Recommended Posts

Howdy and welcome to BestTechie !!!  

My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer.

Run these 1 at a time & post each log as you get it ! Work them as your time permits you to !!

If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!
Do Not Remove anything or run any tools/programs until advised to do so !

Perform all actions in the order given.

Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up !  
You can do these as your time permits you, you can start the scans and walk away for a while, there will be a log when scan is done ...... copy & paste it into your topic, sometimes you have to click inside the box more than 1 time for it to work, then paste there !

Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections.  

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.  


===================================


AdwCleaner
       
Please download adwcleaner by Xplode onto your desktop.
Double click on AdwCleaner.exe to run the tool again.
       Windows XP : Double click on the icon to run it.

       Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"-

    *Click on the Scan button.
    *AdwCleaner will begin to scan your computer like it did before.
    *After the scan has finished .......
    
    This time, click on the Clean button.
    
    *Press OK when asked to close all programs and follow the onscreen prompts.
    *Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    *After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    *Copy and paste the contents of that logfile in your next reply.
    *A copy of that logfile will also be saved in the C:\AdwCleaner folder.



NEXT

thisisujrt-1.gif
    Please download Junkware Removal Tool and save to your desk top.

    Shut down your protection software now to avoid potential conflicts.

    * Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    * The tool will open and start scanning your system.
    * Please be patient as this can take a while to complete depending on your system's specifications.
    * On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    * Post the contents of JRT.txt into your next reply !

Re-Boot your computer now !!



NEXT



Full System Scan with Malwarebytes Antimalware
 

    Please download http://www.malwarebytes.org/mbam-download.php Malwarebytes !

    Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    At the end, be sure a checkmark is placed next to the following:
        Launch Malwarebytes Anti-Malware
        A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    Click Finish.

    Run Malwarebytes Antimalware
    On the Dashboard, click the 'Update Now >>' link if it does not ask you to Update !
    After the update completes, click the 'Scan Now >>' button.
    Or, on the Dashboard, click the Scan Now >> button.
    If an update is available, click the Update Now button.
    A Threat Scan will begin.
    When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    In most cases, a restart will be required.
    Wait for the prompt to restart the computer to appear, then click on Yes.


    After the restart once you are back at your desktop, open MBAM once more.
    Click on the History tab > Application Logs.
    Double click on the scan log which shows the Date and time of the scan just performed.
    Click 'Copy to Clipboard'
    Paste the contents of the clipboard into your reply.


Post next:
1. AdwCleaner Log
2. Junkware Removal Log
3. Malwarebytes log

Thanks
Chuck

Link to post
Share on other sites

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{FE6F06FB-0FC0-4499-828F-EE48088F504F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B3B5C47E-61F7-4D81-AF06-461FC86686CE}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3B181CF2-878B-4758-8FBD-59D8AC5AB12D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{490A5A0F-1471-47FF-8BB5-719F1F5238AD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Inbox Toolbar
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Inbox Toolbar
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Websteroids
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

-\\ Google Chrome v

[ File : C:\Users\katy\AppData\Local\Google\Chrome\User Data\Default\preferences ]








Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
Deleted [Extension] : gaiilaahiahdejapggenmdmafpmbipje

*************************

AdwCleaner[R0].txt - [23122 octets] - [03/06/2014 14:58:45]
AdwCleaner[R1].txt - [18655 octets] - [03/06/2014 15:02:53]
AdwCleaner[s0].txt - [4697 octets] - [03/06/2014 15:00:43]
AdwCleaner[s1].txt - [17369 octets] - [03/06/2014 15:03:28]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [17430 octets] ##########
 

Link to post
Share on other sites

# AdwCleaner v3.211 - Report created 03/06/2014 at 15:03:28
# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : katy - TLGARDEN
# Running from : C:\Users\katy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TPZ4IKI3\adwcleaner_3.211.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\katy\AppData\Local\Websteroids
Folder Deleted : C:\Users\katy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduitapps.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\inbox.appserver
Key Deleted : HKLM\SOFTWARE\Classes\inbox.ibx404
Key Deleted : HKLM\SOFTWARE\Classes\Inbox.JSServer
Key Deleted : HKLM\SOFTWARE\Classes\Inbox.Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\inbox
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Websteroids_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Websteroids_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebsteroidsService_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebsteroidsService_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [inboxToolbar]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3061355
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [starfield Updater]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [TotalRecipeSearch_14 Browser Plugin Loader]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [MyScrapNook_12 Browser Plugin Loader]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0214754E-4E7D-4589-829D-E2523E6A3085}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{65F159FB-5F5E-46F4-B45D-CCFA236D2073}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE6F06FB-0FC0-4499-828F-EE48088F504F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0214754E-4E7D-4589-829D-E2523E6A3085}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65F159FB-5F5E-46F4-B45D-CCFA236D2073}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0214754E-4E7D-4589-829D-E2523E6A3085}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{042DA63B-0933-403D-9395-B49307691690}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{65F159FB-5F5E-46F4-B45D-CCFA236D2073}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE6F06FB-0FC0-4499-828F-EE48088F504F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0214754E-4E7D-4589-829D-E2523E6A3085}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{65F159FB-5F5E-46F4-B45D-CCFA236D2073}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE6F06FB-0FC0-4499-828F-EE48088F504F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{FE6F06FB-0FC0-4499-828F-EE48088F504F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B3B5C47E-61F7-4D81-AF06-461FC86686CE}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3B181CF2-878B-4758-8FBD-59D8AC5AB12D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{490A5A0F-1471-47FF-8BB5-719F1F5238AD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Inbox Toolbar
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Inbox Toolbar
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Websteroids
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

