1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Search Protect/Conduit Question

Discussion in 'Virus & Other Malware Removal' started by patmac, Mar 5, 2014.

Thread Status:
Not open for further replies.
Advertisement
  1. patmac

    patmac Thread Starter

    Joined:
    May 14, 2004
    Messages:
    1,002
    Hi,
    I downloaded an app from CNET ( never again ) and ended up with Search Protect in the Task Bar and redirecting to Conduit.
    Avast free never saw it. I ran AdwareCleaner and MalwareBytes Ant-rootkit, rebooted and no sign of it.
    How best can I check to verify that it's really gone.

    ps not sure about the Gmer log

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft® Windows Vista™ Home Premium, Service Pack 2, 32 bit
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4000+, x64 Family 15 Model 107 Stepping 1
    Processor Count: 2
    RAM: 3325 Mb
    Graphics Card: NVIDIA GeForce 210, 512 Mb
    Hard Drives: C: Total - 228121 MB, Free - 131165 MB; D: Total - 10239 MB, Free - 5254 MB; J: Total - 152624 MB, Free - 152340 MB;
    Motherboard: Dell Inc., 0RY206
    Antivirus: avast! Antivirus, Updated and Enabled

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 8:40:23 PM, on 3/5/2014
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16520)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Users\Dixie\AppData\Local\Apps\2.0\9NWK6H5Z.06A\KRWVHH52.CRY\dell..tion_0f612f649c4a10af_0005.0005_9914611622934cec\DellSystemDetect.exe
    C:\Users\Dixie\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
    C:\Users\Dixie\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    c:\program files\common files\installshield\updateservice\isuspm.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
    C:\Users\Dixie\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (file missing)
    O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVDNkQtS1JORjQtOUhSWEotQUtUSzMtTFI2UFEtTkpTQUg"&"inst=NzctMTg2Mjc4NDQxMy1VOTArMS1UUCsxLVBMKzgtU1AxKzEtU1AxVEIrMS1TVVArMi1TUDFTMisxLUREVCswLUREMTArMS1TVDEwQVBQKzEtUDEwTTEyQysxLVRCTisxLUZVSSsyLVAxME1IKzEtVEJWVVBHKzEyLVAxME1HT0ZGKzEtVEJDVisxLUMxMFUrMTExMy1GMTBVMTMrMS1GMTBVMTNWKzEtRjEwVTEzUyszLUNJRDY1KzE"&"prod=90"&"ver=10.0.1427
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [ROC_ROC_JAN2013_AV] C:\Users\Dixie\AppData\Roaming\AVG January 2013 Campaign\ROC_JAN2013_AV.exe /PROMPT --mid eef3fc518d5969db7ee63f2381c8340d-09b8b9d5b609811485e79b3397480494bb9fa5f8
    O4 - HKCU\..\Run: [DellSystemDetect] C:\Users\Dixie\AppData\Local\Apps\2.0\9NWK6H5Z.06A\KRWVHH52.CRY\dell..tion_0f612f649c4a10af_0005.0005_9914611622934cec\DellSystemDetect.exe
    O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Dixie\AppData\Local\Akamai\netsession_win.exe"
    O4 - Global Startup: Air Mouse.lnk = C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: *.dell.com
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe (file missing)
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: dlbc_device - - C:\Windows\system32\dlbccoms.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe (file missing)
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

    --
    End of file - 8689 bytes

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16520 BrowserJavaVersion: 10.51.2
    Run by Dixie at 20:41:58 on 2014-03-05
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3326.2027 [GMT -5:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\SLsvc.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\dlbccoms.exe
    C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Users\Dixie\AppData\Local\Apps\2.0\9NWK6H5Z.06A\KRWVHH52.CRY\dell..tion_0f612f649c4a10af_0005.0005_9914611622934cec\DellSystemDetect.exe
    C:\Users\Dixie\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
    C:\Users\Dixie\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    c:\program files\common files\installshield\updateservice\isuspm.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxps://www.google.com/
    BHO: HP Print Clips: {053F9267-DC04-4294-A72C-58F732D338C0} - c:\program files\hp\smart web printing\hpswp_framework.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: BearShare MediaBar: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} -
    TB: BearShare MediaBar: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} -
    TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\avast software\avast\aswWebRepIE.dll
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [ROC_ROC_JAN2013_AV] c:\users\dixie\appdata\roaming\avg january 2013 campaign\ROC_JAN2013_AV.exe /PROMPT --mid eef3fc518d5969db7ee63f2381c8340d-09b8b9d5b609811485e79b3397480494bb9fa5f8
    uRun: [DellSystemDetect] c:\users\dixie\appdata\local\apps\2.0\9nwk6h5z.06a\krwvhh52.cry\dell..tion_0f612f649c4a10af_0005.0005_9914611622934cec\DellSystemDetect.exe
    uRun: [Akamai NetSession Interface] "c:\users\dixie\appdata\local\akamai\netsession_win.exe"
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVDNkQtS1JORjQtOUhSWEotQUtUSzMtTFI2UFEtTkpTQUg"&"inst=NzctMTg2Mjc4NDQxMy1VOTArMS1UUCsxLVBMKzgtU1AxKzEtU1AxVEIrMS1TVVArMi1TUDFTMisxLUREVCswLUREMTArMS1TVDEwQVBQKzEtUDEwTTEyQysxLVRCTisxLUZVSSsyLVAxME1IKzEtVEJWVVBHKzEyLVAxME1HT0ZGKzEtVEJDVisxLUMxMFUrMTExMy1GMTBVMTMrMS1GMTBVMTNWKzEtRjEwVTEzUyszLUNJRDY1KzE"&"prod=90"&"ver=10.0.1427
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\airmou~1.lnk - c:\program files\air mouse\air mouse\Air Mouse.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
    IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
    IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD}
    Trusted Zone: dell.com
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{350641B0-898F-4D29-99CA-436A4B1CF266} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{3EB6AD1B-456A-4305-ACE8-8A902F504B1D} : DHCPNameServer = 192.168.1.1
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
    SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.146\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\dixie\appdata\roaming\mozilla\firefox\profiles\27oct4gy.default\
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff10.dll
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff5.dll
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff6.dll
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff7.dll
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff8.dll
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff9.dll
    FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\google\update\1.3.22.5\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
    FF - plugin: c:\users\dixie\appdata\roaming\facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\users\dixie\appdata\roaming\move networks\plugins\npqmp071503000010.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
    FF - ExtSQL: !HIDDEN! 2009-09-02 03:01; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-11-9 49944]
    R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-11-9 180248]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-1-14 775952]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2013-1-14 410784]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-10-10 120088]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-1-14 67824]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-1-14 50344]
    R2 dlbc_device;dlbc_device;c:\windows\system32\dlbccoms.exe -service --> c:\windows\system32\dlbccoms.exe -service [?]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-18 21504]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-2-19 45848]
    S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\photoshopelementsdeviceconnect.exe --> c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [?]
    S3 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\photoshopelementsfileagent.exe --> c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [?]
    .
    =============== Created Last 30 ================
    .
    2014-03-05 04:53:50 107224 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-03-04 21:11:24 -------- d-----w- c:\program files\Xirrus
    2014-03-04 21:10:17 -------- d-----w- c:\users\dixie\appdata\roaming\Xirrus
    2014-02-26 22:28:13 -------- d-----w- c:\users\dixie\appdata\local\Akamai
    2014-02-21 02:48:32 -------- d-----w- c:\programdata\NVIDIA Corporation
    2014-02-21 02:46:46 9728064 ----a-w- c:\windows\system32\nvcuda.dll
    2014-02-21 02:46:46 9690424 ----a-w- c:\windows\system32\nvopencl.dll
    2014-02-21 02:46:46 895264 ----a-w- c:\windows\system32\nvdispgenco3233489.dll
    2014-02-21 02:46:46 2956576 ----a-w- c:\windows\system32\nvcuvid.dll
    2014-02-21 02:46:46 2713728 ----a-w- c:\windows\system32\nvapi.dll
    2014-02-21 02:46:46 2410784 ----a-w- c:\windows\system32\nvcuvenc.dll
    2014-02-21 02:46:46 23683360 ----a-w- c:\windows\system32\nvoglv32.dll
    2014-02-21 02:46:46 17560352 ----a-w- c:\windows\system32\nvcompiler.dll
    2014-02-21 02:46:46 15740232 ----a-w- c:\windows\system32\nvwgf2um.dll
    2014-02-21 02:46:46 14669032 ----a-w- c:\windows\system32\nvd3dum.dll
    2014-02-21 02:46:46 1049888 ----a-w- c:\windows\system32\nvdispco3233489.dll
    2014-02-21 02:46:46 10180896 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2014-02-21 02:44:43 -------- d-----w- C:\NVIDIA
    .
    ==================== Find3M ====================
    .
    2014-03-06 01:28:23 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-02-21 21:04:31 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2014-02-21 21:04:31 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2014-02-21 21:04:31 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2014-02-21 21:04:30 43152 ----a-w- c:\windows\avastSS.scr
    2014-02-08 17:11:47 4348704 ----a-w- c:\windows\system32\nvcpl.dll
    2014-02-08 17:11:47 3045664 ----a-w- c:\windows\system32\nvsvc.dll
    2014-02-08 17:11:44 664864 ----a-w- c:\windows\system32\nvvsvc.exe
    2014-02-08 17:11:44 62752 ----a-w- c:\windows\system32\nvshext.dll
    2014-02-08 17:11:44 376096 ----a-w- c:\windows\system32\nvmctray.dll
    2013-12-19 02:10:01 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    .
    ============= FINISH: 20:42:32.42 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 10/28/2007 7:22:07 AM
    System Uptime: 3/4/2014 4:37:29 PM (28 hours ago)
    .
    Motherboard: Dell Inc. | | 0RY206
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4000+ | Socket AM2 | 2100/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 223 GiB total, 128.087 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 5.131 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    J: is FIXED (NTFS) - 149 GiB total, 148.77 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Photosmart D110 series
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Photosmart D110 series
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    ==== System Restore Points ===================
    .
    RP2285: 2/13/2014 - Scheduled Checkpoint
    RP2286: 2/14/2014 - Scheduled Checkpoint
    RP2287: 2/15/2014 - Scheduled Checkpoint
    RP2288: 2/16/2014 - Scheduled Checkpoint
    RP2289: 2/17/2014 - Scheduled Checkpoint
    RP2290: 2/18/2014 - Scheduled Checkpoint
    RP2291: 2/18/2014 4:21:53 PM - before some ms updates
    RP2292: 2/18/2014 5:38:05 PM - Windows Update
    RP2293: 2/19/2014 4:07:41 PM - Restore Operation
    RP2294: 2/20/2014 9:47:34 PM - Device Driver Package Install: NVIDIA Display adapters
    RP2296: 2/21/2014 4:03:21 PM - avast! antivirus system restore point
    RP2297: 2/21/2014 8:39:35 PM - scans clean.
    RP2298: 2/22/2014 11:27:23 AM - Scheduled Checkpoint
    RP2299: 2/23/2014 - Scheduled Checkpoint
    RP2300: 2/24/2014 - Scheduled Checkpoint
    RP2301: 2/25/2014 12:00:01 AM - Scheduled Checkpoint
    RP2302: 2/26/2014 - Scheduled Checkpoint
    RP2303: 2/26/2014 5:25:22 PM - before wlan driver
    RP2304: 2/26/2014 5:27:54 PM - Installed Akamai NetSession Interface
    RP2305: 2/26/2014 5:33:25 PM - Device Driver Package Install: ASUS Network adapters
    RP2306: 2/28/2014 - Scheduled Checkpoint
    RP2307: 2/28/2014 6:33:09 PM - Scheduled Checkpoint
    RP2308: 3/2/2014 - Scheduled Checkpoint
    RP2309: 3/3/2014 - Scheduled Checkpoint
    RP2310: 3/4/2014 - Scheduled Checkpoint
    RP2311: 3/4/2014 4:10:38 PM - Installed Xirrus Wi-Fi Inspector
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    3ivx MPEG-4 5.0.3 (remove only)
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader XI (11.0.05)
    AIO_CDA_ProductContext
    Akamai NetSession Interface
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft PhotoImpression 5
    avast! Free Antivirus
    BlackBerry Device Software Updater
    Bonjour
    Browser Address Error Redirector
    BufferChm
    Compatibility Pack for the 2007 Office system
    Coupon Printer for Windows
    Dell DataSafe Online
    Dell Support Center
    Dell System Customization Wizard
    Dell System Detect
    DellSupport
    DeviceDiscovery
    DeviceManagementQFolder
    dj_sf_software
    ESET Online Scanner v3
    Facebook Plug-In
    FlipShare
    Games, Music, & Photos Launcher
    Google Chrome
    Google Update Helper
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Imaging Device Functions 9.0
    HP Photosmart D110 All-In-One Driver 14.0 Rel. 7
    HP Smart Web Printing
    HP Update
    HPSSupply
    iTunes
    Java 7 Update 51
    Java Auto Updater
    Macromedia Shockwave Player
    Malwarebytes Anti-Malware version 1.75.0.1300
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2833941)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 3.5 SP1
    Microsoft Encarta Encyclopedia Standard 2006
    Microsoft Money 2006
    Microsoft Office Word Viewer 2003
    Microsoft Silverlight
    Microsoft Streets & Trips 2006
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Word 2002
    Microsoft Works
    Microsoft Works Suite 2006 Setup Launcher
    Microsoft Works Suite Add-in for Microsoft Word
    Mobile Mouse Server
    MobileMe Control Panel
    Move Media Player
    Mozilla Firefox 25.0 (x86 en-US)
    Mozilla Maintenance Service
    Mozilla Thunderbird (3.0)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Network
    Nuclear Coffee - DiscRipper
    NVIDIA Control Panel 334.89
    NVIDIA Display Control Panel
    NVIDIA Graphics Driver 334.89
    NVIDIA Install Application
    NVIDIANetworkDiagnostic
    OpenOffice 4.0.1
    Paint.NET v3.36
    PanoStandAlone
    Product Documentation Launcher
    PS_AIO_07_D110_SW_Min
    PVSonyDll
    QuickTime
    Realtek High Definition Audio Driver
    Roxio Creator Audio
    Roxio Creator BDAV Plugin
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler
    Roxio MyDVD DE
    Roxio Update Manager
    Scan
    SDFormatter
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
    Sonic Activation Module
    Status
    SUPERAntiSpyware
    Switch Sound File Converter
    TBS WMP Plug-in
    Toolbox
    TrayApp
    UnloadSupport
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    User's Guides
    Works Upgrade
    Xirrus Wi-Fi Inspector
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/4/2014 4:38:05 PM, Error: Service Control Manager [7000] - The Photoshop Elements Device Connect service failed to start due to the following error: The system cannot find the file specified.
    3/4/2014 4:38:05 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    3/4/2014 4:38:05 PM, Error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the path specified.
    .
    ==== End Of File ===========================

