Post-Cleanup Logs

mep916

mep916

Administrator
Staff member
John, here's the logs we discussed in our texts earlier today. HP Pavilion dv6 laptop. Thank you sir!

# AdwCleaner v3.310 - Report created 17/09/2014 at 08:36:29
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Hill - JULLIE-HP
# Running from : C:\Users\Hill\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\BitGuard
Folder Deleted : C:\Users\Hill\AppData\Local\Temp\mt_ffx
Folder Deleted : C:\Users\Hill\AppData\Local\Temp\pccustubinstaller
Folder Deleted : C:\Users\Hill\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Hill\AppData\Roaming\pccustubinstaller
Folder Deleted : C:\Users\Hill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Folder Deleted : C:\Users\Jullie\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\Jullie\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Users\Public\Util
Folder Deleted : C:\Users\Hill\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
File Deleted : C:\Users\Hill\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Users\Hill\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Users\Hill\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Users\Hill\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Deleted : C:\Users\Hill\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www2.delta-search.com_0.localstorage
File Deleted : C:\Users\Hill\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www2.delta-search.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****

Task Deleted : BitGuard

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKCU\Software\96de88e63cec13
Key Deleted : HKLM\SOFTWARE\96de88e63cec13
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{148DCAEC-C91D-441D-A0E7-519A0673E7F5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{35DAB87A-026F-4503-B5F1-6774E16EAFFA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F464A68D-1CF2-4991-93AB-A84351D7F676}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F464A68D-1CF2-4991-93AB-A84351D7F676}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AE986AAE-21E4-49ED-8A99-6C9A7E4FF4D9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{328D6F78-0DBB-4F17-ACD5-26A2EA4EF251}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{98623C86-E768-4C5A-B23B-EE8CE3727CD3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AE986AAE-21E4-49ED-8A99-6C9A7E4FF4D9}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\BABSOLUTION
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\InstallIQ

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Google Chrome v37.0.2062.120

[ File : C:\Users\Hill\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://www2.delta-search.com/?q={searchTerms}&affID=119529&tt=gc_&babsrc=SP_ss&mntrId=B00AD0DF9A0588DD
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://www2.delta-search.com/?q={searchTerms}&affID=119529&tt=gc_&babsrc=SP_ss&mntrId=B00AD0DF9A0588DD
Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh

*************************

AdwCleaner[R0].txt - [8358 octets] - [17/09/2014 08:32:32]
AdwCleaner[S0].txt - [7743 octets] - [17/09/2014 08:36:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7803 octets] ##########
Click to expand...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.5 (09.16.2014:1)
OS: Windows 7 Home Premium x64
Ran by Hill on Wed 09/17/2014 at 9:07:23.29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2915059740-4118663435-3967917377-1005\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_downloader_tango_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_downloader_tango_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Softonic_downloader_tango_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Softonic_downloader_tango_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A22F7BA3-591A-4DDB-B9A3-C974A5B67BEB}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DDB3CECE-8400-468D-A8A4-CDC0ED44FEE0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{A22F7BA3-591A-4DDB-B9A3-C974A5B67BEB}



~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\shoC5AE.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoDE23.tmp