-\\ Google Chrome v

[ File : C:\Users\katy\AppData\Local\Google\Chrome\User Data\Default\preferences ]








Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
Deleted [Extension] : gaiilaahiahdejapggenmdmafpmbipje

*************************

AdwCleaner[R0].txt - [23122 octets] - [03/06/2014 14:58:45]
AdwCleaner[R1].txt - [18655 octets] - [03/06/2014 15:02:53]
AdwCleaner[s0].txt - [4697 octets] - [03/06/2014 15:00:43]
AdwCleaner[s1].txt - [17369 octets] - [03/06/2014 15:03:28]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [17430 octets] ##########
 

Link to post
Share on other sites

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{FE6F06FB-0FC0-4499-828F-EE48088F504F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B3B5C47E-61F7-4D81-AF06-461FC86686CE}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3B181CF2-878B-4758-8FBD-59D8AC5AB12D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{490A5A0F-1471-47FF-8BB5-719F1F5238AD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Inbox Toolbar
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Inbox Toolbar
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Websteroids
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

-\\ Google Chrome v

[ File : C:\Users\katy\AppData\Local\Google\Chrome\User Data\Default\preferences ]








Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
Deleted [Extension] : gaiilaahiahdejapggenmdmafpmbipje

*************************

AdwCleaner[R0].txt - [23122 octets] - [03/06/2014 14:58:45]
AdwCleaner[R1].txt - [18655 octets] - [03/06/2014 15:02:53]
AdwCleaner[s0].txt - [4697 octets] - [03/06/2014 15:00:43]
AdwCleaner[s1].txt - [17369 octets] - [03/06/2014 15:03:28]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [17430 octets] ##########
 

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by katy on Wed 06/04/2014 at 14:07:18.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 06/04/2014 at 14:41:02.27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Link to post
Share on other sites

Lynn post the Malwarebytes log when you get it !!

 

After you have run the scan you can find a log here :

After the restart once you are back at your desktop, open MBAM once more.
    Click on the History tab > Application Logs.
    Double click on the scan log which shows the Date and time of the scan just performed.
    Click 'Copy to Clipboard'
    Paste the contents of the clipboard into your reply.

 

Thanks

Chuck

 

I will have 1 more program for you to run unless we find some baddies in the Malwarebytes log !!

Link to post
Share on other sites

Lynn i am going to post the last program (hopefully) so that if you get on here you can run it for me & then i will write up a fix for stuff we find !!

 

I will need the Malwarebytes lof before you continue !!!

 

Download OldTimer to your desk top !
Links: http://oldtimer.geekstogo.com/OTL.com http://oldtimer.geekstogo.com/OTL.scr  
 
If you already have a copy of OTL delete it and use this version.  (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

* Double click OTL.exe to launch the program.
* Check the following.

o Scan all users.
o Standard Output. o Lop check.
o Purity check. oExtra Registry > Use SafeList  

* Under Extra Registry section, select Use SafeList
* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
* When finished it will produce two logs.

o OTL.txt (open on your desktop).
o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL.

* Please post me both logs. This may have to be broken into more than one post !   
 

 

I will read threw the log & write a fix for you next !!

 

Thanks

Chuck

Link to post
Share on other sites

Lynn it's not here malwarebytes log, can you try again to copy & paste it here for me ???

 

Then i want you to run the OTL program mentioned above & paste me the logs, they will be pretty long !!