    GMER 2.1.19357 - http://www.gmer.net
    Rootkit scan 2014-03-05 21:07:55
    Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\00000056 ST325082 rev.3.AD 232.83GB
    Running: igyzirs6.exe; Driver: C:\Users\Dixie\AppData\Local\Temp\ugloapod.sys


    ---- System - GMER 2.1 ----

    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwAddBootEntry [0x90A63ACC]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x90A645AA]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateEvent [0x90A70692]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateEventPair [0x90A706DE]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x90A70878]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateMutant [0x90A70600]
    SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwCreateSection [0x90B1A426]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x90A70648]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateThread [0x90A64AE0]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateTimer [0x90A70832]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x90A65398]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x90A63B32]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDuplicateObject [0x90A68BE4]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwLoadDriver [0x90A6371E]
    SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwMapViewOfSection [0x90B1A506]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x90A63B98]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x90A68FDA]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x90A65EDE]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenEvent [0x90A706BC]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenEventPair [0x90A70700]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x90A7089C]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenMutant [0x90A70626]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenProcess [0x90A684DE]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenSection [0x90A707B0]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x90A70670]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenThread [0x90A688C6]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenTimer [0x90A70856]
    SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x90B1A2AA]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwQueryObject [0x90A65CF4]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwQueueApcThread [0x90A6584A]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x90A63BFE]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetBootOptions [0x90A63C64]
    SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwSetContextThread [0x90B1A602]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x90A637B8]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x90A6398A]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwShutdownSystem [0x90A63918]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSuspendProcess [0x90A65562]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSuspendThread [0x90A656C4]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x90A63A12]
    SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwTerminateProcess [0x90B1A378]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwTerminateThread [0x90A651F2]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwVdmControl [0x90A63CCA]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0x90A64606]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateThreadEx [0x90A64CFC]

    INT 0x01 \??\C:\Users\Dixie\AppData\Local\Temp\mbr.sys A2AC8C42

    ---- Kernel code sections - GMER 2.1 ----

    .text ntkrnlpa.exe!KeSetEvent + 10D 82AFB758 4 Bytes [CC, 3A, A6, 90]
    .text ntkrnlpa.exe!KeSetEvent + 191 82AFB7DC 4 Bytes [AA, 45, A6, 90] {STOSB ; INC EBP; CMPSB ; NOP }
    .text ntkrnlpa.exe!KeSetEvent + 1D1 82AFB81C 8 Bytes [92, 06, A7, 90, DE, 06, A7, ...] {XCHG EDX, EAX; PUSH ES; CMPSD ; NOP ; FIADD WORD [ESI]; CMPSD ; NOP }
    .text ntkrnlpa.exe!KeSetEvent + 1DD 82AFB828 4 Bytes [78, 08, A7, 90] {JS 0xa; CMPSD ; NOP }
    .text ntkrnlpa.exe!KeSetEvent + 1F5 82AFB840 4 Bytes [00, 06, A7, 90] {ADD [ESI], AL; CMPSD ; NOP }
    .text ...
    PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82C8900F 4 Bytes CALL 90A665C5 \??\C:\Windows\system32\drivers\aswSnx.sys
    PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82C8CC83 4 Bytes CALL 90A665DB \??\C:\Windows\system32\drivers\aswSnx.sys
    ? C:\Users\Dixie\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 2.1 ----