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Hill\appdata\local\{05D19BD0-D94D-4797-AEC7-202E7BA394CB}
Successfully deleted: [Empty Folder] C:\Users\Hill\appdata\local\{0B0209D8-0D74-4857-826E-9F28801EE2AA}
Successfully deleted: [Empty Folder] C:\Users\Hill\appdata\local\{0ED43226-5AE4-46DD-967E-503665592BBE}
Successfully deleted: [Empty Folder] C:\Users\Hill\appdata\local\{0FA5D94C-DA08-4724-BA95-47F91FEA1C9F}
Successfully deleted: [Empty Folder] C:\Users\Hill\appdata\local\{1231DA98-198E-4412-B265-2CC49105C6BB}
Successfully deleted: [Empty Folder] C:\Users\Hill\appdata\local\{17FFC46D-8294-4D8C-840C-06A51EEE9705}
Successfully deleted: [Empty Folder] C:\Users\Hill\appdata\local\{28BBDD4A-663C-4752-A078-DE1FC33D5C4D}
Successfully deleted: [Empty Folder] C:\Users\Hill\appdata\local\{2C01AD83-C681-4FFE-8590-A679AD4D21B0}
Successfully deleted: [Empty Folder] C:\Users\Hill\appdata\local\{2C7186B7-4B14-4F28-982B-1E2475985794}
Successfully deleted: [Empty Folder] C:\Users\Hill\appdata\local\{37B79977-F8E4-4FCA-930B-97EF17EB106C}
Successfully deleted: [Empty Folder] C:\Users\Hill\appdata\local\{389FB317-5805-452E-BA66-E171F7B6564C}
Successfully deleted: [Empty Folder] C:\Users\Hill\appdata\local\{38AD2FB1-75F1-4A2E-9FBE-53B824CDF82D}
Successfully deleted: [Empty Folder] C:\Users\Hill\appdata\local\{39F80E7E-9F4B-44D2-AB3A-74134D3B2F91}
Successfully deleted: [Empty Folder] C:\Users\Hill\appdata\local\{45709904-7197-4A09-B274-CD1D65DDE6E5}
Successfully deleted: [Empty Folder] C:\Users\Hill\appdata\local\{46D9EE50-08F5-4ACA-B2D2-9DBD1E05F85E}
Successfully deleted: [Empty Folder] C:\Users\Hill\appdata\local\{61F6E5A9-DA4A-4A46-AA0C-51E7F89F01BA}
Successfully deleted: [Empty Folder] C:\Users\Hill\appdata\local\{64CCBC18-DB4D-4AF7-86E0-13EEBA3DA34E}
Successfully deleted: [Empty Folder] C:\Users\Hill\appdata\local\{64DF550E-64FB-4234-BB06-0525203EB293}
Successfully deleted: [Empty Folder] C:\Users\Hill\appdata\local\{66CFF71E-54E8-408F-B5FC-BD6B3E59D1D9}
Successfully deleted: [Empty Folder] C:\Users\Hill\appdata\local\{73F7D0B3-FC63-4C56-A18D-A9D580608E40}
Successfully deleted: [Empty Folder] C:\Users\Hill\appdata\local\{75C9DEE1-A99A-42CE-8C46-F0AB5C3341FF}
Successfully deleted: [Empty Folder] C:\Users\Hill\appdata\local\{7695BA1E-50A1-43A1-AE28-6F5C147DFA2D}
Successfully deleted: [Empty Folder] C:\Users\Hill\appdata\local\{7BC4AC13-6F45-45F9-BCE6-D07E488F7CFE}
Successfully deleted: [Empty Folder] C:\Users\Hill\appdata\local\{7C89449B-50B7-487F-BF30-060DFD5D491A}
Successfully deleted: [Empty Folder] C:\Users\Hill\appdata\local\{7D20B04E-5898-4FDE-9279-F255CBE32115}
Successfully deleted: [Empty Folder] C:\Users\Hill\appdata\local\{868260CD-7284-4214-849A-E7B5EF6103DB}
Successfully deleted: [Empty Folder] C:\Users\Hill\appdata\local\{8F62B6FA-E0C9-4FAC-85E4-693D37BD9E82}
Successfully deleted: [Empty Folder] C:\Users\Hill\appdata\local\{9198F069-57A1-4B96-891B-137BAB92A68A}
Successfully deleted: [Empty Folder] C:\Users\Hill\appdata\local\{971EC580-82CE-4F27-B52B-608A23B2992C}
Successfully deleted: [Empty Folder] C:\Users\Hill\appdata\local\{993A75B0-1FDC-4F87-98E6-836DE3DD9E7C}
Successfully deleted: [Empty Folder] C:\Users\Hill\appdata\local\{999F5D20-14BA-435B-BF13-5524B8A01B10}
Successfully deleted: [Empty Folder] C:\Users\Hill\appdata\local\{9CFE8CE3-757F-41EC-90CC-0BD71B6D8316}
Successfully deleted: [Empty Folder] C:\Users\Hill\appdata\local\{A02D9F13-ABCD-4551-AA9B-82C6539CEBE4}
Successfully deleted: [Empty Folder] C:\Users\Hill\appdata\local\{A2733EC6-CEBC-48D0-B20C-2581133D6318}
Successfully deleted: [Empty Folder] C:\Users\Hill\appdata\local\{ACCC8E80-4E4F-4137-9B5D-CF932EDF2E66}
Successfully deleted: [Empty Folder] C:\Users\Hill\appdata\local\{B015BB2E-62A4-4D93-B144-D115D2D62E9D}
Successfully deleted: [Empty Folder] C:\Users\Hill\appdata\local\{B75B1B72-56FB-4FBB-97A3-FA4DF113B743}
Successfully deleted: [Empty Folder] C:\Users\Hill\appdata\local\{BD4B6F31-265E-4AC6-BE24-C53368A8AA81}
Successfully deleted: [Empty Folder] C:\Users\Hill\appdata\local\{C37B1DCE-0BFA-42CD-A123-E2D21B14491D}
Successfully deleted: [Empty Folder] C:\Users\Hill\appdata\local\{C69B80C8-78EA-4AE1-89B1-8A7FDA5BD7CB}
Successfully deleted: [Empty Folder] C:\Users\Hill\appdata\local\{C7AEF653-9870-44F8-B573-3680F16CDC77}
Successfully deleted: [Empty Folder] C:\Users\Hill\appdata\local\{CA9F65F8-0860-4E44-A7CA-8B7FA8A73A01}
Successfully deleted: [Empty Folder] C:\Users\Hill\appdata\local\{CDCDC622-4B83-4F65-A9E5-35E9706BBBEB}
Successfully deleted: [Empty Folder] C:\Users\Hill\appdata\local\{D9237C62-095F-4355-803C-5075C50630B3}
Successfully deleted: [Empty Folder] C:\Users\Hill\appdata\local\{DDBCB7F4-E538-4784-A693-7B24DFA7B3C7}
Successfully deleted: [Empty Folder] C:\Users\Hill\appdata\local\{DF7C2597-F22F-4820-8C26-49521E279730}
Successfully deleted: [Empty Folder] C:\Users\Hill\appdata\local\{E64268B6-034B-485B-8F69-9C4AD38A0FE7}
Successfully deleted: [Empty Folder] C:\Users\Hill\appdata\local\{E7541B6E-5EEA-45A2-8CA9-8A8DECCA7914}
Successfully deleted: [Empty Folder] C:\Users\Hill\appdata\local\{EB76F1DE-411B-4833-A741-FE323C267D67}
Successfully deleted: [Empty Folder] C:\Users\Hill\appdata\local\{FF02BED7-3562-4983-B876-CBC9EB61CBA2}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 09/17/2014 at 9:17:02.36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Click to expand...