 

Thanks

Chuck

Link to post
Share on other sites

OTL logfile created on: 6/5/2014 4:46:18 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\katy\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.80 Gb Total Physical Memory | 4.69 Gb Available Physical Memory | 60.17% Memory free
15.60 Gb Paging File | 11.45 Gb Available in Paging File | 73.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 565.59 Gb Total Space | 474.35 Gb Free Space | 83.87% Space Free | Partition Type: NTFS
Drive D: | 30.29 Gb Total Space | 4.45 Gb Free Space | 14.69% Space Free | Partition Type: NTFS
Drive F: | 99.34 Mb Total Space | 84.20 Mb Free Space | 84.76% Space Free | Partition Type: FAT32
 
Computer Name: TLGARDEN | User Name: katy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/06/05 16:45:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\katy\Downloads\OTL.com
PRC - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/05/12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/05/11 00:52:43 | 000,265,040 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\n360.exe
PRC - [2014/03/24 14:49:54 | 000,342,312 | ---- | M] (Smilebox, Inc.) -- C:\Users\Guest\AppData\Roaming\Smilebox\SmileboxTray.exe
PRC - [2014/03/11 23:36:06 | 000,247,968 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
PRC - [2013/12/18 12:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/07/22 08:15:10 | 001,187,040 | ---- | M] (Starfield Technologies) -- C:\Program Files (x86)\Workspace\offSyncService.exe
PRC - [2013/06/28 18:48:04 | 000,014,624 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2013/05/31 09:50:38 | 001,176,904 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2013/05/31 09:49:38 | 001,182,024 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
PRC - [2013/05/31 09:02:22 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2011/08/19 22:31:14 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2011/06/14 15:29:22 | 000,587,320 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2011/06/14 15:29:22 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/03/21 15:05:32 | 002,113,536 | ---- | M] (NCP) -- C:\Program Files (x86)\National Consumer Panel\NCP Internet Transporter\HSTrans.exe
PRC - [2010/11/09 16:16:22 | 000,154,816 | ---- | M] (Zecter Inc.) -- C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\zumodrive.exe
PRC - [2010/09/28 13:59:06 | 001,040,952 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
PRC - [2010/09/15 13:30:08 | 000,739,664 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
PRC - [2010/09/11 03:02:22 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2010/09/03 19:13:30 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/05/01 11:21:14 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/05/01 11:21:14 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/03/11 15:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/06/03 16:33:20 | 000,379,904 | ---- | M] () -- C:\Users\katy\AppData\Local\Temp\libsqlitejdbc-2582155288808371026.lib
MOD - [2014/06/03 16:33:14 | 000,199,168 | ---- | M] () -- C:\Users\katy\AppData\Local\Temp\WindowsAPI.dll2736228482087617196.lib
MOD - [2013/09/05 01:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2013/05/31 09:50:12 | 000,138,568 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\QBMAPILibrary.dll
MOD - [2013/05/31 09:50:10 | 000,021,320 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\QBCompressor.DLL
MOD - [2013/05/31 09:50:02 | 000,042,824 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\mbpopup.dll
MOD - [2013/05/31 09:49:44 | 000,269,128 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\boost_regex-vc90-mt-p-1_33.dll
MOD - [2013/05/31 09:49:44 | 000,176,968 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\boost_serialization-vc90-mt-p-1_33.dll
MOD - [2013/05/31 09:49:42 | 000,380,744 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\BackupLib.dll
MOD - [2011/08/19 22:30:50 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\zlib1.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2004/07/19 12:06:58 | 000,520,192 | ---- | M] () -- C:\Program Files (x86)\National Consumer Panel\NCP Internet Transporter\c4dll.dll
MOD - [2003/05/28 07:55:30 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\National Consumer Panel\NCP Internet Transporter\ssleay32.dll
MOD - [2003/05/28 07:55:28 | 000,684,032 | ---- | M] () -- C:\Program Files (x86)\National Consumer Panel\NCP Internet Transporter\libeay32.dll
MOD - [2002/09/12 08:29:46 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\National Consumer Panel\NCP Internet Transporter\zlib.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/03/06 02:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/01/09 07:15:48 | 001,025,408 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/05/13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/09/15 13:30:34 | 000,440,144 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV:64bit: - [2010/09/09 16:26:44 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/08/05 20:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/07/22 20:19:24 | 000,263,168 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/07/21 15:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/02/23 09:38:54 | 002,192,176 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2009/03/03 20:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2014/05/14 09:44:20 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/05/11 00:52:43 | 000,265,040 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\N360.exe -- (N360)
SRV - [2014/03/11 23:36:06 | 000,247,968 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE -- (BBUpdate)
SRV - [2014/03/11 23:36:06 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE -- (BBSvc)