    .text C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe[264] KERNEL32.dll!GetBinaryTypeW + 70 77A42447 1 Byte [62]
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[468] kernel32.dll!GetBinaryTypeW + 70 77A42447 1 Byte [62]
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[548] kernel32.dll!GetBinaryTypeW + 70 77A42447 1 Byte [62]
    .text C:\Program Files\Bonjour\mDNSResponder.exe[584] kernel32.dll!GetBinaryTypeW + 70 77A42447 1 Byte [62]
    .text C:\Windows\system32\csrss.exe[592] KERNEL32.dll!GetBinaryTypeW + 70 77A42447 1 Byte [62]
    .text ...
    .text C:\Program Files\Internet Explorer\iexplore.exe[4064] ntdll.dll!LdrLoadDll 77C49378 5 Bytes JMP 000501F8
    .text C:\Program Files\Internet Explorer\iexplore.exe[4064] ntdll.dll!LdrUnloadDll 77C5B680 5 Bytes JMP 000503FC
    .text C:\Program Files\Internet Explorer\iexplore.exe[4064] KERNEL32.dll!GetBinaryTypeW + 70 77A42447 1 Byte [62]
    .text C:\Program Files\Internet Explorer\iexplore.exe[4064] USER32.dll!EnableWindow 775FCD8B 5 Bytes JMP 69689ECC C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[4064] USER32.dll!DialogBoxParamW 776210B0 5 Bytes JMP 695E189B C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[4064] USER32.dll!DialogBoxIndirectParamW 77622EF5 5 Bytes JMP 697D9266 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[4064] USER32.dll!DialogBoxParamA 77638152 5 Bytes JMP 697D9201 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[4064] USER32.dll!DialogBoxIndirectParamA 7763847D 5 Bytes JMP 697D92CB C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[4064] USER32.dll!MessageBoxIndirectA 7764D4D9 5 Bytes JMP 697D9188 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[4064] USER32.dll!MessageBoxIndirectW 7764D5D3 5 Bytes JMP 697D910F C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[4064] USER32.dll!MessageBoxExA 7764D639 5 Bytes JMP 697D90AB C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[4064] USER32.dll!MessageBoxExW 7764D65D 5 Bytes JMP 697D9047 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe[4108] kernel32.dll!GetBinaryTypeW + 70 77A42447 1 Byte [62]
    .text C:\Users\Dixie\AppData\Local\Akamai\netsession_win.exe[4128] kernel32.dll!GetBinaryTypeW + 70 77A42447 1 Byte [62]
    .text C:\Program Files\iPod\bin\iPodService.exe[4156] kernel32.dll!GetBinaryTypeW + 70 77A42447 1 Byte [62]
    .text c:\program files\common files\installshield\updateservice\isuspm.exe[4196] kernel32.dll!GetBinaryTypeW + 70 77A42447 1 Byte [62]
    .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4240] kernel32.dll!GetBinaryTypeW + 70 77A42447 1 Byte [62]
    .text ...
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5500] ntdll.dll!LdrLoadDll 77C49378 5 Bytes JMP 000601F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5500] ntdll.dll!LdrUnloadDll 77C5B680 5 Bytes JMP 000603FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5500] KERNEL32.dll!GetBinaryTypeW + 70 77A42447 1 Byte [62]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5872] ntdll.dll!LdrLoadDll 77C49378 5 Bytes JMP 000501F8
    .text C:\Program Files\Internet Explorer\iexplore.exe[5872] ntdll.dll!LdrUnloadDll 77C5B680 5 Bytes JMP 000503FC
    .text C:\Program Files\Internet Explorer\iexplore.exe[5872] KERNEL32.dll!CreateThread 77A3CB0E 5 Bytes JMP 696475DB C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[5872] KERNEL32.dll!GetBinaryTypeW + 70 77A42447 1 Byte [62]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!CreateDialogParamW 775F72A2 5 Bytes JMP 697D95D0 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!GetAsyncKeyState 775F863C 5 Bytes JMP 6962DECD C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!SetWindowsHookExW 775F87AD 5 Bytes JMP 696825C4 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!CallNextHookEx 775F8E3B 5 Bytes JMP 696A7FFF C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!UnhookWindowsHookEx 775F98DB 5 Bytes JMP 696CED20 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!EnableWindow 775FCD8B 5 Bytes JMP 69689ECC C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!DefWindowProcA 775FDB88 7 Bytes JMP 69649805 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!CreateWindowExA 775FDC2A 5 Bytes JMP 6965363B C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!CreateWindowExW 77601305 5 Bytes JMP 696B03EF C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!GetKeyState 77608CB1 5 Bytes JMP 6962DDA7 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!DefWindowProcW 776103B4 7 Bytes JMP 696A8062 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!IsDialogMessageW 77610745 5 Bytes JMP 697D9D2A C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!CreateDialogParamA 776117AA 5 Bytes JMP 697D9598 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!IsDialogMessage 77611847 5 Bytes JMP 697D9D02 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!CreateDialogIndirectParamA 776126F1 5 Bytes JMP 697D9608 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!CreateDialogIndirectParamW 77619A62 5 Bytes JMP 697D9640 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!SetKeyboardState 77620987 5 Bytes JMP 697DA5F1 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!DialogBoxParamW 776210B0 5 Bytes JMP 695E189B C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!DialogBoxIndirectParamW 77622EF5 5 Bytes JMP 697D9266 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!SendInput 77622F75 5 Bytes JMP 697DA599 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!EndDialog 7762326E 5 Bytes JMP 697D9FD6 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!SetCursorPos 77636FB2 5 Bytes JMP 697DA672 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!DialogBoxParamA 77638152 5 Bytes JMP 697D9201 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!DialogBoxIndirectParamA 7763847D 5 Bytes JMP 697D92CB C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!MessageBoxIndirectA 7764D4D9 5 Bytes JMP 697D9188 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!MessageBoxIndirectW 7764D5D3 5 Bytes JMP 697D910F C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!MessageBoxExA 7764D639 5 Bytes JMP 697D90AB C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!MessageBoxExW 7764D65D 5 Bytes JMP 697D9047 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!keybd_event 7764D972 5 Bytes JMP 697DA556 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[5872] SHELL32.dll!SHRestricted + D95 764F89A8 4 Bytes [CF, 01, 48, 6C] {IRET ; ADD [EAX+0x6c], ECX}
    .text C:\Program Files\Internet Explorer\iexplore.exe[5872] SHELL32.dll!SHRestricted + D9D 764F89B0 8 Bytes [E0, 61, 47, 6C, 79, F7, 47, ...] {LOOPNZ 0x63; INC EDI; INS BYTE [ES:EDI], DX; JNS 0xfffffffd; INC EDI; INS BYTE [ES:EDI], DX}
    .text C:\Program Files\Internet Explorer\iexplore.exe[5872] ole32.dll!OleLoadFromStream 77AF1E80 5 Bytes JMP 697D9A34 C:\Windows\system32\IEFRAME.dll

    ---- Devices - GMER 2.1 ----

    AttachedDevice \Driver\tdx \Device\Tcp aswTdi.sys
    AttachedDevice \Driver\tdx \Device\Udp aswTdi.sys
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys

    ---- EOF - GMER 2.1 ----
     
  2. patmac

    patmac Thread Starter

    Joined:
    May 14, 2004
    Messages:
    1,002
    Bump....thanks
     
  3. patmac

    patmac Thread Starter

    Joined:
    May 14, 2004
    Messages:
    1,002
    Bump.....( again :) )....thanks.....
     
  4. patmac

    patmac Thread Starter

    Joined:
    May 14, 2004
    Messages:
    1,002
    Third bump.......each greater than 24 hours wait.
     
  5. patmac

    patmac Thread Starter

    Joined:
    May 14, 2004
    Messages:
    1,002
  6. patmac

    patmac Thread Starter

    Joined:
    May 14, 2004
    Messages:
    1,002
    bump 5
     
  7. patmac

    patmac Thread Starter

    Joined:
    May 14, 2004
    Messages:
    1,002
  8. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    Hi Patmac, there is no sign of any Conduit related Adware in the logs above so you have most probably cleaned it all out with Mbam and Adwcleaner. Adwcleaner is the tool we would normally use to get rid of Adware.

    The vast majority of free apps available today have Adware attached to them as that is there only source of income. There is usually a check box available where you can select not to install any unwanted extras, they are normally visible when installing the app in very small print, so make sure you look closely during an installation. Unfortunately there are some more dubious apps available that may or may not give you any choice and even if you decline the installation your PC gets it installed regardless. Adwcleaner normally takes care of the problem, the app was specifically developed to deal with unwanted Add-ons/Toolbars and is frequently being updated to deal with new Adware threats.

    Just to check for any remnants please run this scan below and then run Adwcleaner again and post the new log from it after using the Clean button and allowing it to reboot the system, copy and paste the log that pops up into your next reply.

    Please download Junkware Removal Tool to your desktop.

    • Shutdown your antivirus to avoid any conflicts.
    • Right-mouse click JRT.exe and select Run as administrator (If using XP just double click on the icon to run it.)
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.


    ====================================

    When done run this scan below and post both of the logs produced:

    Please download Farbar Recovery Scan Tool (FRST) and save it to your desktop. Do not get tempted to download Regclean Pro.

    Note: If you get a warning that the download could harm your system, please ignore it and allow the download to go ahead. FRST is perfectly safe and we would never ask you to download anything that isn't.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    • Double-click on FRST to run it. When the tool opens click Yes to the disclaimer.
    • Press theScan button.
    • It will make a log (FRST.txt) in the same directory the tool is run from. Please copy and paste it into your next reply.
    • The first time the tool is run, it makes another log (Addition.txt). Please also copy and paste that into your reply.
     