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/17/2014
Scan Time: 9:24:37 AM
Logfile: mbm.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.17.06
Rootkit Database: v2014.09.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Hill

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 376778
Time Elapsed: 28 min, 56 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 10
PUP.Optional.Babylon.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Quarantined, [af0b38b6e497a1954e317511936ffa06],
Trojan.Vundo, HKU\S-1-5-21-2915059740-4118663435-3967917377-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{56256A51-B582-467e-B8D4-7786EDA79AE0}, Quarantined, [6f4bfaf4adcec373ae85fdbc6e9449b7],
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, Quarantined, [33870be3780330063c17335a8d7536ca],
PUP.Optional.FunWebProducts.A, HKU\S-1-5-21-2915059740-4118663435-3967917377-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}, Quarantined, [7b3fa64858237abc1a2907ba36cc27d9],
PUP.Optional.FunWebProducts.A, HKU\S-1-5-21-2915059740-4118663435-3967917377-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}, Quarantined, [7b3fa64858237abc1a2907ba36cc27d9],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-2915059740-4118663435-3967917377-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{00A6FAF6-072E-44CF-8957-5838F569A31D}, Quarantined, [41796589364560d67e4d418158aa1ce4],
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DefaultTab, Quarantined, [68529559c8b361d5311f300838cb6e92],
PUP.Optional.Babylon.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BABSOLUTION\Updater, Quarantined, [19a1b33bfe7db0864e493517bd47f60a],
PUP.Optional.FunWebProducts.A, HKU\S-1-5-21-2915059740-4118663435-3967917377-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Fun Web Products, Quarantined, [10aa509e77041224e2e9cf4b8b7836ca],
PUP.Optional.FunWebProducts.A, HKU\S-1-5-21-2915059740-4118663435-3967917377-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\FunWebProducts, Quarantined, [7842c32bd3a87db93c901ffb45be817f],

Registry Values: 3
PUP.Optional.MindSpark.A, HKU\S-1-5-21-2915059740-4118663435-3967917377-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{00A6FAF6-072E-44CF-8957-5838F569A31D}, Quarantined, [41796589364560d67e4d418158aa1ce4],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-2915059740-4118663435-3967917377-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{00A6FAF6-072E-44cf-8957-5838F569A31D}, Quarantined, [308a7f6f6714b680ca017e44936f5fa1],
Adware.Hotbar, HKU\S-1-5-21-2915059740-4118663435-3967917377-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MENUEXT\&SEARCH, http://edits.mywebsearch.com/toolba...YUS&si=&a=QIeEgw1IMTCJVbiPC1jckg&n=2010042620, Quarantined, [d1e91dd14f2c0f2712b4eeb60df6d32d]