SRV - [2013/12/18 12:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/04 19:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/07/22 08:15:10 | 001,187,040 | ---- | M] (Starfield Technologies) [Auto | Running] -- C:\Program Files (x86)\Workspace\offSyncService.exe -- (File Backup)
SRV - [2013/06/28 18:48:04 | 000,014,624 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2013/05/31 09:02:22 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/08/19 22:31:14 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2011/08/19 22:30:58 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2011/06/14 15:29:22 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/10/25 14:53:46 | 000,145,920 | ---- | M] (HP) [Auto | Stopped] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2010/09/21 17:52:04 | 000,245,232 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe -- (CLKMSVC10_C6F09094)
SRV - [2010/09/11 03:02:22 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/06/18 19:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/06/01 17:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/01 11:21:14 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/05/01 11:21:14 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/11 15:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/02/23 09:19:02 | 001,799,472 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/06/05 10:35:13 | 000,122,584 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/05/12 16:27:56 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2014/05/12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/04/29 09:06:25 | 000,050,464 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2014/03/03 22:18:12 | 001,148,120 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symefa64.sys -- (SymEFA)
DRV:64bit: - [2014/02/24 20:44:39 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2014/02/17 19:32:41 | 000,593,112 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symnets.sys -- (SymNetS)
DRV:64bit: - [2014/02/12 19:59:49 | 000,875,736 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2014/01/07 03:47:06 | 000,014,872 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2013/10/30 01:26:19 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symds64.sys -- (SymDS)
DRV:64bit: - [2013/10/30 00:48:51 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/10/30 00:32:37 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/06/22 11:01:32 | 000,022,704 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EsgScanner.sys -- (EsgScanner)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/03/18 13:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2011/03/18 13:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/17 02:28:38 | 001,403,440 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/12/07 01:30:00 | 000,023,576 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hppdfaxio.sys -- (HPFXFAX)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 03:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/10/03 05:06:58 | 000,022,040 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hppdbulkio.sys -- (HPFXBULKLEDM)
DRV:64bit: - [2010/09/09 16:45:34 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/09/09 15:52:50 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/09/03 19:13:32 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/09/02 00:52:50 | 003,065,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/07/28 16:10:42 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010/07/28 16:10:42 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/07/22 20:19:24 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/06/24 11:10:56 | 000,344,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/05/06 07:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/05/01 11:21:00 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2010/04/13 11:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/01/12 08:31:04 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/10/27 06:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2014/05/12 01:49:42 | 000,525,016 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\IPSDefs\20140604.002\IDSviA64.sys -- (IDSVia64)
DRV - [2014/05/12 01:00:00 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\VirusDefs\20140605.004\ex64.sys -- (NAVEX15)
DRV - [2014/05/12 01:00:00 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2014/05/12 01:00:00 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\VirusDefs\20140605.004\eng64.sys -- (NAVENG)
DRV - [2014/05/09 19:07:23 | 001,530,160 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\BASHDefs\20140510.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Notebooks
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Notebooks
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com
IE - HKCU\..\URLSearchHook: {8a7d2060-824d-4b17-b00a-759b1b5f30d9} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKCU\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Notebooks
IE - HKCU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@photoproduct.rocketlife.com/RocketLife App Viewer;version=0.8:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/off: C:\Users\katy\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/off64: C:\Users\katy\AppData\Roaming\Mozilla\Plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe: C:\Users\katy\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe64: C:\Users\katy\AppData\Roaming\Mozilla\Plugins\npwbe64.dll (Starfield Technology, LLC)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\katy\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\katy\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2011/02/08 03:07:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\IPSFF [2014/05/12 16:29:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\coFFPlgn\ [2014/06/03 16:34:17 | 000,000,000 | ---D | M]
 