  9. patmac

    patmac Thread Starter

    Joined:
    May 14, 2004
    Messages:
    1,002
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.2 (02.20.2014:1)
    OS: Windows Vista (TM) Home Premium x86
    Ran by Dixie on Thu 03/13/2014 at 16:20:52.60
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ FireFox

    Failed to delete: [File] "C:\Program Files\Mozilla Firefox\searchplugins\bearsharewebsearch.xml"



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Thu 03/13/2014 at 16:24:25.78
    Computer was rebooted
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  10. patmac

    patmac Thread Starter

    Joined:
    May 14, 2004
    Messages:
    1,002
    # AdwCleaner v3.021 - Report created 13/03/2014 at 16:38:29
    # Updated 10/03/2014 by Xplode
    # Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
    # Username : Dixie - DIXIE-PC
    # Running from : C:\Users\Dixie\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\NCH Software
    Folder Deleted : C:\Program Files\NCH Software

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
    Key Deleted : HKCU\Software\caphyon
    Key Deleted : HKCU\Software\NCH Software
    Key Deleted : HKLM\Software\NCH Software
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\81337C0DA4B761D40A4CB3380F57AE88

    ***** [ Browsers ] *****

    -\\ Internet Explorer v9.0.8112.16520


    -\\ Mozilla Firefox v25.0 (en-US)

    [ File : C:\Users\Dixie\AppData\Roaming\Mozilla\Firefox\Profiles\27oct4gy.default\prefs.js ]


    -\\ Google Chrome v33.0.1750.146

    [ File : C:\Users\Dixie\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleted : search_url
    Deleted : suggest_url
    Deleted : keyword

    *************************

    AdwCleaner[R0].txt - [25502 octets] - [10/11/2013 17:05:47]
    AdwCleaner[R1].txt - [2599 octets] - [04/03/2014 17:35:09]
    AdwCleaner[R2].txt - [1707 octets] - [13/03/2014 16:36:09]
    AdwCleaner[S0].txt - [26092 octets] - [10/11/2013 17:14:33]
    AdwCleaner[S1].txt - [2448 octets] - [04/03/2014 17:36:05]
    AdwCleaner[S2].txt - [1591 octets] - [13/03/2014 16:38:29]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1651 octets] ##########
     
  11. patmac

    patmac Thread Starter

    Joined:
    May 14, 2004
    Messages:
    1,002
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
    Ran by Dixie (administrator) on DIXIE-PC on 13-03-2014 16:56:36
    Running from C:\Users\Dixie\Desktop
    Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)
    Internet Explorer Version 9
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
    (Microsoft Corporation) C:\Windows\system32\SLsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    ( ) C:\Windows\system32\dlbccoms.exe
    () C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    (Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
    (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
    (Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    (Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (Microsoft Corporation) C:\Windows\ehome\ehtray.exe
    (Dell) C:\Users\Dixie\AppData\Local\Apps\2.0\9NWK6H5Z.06A\KRWVHH52.CRY\dell..tion_0f612f649c4a10af_0005.0005_9914611622934cec\DellSystemDetect.exe
    (Akamai Technologies, Inc.) C:\Users\Dixie\AppData\Local\Akamai\netsession_win.exe
    (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
    () C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    (Akamai Technologies, Inc.) C:\Users\Dixie\AppData\Local\Akamai\netsession_win.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4390912 2007-03-15] (Realtek Semiconductor)
    HKLM\...\Run: [ISUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2006-10-03] (Macrovision Corporation)
    HKLM\...\Run: [ISUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-10-03] (Macrovision Corporation)
    HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
    HKLM\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [79192 2011-02-18] (Research In Motion Limited)
    HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
    HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-21] (AVAST Software)
    HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
    HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
    HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
    HKLM\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVDNkQtS1JORjQtOUhSWEotQUtUSzMtTFI2UFEtTkpTQUg"&"inst=NzctMTg2Mjc4NDQxMy1VOTArMS1UUCsxLVBMKzgtU1AxKzEtU1AxVEIrMS1TVVArMi1TUDFTMisxLUREVCswLUREMTArMS1TVDEwQVBQKzEtUDEwTTEyQysxLVRCTisxLUZVSSsyLVAxME1IKzEtVEJWVVBHKzEyLVAxME1HT0ZGKzEtVEJDVisxLUMxMFUrMTExMy1GMTBVMTMrMS1GMTBVMTNWKzEtRjEwVTEzUyszLUNJRDY1KzE"&"prod=90"&"ver=10.0.1427
    HKLM\...\Policies\Explorer: [NoCDBurning] 0
    HKU\S-1-5-21-3034978800-2221467198-3967934401-1002\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
    HKU\S-1-5-21-3034978800-2221467198-3967934401-1002\...\Run: [ROC_ROC_JAN2013_AV] - C:\Users\Dixie\AppData\Roaming\AVG January 2013 Campaign\ROC_JAN2013_AV.exe /PROMPT --mid eef3fc518d5969db7ee63f2381c8340d-09b8b9d5b609811485e79b3397480494bb9fa5f8
    HKU\S-1-5-21-3034978800-2221467198-3967934401-1002\...\Run: [DellSystemDetect] - C:\Users\Dixie\AppData\Local\Apps\2.0\9NWK6H5Z.06A\KRWVHH52.CRY\dell..tion_0f612f649c4a10af_0005.0005_9914611622934cec\DellSystemDetect.exe [253952 2014-02-22] (Dell)
    HKU\S-1-5-21-3034978800-2221467198-3967934401-1002\...\Run: [Akamai NetSession Interface] - C:\Users\Dixie\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
    HKU\S-1-5-21-3034978800-2221467198-3967934401-1002\...\MountPoints2: {9c192e24-b569-11df-a12e-001aa06cc3b6} - J:\Setup.exe
    HKU\S-1-5-21-3034978800-2221467198-3967934401-1002\...\MountPoints2: {d4cb58be-22c5-11df-b9df-001aa06cc3b6} - J:\Setup_FlipShare.exe
    GroupPolicyUsers\S-1-5-21-3034978800-2221467198-3967934401-1001\User: Group Policy restriction detected <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
    SearchScopes: HKLM - DefaultScope value is missing.
    SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP4BC34392-893D-4091-A6DF-A5EB256CBF3D&q={searchTerms}&SSPV=
    SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
    SearchScopes: HKCU - {9680C617-F560-4CD0-A332-DB235B8DA64F} URL = http://search.yahoo.com/search?ei=utf-8&fr=vmn&type=vdio2&p={searchTerms}
    BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
    BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
    BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll No File
    Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    Toolbar: HKCU - BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll No File
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
    Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Dixie\AppData\Roaming\Mozilla\Firefox\Profiles\27oct4gy.default
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
    FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin: [email protected]/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
    FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\Dixie\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
    FF Plugin HKCU: @movenetworks.com/Quantum Media Player - C:\Users\Dixie\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll ()
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll (CNN)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
    FF SearchPlugin: C:\Users\Dixie\AppData\Roaming\Mozilla\Firefox\Profiles\27oct4gy.default\searchplugins\aim-search.xml
    FF SearchPlugin: C:\Users\Dixie\AppData\Roaming\Mozilla\Firefox\Profiles\27oct4gy.default\searchplugins\aolsearch.xml
    FF SearchPlugin: C:\Users\Dixie\AppData\Roaming\Mozilla\Firefox\Profiles\27oct4gy.default\searchplugins\searchplugins-backup
    FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
    FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml
    FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
    FF Extension: Foxdie - C:\Users\Dixie\AppData\Roaming\Mozilla\Firefox\Profiles\27oct4gy.default\Extensions\[email protected] [2012-09-06]
    FF Extension: Foxdie (Graphite) - C:\Users\Dixie\AppData\Roaming\Mozilla\Firefox\Profiles\27oct4gy.default\Extensions\[email protected] [2012-09-06]
    FF Extension: Foxdie for Firefox - C:\Users\Dixie\AppData\Roaming\Mozilla\Firefox\Profiles\27oct4gy.default\Extensions\[email protected] [2009-12-13]
    FF Extension: ChromaTabs Plus - C:\Users\Dixie\AppData\Roaming\Mozilla\Firefox\Profiles\27oct4gy.default\Extensions\{1cff04ef-0c75-4621-ba2a-2efb77346996} [2011-03-03]
    FF Extension: NASA Night Launch - C:\Users\Dixie\AppData\Roaming\Mozilla\Firefox\Profiles\27oct4gy.default\Extensions\[email protected] [2012-06-11]
    FF Extension: Microsoft .NET Framework Assistant - C:\Users\Dixie\AppData\Roaming\Mozilla\Firefox\Profiles\27oct4gy.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-06-10]
    FF Extension: Adblock Plus - C:\Users\Dixie\AppData\Roaming\Mozilla\Firefox\Profiles\27oct4gy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-06-10]
    FF Extension: BearShare MediaBar - C:\Program Files\Mozilla Firefox\extensions\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} [2013-11-13]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-01-14]
    FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Users\Dixie\AppData\Roaming\Move Networks
    FF Extension: Move Media Player - C:\Users\Dixie\AppData\Roaming\Move Networks [2008-04-27]