Registry Data: 1
PUM.Hijack.StartMenu, HKU\S-1-5-21-2915059740-4118663435-3967917377-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|Start_ShowSearch, 0, Good: (1), Bad: (0),Replaced,[83377d71d7a420160213f10d48bcc63a]

Folders: 0
(No malicious items detected)

Files: 14
PUP.Optional.Delta.A, C:\Users\Hill\AppData\Local\Temp\DeltaTB.exe, Quarantined, [8e2c47a71368b0867321d0471de4dd23],
PUP.Optional.CRX.A, C:\Users\Hill\AppData\Local\Temp\bus389\CrxUpdater_d.exe, Quarantined, [fdbd8e602754f541ee019a1ea361d729],
PUP.Optional.CRX.A, C:\Users\Hill\AppData\Local\Temp\bus9D28\CrxUpdater_d.exe, Quarantined, [ac0ee00e0774023447a8e1d76c9855ab],
PUP.Optional.CRX.A, C:\Users\Hill\AppData\Local\Temp\busB598\CrxUpdater_d.exe, Quarantined, [2199d71738437abc5996a117e123e818],
PUP.Optional.BabSolution.A, C:\Users\Hill\AppData\Local\Temp\busD8B5\BUSolution.dll, Quarantined, [78424f9f5f1c989e543c9f7d2bd616ea],
PUP.Optional.CRX.A, C:\Users\Hill\AppData\Local\Temp\busE82C\CrxUpdater_d.exe, Quarantined, [a812925c5724d56114db8a2eca3ae11f],
PUP.Optional.CRX.A, C:\Users\Hill\AppData\Local\Temp\bus28F\CrxUpdater_d.exe, Quarantined, [9921905e4d2e92a49956496ff014847c],
PUP.Optional.CRX.A, C:\Users\Hill\AppData\Local\Temp\bus2A4B\CrxUpdater_d.exe, Quarantined, [4f6b17d72a5183b34aa5a21624e0a957],
PUP.Optional.Babylon.A, C:\Users\Hill\AppData\Local\Temp\4CD4AD74-BAB0-7891-AA62-A3CFA247FEF8\Latest\CrxInstaller.dll, Quarantined, [98229955e4973303ec59f336a9584eb2],
PUP.Optional.Delta.A, C:\Users\Hill\AppData\Local\Temp\4CD4AD74-BAB0-7891-AA62-A3CFA247FEF8\Latest\MyBabylonTB.exe, Quarantined, [8c2e4ca27ffc39fd5a10c1bfb9489769],
PUP.Optional.Babylon.A, C:\Users\Hill\AppData\Local\Temp\4CD4AD74-BAB0-7891-AA62-A3CFA247FEF8\Latest\Setup.exe, Quarantined, [dae02cc23348a3936702e63a926e2dd3],
PUP.Optional.FunWebProducts.A, C:\Users\Hill\Downloads\MyFunCards (1).exe, Quarantined, [5367ab43b9c285b19b519d910cf58e72],
PUP.Optional.FunWebProducts.A, C:\Users\Hill\Downloads\MyFunCards.exe, Quarantined, [febc628c2f4cb680f7f51a144ab7cf31],
PUP.Optional.FunWebProducts, C:\Users\Hill\Pictures\MyFunCards.exe, Quarantined, [e4d6c22cd9a21a1cfe8873bb639edc24],

Physical Sectors: 0
(No malicious items detected)


(end)
Click to expand...

OTL logfile created on: 9/17/2014 10:00:10 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hill\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.60 Gb Available Physical Memory | 69.41% Memory free
7.24 Gb Paging File | 6.04 Gb Available in Paging File | 83.42% Paging File free
Paging file location(s): c:\pagefile.sys 3584 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.89 Gb Total Space | 514.86 Gb Free Space | 88.48% Space Free | Partition Type: NTFS
Drive D: | 13.99 Gb Total Space | 2.09 Gb Free Space | 14.96% Space Free | Partition Type: NTFS