[2012/10/11 14:42:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\katy\AppData\Roaming\mozilla\Extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Conduit Search (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url = http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms},
CHR - plugin: Default Profile (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Error reading preferences file
CHR - Extension: YouTube = C:\Users\katy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\katy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: HP Product Detection Plugin = C:\Users\katy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\
CHR - Extension: Google Wallet = C:\Users\katy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\katy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\coieplg.dll (Symantec Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\coieplg.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {a0154e07-2b48-475c-a82a-80efd84ea33e} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A0154E07-2B48-475C-A82A-80EFD84EA33E} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HP LaserJet Professional CM1410 Series Fax] C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Corel File Shell Monitor] c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe File not found
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [MegaPanel] C:\Program Files (x86)\National Consumer Panel\NCP Internet Transporter\HSTrans.exe (NCP)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ToolboxFX] C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [ZumoDrive] C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk ()
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://kindermusikevents.webex.com/client/T27LC/nbr/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 69.145.248.92 69.146.17.5 69.144.49.28
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0194E4DD-5094-4B3A-BD7D-7A30651A335A}: DhcpNameServer = 69.145.248.92 69.146.17.5 69.144.49.28
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D543D32A-4483-40F7-A751-6403BC3C9600}: DhcpNameServer = 69.145.248.92 69.146.17.5 69.144.49.28
O18:64bit: - Protocol\Handler\intu-help-qb5 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe) - C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences Pro\FencesMenu64.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/06/03 17:09:55 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1ce5e927-00c9-11e2-ae3d-b70c0c46e3a0}\Shell - "" = AutoRun
O33 - MountPoints2\{1ce5e927-00c9-11e2-ae3d-b70c0c46e3a0}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{5fa98595-6424-11e3-a1e3-f81f58d56a0b}\Shell - "" = AutoRun
O33 - MountPoints2\{5fa98595-6424-11e3-a1e3-f81f58d56a0b}\Shell\AutoRun\command - "" = G:\VZW_Software_upgrade_assistant.exe
O33 - MountPoints2\{6f527504-889e-11e0-b653-e677173e3a4a}\Shell - "" = AutoRun
O33 - MountPoints2\{6f527504-889e-11e0-b653-e677173e3a4a}\Shell\AutoRun\command - "" = F:\WIN\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/06/04 07:22:08 | 000,000,000 | ---D | C] -- C:\Users\katy\AppData\Local\{D2F9AB5F-FC2B-4B97-8EFF-94EA11FE7735}
[2014/06/03 17:09:15 | 000,000,000 | ---D | C] -- C:\Users\katy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2014/06/03 17:09:15 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2014/06/03 17:09:15 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2014/06/03 17:08:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2014/06/03 15:59:43 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/06/03 15:59:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/06/03 15:59:24 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/06/03 15:59:24 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/06/03 15:59:24 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/06/03 15:59:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/06/03 15:59:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/06/03 15:59:04 | 000,000,000 | ---D | C] -- C:\Users\katy\AppData\Local\Programs
[2014/06/03 15:26:17 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/06/03 14:59:07 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/06/03 14:57:52 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/06/03 14:17:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SparkTrust
[2014/05/16 07:16:37 | 000,593,112 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symnets.sys
[2014/05/16 07:16:37 | 000,023,568 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symelam.sys
[2014/05/16 07:16:36 | 001,148,120 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symefa64.sys
[2014/05/16 07:16:36 | 000,875,736 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\srtsp64.sys
[2014/05/16 07:16:36 | 000,493,656 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symds64.sys
[2014/05/16 07:16:36 | 000,264,280 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\ironx64.sys
[2014/05/16 07:16:36 | 000,162,392 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\ccsetx64.sys
[2014/05/16 07:16:36 | 000,036,952 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\srtspx64.sys
[2014/05/16 07:16:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\1503000.00C
[2014/05/15 07:19:55 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/05/15 07:19:54 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/05/15 07:19:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2014/05/14 09:07:51 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/05/14 09:07:51 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/05/14 09:07:31 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/05/14 09:07:30 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014/05/14 09:07:30 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014/05/14 09:07:30 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2014/05/14 09:07:29 | 005,550,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014/05/14 09:07:29 | 000,722,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\objsel.dll
[2014/05/14 09:07:28 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\objsel.dll
[2014/05/14 09:07:27 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2014/05/14 09:07:27 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2014/05/14 09:07:27 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cngprovider.dll
[2014/05/14 09:07:27 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adprovider.dll
[2014/05/14 09:07:27 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\capiprovider.dll
[2014/05/14 09:07:27 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpapiprovider.dll
[2014/05/14 09:07:27 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cngprovider.dll
[2014/05/14 09:07:27 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adprovider.dll
[2014/05/14 09:07:27 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capiprovider.dll
[2014/05/14 09:07:27 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpapiprovider.dll
[2014/05/14 09:07:27 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dimsroam.dll
[2014/05/14 09:07:27 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wincredprovider.dll
[2014/05/14 09:07:27 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dimsroam.dll
[2014/05/14 09:07:27 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wincredprovider.dll
[2014/05/14 09:07:27 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2014/05/14 09:07:27 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2014/05/12 16:27:56 | 000,177,752 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/05/12 16:27:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2014/05/12 16:27:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2014/05/12 16:27:15 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2014/05/12 16:27:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2014/05/12 16:27:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2014/05/12 16:25:00 | 000,000,000 | ---D | C] -- C:\Users\katy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2014/05/07 07:12:33 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\katy\Documents\*.tmp files -> C:\Users\katy\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/06/05 16:46:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/05 16:44:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/05 16:41:22 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\SparkTrust Update Version3_triggeronce.job