    Chrome:
    =======
    CHR DefaultSearchProvider: Conduit Search
    CHR DefaultSearchURL: http://www.google.com
    CHR DefaultNewTabURL:
    CHR Extension: (Google Wallet) - C:\Users\Dixie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-12]
    CHR HKLM\...\Chrome\Extension: [aacbndibbcpajfgnkdkaakeiojmmgmnk] - C:\Users\Dixie\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx [2013-11-12]
    CHR HKLM\...\Chrome\Extension: [jpihmmhdcobmllpcnpfbhnipmhamldje] - C:\Users\Dixie\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx [2013-11-12]

    ========================== Services (Whitelisted) =================

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-10] (SUPERAntiSpyware.com)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-21] (AVAST Software)
    R2 dlbc_device; C:\Windows\system32\dlbccoms.exe [538096 2007-03-01] ( )
    S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [70656 2007-03-19] ()
    R2 FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [455944 2009-11-19] ()
    S3 Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2008-01-12] ()
    S3 AdobeActiveFileMonitor; C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [X]
    S2 PhotoshopElementsDeviceConnect; C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [X]

    ==================== Drivers (Whitelisted) ====================

    R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-02-21] (AVAST Software)
    R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-02-21] (AVAST Software)
    R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2013-11-09] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-02-21] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410784 2014-02-21] (AVAST Software)
    R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-02-21] (AVAST Software)
    R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2014-02-21] ()
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
    S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [X]
    S4 LMIRfsClientNP; No ImagePath
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-03-13 16:56 - 2014-03-13 16:56 - 00017502 _____ () C:\Users\Dixie\Desktop\FRST.txt
    2014-03-13 16:56 - 2014-03-13 16:56 - 00000000 ____D () C:\FRST
    2014-03-13 16:55 - 2014-03-13 16:55 - 01145856 _____ (Farbar) C:\Users\Dixie\Desktop\FRST.exe
    2014-03-13 16:35 - 2014-03-13 16:35 - 01949184 _____ () C:\Users\Dixie\Desktop\AdwCleaner.exe
    2014-03-13 16:24 - 2014-03-13 16:24 - 00000784 _____ () C:\Users\Dixie\Desktop\JRT.txt
    2014-03-13 16:07 - 2014-02-20 01:33 - 01037734 _____ (Thisisu) C:\Users\Dixie\Desktop\JRT_NEW.exe
    2014-03-05 21:42 - 2014-03-05 21:42 - 00014102 _____ () C:\Users\Dixie\Desktop\dds.txt
    2014-03-05 21:42 - 2014-03-05 21:42 - 00006352 _____ () C:\Users\Dixie\Desktop\attach.txt
    2014-03-05 21:40 - 2014-03-05 21:40 - 00008690 _____ () C:\Users\Dixie\Desktop\hijackthis.log
    2014-03-05 21:31 - 2014-03-05 21:31 - 00380416 _____ () C:\Users\Dixie\Desktop\igyzirs6.exe
    2014-03-05 21:30 - 2014-03-05 21:30 - 00688992 ____R (Swearware) C:\Users\Dixie\Desktop\dds.scr
    2014-03-05 21:30 - 2014-03-05 21:30 - 00388608 _____ (Trend Micro Inc.) C:\Users\Dixie\Desktop\HijackThis.exe
    2014-03-05 00:53 - 2014-03-05 00:53 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-03-05 00:52 - 2014-03-05 00:52 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Dixie\Desktop\mbar-1.07.0.1009.exe
    2014-03-04 17:11 - 2014-03-04 17:11 - 00001093 _____ () C:\Users\Public\Desktop\Xirrus Wi-Fi Inspector.lnk
    2014-03-04 17:11 - 2014-03-04 17:11 - 00000000 ____D () C:\Program Files\Xirrus
    2014-03-04 17:10 - 2014-03-04 17:10 - 00000000 ____D () C:\Users\Dixie\AppData\Roaming\Xirrus
    2014-03-04 17:08 - 2014-03-04 17:08 - 00930952 _____ (CNET Download.com) C:\Users\Dixie\Downloads\cbsidlm-cbsi183-Xirrus_WiFi_Inspector-SEO-75758254.exe
    2014-02-28 18:17 - 2014-02-28 18:18 - 175414136 _____ (NVIDIA Corporation) C:\Users\Dixie\Desktop\334.89-desktop-win8-win7-winvista-32bit-english-whql.exe
    2014-02-26 18:32 - 2014-02-26 18:32 - 00000000 ____D () C:\Users\Dixie\Documents\Driver_138gE
    2014-02-26 18:28 - 2014-02-26 18:29 - 00000000 ____D () C:\Users\Dixie\AppData\Local\Akamai
    2014-02-26 18:28 - 2014-02-26 18:28 - 02309584 _____ () C:\Users\Dixie\Documents\Driver_138gE.zip
    2014-02-22 09:38 - 2014-02-22 09:38 - 00021028 _____ () C:\Users\Dixie\Desktop\origconfig.txt
    2014-02-22 09:26 - 2014-02-22 09:26 - 00000000 ____D () C:\Users\Dixie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
    2014-02-21 22:52 - 2014-02-21 22:52 - 00001247 _____ () C:\Users\Dixie\Desktop\connectivity.txt
    2014-02-20 22:48 - 2014-02-20 22:48 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
    2014-02-20 22:46 - 2014-02-08 14:27 - 23683360 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
    2014-02-20 22:46 - 2014-02-08 14:27 - 17560352 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
    2014-02-20 22:46 - 2014-02-08 14:27 - 15740232 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll
    2014-02-20 22:46 - 2014-02-08 14:27 - 14669032 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll
    2014-02-20 22:46 - 2014-02-08 14:27 - 10180896 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
    2014-02-20 22:46 - 2014-02-08 14:27 - 09728064 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
    2014-02-20 22:46 - 2014-02-08 14:27 - 09690424 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
    2014-02-20 22:46 - 2014-02-08 14:27 - 02956576 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
    2014-02-20 22:46 - 2014-02-08 14:27 - 02713728 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll
    2014-02-20 22:46 - 2014-02-08 14:27 - 02410784 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
    2014-02-20 22:46 - 2014-02-08 14:27 - 01049888 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco3233489.dll
    2014-02-20 22:46 - 2014-02-08 14:27 - 00895264 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco3233489.dll
    2014-02-20 22:44 - 2014-02-20 22:44 - 00000000 ____D () C:\NVIDIA
    2014-02-20 22:35 - 2014-02-20 22:41 - 175414136 _____ (NVIDIA Corporation) C:\Users\Dixie\Downloads\334.89-desktop-win8-win7-winvista-32bit-english-whql.exe
    2014-02-18 19:05 - 2014-02-19 07:31 - 00000680 _____ () C:\Users\Guest\AppData\Local\d3d9caps.dat

