,001,347 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2013/07/09 18:38:48 | 000,772,990 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/07/09 14:47:29 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/06/27 17:51:58 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013/06/26 17:08:37 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013/06/26 17:08:37 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2012/08/14 15:57:14 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/08/14 10:46:34 | 000,000,111 | ---- | C] () -- C:\Users\Mike\mumble.mumblelay
[2012/08/06 19:10:42 | 000,053,662 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012/08/06 19:10:05 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/08/06 19:09:59 | 000,038,470 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/02/03 01:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/02/10 12:12:20 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\IrfanView
[2013/07/13 23:48:42 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Mumble

========== Purity Check ==========

< End of report >

Thread: entrusted Toolbar

Thread Tools

Display

entrusted Toolbar

Posting Permissions