[2014/06/05 16:35:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1088976694-2554424875-1366521304-1001UA.job
[2014/06/05 16:35:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1088976694-2554424875-1366521304-1001Core.job
[2014/06/05 16:29:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1088976694-2554424875-1366521304-1003UA.job
[2014/06/05 16:18:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/05 12:58:33 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/05 12:58:29 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2014/06/05 10:35:13 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/06/05 07:26:30 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/06/05 07:18:41 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/05 07:18:41 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/05 07:03:24 | 000,000,462 | ---- | M] () -- C:\Windows\tasks\SparkTrust Registration3.job
[2014/06/05 07:03:23 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1088976694-2554424875-1366521304-1003Core.job
[2014/06/05 07:03:23 | 000,000,643 | ---- | M] () -- C:\Windows\tasks\SparkTrust PC Cleaner Plus_sch_0BF92B28-EB5C-11E3-9889-F42ECBEA7CAA.job
[2014/06/03 17:09:55 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2014/06/03 17:09:16 | 000,002,256 | ---- | M] () -- C:\Users\katy\Desktop\SpyHunter.lnk
[2014/06/03 16:30:02 | 1988,513,791 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/03 15:05:57 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\SparkTrust Update Version3.job
[2014/06/03 14:17:20 | 000,001,357 | ---- | M] () -- C:\Users\katy\Desktop\SparkTrust PC Cleaner Plus.lnk
[2014/06/02 14:10:38 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForkaty.job
[2014/05/27 13:07:57 | 000,002,363 | ---- | M] () -- C:\Users\katy\Desktop\Google Chrome.lnk
[2014/05/20 10:27:11 | 000,002,319 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2014/05/20 10:27:05 | 002,777,554 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\Cat.DB
[2014/05/16 02:57:54 | 000,037,423 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\VT20140516.004
[2014/05/14 09:44:19 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/05/14 09:44:18 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/05/12 16:27:56 | 000,177,752 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/05/12 16:27:56 | 000,008,222 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/05/12 16:27:56 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/05/12 16:25:00 | 000,001,298 | ---- | M] () -- C:\Users\katy\Desktop\Norton Installation Files.lnk
[2014/05/12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/05/12 07:26:00 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/05/11 00:52:10 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\isolate.ini
[2014/05/09 00:14:03 | 000,477,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/05/09 00:11:23 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\katy\Documents\*.tmp files -> C:\Users\katy\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/06/03 17:09:55 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2014/06/03 17:09:20 | 000,022,704 | ---- | C] () -- C:\Windows\SysNative\drivers\EsgScanner.sys
[2014/06/03 17:09:16 | 000,002,256 | ---- | C] () -- C:\Users\katy\Desktop\SpyHunter.lnk
[2014/06/03 15:59:28 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/06/03 14:17:28 | 000,000,462 | ---- | C] () -- C:\Windows\tasks\SparkTrust Registration3.job
[2014/06/03 14:17:20 | 000,001,357 | ---- | C] () -- C:\Users\katy\Desktop\SparkTrust PC Cleaner Plus.lnk
[2014/06/03 14:17:19 | 000,000,420 | ---- | C] () -- C:\Windows\tasks\SparkTrust Update Version3.job
[2014/06/03 14:17:18 | 000,000,420 | ---- | C] () -- C:\Windows\tasks\SparkTrust Update Version3_triggeronce.job
[2014/06/03 14:17:13 | 000,000,643 | ---- | C] () -- C:\Windows\tasks\SparkTrust PC Cleaner Plus_sch_0BF92B28-EB5C-11E3-9889-F42ECBEA7CAA.job
[2014/05/20 10:25:18 | 002,777,554 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\Cat.DB
[2014/05/16 13:18:06 | 000,037,423 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\VT20140516.004
[2014/05/16 07:16:37 | 000,009,939 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symelam64.cat
[2014/05/16 07:16:37 | 000,008,192 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symnet64.cat
[2014/05/16 07:16:37 | 000,001,440 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symnet.inf
[2014/05/16 07:16:36 | 000,008,202 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\ccsetx64.cat
[2014/05/16 07:16:36 | 000,008,196 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\srtspx64.cat
[2014/05/16 07:16:36 | 000,008,194 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symefa64.cat
[2014/05/16 07:16:36 | 000,008,192 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\srtsp64.cat
[2014/05/16 07:16:36 | 000,008,188 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symds64.cat
[2014/05/16 07:16:36 | 000,008,184 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\iron.cat
[2014/05/16 07:16:36 | 000,003,433 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symefa.inf
[2014/05/16 07:16:36 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symds.inf
[2014/05/16 07:16:36 | 000,001,437 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\srtsp64.inf
[2014/05/16 07:16:36 | 000,001,420 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\srtspx64.inf
[2014/05/16 07:16:36 | 000,001,098 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symelam.inf
[2014/05/16 07:16:36 | 000,000,855 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\ccsetx64.inf
[2014/05/16 07:16:36 | 000,000,767 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\iron.inf
[2014/05/16 07:16:15 | 000,030,068 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symvtcer.dat
[2014/05/16 07:16:15 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\isolate.ini
[2014/05/12 16:27:56 | 000,008,222 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/05/12 16:27:56 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/05/12 16:27:52 | 000,002,319 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2014/05/12 16:25:00 | 000,001,298 | ---- | C] () -- C:\Users\katy\Desktop\Norton Installation Files.lnk
[2014/02/06 16:35:14 | 000,000,017 | ---- | C] () -- C:\Users\katy\AppData\Local\resmon.resmoncfg
[2013/12/18 15:59:01 | 000,000,133 | ---- | C] () -- C:\Users\katy\AppData\Roaming\WB.CFG
[2012/09/13 13:25:04 | 000,060,304 | ---- | C] () -- C:\Users\katy\g2mdlhlpx.exe
[2012/02/05 00:27:40 | 000,000,475 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/11/23 10:44:32 | 000,004,608 | ---- | C] () -- C:\Users\katy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/23 10:44:07 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/07/23 15:03:10 | 084,862,856 | ---- | C] () -- C:\Program Files\w_turbotax_bpm_2010.11d.0100.exe
[2011/07/20 08:11:54 | 000,000,000 | ---- | C] () -- C:\Users\katy\AppData\Local\{0227280D-B6A8-4EBA-918C-7E51F33A3BC3}
[2011/06/13 18:02:17 | 000,000,000 | ---- | C] () -- C:\Users\katy\AppData\Local\{ECB76A9A-4952-49D3-AFA3-059F7CECE2C2}
[2011/04/25 10:27:00 | 000,001,854 | ---- | C] () -- C:\Users\katy\AppData\Roaming\GhostObjGAFix.xml
[2011/04/18 16:34:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 20:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 20:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 312 bytes -> C:\Users\katy\Documents\2012-09-13 14.52.16.jpg:com.dropbox.attributes