    ==================== One Month Modified Files and Folders =======

    2014-03-13 16:56 - 2014-03-13 16:56 - 00017502 _____ () C:\Users\Dixie\Desktop\FRST.txt
    2014-03-13 16:56 - 2014-03-13 16:56 - 00000000 ____D () C:\FRST
    2014-03-13 16:55 - 2014-03-13 16:55 - 01145856 _____ (Farbar) C:\Users\Dixie\Desktop\FRST.exe
    2014-03-13 16:48 - 2007-10-28 07:18 - 01992293 _____ () C:\Windows\WindowsUpdate.log
    2014-03-13 16:45 - 2006-11-02 06:33 - 00703448 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-03-13 16:42 - 2013-01-14 16:29 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-03-13 16:40 - 2013-01-14 16:29 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-03-13 16:40 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-03-13 16:40 - 2006-11-02 08:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2014-03-13 16:40 - 2006-11-02 08:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2014-03-13 16:38 - 2013-11-10 17:05 - 00000000 ____D () C:\AdwCleaner
    2014-03-13 16:38 - 2006-11-02 09:01 - 00032550 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2014-03-13 16:35 - 2014-03-13 16:35 - 01949184 _____ () C:\Users\Dixie\Desktop\AdwCleaner.exe
    2014-03-13 16:27 - 2013-11-13 13:43 - 00000000 ____D () C:\Users\Dixie\Desktop\AV
    2014-03-13 16:24 - 2014-03-13 16:24 - 00000784 _____ () C:\Users\Dixie\Desktop\JRT.txt
    2014-03-05 21:42 - 2014-03-05 21:42 - 00014102 _____ () C:\Users\Dixie\Desktop\dds.txt
    2014-03-05 21:42 - 2014-03-05 21:42 - 00006352 _____ () C:\Users\Dixie\Desktop\attach.txt
    2014-03-05 21:40 - 2014-03-05 21:40 - 00008690 _____ () C:\Users\Dixie\Desktop\hijackthis.log
    2014-03-05 21:31 - 2014-03-05 21:31 - 00380416 _____ () C:\Users\Dixie\Desktop\igyzirs6.exe
    2014-03-05 21:30 - 2014-03-05 21:30 - 00688992 ____R (Swearware) C:\Users\Dixie\Desktop\dds.scr
    2014-03-05 21:30 - 2014-03-05 21:30 - 00388608 _____ (Trend Micro Inc.) C:\Users\Dixie\Desktop\HijackThis.exe
    2014-03-05 21:28 - 2013-11-10 12:49 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-03-05 01:19 - 2013-11-10 12:50 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-03-05 01:19 - 2013-11-10 12:49 - 00000000 ____D () C:\Users\Dixie\Desktop\mbar
    2014-03-05 00:53 - 2014-03-05 00:53 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-03-05 00:52 - 2014-03-05 00:52 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Dixie\Desktop\mbar-1.07.0.1009.exe
    2014-03-04 17:37 - 2007-10-28 08:01 - 00242404 _____ () C:\Windows\PFRO.log
    2014-03-04 17:11 - 2014-03-04 17:11 - 00001093 _____ () C:\Users\Public\Desktop\Xirrus Wi-Fi Inspector.lnk
    2014-03-04 17:11 - 2014-03-04 17:11 - 00000000 ____D () C:\Program Files\Xirrus
    2014-03-04 17:10 - 2014-03-04 17:10 - 00000000 ____D () C:\Users\Dixie\AppData\Roaming\Xirrus
    2014-03-04 17:08 - 2014-03-04 17:08 - 00930952 _____ (CNET Download.com) C:\Users\Dixie\Downloads\cbsidlm-cbsi183-Xirrus_WiFi_Inspector-SEO-75758254.exe
    2014-02-28 18:18 - 2014-02-28 18:17 - 175414136 _____ (NVIDIA Corporation) C:\Users\Dixie\Desktop\334.89-desktop-win8-win7-winvista-32bit-english-whql.exe
    2014-02-26 18:33 - 2008-03-23 12:26 - 00053990 _____ () C:\Windows\DPINST.LOG
    2014-02-26 18:33 - 2007-11-07 09:05 - 00000000 ____D () C:\Users\Dixie
    2014-02-26 18:32 - 2014-02-26 18:32 - 00000000 ____D () C:\Users\Dixie\Documents\Driver_138gE
    2014-02-26 18:29 - 2014-02-26 18:28 - 00000000 ____D () C:\Users\Dixie\AppData\Local\Akamai
    2014-02-26 18:28 - 2014-02-26 18:28 - 02309584 _____ () C:\Users\Dixie\Documents\Driver_138gE.zip
    2014-02-22 09:38 - 2014-02-22 09:38 - 00021028 _____ () C:\Users\Dixie\Desktop\origconfig.txt
    2014-02-22 09:26 - 2014-02-22 09:26 - 00000000 ____D () C:\Users\Dixie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
    2014-02-22 09:26 - 2013-11-18 08:36 - 00000000 ____D () C:\Users\Dixie\AppData\Local\Deployment
    2014-02-21 22:52 - 2014-02-21 22:52 - 00001247 _____ () C:\Users\Dixie\Desktop\connectivity.txt
    2014-02-21 17:05 - 2013-01-14 16:28 - 00001835 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2014-02-21 17:04 - 2013-11-09 14:32 - 00180248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
    2014-02-21 17:04 - 2013-01-14 16:28 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
    2014-02-21 17:04 - 2013-01-14 16:28 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
    2014-02-21 17:04 - 2013-01-14 16:28 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2014-02-21 17:04 - 2013-01-14 16:28 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
    2014-02-21 17:04 - 2013-01-14 16:28 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
    2014-02-21 17:04 - 2013-01-14 16:27 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2014-02-21 17:04 - 2013-01-14 16:27 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-02-20 22:52 - 2010-08-31 21:08 - 00000000 ____D () C:\ProgramData\NVIDIA
    2014-02-20 22:48 - 2014-02-20 22:48 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
    2014-02-20 22:48 - 2007-10-28 07:33 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
    2014-02-20 22:44 - 2014-02-20 22:44 - 00000000 ____D () C:\NVIDIA
    2014-02-20 22:41 - 2014-02-20 22:35 - 175414136 _____ (NVIDIA Corporation) C:\Users\Dixie\Downloads\334.89-desktop-win8-win7-winvista-32bit-english-whql.exe
    2014-02-20 22:30 - 2009-10-22 17:34 - 00001356 _____ () C:\Users\Dixie\AppData\Local\d3d9caps.dat
    2014-02-20 01:33 - 2014-03-13 16:07 - 01037734 _____ (Thisisu) C:\Users\Dixie\Desktop\JRT_NEW.exe
    2014-02-19 17:14 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\Msdtc
    2014-02-19 17:12 - 2007-11-07 09:32 - 00000000 ____D () C:\Users\Guest
    2014-02-19 17:12 - 2007-10-28 07:18 - 00000000 ____D () C:\Windows\system32\RTCOM
    2014-02-19 17:12 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\spool
    2014-02-19 17:12 - 2006-11-02 06:22 - 43515904 _____ () C:\Windows\system32\config\software_previous
    2014-02-19 17:12 - 2006-11-02 06:22 - 37224448 _____ () C:\Windows\system32\config\components_previous
    2014-02-19 17:12 - 2006-11-02 06:22 - 36438016 _____ () C:\Windows\system32\config\system_previous
    2014-02-19 17:12 - 2006-11-02 06:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
    2014-02-19 17:12 - 2006-11-02 06:22 - 00262144 _____ () C:\Windows\system32\config\default_previous
    2014-02-19 17:12 - 2006-11-02 06:22 - 00098304 _____ () C:\Windows\system32\config\sam_previous
    2014-02-19 17:11 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\registration
    2014-02-19 07:31 - 2014-02-18 19:05 - 00000680 _____ () C:\Users\Guest\AppData\Local\d3d9caps.dat
    2014-02-18 19:03 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Microsoft.NET
    2014-02-18 18:48 - 2013-08-23 21:49 - 00000000 ____D () C:\Windows\system32\MRT

    Some content of TEMP:
    ====================
    C:\Users\Dixie\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
    C:\Users\Dixie\AppData\Local\Temp\nsbE417.exe
    C:\Users\Dixie\AppData\Local\Temp\nsc3049.exe
    C:\Users\Dixie\AppData\Local\Temp\nsh2BD5.exe
    C:\Users\Dixie\AppData\Local\Temp\nshD853.exe
    C:\Users\Dixie\AppData\Local\Temp\nsr349D.exe
    C:\Users\Dixie\AppData\Local\Temp\nswDDDF.exe
    C:\Users\Dixie\AppData\Local\Temp\Quarantine.exe
    C:\Users\Dixie\AppData\Local\Temp\{1AF7BE13-82D4-499D-BB08-49CCB7536525}-33.0.1750.117_32.0.1700.107_chrome_updater.exe


    ==================== Bamital & volsnap Check =================

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\system32\winlogon.exe => MD5 is legit
    C:\Windows\system32\wininit.exe => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\services.exe => MD5 is legit
    C:\Windows\system32\User32.dll => MD5 is legit
    C:\Windows\system32\userinit.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit
    C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2014-03-13 16:46