Computer Name: JULLIE-HP | User Name: Hill | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Hill\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\Program Files\AVAST Software\Avast\aswProperty.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (HPAuto) -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe (Hewlett-Packard)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (GamesAppIntegrationService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (WildTangent)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (hpCMSrv) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.)
SRV - (RoxioNow Service) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswStm) -- C:\Windows\SysNative\drivers\aswStm.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswHwid) -- C:\Windows\SysNative\drivers\aswHwid.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.)
DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)
DRV - (MRESP50) -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MREMP50) -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.95searchengines.com/?hp=G8&opts=no&d=2014-04-12&hpa=yes
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.95searchengines.com/?hp=G8&opts=no&d=2014-04-12&hpa=yes
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{A22F7BA3-591A-4DDB-B9A3-C974A5B67BEB}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.95searchengines.com/?hp=G8&opts=no&d=2014-04-12&hpa=yes
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.95searchengines.com/?hp=G8&opts=no&d=2014-04-12&hpa=yes
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Hill\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/09/17 08:48:16 | 000,000,000 | ---D | M]

[2013/05/02 16:37:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: https://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files (x86)\Common Files\Motive\npMotive.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Hill\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - default_search_provider: 7AEEB6D66B1F537A9A9C2DD52DA334F761DC1059141AB72346B124EEA6856128 (Enabled)
CHR - default_search_provider: search_url = 55BDB560B2AF534266013CADEA9CF06098CF41AC3B5A8963CC85EBFB593F1250
CHR - default_search_provider: suggest_url =
CHR - homepage: 4A2BC5CDE0B967812F4411FC3B8C8518A18676E0F93E12812EBB59EE79015FA7
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Hill\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: YouTube = C:\Users\Hill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Hill\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Hill\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Hill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Hill\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab (WebBrowserType Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D62E6F7-3646-4F6B-93F9-22104F9D8D7D}: DhcpNameServer = 192.168.0.1 207.244.64.140
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A8007258-5C70-4CA2-B4D8-4AB74F3F914B}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{937d3891-bb03-11e3-8d5c-2c27d7acdb4f}\Shell - "" = AutoRun
O33 - MountPoints2\{937d3891-bb03-11e3-8d5c-2c27d7acdb4f}\Shell\AutoRun\command - "" = F:\VZW_Software_upgrade_assistant.exe
O33 - MountPoints2\{b95a7fad-1b67-11e3-981a-2c27d7acdb4f}\Shell - "" = AutoRun
O33 - MountPoints2\{b95a7fad-1b67-11e3-981a-2c27d7acdb4f}\Shell\AutoRun\command - "" = F:\VZW_Software_upgrade_assistant_installer.exe
O33 - MountPoints2\{ef576b62-e569-11e1-9fc4-2c27d7acdb4f}\Shell - "" = AutoRun
O33 - MountPoints2\{ef576b62-e569-11e1-9fc4-2c27d7acdb4f}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe
O33 - MountPoints2\{ef576b98-e569-11e1-9fc4-2c27d7acdb4f}\Shell - "" = AutoRun
O33 - MountPoints2\{ef576b98-e569-11e1-9fc4-2c27d7acdb4f}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/09/17 09:59:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hill\Desktop\OTL.exe
[2014/09/17 09:07:20 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/09/17 08:57:22 | 000,000,000 | ---D | C] -- C:\Users\Hill\AppData\Roaming\AVAST Software
[2014/09/17 08:48:34 | 000,092,008 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014/09/17 08:48:03 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/09/17 08:38:43 | 000,000,000 | ---D | C] -- C:\Users\Hill\Desktop\logs
[2014/09/17 08:33:42 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/09/17 08:32:28 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/09/17 07:03:29 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/09/17 07:03:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/09/17 07:02:37 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/09/17 07:02:37 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/09/17 07:02:37 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/09/17 07:02:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/09/17 07:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/09/17 07:02:18 | 000,000,000 | ---D | C] -- C:\Users\Hill\AppData\Local\Programs
[2014/09/15 21:40:36 | 000,000,000 | ---D | C] -- C:\Users\Hill\Documents\New folder
[2014/09/11 17:00:20 | 000,000,000 | ---D | C] -- C:\3921a82e2111f87cf72e
[1 C:\Users\Hill\Documents\*.tmp files -> C:\Users\Hill\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/09/17 10:04:26 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/09/17 10:04:26 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/09/17 09:59:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hill\Desktop\OTL.exe
[2014/09/17 09:56:39 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/09/17 09:56:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/09/17 09:56:08 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/17 09:49:03 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/09/17 09:41:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2915059740-4118663435-3967917377-1002UA.job
[2014/09/17 09:24:36 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/09/17 09:17:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/09/17 08:49:00 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/09/17 08:48:08 | 001,041,168 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/09/17 08:48:08 | 000,224,896 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/09/17 08:48:08 | 000,092,008 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014/09/17 08:48:07 | 000,426,848 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/09/17 08:48:07 | 000,307,344 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/09/17 08:48:07 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/09/17 08:48:07 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/09/17 08:48:07 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014/09/17 08:48:05 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/09/17 08:48:03 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/09/17 08:41:42 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2014/09/17 07:46:02 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2915059740-4118663435-3967917377-1005UA.job
[2014/09/17 07:04:49 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/09/17 07:01:48 | 000,783,400 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/09/17 07:01:48 | 000,663,102 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/09/17 07:01:48 | 000,122,680 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/09/16 18:29:12 | 000,000,258 | RHS- | M] () -- C:\Users\Hill\ntuser.pol
[2014/09/15 16:46:05 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2915059740-4118663435-3967917377-1005Core.job
[2014/09/15 16:39:15 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2915059740-4118663435-3967917377-1002Core.job
[2014/09/14 16:34:00 | 000,000,960 | ---- | M] () -- C:\Windows\tasks\hpwebreg_CN12E212PR05JZ.job
[2014/09/12 17:55:33 | 000,002,102 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/09/12 17:16:33 | 000,776,014 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/09/11 17:00:18 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/08/31 07:41:22 | 000,268,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Users\Hill\Documents\*.tmp files -> C:\Users\Hill\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/09/17 08:48:27 | 000,029,208 | ---- | C] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014/09/17 07:03:01 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/15 17:04:37 | 000,000,258 | RHS- | C] () -- C:\Users\Hill\ntuser.pol
[2013/08/12 14:01:06 | 000,143,934 | ---- | C] () -- C:\Users\Hill\cody res