< End of report >
 

Link to post
Share on other sites

Lynn ok got the OTL log now see if you can get the malwarebytes log for me.

 

I will look threw it and write a fix on stuff i find in it !

 

We are getting close to all clean !!

 

 

Chuck

Link to post
Share on other sites

Lynn the OTL log had a lot in it we need to remove !! But i want to see the Malwarebytes log first, please see if you can locate it as i posted above on how to find it ! Then copy & paste it !

 

Thanks

Chuck

 

Then i will post a OTL fix i wrote for you !!

Link to post
Share on other sites

Lynn, no nothing special ! Did it find a lot ?? Look under the action section & see if it quarantined them !! I'm not to worried about it so we can move on !!

 

NORTON is a big Resource HOG, it also slows down a computer i would like you to consider geting a free antivirus which i use & can provide you with it !! Let me know ??

 

Go to your control panel under the add/remove programs see if these are there & delete/remove them, if present :
SparkTrust
SpyHunter
 

 

=========================

 

 

We need to Run an OTL fix !!

Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

    * Double-click OTL.exe to start the program.
    * Copy and Paste the following code into the customFix.png.  text box of the OTL tool/program ! Start with and include the colon plus  :OTL

:OTLIE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}IE:64bit: - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...}&mfe=NotebooksIE:64bit:'>http://rover.ebay.co...}&mfe=NotebooksIE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBoxIE - HKLM\..\SearchScopes,DefaultScope =IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...}&mfe=NotebooksIE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBoxIE - HKCU\..\URLSearchHook: {8a7d2060-824d-4b17-b00a-759b1b5f30d9} - No CLSID value foundIE - HKCU\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}IE - HKCU\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...}&mfe=NotebooksIE - HKCU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBoxFF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@photoproduct.rocketlife.com/RocketLife App Viewer;version=0.8:  File not found[2012/10/11 14:42:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\katy\AppData\Roaming\mozilla\ExtensionsO3 - HKLM\..\Toolbar: (no name) - {a0154e07-2b48-475c-a82a-80efd84ea33e} - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A0154E07-2B48-475C-A82A-80EFD84EA33E} - No CLSID value found.O4 - HKLM..\Run: []  File not foundO1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO18:64bit: - Protocol\Handler\intu-help-qb5 - No CLSID value foundO18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\qbwc - No CLSID value foundO18:64bit: - Protocol\Handler\skype4com - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO18 - Protocol\Handler\ms-help - No CLSID value foundO21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.[2014/06/03 14:17:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SparkTrust[2014/06/05 16:41:22 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\SparkTrust Update Version3_triggeronce.job[2014/06/05 07:03:24 | 000,000,462 | ---- | M] () -- C:\Windows\tasks\SparkTrust Registration3.job[2014/06/03 17:09:16 | 000,002,256 | ---- | M] () -- C:\Users\katy\Desktop\SpyHunter.lnk[2014/06/03 15:05:57 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\SparkTrust Update Version3.job[2014/06/03 14:17:20 | 000,001,357 | ---- | M] () -- C:\Users\katy\Desktop\SparkTrust PC Cleaner Plus.lnk[2014/06/03 17:09:16 | 000,002,256 | ---- | C] () -- C:\Users\katy\Desktop\SpyHunter.lnk[2014/06/03 14:17:28 | 000,000,462 | ---- | C] () -- C:\Windows\tasks\SparkTrust Registration3.job[2014/06/03 14:17:20 | 000,001,357 | ---- | C] () -- C:\Users\katy\Desktop\SparkTrust PC Cleaner Plus.lnk[2014/06/03 14:17:19 | 000,000,420 | ---- | C] () -- C:\Windows\tasks\SparkTrust Update Version3.job[2014/06/03 14:17:18 | 000,000,420 | ---- | C] () -- C:\Windows\tasks\SparkTrust Update Version3_triggeronce.job[2014/06/03 14:17:13 | 000,000,643 | ---- | C] () -- C:\Windows\tasks\SparkTrust PC Cleaner Plus_sch_0BF92B28-EB5C-11E3-9889-F42ECBEA7CAA.job:Commands[emptyjava][emptyflash][EMPTYTEMP][RESETHOSTS][CREATERESTOREPOINT][Reboot]