    ==================== End Of Log ============================

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01
    Ran by Dixie at 2014-03-13 16:57:13
    Running from C:\Users\Dixie\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    32 Bit HP CIO Components Installer (Version: 6.1.2 - Hewlett-Packard) Hidden
    3ivx MPEG-4 5.0.3 (remove only) (HKLM\...\3ivx MPEG-4 5.0.3) (Version: 5.0.3 - 3ivx Technologies, Pty. Ltd.)
    Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.22.87 - Adobe Systems Incorporated)
    Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.4.402.287 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.05) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
    AIO_CDA_ProductContext (Version: 82.0.233.000 - Hewlett-Packard) Hidden
    Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)
    Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ArcSoft PhotoImpression 5 (HKLM\...\{EA57EFB9-A257-4DD0-BC6D-0FA5625F3421}) (Version: - ArcSoft)
    avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2013 - Avast Software)
    BlackBerry Device Software Updater (HKLM\...\{B0A92733-C870-415C-A494-DF72C2C58402}) (Version: 6.0.1.27 - Research In Motion Ltd)
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
    BufferChm (Version: 90.0.146.000 - Hewlett-Packard) Hidden
    Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6021.5000 - Microsoft Corporation)
    Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated) <==== ATTENTION
    Dell DataSafe Online (HKLM\...\{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}) (Version: 1.0.15 - Dell, Inc.)
    Dell Support Center (HKLM\...\{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}) (Version: 1.0.07192 - Dell)
    Dell System Customization Wizard (HKLM\...\{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}) (Version: 1.00.0000 - Dell Inc.)
    Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.5.0.19 - Dell)
    DellSupport (HKLM\...\{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}) (Version: 6.0.3075 - Dell)
    DeviceDiscovery (Version: 90.0.205.000 - Hewlett-Packard) Hidden
    DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    dj_sf_software (Version: 90.0.235.000 - Hewlett-Packard) Hidden
    ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
    Facebook Plug-In (HKCU\...\Facebook Plug-In) (Version: - Facebook, Inc.)
    FlipShare (HKLM\...\{F7F23DFB-31E1-B7EC-7A6D-7668B595ADAE}) (Version: 5.0.5.52727 - Flip Video)
    Games, Music, & Photos Launcher (HKLM\...\{3E25E350-949F-4DB7-8288-2A60E018B4C1}) (Version: 1.00.0000 - Dell Inc.)
    Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
    Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
    HiJackThis (HKLM\...\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}) (Version: 1.0.0 - Trend Micro)
    HP Imaging Device Functions 9.0 (HKLM\...\HP Imaging Device Functions) (Version: 9.0 - HP)
    HP Photosmart D110 All-In-One Driver 14.0 Rel. 7 (HKLM\...\{14BC6853-A74E-4874-B50D-679889D1544D}) (Version: 14.0 - HP)
    HP Smart Web Printing (HKLM\...\{415CDA53-9100-476F-A7B2-476691E117C7}) (Version: 2.15.7.0 - Hewlett-Packard)
    HP Update (HKLM\...\{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}) (Version: 4.000.006.003 - Hewlett-Packard)
    HPSSupply (HKLM\...\{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}) (Version: 2.2.0.0000 - Hewlett Packard Development Company L.P.)
    iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
    Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
    Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
    Macromedia Shockwave Player (HKLM\...\Macromedia Shockwave Player) (Version: - )
    Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
    Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
    Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
    Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
    Microsoft Encarta Encyclopedia Standard 2006 (HKLM\...\{06040048-3E21-46D6-9A91-D927BA08F41D}) (Version: 2006 - Microsoft Corporation)
    Microsoft Money 2006 (HKLM\...\Money2006b) (Version: 15 - Microsoft)
    Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
    Microsoft Streets & Trips 2006 (HKLM\...\{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}) (Version: 13.00.09.0200 - Microsoft Corporation)
    Microsoft VC9 runtime libraries (Version: 1.0.0 - AOL LLC) Hidden
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Word 2002 (HKLM\...\{911B0409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)
    Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
    Microsoft Works Suite 2006 Setup Launcher (HKLM\...\Works2006Setup) (Version: - )
    Microsoft Works Suite Add-in for Microsoft Word (HKLM\...\{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}) (Version: 8.0.0.0000 - Microsoft Corporation)
    Mobile Mouse Server (HKLM\...\{FECD0210-722B-4D1E-A5F2-7253D2EAA9B4}) (Version: 2.0.3.3 - RPA Tech, Inc)
    MobileMe Control Panel (HKLM\...\{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}) (Version: 3.1.6.0 - Apple Inc.)
    Move Media Player (HKCU\...\Move Media Player) (Version: - Move Networks)
    Mozilla Firefox 25.0 (x86 en-US) (HKLM\...\Mozilla Firefox 25.0 (x86 en-US)) (Version: 25.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 25.0 - Mozilla)
    Mozilla Thunderbird (3.0) (HKLM\...\Mozilla Thunderbird (3.0)) (Version: 3.0 (en-US) - Mozilla)
    MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Network (Version: 140.0.212.000 - Hewlett-Packard) Hidden
    Nuclear Coffee - DiscRipper (HKLM\...\DiscRipper_is1) (Version: - Nuclear Coffee)
    NVIDIA Control Panel 334.89 (Version: 334.89 - NVIDIA Corporation) Hidden
    NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9728 - NVIDIA Corporation)
    NVIDIA Graphics Driver 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 334.89 - NVIDIA Corporation)
    NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
    NVIDIANetworkDiagnostic (HKLM\...\InstallShield_{EFAD4066-CAF3-4B27-9669-12EED352C376}) (Version: 1.00.0000 - NVIDIA Corporation)
    NVIDIANetworkDiagnostic (Version: 1.00.0000 - NVIDIA Corporation) Hidden
    OpenOffice 4.0.1 (HKLM\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
    Paint.NET v3.36 (HKLM\...\{43602F34-1AA3-44FB-AEB2-D08C2C73743F}) (Version: 3.36.0 - dotPDN LLC)
    PanoStandAlone (Version: 90.0.146.000 - Hewlett-Packard) Hidden
    Product Documentation Launcher (HKLM\...\{89CEAE14-DD0F-448E-9554-15781EC9DB24}) (Version: 1.00.0000 - Dell Inc.)
    PS_AIO_07_D110_SW_Min (Version: 140.0.142.000 - Hewlett-Packard) Hidden
    PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
    QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )
    Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
    Roxio Creator BDAV Plugin (HKLM\...\{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}) (Version: 3.3.0 - Roxio)
    Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
    Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
    Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
    Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
    Roxio Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
    Roxio MyDVD DE (HKLM\...\{D639085F-4B6E-4105-9F37-A0DBB023E2FB}) (Version: 9.0.116 - Roxio, Inc.)
    Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio)
    Scan (Version: 140.0.77.000 - Hewlett-Packard) Hidden
    SDFormatter (HKLM\...\{5A347920-4AFC-11D5-9FB0-800649886934}) (Version: - )
    Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
    Status (Version: 90.0.146.000 - Hewlett-Packard) Hidden
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1042 - SUPERAntiSpyware.com)
    Switch Sound File Converter (HKLM\...\Switch) (Version: - NCH Software)
    TBS WMP Plug-in (HKLM\...\InstallShield_{DB5F474C-B584-417F-810B-DEBBC1893C2A}) (Version: 1.00.007 - CNN)
    TBS WMP Plug-in (Version: 1.00.007 - CNN) Hidden
    Toolbox (Version: 140.0.424.000 - Hewlett-Packard) Hidden
    TrayApp (Version: 90.0.146.000 - Hewlett-Packard) Hidden
    UnloadSupport (Version: 9.0.0 - Hewlett-Packard) Hidden
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
    User's Guides (HKLM\...\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}) (Version: - )
    Works Upgrade (Version: 8.0.0.0000 - Microsoft Corporation) Hidden
    Xirrus Wi-Fi Inspector (HKLM\...\{BBB21AB1-2C45-435D-A05A-B563072E7B9B}) (Version: 1.2.1.4 - Xirrus)

    ==================== Restore Points =========================

    19-02-2014 21:07:41 Restore Operation
    21-02-2014 02:47:34 Device Driver Package Install: NVIDIA Display adapters
    21-02-2014 21:03:21 avast! antivirus system restore point
    22-02-2014 01:39:35 scans clean.
    22-02-2014 16:27:23 Scheduled Checkpoint
    23-02-2014 05:00:00 Scheduled Checkpoint
    24-02-2014 05:00:00 Scheduled Checkpoint
    25-02-2014 05:00:01 Scheduled Checkpoint
    26-02-2014 05:00:00 Scheduled Checkpoint
    26-02-2014 22:25:22 before wlan driver
    26-02-2014 22:27:54 Installed Akamai NetSession Interface
    26-02-2014 22:33:25 Device Driver Package Install: ASUS Network adapters
    28-02-2014 05:00:00 Scheduled Checkpoint
    28-02-2014 23:33:09 Scheduled Checkpoint
    02-03-2014 05:00:00 Scheduled Checkpoint
    03-03-2014 05:00:00 Scheduled Checkpoint
    04-03-2014 05:00:00 Scheduled Checkpoint
    04-03-2014 21:10:38 Installed Xirrus Wi-Fi Inspector
    06-03-2014 05:00:01 Scheduled Checkpoint
    07-03-2014 05:00:01 Scheduled Checkpoint
    08-03-2014 05:00:00 Scheduled Checkpoint
    09-03-2014 05:00:00 Scheduled Checkpoint
    10-03-2014 04:00:02 Scheduled Checkpoint
    11-03-2014 04:00:00 Scheduled Checkpoint
    12-03-2014 04:00:00 Scheduled Checkpoint
    13-03-2014 04:00:02 Scheduled Checkpoint

    ==================== Hosts content: ==========================

    2006-11-02 06:23 - 2009-11-11 20:38 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    Task: {18FA82C6-0FF2-430E-B8F8-F705D07E51AF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-01-14] (Google Inc.)
    Task: {19757A95-9508-4C99-A94F-04B757939B83} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-02-21] (AVAST Software)
    Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
    Task: {35D014A6-B894-4515-9DC8-AFA91EB0A2B3} - System32\Tasks\{2EB4B80D-1F33-4B35-A74C-698D70C84B6A} => C:\Program Files\Skype\Phone\Skype.exe
    Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
    Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
    Task: {4AF9D298-4941-42A1-B8AE-2117286D4094} - System32\Tasks\Orb Startup => C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
    Task: {659D3ABC-5C33-4B4B-9BDD-7E69FC200072} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
    Task: {67447C43-79C1-45BD-8146-4D40F9037EA3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {6B0F09CF-5EAA-4261-83E9-F923A9D65093} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-01-14] (Google Inc.)
    Task: {6D357F46-D528-4430-9280-F29A09D0797A} - \{7B02EF0B-A410-4938-8480-9BA26420A627} No Task File
    Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
    Task: {E75E04E6-363A-4D0B-ADAC-EF9B356B1799} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-03-13 16:11 - 2014-03-13 13:32 - 02186752 _____ () C:\Program Files\AVAST Software\Avast\defs\14031301\algo.dll
    2008-01-05 16:26 - 2007-01-31 23:11 - 00102400 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\dlbcpp5c.dll
    2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2009-11-19 11:26 - 2009-11-19 11:26 - 00455944 _____ () C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    2009-11-19 11:14 - 2009-11-19 11:14 - 01581056 _____ () C:\Program Files\Flip Video\FlipShare\QtCore4.dll
    2009-11-19 11:26 - 2009-11-19 11:26 - 02174976 _____ () C:\Program Files\Flip Video\FlipShare\Core.dll
    2009-11-19 11:14 - 2009-11-19 11:14 - 00188416 _____ () C:\Program Files\Flip Video\FlipShare\QtSql4.dll
    2009-11-19 11:14 - 2009-11-19 11:14 - 00356352 _____ () C:\Program Files\Flip Video\FlipShare\QtXml4.dll
    2009-11-19 11:14 - 2009-11-19 11:14 - 06443008 _____ () C:\Program Files\Flip Video\FlipShare\QtGui4.dll
    2009-11-19 11:18 - 2009-11-19 11:18 - 00708608 _____ () C:\Program Files\Flip Video\FlipShare\qca2.dll
    2010-02-16 12:05 - 2005-06-28 14:59 - 00053248 _____ () C:\Program Files\ArcSoft\PhotoImpression 5\Share\PIHook.dll
    2013-11-09 14:37 - 2013-11-09 14:37 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2010-11-29 15:33 - 2010-11-29 15:33 - 01040552 _____ () C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
    2010-05-12 15:06 - 2010-05-12 15:06 - 00025600 _____ () C:\Program Files\Air Mouse\Air Mouse\BonjourService.dll