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 19:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 18:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/09/17 08:57:22 | 000,000,000 | ---D | M] -- C:\Users\Hill\AppData\Roaming\AVAST Software
[2014/09/16 04:12:30 | 000,000,000 | ---D | M] -- C:\Users\Hill\AppData\Roaming\SoftGrid Client
[2011/11/29 17:12:56 | 000,000,000 | ---D | M] -- C:\Users\Hill\AppData\Roaming\Synaptics
[2013/09/13 15:08:01 | 000,000,000 | ---D | M] -- C:\Users\Hill\AppData\Roaming\WildTangent

========== Purity Check ==========



< End of report >
Click to expand...
 
Rerun OTL but copy and paste the following into the custom scan/fixes box at the bottom and then click on run fix up top. Then post the log here.

Code: 
:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.95searchengines.com/?hp=G...-04-12&hpa=yes
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.95searchengines.com/?hp=G...-04-12&hpa=yes
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.95searchengines.com/?hp=G...-04-12&hpa=yes
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.95searchengines.com/?hp=G...-04-12&hpa=yes
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\Hill\AppData\Local\Facebook\Update\Facebo okUpdate.exe (Facebook Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2014/09/17 07:46:02 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2915059740-4118663435-3967917377-1005UA.job
[2014/09/17 09:41:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2915059740-4118663435-3967917377-1002UA.job
[2014/09/15 16:46:05 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2915059740-4118663435-3967917377-1005Core.job
[2014/09/15 16:39:15 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2915059740-4118663435-3967917377-1002Core.job
[2014/09/14 16:34:00 | 000,000,960 | ---- | M] () -- C:\Windows\tasks\hpwebreg_CN12E212PR05JZ.job

I also noticed its running an older version of Java, version 6 update 24. Uninstall all older versions of java and install the latest from here.

www.java.com

Its also running an outdated version of Adobe Reader, version 10. The latest is version 11. Get the latest here.

https://get.adobe.com/reader/ Uncheck mcafee security scan before downloading.

I'm sure Ccleaner should be installed and ran. I would also like to see an uninstall list from Ccleaner, it may have other software issues that need to be dealt with. Open Ccleaner, click on tools, click on unistall tab, click on save to text file and then copy and paste that list here.
 
Last edited:
Here's what I get when I run the custom fixes. I'll do the updates and run ccleaner now.

Error: Unable to interpret <IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.95searchengines.com/?hp=G...-04-12&hpa=yes> in the current context!
Error: Unable to interpret <IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.95searchengines.com/?hp=G...-04-12&hpa=yes> in the current context!
Error: Unable to interpret <IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}> in the current context!
Error: Unable to interpret <IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC> in the current context!
Error: Unable to interpret <IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.95searchengines.com/?hp=G...-04-12&hpa=yes> in the current context!
Error: Unable to interpret <IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.95searchengines.com/?hp=G...-04-12&hpa=yes> in the current context!
Error: Unable to interpret <IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}> in the current context!
Error: Unable to interpret <IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC> in the current context!
Error: Unable to interpret <O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [] File not found> in the current context!
Error: Unable to interpret <O4 - HKCU..\Run: [Facebook Update] C:\Users\Hill\AppData\Local\Facebook\Update\Facebo okUpdate.exe (Facebook Inc.)> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\livecall - No CLSID value found> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\msnim - No CLSID value found> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\wlpg - No CLSID value found> in the current context!
Error: Unable to interpret <O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.> in the current context!
Error: Unable to interpret <O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.> in the current context!
Error: Unable to interpret <[2014/09/17 07:46:02 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2915059740-4118663435-3967917377-1005UA.job> in the current context!
Error: Unable to interpret <[2014/09/17 09:41:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2915059740-4118663435-3967917377-1002UA.job> in the current context!
Error: Unable to interpret <[2014/09/15 16:46:05 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2915059740-4118663435-3967917377-1005Core.job> in the current context!
Error: Unable to interpret <[2014/09/15 16:39:15 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2915059740-4118663435-3967917377-1002Core.job> in the current context!
Error: Unable to interpret <[2014/09/14 16:34:00 | 000,000,960 | ---- | M] () -- C:\Windows\tasks\hpwebreg_CN12E212PR05JZ.job> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 09172014_181559
Click to expand...

EDIT:

Updated java, adobe and here's the uninstall log.

Adobe Flash Player 15 ActiveX Adobe Systems Incorporated 9/11/2014 6.00 MB 15.0.0.152
Adobe Reader XI (11.0.08) Adobe Systems Incorporated 9/17/2014 183 MB 11.0.08
Adobe Shockwave Player 11.5 Adobe Systems, Inc. 6/21/2011 11.5.9.620
ATI Catalyst Install Manager ATI Technologies, Inc. 6/21/2011 22.4 MB 3.0.812.0
avast! Free Antivirus AVAST Software 9/17/2014 9.0.2021
Bing Bar Microsoft Corporation 6/21/2011 24.4 MB 7.0.610.0
Blio K-NFB Reading Technology, Inc. 4/28/2011 37.7 MB 2.2.6699
CCleaner Piriform 9/17/2014 4.17
CyberLink YouCam CyberLink Corp. 6/21/2011 124 MB 3.5.1.3922
Energy Star Digital Logo Hewlett-Packard 6/21/2011 300 KB 1.0.1
Evernote v. 4.2.2 Evernote Corp. 4/28/2011 139 MB 4.2.2.3979
Facebook Video Calling 3.1.0.521 Skype Limited 8/12/2014 12.4 MB 3.1.521
GIMP version 2.8.0 12/22/2012 76.2 MB 2.8.0
Google Chrome Google Inc. 7/15/2012 37.0.2062.120
Google Earth Google 12/20/2013 180 MB 7.1.2.2041
Google Toolbar for Internet Explorer Google Inc. 3/27/2014 7.5.5111.1712
HP 3D DriveGuard Hewlett-Packard Company 6/21/2011 6.99 MB 4.1.5.1
HP Connection Manager Hewlett-Packard Company 6/21/2011 33.4 MB 4.0.45.1
HP Documentation Hewlett-Packard 6/21/2011 336 MB 1.2.0.0
HP DVB-T TV Tuner 8.0.64.43 6/21/2011 8.0.64.43
HP Games WildTangent 6/21/2011 1.0.2.4
HP MovieStore Hewlett-Packard 6/21/2011 96.6 MB 2.0
HP Officejet 6500 E710a-f Basic Device Software Hewlett-Packard Co. 10/19/2011 165 MB 22.50.231.0
HP Officejet 6500 E710a-f Help Hewlett Packard 10/19/2011 21.7 MB 140.0.2.2
HP Officejet 6500 E710a-f Product Improvement Study Hewlett-Packard Co. 10/19/2011 7.00 MB 22.50.231.0
HP On Screen Display Hewlett-Packard Company 4/28/2011 1.43 MB 1.1.2
HP Power Manager Hewlett-Packard Company 6/21/2011 3.61 MB 1.2.1
HP Quick Launch Hewlett-Packard Company 4/28/2011 7.14 MB 2.3.6
HP Setup Hewlett-Packard Company 4/28/2011 8.6.4530.3651
HP Setup Manager Hewlett-Packard Company 6/21/2011 8.30 MB 1.1.13253.3682
HP Software Framework Hewlett-Packard Company 4/28/2011 2.81 MB 4.0.110.1
HP Support Assistant Hewlett-Packard Company 4/28/2011 68.4 MB 5.2.9.2
HP Update Hewlett-Packard 10/19/2011 2.97 MB 5.002.006.003
I.R.I.S. OCR HP 10/19/2011 68.9 MB 12.3.4.0
IDT Audio IDT 6/21/2011 1.0.6329.0
Java 7 Update 67 Oracle 9/17/2014 118 MB 7.0.670
LG USB Modem driver 10/15/2011
Magic Desktop EasyBits Software AS 6/21/2011 107 MB 3.0
Malwarebytes Anti-Malware version 2.0.2.1012 Malwarebytes Corporation 9/17/2014 53.1 MB 2.0.2.1012
Marketsplash Shortcuts Hewlett-Packard 10/19/2011 469 KB 1.0.1.7
Microsoft .NET Framework 4.5.1 Microsoft Corporation 2/28/2014 38.8 MB 4.5.50938
Microsoft Office 2010 Microsoft Corporation 9/12/2013 8.27 MB 14.0.4763.1000
Microsoft Office Click-to-Run 2010 Microsoft Corporation 10/23/2011 14.0.4763.1000
Microsoft Office Starter 2010 - English Microsoft Corporation 11/2/2011 14.0.5131.5000
Microsoft Security Essentials Microsoft Corporation 9/11/2014 4.6.305.0
Microsoft Silverlight Microsoft Corporation 7/24/2014 249 MB 5.1.30514.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 4/28/2011 1.69 MB 3.1.0000
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 11/2/2011 300 KB 8.0.61001
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 4/28/2011 788 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 6/21/2011 784 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 11/3/2011 788 KB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 6/21/2011 592 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 11/3/2011 600 KB 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 3/11/2014 13.7 MB 10.0.30319
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 10/2/2011 1.27 MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 10/2/2011 1.33 MB 4.20.9876.0
PlayReady PC Runtime x86 Microsoft Corporation 4/28/2011 1.65 MB 1.3.0
Ralink RT5390 802.11b/g/n WiFi Adapter Ralink 6/21/2011 3.01.16.1
Realtek Ethernet Controller Driver Realtek 6/21/2011 7.41.216.2011
Realtek PCIE Card Reader Realtek Semiconductor Corp. 6/21/2011 6.1.7600.80
RoxioNow Player RoxioNow 4/28/2011 10.9 MB 1.9.5.103
Synaptics Pointing Device Driver Synaptics Incorporated 6/21/2011 46.4 MB 15.2.4.4
Windows Live Essentials Microsoft Corporation 8/13/2012 15.4.3555.0308
Windows Live Mesh ActiveX Control for Remote Connections Microsoft Corporation 4/28/2011 5.57 MB 15.4.5722.2
Yahoo! Software Update 12/22/2012
Yahoo! Toolbar Yahoo! Inc. 4/4/2013
Click to expand...

She's running avast free, so I'm guessing I should get rid of MSE and I see a few other things I can remove, but I'll wait for you. Not gonna do anything else with CCleaner yet either. Thanks again buddy. ;)
 
Last edited:
Rerun the script again, I edited it. Omitted something by accident.

And the only other program I see that is outdated if Adobe shockwave. If its not needed, uninstall it. If its needed, get the update here.

https://get.adobe.com/shockwave/
 
Last edited:
johnb35 said:
Rerun the script again, I edited it. Omitted something by accident.
Click to expand...

Okay we're good.

========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update deleted successfully.
File C:\Users\Hill\AppData\Local\Facebook\Update\Facebo okUpdate.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2915059740-4118663435-3967917377-1005UA.job moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2915059740-4118663435-3967917377-1002UA.job moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2915059740-4118663435-3967917377-1005Core.job moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2915059740-4118663435-3967917377-1002Core.job moved successfully.
C:\Windows\Tasks\hpwebreg_CN12E212PR05JZ.job moved successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 09172014_192752
Click to expand...

johnb35 said:
And the only other program I see that is outdated if Adobe shockwave. If its not needed, uninstall it. If its needed, get the update here.

https://get.adobe.com/shockwave/
Click to expand...

I'll go ahead and update it. Should I remove ms security essentials?
 
You must log in or register to reply here.
Back
Top