# Then click the Run Fix button at the top.
# Click btnOK.png
# Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
Remember to enable your real time protection.

 

Post that log next !!

 

Thanks

Chuck
 

Link to post
Share on other sites
  • 2 weeks later...

Open the program OTL which should be on your desk, copy all this in RED (Makes sure you copy all) !

:OTL
IE
:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...}&mfe=Notebooks
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...}&mfe=Notebooks
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\URLSearchHook: {8a7d2060-824d-4b17-b00a-759b1b5f30d9} - No CLSID value found
IE
- HKCU\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKCU\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...}&mfe=Notebooks
IE - HKCU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF
:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF
- HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF
- HKLM\Software\MozillaPlugins\@photoproduct.rocketlife.com/RocketLife App Viewer;version=0.8:  File not found
[2012/10/11 14:42:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\katy\AppData\Roaming\mozilla\Extensions
O3
- HKLM\..\Toolbar: (no name) - {a0154e07-2b48-475c-a82a-80efd84ea33e} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A0154E07-2B48-475C-A82A-80EFD84EA33E} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O1364bit
: - gopher Prefix: missing
O13
- gopher Prefix: missing
O18
:64bit: - Protocol\Handler\intu-help-qb5 - No CLSID value found
O18
:64bit: - Protocol\Handler\livecall - No CLSID value found
O18
:64bit: - Protocol\Handler\msnim - No CLSID value found
O18
:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18
:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18
:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18
:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18
- Protocol\Handler\ms-help - No CLSID value found
O21
:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2014/06/03 14:17:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SparkTrust
[2014/06/05 16:41:22 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\SparkTrust Update Version3_triggeronce.job
[2014/06/05 07:03:24 | 000,000,462 | ---- | M] () -- C:\Windows\tasks\SparkTrust Registration3.job
[2014/06/03 17:09:16 | 000,002,256 | ---- | M] () -- C:\Users\katy\Desktop\SpyHunter.lnk
[2014/06/03 15:05:57 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\SparkTrust Update Version3.job
[2014/06/03 14:17:20 | 000,001,357 | ---- | M] () -- C:\Users\katy\Desktop\SparkTrust PC Cleaner Plus.lnk
[2014/06/03 17:09:16 | 000,002,256 | ---- | C] () -- C:\Users\katy\Desktop\SpyHunter.lnk
[2014/06/03 14:17:28 | 000,000,462 | ---- | C] () -- C:\Windows\tasks\SparkTrust Registration3.job
[2014/06/03 14:17:20 | 000,001,357 | ---- | C] () -- C:\Users\katy\Desktop\SparkTrust PC Cleaner Plus.lnk
[2014/06/03 14:17:19 | 000,000,420 | ---- | C] () -- C:\Windows\tasks\SparkTrust Update Version3.job
[2014/06/03 14:17:18 | 000,000,420 | ---- | C] () -- C:\Windows\tasks\SparkTrust Update Version3_triggeronce.job
[2014/06/03 14:17:13 | 000,000,643 | ---- | C] () -- C:\Windows\tasks\SparkTrust PC Cleaner Plus_sch_0BF92B28-EB5C-11E3-9889-F42ECBEA7CAA.job


:Commands

[emptyjava]
[emptyflash]
[EMPTYTEMP]
[RESETHOSTS]
[CREATERESTOREPOINT]
[Reboot]

 

Then paste it into the box where it says "Paste Script Here" then click the "Run Fix" button marked in Green (rectangular)

Run The Fix !
OTL_Fix-1.gif

Link to post
Share on other sites
Guest
This topic is now closed to further replies.