    ==================== Alternate Data Streams (whitelisted) =========


    ==================== Safe Mode (whitelisted) ===================

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"

    ==================== Disabled items from MSCONFIG ==============

    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: DellSupport => "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    MSCONFIG\startupreg: dscactivate => c:\dell\dsca.exe 3
    MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    MSCONFIG\startupreg: Malwarebytes Anti-Malware (reboot) => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide

    ==================== Faulty Device Manager Devices =============

    Name: Photosmart D110 series
    Description: Photosmart D110 series
    Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
    Manufacturer: HP
    Service:
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============
    Error: (03/13/2014 04:40:28 PM) (Source: Service Control Manager) (User: )
    Description: Photoshop Elements Device Connect%%2

    Error: (03/13/2014 04:40:28 PM) (Source: Service Control Manager) (User: )
    Description: LogMeIn Kernel Information Provider%%3

    Error: (03/13/2014 04:40:28 PM) (Source: Service Control Manager) (User: )
    Description: Parallel port driver%%1058


    Microsoft Office Sessions:
    =========================

    CodeIntegrity Errors:
    ===================================
    Date: 2014-03-13 16:57:04.871
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-03-13 16:57:04.481
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-03-13 16:57:04.123
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-03-13 16:57:03.733
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-02-21 20:09:33.374
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6000.16386_none_32a3e3ecf533e7fe\fveapi.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-02-21 20:09:33.046
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6000.16386_none_32a3e3ecf533e7fe\fveapi.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-02-21 20:09:32.703
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6000.16386_none_32a3e3ecf533e7fe\fveapi.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-02-21 20:09:32.360
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6000.16386_none_32a3e3ecf533e7fe\fveapi.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-02-21 20:09:32.032
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6000.16386_none_32a3e3ecf533e7fe\fveapi.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-02-21 20:09:31.689
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6000.16386_none_32a3e3ecf533e7fe\fveapi.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Percentage of memory in use: 35%
    Total physical RAM: 3325.57 MB
    Available physical RAM: 2138.15 MB
    Total Pagefile: 6873.63 MB
    Available Pagefile: 5739.52 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1900.52 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:222.78 GB) (Free:127.63 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.13 GB) NTFS
    Drive j: (New Volume) (Fixed) (Total:149.05 GB) (Free:148.77 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 48000000)
    Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
    Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
    Partition 3: (Active) - (Size=223 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 06BC18C3)
    Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  12. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    We have a bit of cleaning up to do.

    Please uninstall this, as it is Adware: Coupon Printer for Windows

    Then please follow this to remove Adware remnants and one item that JRT failed to take out.

    When done please run Adwcleaner and JRT again and post both of the new logs produced, please also post the log from this process below:

    Download the attachment at the bottom of this post by clicking on it and save it in the same location as FRST.

    • Launch FRST by double clicking on it.
    • When the FRST window opens click on the Fix button just once and wait.
    • The tool will make a log in the same location the program is run from (Fixlog.txt) please Copy & Paste it into your next reply.
     

    Attached Files:

  13. patmac

    patmac Thread Starter

    Joined:
    May 14, 2004
    Messages:
    1,002
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014 01
    Ran by Dixie at 2014-03-14 16:04:15 Run:1
    Running from C:\Users\Dixie\Desktop
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    GroupPolicyUsers\S-1-5-21-3034978800-2221467198-3967934401-1001\User: Group Policy restriction detected <======= ATTENTION
    HKLM\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVDNkQtS1JORjQtOUhSWEotQUtUSzMtTFI2UFEtTkpTQUg"&"inst=NzctMTg2Mjc 4NDQxMy1VOTArMS1UUCsxLVBMKzgtU1AxKzEtU1AxVEIrMS1TVVArMi1TUDFTMisxLUREVCswLU REMTArMS1TVDEwQVBQKzEtUDEwTTEyQysxLVRCTisxLUZVSSsyLVAxME1IKzEtVEJWVVBHKzEyL VAxME1HT0ZGKzEtVEJDVisxLUMxMFUrMTExMy1GMTBVMTMrMS1GMTBVMTNWKzEtRjEwVTEzUysz LUNJRDY1KzE"&"prod=90"&"ver=10.0.1427
    HKU\S-1-5-21-3034978800-2221467198-3967934401-1002\...\Run: [ROC_ROC_JAN2013_AV] - C:\Users\Dixie\AppData\Roaming\AVG January 2013 Campaign\ROC_JAN2013_AV.exe /PROMPT --mid eef3fc518d5969db7ee63f2381c8340d-09b8b9d5b609811485e79b3397480494bb9fa5f8
    SearchScopes: HKLM - DefaultScope value is missing.
    SearchScopes: HKCU - URL http://search.conduit.com/Results.a...tid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM= 4&UP=SP4BC34392-893D-4091-A6DF-A5EB256CBF3D&q={searchTerms}&SSPV=
    SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
    Toolbar: HKLM - BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll No File
    Toolbar: HKCU - BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll No File
    FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml
    FF Extension: BearShare MediaBar - C:\Program Files\Mozilla Firefox\extensions\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} [2013-11-13]
    CHR DefaultSearchProvider: Conduit Search
    CHR DefaultNewTabURL:
    S4 LMIRfsClientNP; No ImagePath
    Task: {6D357F46-D528-4430-9280-F29A09D0797A} - \{7B02EF0B-A410-4938-8480-9BA26420A627} No Task File
    *****************

    C:\Windows\system32\GroupPolicyUsers\S-1-5-21-3034978800-2221467198-3967934401-1001\User => Moved successfully.
    C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\AvgUninstallURL => Value deleted successfully.
    HKU\S-1-5-21-3034978800-2221467198-3967934401-1002\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_ROC_JAN2013_AV => Value deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL http://search.conduit.com/Results.a...tid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM= => Value not found.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => Value deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} => Value deleted successfully.
    HKCR\CLSID\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} => Key deleted successfully.
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} => Value deleted successfully.
    HKCR\CLSID\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} => Key not found.
    C:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml => Moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} => Moved successfully.
    CHR DefaultSearchProvider: Conduit Search ==> The Chrome "Settings" can be used to fix the entry.
    LMIRfsClientNP => Service deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6D357F46-D528-4430-9280-F29A09D0797A} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D357F46-D528-4430-9280-F29A09D0797A} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7B02EF0B-A410-4938-8480-9BA26420A627} => Key deleted successfully.


    The system needed a reboot.

    ==== End of Fixlog ====
     
  14. patmac

    patmac Thread Starter

    Joined:
    May 14, 2004
    Messages:
    1,002
    Hope you wanted me to select "Clean"......

    # AdwCleaner v3.022 - Report created 14/03/2014 at 16:18:55
    # Updated 13/03/2014 by Xplode
    # Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
    # Username : Dixie - DIXIE-PC
    # Running from : C:\Users\Dixie\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}

    ***** [ Browsers ] *****

    -\\ Internet Explorer v9.0.8112.16520


    -\\ Mozilla Firefox v25.0 (en-US)

    [ File : C:\Users\Dixie\AppData\Roaming\Mozilla\Firefox\Profiles\27oct4gy.default\prefs.js ]


    -\\ Google Chrome v33.0.1750.146

    [ File : C:\Users\Dixie\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [25502 octets] - [10/11/2013 17:05:47]
    AdwCleaner[R1].txt - [2599 octets] - [04/03/2014 17:35:09]
    AdwCleaner[R2].txt - [1707 octets] - [13/03/2014 16:36:09]
    AdwCleaner[R3].txt - [1377 octets] - [14/03/2014 16:17:52]
    AdwCleaner[S0].txt - [26092 octets] - [10/11/2013 17:14:33]
    AdwCleaner[S1].txt - [2448 octets] - [04/03/2014 17:36:05]
    AdwCleaner[S2].txt - [1731 octets] - [13/03/2014 16:38:29]
    AdwCleaner[S3].txt - [1300 octets] - [14/03/2014 16:18:55]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1360 octets] ##########
     
  15. patmac

    patmac Thread Starter

    Joined:
    May 14, 2004
    Messages:
    1,002
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.2 (02.20.2014:1)
    OS: Windows Vista (TM) Home Premium x86
    Ran by Dixie on Fri 03/14/2014 at 16:27:37.06
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Fri 03/14/2014 at 16:30:59.32
    Computer was rebooted
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1121315

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice