PDA

View Full Version : Win32.Downloader.gen problem - log files


BethMcM
2013-06-11, 17:06
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.21.2
Run by Beth's Speed Demon at 8:59:55 on 2013-06-11
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2047.731 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Hewlett-Packard\HP Print View Software\HP Print View Resource Center\HPPrintViewResourceCenter.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = Preserve
uSearch Page = hxxp://isearch.glarysoft.com/?src=iesearch
mSearch Page = hxxp://isearch.glarysoft.com/?src=iesearch
mDefault_Search_URL = hxxp://isearch.glarysoft.com/?src=iesearch
uSearchURL,(Default) = hxxp://isearch.glarysoft.com/?q=%s&src=iesearch
BHO: DownloadTerms: {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} -
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [GoogleChromeAutoLaunch_EC166EC589803CA23C17C93CA8824816] "c:\program files\google\chrome\application\chrome.exe" --no-startup-window
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [ToolboxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
mRun: [HP LaserJet Professional M1530 MFP Series Fax] c:\program files\hp\digital imaging\fax\fax driver 0.6 base\hppfaxprintersrv.exe "HP LaserJet Professional M1530 MFP Series Fax"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [Logitech Download Assistant] c:\windows\system32\rundll32.exe c:\windows\system32\LogiLDA.dll,LogiFetch
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [Family Tree Builder Update] c:\program files\myheritage\bin\FTBCheckUpdates.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\beth's~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\hpprin~1.lnk - c:\program files\hewlett-packard\hp print view software\hp print view resource center\HPPrintViewResourceCenter.exe
StartupFolder: c:\users\beth's~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe
StartupFolder: c:\users\beth's~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{26BD0B6A-2840-4ABF-BC21-7F48E1A8D168} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C921685F-53D9-4FC0-854F-B8A4DA348920} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.110\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files\hp\hplaserjetservice\HPLaserJetService.exe [2010-10-25 145920]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-8-30 100328]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-12-23 1153368]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-5-14 3289208]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2013-3-22 93072]
R3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppcbulkio.sys [2010-10-3 20504]
R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hppcfaxio.sys [2011-12-14 21528]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2011-9-1 42648]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2011-9-1 12184]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2010-1-7 375808]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-1-15 14848]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-1-15 49664]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-11-24 1343400]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=c:\windows\system32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2013-06-10 16:38:12 7016152 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a83a03ae-d223-4d8e-9b76-61743ef3c5ac}\mpengine.dll
2013-06-09 21:51:24 -------- d-----w- c:\windows\pss
2013-06-09 10:17:14 7016152 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-05-21 19:41:28 -------- d-----w- c:\programdata\GameHouse
2013-05-21 16:30:32 724464 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{26a4d2df-542d-441f-8082-4d3480073d2d}\gapaengine.dll
2013-05-15 23:18:29 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-15 23:18:29 186368 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-15 23:18:28 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-05-15 23:18:26 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 23:18:26 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 23:18:24 47104 ----a-w- c:\windows\system32\appinfo.dll
2013-05-15 23:18:24 1796096 ----a-w- c:\windows\system32\authui.dll
2013-05-15 23:18:24 101720 ----a-w- c:\windows\system32\consent.exe
2013-05-14 21:13:34 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2013-05-14 21:13:34 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2013-05-14 21:13:34 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll
2013-05-14 21:13:34 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2013-05-14 20:56:22 -------- d-----w- c:\program files\Intuit
2013-05-14 20:56:16 502544 ----a-w- c:\windows\system32\MSXML.DLL
2013-05-14 20:56:16 25088 ----a-w- c:\windows\system32\msxml3a.dll
2013-05-14 20:56:16 244232 ----a-w- c:\windows\system32\Msflxgrd.ocx
2013-05-14 20:56:16 1009136 ----a-w- c:\windows\system32\Mschrt20.ocx
2013-05-14 20:56:15 1694992 ----a-w- c:\windows\system32\vba6.dll
2013-05-14 20:55:04 -------- d-----w- c:\windows\Intuit
2013-05-14 20:55:02 212992 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
.
==================== Find3M ====================
.
2013-05-10 07:57:38 49728 ----a-w- c:\windows\system32\AdobePDF.dll
2013-05-10 07:57:34 25160 ----a-w- c:\windows\system32\AdobePDFUI.dll
2013-05-02 17:53:39 737280 ----a-w- c:\windows\iun6002.exe
2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-14 21:59:48 926752 ----a-w- c:\windows\system32\FTBSaver.scr
2013-04-13 04:45:16 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45:29 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-09 22:59:04 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2013-04-04 12:35:08 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-22 02:22:46 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-22 02:22:46 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-19 05:04:13 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48:45 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 02:49:16 69632 ----a-w- c:\windows\system32\smss.exe
.
============= FINISH: 9:00:09.56 ===============

Thank you for your time and assistance with this malware problem. Beth McM

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-06-11 09:12:33
-----------------------------
09:12:33.272 * *OS Version: Windows 6.1.7601 Service Pack 1
09:12:33.272 * *Number of processors: 2 586 0xF0B
09:12:33.273 * *ComputerName: BETHSSPEEDDEMON *UserName:*
09:12:33.517 * *Initialize success
09:18:57.126 * *AVAST engine defs: 13061100
09:19:07.509 * *Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-4
09:19:07.511 * *Disk 0 Vendor: INTEL_SSDSA2CW120G3 4PC10362 Size: 114473MB BusType: 3
09:19:07.519 * *Disk 0 MBR read successfully
09:19:07.522 * *Disk 0 MBR scan
09:19:07.608 * *Disk 0 Windows 7 default MBR code
09:19:07.610 * *Disk 0 Partition 1 80 (A) 07 * *HPFS/NTFS NTFS * * * 110000 MB offset 2048
09:19:07.648 * *Disk 0 scanning sectors +225282048
09:19:07.694 * *Disk 0 scanning C:\Windows\system32\drivers
09:19:17.178 * *Service scanning
09:19:23.839 * *Service MpKslc40cbf83 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A83A03AE-D223-4D8E-9B76-61743EF3C5AC}\MpKslc40cbf83.sys **LOCKED** 32
09:19:36.967 * *Modules scanning
09:19:39.750 * *Disk 0 trace - called modules:
09:19:39.758 * *ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys*
09:19:39.764 * *1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x852322e0]
09:19:39.768 * *3 CLASSPNP.SYS[88dd759e] -> nt!IofCallDriver -> [0x85182800]
09:19:39.773 * *5 ACPI.sys[88ac43d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-4[0x8518a908]
09:19:39.933 * *AVAST engine scan C:\Windows
09:19:41.100 * *AVAST engine scan C:\Windows\system32
09:22:02.098 * *AVAST engine scan C:\Windows\system32\drivers
09:22:12.606 * *AVAST engine scan C:\Users\Beth's Speed Demon
09:23:21.574 * *Disk 0 MBR has been saved successfully to "C:\Users\Beth's Speed Demon\Desktop\MBR.dat"
09:23:21.654 * *The log file has been saved successfully to "C:\Users\Beth's Speed Demon\Desktop\aswMBR.txt"

Win32.Downloader.gen: [SBI $F65FFCFA] Library (File, nothing done)
C:\Program Files\Conduit\Community Alerts\Alert.dll
Properties.size=638560
Properties.md5=6796F6E449F90A543DC3345538ACC46F
Properties.filedate=1308835246
Properties.filedatetext=2011-06-23 06:20:46

Win32.Downloader.gen: [SBI $82F4FAFD] Data (File, nothing done)
C:\END
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Properties.filedate=1367517181
Properties.filedatetext=2013-05-02 10:53:01

DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


WebTrends live: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


FastClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Statcounter: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2012-12-23 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2013-04-11 Includes\Adware.sbi (*)
2013-06-04 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2013-04-11 Includes\DialerC.sbi (*)
2013-04-11 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2013-04-11 Includes\HijackersC.sbi (*)
2012-11-14 Includes\iPhone.sbi (*)
2012-11-14 Includes\Keyloggers.sbi (*)
2013-04-11 Includes\KeyloggersC.sbi (*)
2013-05-29 Includes\Malware.sbi (*)
2013-06-06 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2013-06-05 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2013-04-11 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2013-05-22 Includes\Spyware.sbi (*)
2013-05-08 Includes\SpywareC.sbi (*)
2012-11-19 Includes\Tracks.uti
2013-01-16 Includes\Trojans.sbi (*)
2013-05-13 Includes\TrojansC-02.sbi (*)
2013-06-04 Includes\TrojansC-03.sbi (*)
2013-05-16 Includes\TrojansC-04.sbi (*)
2013-05-08 Includes\TrojansC-05.sbi (*)
2013-04-19 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
ken545
2013-06-23, 03:32
:welcome:

Sorry for the delay , please dont start any new threads, just reply to this one.

If you still need help run a new scan with DDS and post the log please
ken545
2013-06-24, 15:02
Still with me Beth ?
BethMcM
2013-06-26, 02:11
Yes, i am still here, just did not log in the past few days. Sorry, I will keep on top of this.
Beth
BethMcM
2013-06-26, 02:20
:welcome:

Sorry for the delay , please dont start any new threads, just reply to this one.

If you still need help run a new scan with DDS and post the log please

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16611 BrowserJavaVersion: 10.25.2
Run by Beth's Speed Demon at 18:15:09 on 2013-06-25
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2047.1121 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Hewlett-Packard\HP Print View Software\HP Print View Resource Center\HPPrintViewResourceCenter.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = Preserve
uSearch Page = hxxp://isearch.glarysoft.com/?src=iesearch
mSearch Page = hxxp://isearch.glarysoft.com/?src=iesearch
mDefault_Search_URL = hxxp://isearch.glarysoft.com/?src=iesearch
uSearchURL,(Default) = hxxp://isearch.glarysoft.com/?q=%s&src=iesearch
BHO: DownloadTerms: {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} -
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [GoogleChromeAutoLaunch_EC166EC589803CA23C17C93CA8824816] "c:\program files\google\chrome\application\chrome.exe" --no-startup-window
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [ToolboxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
mRun: [HP LaserJet Professional M1530 MFP Series Fax] c:\program files\hp\digital imaging\fax\fax driver 0.6 base\hppfaxprintersrv.exe "HP LaserJet Professional M1530 MFP Series Fax"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [Logitech Download Assistant] c:\windows\system32\rundll32.exe c:\windows\system32\LogiLDA.dll,LogiFetch
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [Family Tree Builder Update] c:\program files\myheritage\bin\FTBCheckUpdates.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\beth's~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\hpprin~1.lnk - c:\program files\hewlett-packard\hp print view software\hp print view resource center\HPPrintViewResourceCenter.exe
StartupFolder: c:\users\beth's~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe
StartupFolder: c:\users\beth's~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{26BD0B6A-2840-4ABF-BC21-7F48E1A8D168} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C921685F-53D9-4FC0-854F-B8A4DA348920} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files\hp\hplaserjetservice\HPLaserJetService.exe [2010-10-25 145920]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-8-30 100328]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-12-23 1153368]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-5-14 3289208]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2013-3-22 93072]
R3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppcbulkio.sys [2010-10-3 20504]
R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hppcfaxio.sys [2011-12-14 21528]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2011-9-1 42648]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2011-9-1 12184]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2010-1-7 375808]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-1-15 14848]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-1-15 49664]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-11-24 1343400]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=c:\windows\system32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2013-06-25 14:19:49 7068072 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5b78ba6a-474c-4e35-af88-ff5b8e64094d}\mpengine.dll
2013-06-24 16:03:29 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-23 16:00:39 7068072 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-06-22 02:32:46 724464 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{eefcb614-b861-45fc-ae5c-9654b1a63450}\gapaengine.dll
2013-06-13 10:02:27 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-13 10:02:26 218112 ----a-w- c:\program files\internet explorer\sqmapi.dll
2013-06-12 22:53:19 1505280 ----a-w- c:\windows\system32\d3d11.dll
2013-06-12 22:53:17 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-12 22:53:16 492544 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 22:53:15 903168 ----a-w- c:\windows\system32\certutil.exe
2013-06-12 22:53:15 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-06-12 22:53:14 43008 ----a-w- c:\windows\system32\certenc.dll
2013-06-12 22:53:14 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-12 22:53:14 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-12 22:53:12 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-12 22:53:11 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-12 22:53:10 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-12 22:53:08 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-09 21:51:24 -------- d-----w- c:\windows\pss
.
==================== Find3M ====================
.
2013-06-24 16:03:23 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-06-24 16:03:23 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-05-17 01:25:57 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-05-17 01:25:27 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-05-17 01:25:26 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-05-17 01:25:26 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-05-14 08:40:13 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-05-10 07:57:38 49728 ----a-w- c:\windows\system32\AdobePDF.dll
2013-05-10 07:57:34 25160 ----a-w- c:\windows\system32\AdobePDFUI.dll
2013-05-02 17:53:39 737280 ----a-w- c:\windows\iun6002.exe
2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-14 21:59:48 926752 ----a-w- c:\windows\system32\FTBSaver.scr
2013-04-13 04:45:16 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45:29 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 05:18:40 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 05:18:40 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 03:14:06 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-04-09 22:59:04 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
.
============= FINISH: 18:15:22.57 ===============
ken545
2013-06-26, 02:50
Looks like you just have a bogus toolbar installed.

Go here (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and download AdwCleaner to your desktop


Double click on AdwCleaner.exe to run the tool.
Click on Delete
A logfile will automatically open after the scan has finished.
Please post the content of that logfile in your reply.
You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.


http://i24.photobucket.com/albums/c30/ken545/AdwareCleaner.jpg





Please download Malwarebytes Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.

Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan as shown below.

http://i1224.photobucket.com/albums/ee380/jeffce74/MBAM-2.jpg

When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.







OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.




I need to see

1. AdwCleaner log
2. Malwarebytes log
3. OTL log
BethMcM
2013-06-26, 21:16
# AdwCleaner v2.303 - Logfile created 06/26/2013 at 13:05:15
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : Beth's Speed Demon - BETHSSPEEDDEMON
# Boot Mode : Normal
# Running from : C:\Users\Beth's Speed Demon\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\END
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Users\Beth's Speed Demon\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Beth's Speed Demon\AppData\Local\Discount Buddy
Folder Deleted : C:\Users\Beth's Speed Demon\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Beth's Speed Demon\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Beth's Speed Demon\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Beth's Speed Demon\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Beth's Speed Demon\AppData\LocalLow\StumbleUpon
Folder Deleted : C:\Users\Beth's Speed Demon\AppData\Roaming\DefaultTab

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\StumbleUpon
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3279141
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\StumbleUpon

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://isearch.glarysoft.com/?src=iesearch --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Default_Search_URL] = hxxp://isearch.glarysoft.com/?src=iesearch --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Search Page] = hxxp://isearch.glarysoft.com/?src=iesearch --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - (Par défaut)] = hxxp://isearch.glarysoft.com/?q=%s&src=iesearch --> Empty data
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - (Par défaut)] = hxxp://isearch.glarysoft.com/?q=%s&src=iesearch --> Empty data

-\\ Google Chrome v27.0.1453.116

File : C:\Users\Beth's Speed Demon\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3321 octets] - [26/06/2013 13:05:15]

########## EOF - C:\AdwCleaner[S1].txt - [3381 octets] ##########
BethMcM
2013-06-26, 21:50
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.26.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16618
Beth's Speed Demon :: BETHSSPEEDDEMON [administrator]

6/26/2013 1:27:10 PM
mbam-log-2013-06-26 (13-27-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 279781
Time elapsed: 3 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Beth's Speed Demon\Downloads\mplayer_Setup.exe (PUP.IBryte) -> Quarantined and deleted successfully.

(end)
I need to see

1. AdwCleaner log
2. Malwarebytes log
3. OTL log[/QUOTE]
BethMcM
2013-06-26, 21:51
OTL logfile created on: 6/26/2013 1:41:56 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Beth's Speed Demon\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 48.38% Memory free
4.00 Gb Paging File | 2.98 Gb Available in Paging File | 74.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 107.42 Gb Total Space | 12.20 Gb Free Space | 11.36% Space Free | Partition Type: NTFS

Computer Name: BETHSSPEEDDEMON | User Name: Beth's Speed Demon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Beth's Speed Demon\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe (MyHeritage)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Program Files\Hewlett-Packard\HP Print View Software\HP Print View Resource Center\HPPrintViewResourceCenter.exe (Hewlett-Packard)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe (HP)
PRC - C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe (Hewlett-Packard Company)
PRC - C:\Program Files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\33125250f48dd834dde012979858b39f\System.Deployment.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\56765d6988c0fc573c31d3c6066fc704\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\eb4fa29ea9ab56d453b36696edbe6423\System.Runtime.Serialization.Formatters.Soap.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files\Yahoo!\Messenger\yui.dll ()
MOD - C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll ()
MOD - C:\Program Files\HP\ToolboxFX\bin\NativeUtils.dll ()


========== Services (SafeList) ==========

SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (HP LaserJet Service) -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe (HP)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (ADIHdAudAddService) -- system32\drivers\ADIHdAud.sys File not found
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LEqdUsb) -- C:\Windows\System32\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV - (LHidEqd) -- C:\Windows\System32\drivers\LHidEqd.sys (Logitech, Inc.)
DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (HPFXFAX) -- C:\Windows\System32\drivers\hppcfaxio.sys (Hewlett Packard)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (HPFXBULKLEDM) -- C:\Windows\System32\drivers\hppcbulkio.sys (Hewlett Packard)
DRV - (RTL8187) -- C:\Windows\System32\drivers\RTL8187.sys (Realtek Semiconductor Corporation )
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys ()
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3239291453-3162581592-1990427089-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3239291453-3162581592-1990427089-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3239291453-3162581592-1990427089-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3239291453-3162581592-1990427089-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3239291453-3162581592-1990427089-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3239291453-3162581592-1990427089-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3239291453-3162581592-1990427089-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3239291453-3162581592-1990427089-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3239291453-3162581592-1990427089-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3239291453-3162581592-1990427089-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-3239291453-3162581592-1990427089-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3239291453-3162581592-1990427089-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://isearch.glarysoft.com/?src=iesearch
IE - HKU\S-1-5-21-3239291453-3162581592-1990427089-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&CUI=UN36178419557078188&ctid=CT3279141
IE - HKU\S-1-5-21-3239291453-3162581592-1990427089-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3239291453-3162581592-1990427089-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3239291453-3162581592-1990427089-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3239291453-3162581592-1990427089-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3239291453-3162581592-1990427089-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_enUS459
IE - HKU\S-1-5-21-3239291453-3162581592-1990427089-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3239291453-3162581592-1990427089-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/05/16 17:11:29 | 000,000,000 | ---D | M]

[2011/12/02 11:09:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Beth's Speed Demon\AppData\Roaming\Mozilla\Extensions
[2011/12/02 11:09:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Beth's Speed Demon\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Bejeweled = C:\Users\Beth's Speed Demon\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0\
CHR - Extension: Google Drive = C:\Users\Beth's Speed Demon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Beth's Speed Demon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Beth's Speed Demon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Word Search = C:\Users\Beth's Speed Demon\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnjkggjhcbohgnikmegjkodmakmimlkj\1.0.0.1_0\
CHR - Extension: Word Search = C:\Users\Beth's Speed Demon\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnjkggjhcbohgnikmegjkodmakmimlkj\1.0.0.1_0\~
CHR - Extension: BBC Good Food = C:\Users\Beth's Speed Demon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkffnoliaheoidfeejcmnidkkgilkja\5_0\
CHR - Extension: FastestChrome - Browse Faster = C:\Users\Beth's Speed Demon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\7.2.2_0\
CHR - Extension: Gmail = C:\Users\Beth's Speed Demon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/12/23 10:30:16 | 000,445,864 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 15308 more lines...
O2 - BHO: (DownloadTerms) - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Users\Beth's Speed Demon\AppData\Local\DownloadTerms\temp.dat File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3239291453-3162581592-1990427089-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3239291453-3162581592-1990427089-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3239291453-3162581592-1990427089-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3239291453-3162581592-1990427089-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [Family Tree Builder Update] C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe (MyHeritage)
O4 - HKLM..\Run: [HP LaserJet Professional M1530 MFP Series Fax] C:\Program Files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ToolboxFX] C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe (Hewlett-Packard Company)
O4 - HKU\S-1-5-21-3239291453-3162581592-1990427089-1001..\Run: [GoogleChromeAutoLaunch_EC166EC589803CA23C17C93CA8824816] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-3239291453-3162581592-1990427089-1001..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-3239291453-3162581592-1990427089-1001..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-21-3239291453-3162581592-1990427089-1003..\Run: [GoogleChromeAutoLaunch_EC166EC589803CA23C17C93CA8824816] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-3239291453-3162581592-1990427089-1003..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-3239291453-3162581592-1990427089-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3239291453-3162581592-1990427089-1003..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found
O4 - HKU\S-1-5-21-3239291453-3162581592-1990427089-1003..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3239291453-3162581592-1990427089-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Beth's Speed Demon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP Print View Resource Center.lnk = C:\Program Files\Hewlett-Packard\HP Print View Software\HP Print View Resource Center\HPPrintViewResourceCenter.exe (Hewlett-Packard)
O4 - Startup: C:\Users\Beth's Speed Demon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3239291453-3162581592-1990427089-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3239291453-3162581592-1990427089-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26BD0B6A-2840-4ABF-BC21-7F48E1A8D168}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C921685F-53D9-4FC0-854F-B8A4DA348920}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/26 13:39:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Beth's Speed Demon\Desktop\OTL.exe
[2013/06/26 13:26:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/26 13:26:06 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/06/26 13:26:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/06/26 13:25:37 | 000,000,000 | ---D | C] -- C:\Users\Beth's Speed Demon\AppData\Local\Programs
[2013/06/26 13:22:42 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Beth's Speed Demon\Desktop\mbam-setup-1.75.0.1300.exe
[2013/06/25 11:53:22 | 000,000,000 | ---D | C] -- C:\Users\Beth's Speed Demon\Documents\Woody
[2013/06/24 09:03:29 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/06/24 09:03:15 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/06/18 14:59:56 | 000,928,288 | ---- | C] (MyHeritage) -- C:\Windows\System32\FTBSaver.scr
[2013/06/13 13:09:04 | 000,000,000 | ---D | C] -- C:\Users\Beth's Speed Demon\Documents\Hot Summer Day
[2013/06/13 12:25:20 | 000,000,000 | ---D | C] -- C:\Users\Beth's Speed Demon\Documents\Bamboo Too
[2013/06/13 03:02:27 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/06/13 03:02:26 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/06/13 03:00:30 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/06/13 03:00:29 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/06/13 03:00:29 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/06/13 03:00:28 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/06/13 03:00:28 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/06/13 03:00:28 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/06/13 03:00:28 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/06/13 03:00:28 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/06/12 15:53:19 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013/06/12 15:53:17 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll
[2013/06/12 15:53:15 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2013/06/12 15:53:14 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll
[2013/06/12 15:53:11 | 003,913,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/06/12 15:53:10 | 003,968,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/06/12 10:01:36 | 000,000,000 | ---D | C] -- C:\Users\Beth's Speed Demon\Documents\Bamboo & Planters
[2013/06/11 09:10:37 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Beth's Speed Demon\Desktop\aswMBR.exe
[2013/06/11 08:59:03 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Beth's Speed Demon\Desktop\dds.com
[2013/06/11 08:57:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013/06/11 08:56:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/06/11 08:56:22 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2013/06/11 08:54:56 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Beth's Speed Demon\Desktop\erunt-setup.exe
[2013/06/09 14:51:24 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/06/05 00:10:03 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013/06/05 00:10:03 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013/06/05 00:10:03 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013/06/05 00:10:03 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013/06/05 00:10:03 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013/06/05 00:10:03 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013/06/05 00:10:03 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013/06/05 00:10:02 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013/06/05 00:10:02 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013/06/05 00:10:02 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013/06/05 00:10:02 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013/06/05 00:10:02 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/06/05 00:10:02 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013/06/05 00:10:02 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013/06/05 00:10:02 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013/06/05 00:10:02 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013/06/05 00:10:02 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013/06/05 00:10:02 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013/06/05 00:10:02 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013/06/05 00:10:02 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013/06/05 00:10:01 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/06/05 00:10:01 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013/06/05 00:10:01 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013/06/05 00:10:01 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013/06/05 00:10:01 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/06/05 00:10:01 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

========== Files - Modified Within 30 Days ==========

[2013/06/26 13:41:52 | 000,677,482 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/06/26 13:41:52 | 000,125,956 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/06/26 13:39:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Beth's Speed Demon\Desktop\OTL.exe
[2013/06/26 13:38:01 | 000,001,731 | ---- | M] () -- C:\Users\Beth's Speed Demon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP Print View Resource Center.lnk
[2013/06/26 13:37:55 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/26 13:37:45 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2013/06/26 13:37:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/26 13:37:36 | 1609,916,416 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/26 13:37:12 | 000,013,936 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/26 13:37:12 | 000,013,936 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/26 13:26:15 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/26 13:25:11 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Beth's Speed Demon\Desktop\mbam-setup-1.75.0.1300.exe
[2013/06/26 13:08:02 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/26 13:01:40 | 000,001,092 | ---- | M] () -- C:\Users\Beth's Speed Demon\Desktop\MyHeritage Family Tree Builder.lnk
[2013/06/26 13:00:55 | 000,648,201 | ---- | M] () -- C:\Users\Beth's Speed Demon\Desktop\AdwCleaner.exe
[2013/06/25 18:18:30 | 000,003,084 | ---- | M] () -- C:\Users\Beth's Speed Demon\Desktop\Attach a.zip
[2013/06/24 09:03:25 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/06/24 09:03:24 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/06/24 09:03:24 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/06/24 09:03:23 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2013/06/24 09:03:23 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013/06/24 09:03:23 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/06/21 13:33:58 | 000,788,123 | ---- | M] () -- C:\Users\Beth's Speed Demon\Documents\Walton County Notices.pdf
[2013/06/21 13:32:13 | 005,784,817 | ---- | M] () -- C:\Users\Beth's Speed Demon\Documents\Walton County Notice B.pdf
[2013/06/21 13:30:58 | 005,797,219 | ---- | M] () -- C:\Users\Beth's Speed Demon\Documents\Walton County Notice A.pdf
[2013/06/18 14:59:56 | 000,928,288 | ---- | M] (MyHeritage) -- C:\Windows\System32\FTBSaver.scr
[2013/06/17 11:49:06 | 000,259,474 | ---- | M] () -- C:\Users\Beth's Speed Demon\Desktop\Family Tree June 2013.pdf
[2013/06/11 09:23:21 | 000,000,512 | ---- | M] () -- C:\Users\Beth's Speed Demon\Desktop\MBR.dat
[2013/06/11 09:12:24 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Beth's Speed Demon\Desktop\aswMBR.exe
[2013/06/11 09:06:19 | 000,003,765 | ---- | M] () -- C:\Users\Beth's Speed Demon\Desktop\attach.zip
[2013/06/11 08:59:07 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Beth's Speed Demon\Desktop\dds.com
[2013/06/11 08:56:23 | 000,000,888 | ---- | M] () -- C:\Users\Beth's Speed Demon\Desktop\ERUNT.lnk
[2013/06/11 08:55:00 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Beth's Speed Demon\Desktop\erunt-setup.exe
[2013/06/08 04:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/06/08 04:13:19 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/06/05 00:10:03 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013/06/05 00:10:03 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013/06/05 00:10:03 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013/06/05 00:10:03 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013/06/05 00:10:03 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013/06/05 00:10:03 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013/06/05 00:10:03 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013/06/05 00:10:02 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013/06/05 00:10:02 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013/06/05 00:10:02 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013/06/05 00:10:02 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013/06/05 00:10:02 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013/06/05 00:10:02 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/06/05 00:10:02 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013/06/05 00:10:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013/06/05 00:10:02 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013/06/05 00:10:02 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013/06/05 00:10:02 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013/06/05 00:10:02 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013/06/05 00:10:02 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013/06/05 00:10:02 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013/06/05 00:10:01 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/06/05 00:10:01 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013/06/05 00:10:01 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013/06/05 00:10:01 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/06/05 00:10:01 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013/06/05 00:10:01 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

========== Files Created - No Company Name ==========

[2013/06/26 13:26:15 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/26 13:00:49 | 000,648,201 | ---- | C] () -- C:\Users\Beth's Speed Demon\Desktop\AdwCleaner.exe
[2013/06/25 18:18:30 | 000,003,084 | ---- | C] () -- C:\Users\Beth's Speed Demon\Desktop\Attach a.zip
[2013/06/21 13:33:58 | 000,788,123 | ---- | C] () -- C:\Users\Beth's Speed Demon\Documents\Walton County Notices.pdf
[2013/06/21 13:32:10 | 005,784,817 | ---- | C] () -- C:\Users\Beth's Speed Demon\Documents\Walton County Notice B.pdf
[2013/06/21 13:30:55 | 005,797,219 | ---- | C] () -- C:\Users\Beth's Speed Demon\Documents\Walton County Notice A.pdf
[2013/06/17 11:49:05 | 000,259,474 | ---- | C] () -- C:\Users\Beth's Speed Demon\Desktop\Family Tree June 2013.pdf
[2013/06/11 09:23:21 | 000,000,512 | ---- | C] () -- C:\Users\Beth's Speed Demon\Desktop\MBR.dat
[2013/06/11 09:06:19 | 000,003,765 | ---- | C] () -- C:\Users\Beth's Speed Demon\Desktop\attach.zip
[2013/06/11 08:56:23 | 000,000,888 | ---- | C] () -- C:\Users\Beth's Speed Demon\Desktop\ERUNT.lnk
[2013/06/05 00:10:01 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013/05/16 17:01:00 | 000,004,096 | -H-- | C] () -- C:\Users\Beth's Speed Demon\AppData\Local\keyfile3.drm
[2013/05/02 10:53:23 | 000,000,884 | RHS- | C] () -- C:\Users\Beth's Speed Demon\ntuser.pol
[2013/04/18 10:51:39 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll
[2013/02/25 18:54:06 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012/08/02 16:48:40 | 000,000,017 | ---- | C] () -- C:\Users\Beth's Speed Demon\AppData\Local\resmon.resmoncfg
[2012/01/29 23:14:16 | 000,000,000 | ---- | C] () -- C:\Users\Beth's Speed Demon\AppData\Local\{60588841-DC3B-43FB-8930-53A015903FE0}
[2012/01/28 19:07:49 | 000,000,000 | ---- | C] () -- C:\Users\Beth's Speed Demon\AppData\Local\{64518D0F-05F8-4C4A-AD4F-524AF4614823}
[2012/01/28 19:06:07 | 000,000,000 | ---- | C] () -- C:\Users\Beth's Speed Demon\AppData\Local\{EA13A07C-3714-42F8-A0BF-8B1A3E016F53}
[2012/01/28 19:01:48 | 000,000,000 | ---- | C] () -- C:\Users\Beth's Speed Demon\AppData\Local\{6DF84C72-753A-406C-A5BF-8A42F278699E}
[2012/01/28 18:59:50 | 000,000,000 | ---- | C] () -- C:\Users\Beth's Speed Demon\AppData\Local\{32DCBDC5-32C1-41B5-8720-29418DFB8031}
[2012/01/28 18:57:07 | 000,000,000 | ---- | C] () -- C:\Users\Beth's Speed Demon\AppData\Local\{61F70DEE-7919-436C-BA6F-2CDB54E261B6}
[2012/01/28 18:55:08 | 000,000,000 | ---- | C] () -- C:\Users\Beth's Speed Demon\AppData\Local\{DBDEFA00-E592-4E03-85BC-9CAEDE98AD36}
[2012/01/28 18:52:35 | 000,000,000 | ---- | C] () -- C:\Users\Beth's Speed Demon\AppData\Local\{859F54F2-84A7-4FED-9580-5F13AF4DC4B7}
[2012/01/28 18:50:37 | 000,000,000 | ---- | C] () -- C:\Users\Beth's Speed Demon\AppData\Local\{95C2C032-EB89-4668-853F-9C59242C538A}
[2012/01/28 18:45:18 | 000,000,000 | ---- | C] () -- C:\Users\Beth's Speed Demon\AppData\Local\{796781C7-4734-4C59-8913-041EB6924F08}
[2012/01/28 18:43:20 | 000,000,000 | ---- | C] () -- C:\Users\Beth's Speed Demon\AppData\Local\{AB43DD94-6474-4B55-85BF-B8F3586A0C20}
[2012/01/25 13:19:00 | 000,000,000 | ---- | C] () -- C:\Users\Beth's Speed Demon\AppData\Local\{BB81812A-3C33-47D3-A3D5-3B00CD11EEC3}
[2012/01/24 18:52:48 | 000,000,000 | ---- | C] () -- C:\Users\Beth's Speed Demon\AppData\Local\{6BF84FBC-576F-4E53-B89C-27E80C3B1BA3}
[2012/01/24 18:50:56 | 000,000,000 | ---- | C] () -- C:\Users\Beth's Speed Demon\AppData\Local\{D4874FC7-E0D9-47FE-B0EA-5921095C7C8E}
[2012/01/22 06:45:07 | 000,000,000 | ---- | C] () -- C:\Users\Beth's Speed Demon\AppData\Local\{D93627F5-4C56-4B6D-81CB-6ED7C0D5FE5B}
[2012/01/09 15:45:56 | 000,000,000 | ---- | C] () -- C:\Users\Beth's Speed Demon\AppData\Local\{6D424C03-05E0-4002-810F-0B29642BE1AD}
[2012/01/09 15:43:58 | 000,000,000 | ---- | C] () -- C:\Users\Beth's Speed Demon\AppData\Local\{D8F96319-BF6E-40DA-96ED-726AFA59407F}
[2012/01/04 20:08:00 | 000,000,000 | ---- | C] () -- C:\Users\Beth's Speed Demon\AppData\Local\{941727C9-0DC5-41EA-B05E-2FB973A5F856}
[2012/01/04 20:06:02 | 000,000,000 | ---- | C] () -- C:\Users\Beth's Speed Demon\AppData\Local\{2309EB2C-2E30-4123-A1CA-891D8DAC9216}
[2011/12/19 09:23:13 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll
[2011/12/19 09:23:13 | 000,012,400 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2011/12/15 15:07:30 | 000,000,161 | ---- | C] () -- C:\Windows\Readiris.ini
[2011/12/14 17:58:57 | 000,000,608 | -HS- | C] () -- C:\Windows\System32\winzvprt5.sys
[2011/12/14 17:58:57 | 000,000,230 | ---- | C] () -- C:\Windows\System32\hppfaxprinter5.ini
[2011/11/30 22:10:42 | 000,036,270 | ---- | C] () -- C:\Users\Beth's Speed Demon\AppData\Roaming\Comma Separated Values (Windows).ADR
[2011/11/27 11:36:30 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2011/11/26 13:21:13 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Definition Bundle
[2011/11/26 13:21:13 | 000,000,268 | RH-- | C] () -- C:\Users\Beth's Speed Demon\AppData\Roaming\CustomDataViews
[2011/11/26 13:21:13 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2011/11/26 13:15:58 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Dance Kit
[2011/11/26 13:15:58 | 000,000,268 | RH-- | C] () -- C:\Users\Beth's Speed Demon\AppData\Roaming\Contextual Menu Items
[2011/11/26 13:15:58 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2011/11/25 14:28:27 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/11/25 14:04:15 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/11/25 14:03:48 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

========== ZeroAccess Check ==========

[2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/01/21 21:26:52 | 000,000,000 | -HSD | M] -- C:\Users\Beth's Speed Demon\AppData\Roaming\.#
[2012/09/12 18:41:30 | 000,000,000 | ---D | M] -- C:\Users\Beth's Speed Demon\AppData\Roaming\123 Free Solitaire
[2011/12/05 12:01:09 | 000,000,000 | ---D | M] -- C:\Users\Beth's Speed Demon\AppData\Roaming\Autodesk
[2012/12/29 12:52:15 | 000,000,000 | ---D | M] -- C:\Users\Beth's Speed Demon\AppData\Roaming\GlarySoft
[2012/07/02 16:01:25 | 000,000,000 | ---D | M] -- C:\Users\Beth's Speed Demon\AppData\Roaming\Leadertech
[2013/04/20 14:56:48 | 000,000,000 | ---D | M] -- C:\Users\Beth's Speed Demon\AppData\Roaming\MyHeritage
[2012/01/03 11:30:18 | 000,000,000 | ---D | M] -- C:\Users\Beth's Speed Demon\AppData\Roaming\Nikon
[2011/11/27 08:38:41 | 000,000,000 | ---D | M] -- C:\Users\Beth's Speed Demon\AppData\Roaming\Philipp Winterberg
[2013/04/18 10:51:39 | 000,000,000 | ---D | M] -- C:\Users\Beth's Speed Demon\AppData\Roaming\The Complete Genealogy Reporter - FTB
[2011/12/02 11:09:26 | 000,000,000 | ---D | M] -- C:\Users\Beth's Speed Demon\AppData\Roaming\TomTom
[2012/12/11 10:47:16 | 000,000,000 | ---D | M] -- C:\Users\Beth's Speed Demon\AppData\Roaming\TuneUp Software

========== Purity Check ==========



< End of report >
I need to see

1. AdwCleaner log
2. Malwarebytes log
3. OTL log[/QUOTE]
BethMcM
2013-06-26, 21:53
OTL Extras logfile created on: 6/26/2013 1:41:56 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Beth's Speed Demon\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 48.38% Memory free
4.00 Gb Paging File | 2.98 Gb Available in Paging File | 74.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 107.42 Gb Total Space | 12.20 Gb Free Space | 11.36% Space Free | Partition Type: NTFS

Computer Name: BETHSSPEEDDEMON | User Name: Beth's Speed Demon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3239291453-3162581592-1990427089-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003280F9-D810-4587-9914-3D03A5538B48}" = rport=138 | protocol=17 | dir=out | app=system |
"{099606D3-78D0-4439-8E95-AD05618D091F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0AF8BD18-8205-4E34-B7E6-868148A9D46E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0B480CC2-BD01-433F-98A6-7F757CD71E86}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0F5C64C7-FA08-4C81-AF0D-6A4BA9A88CC6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{11790C48-1F62-471A-813E-2419B4A6F680}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{21DB6128-107F-4AB9-B243-BC816ACEF8C1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{21DF1924-382F-4988-82D8-C87FEE6BDC8A}" = rport=445 | protocol=6 | dir=out | app=system |
"{264C8D26-7571-4D31-B662-C36099115D48}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4CD532EB-FC3A-4B72-A1EA-28C4EB5A6F20}" = lport=138 | protocol=17 | dir=in | app=system |
"{62527A02-9A2F-4A60-8C89-2A7D0A47C37C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{847C1A82-D726-4907-A2DB-82DAC01D440B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{89548E3B-D767-4271-9F00-19619BA75C79}" = rport=10243 | protocol=6 | dir=out | app=system |
"{954FBB0E-5BFD-460F-9B81-7940EBC313D8}" = rport=139 | protocol=6 | dir=out | app=system |
"{A20E22DC-F2D5-4E12-8714-3F48BDC1CF4E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A69F0D2E-81CA-4027-A348-37425EB093AD}" = lport=137 | protocol=17 | dir=in | app=system |
"{B7AD4728-8D29-431C-8C79-DB5E83B209AB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C1D50DEB-82D4-4DFA-A057-35D642B412C2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C5C31776-7CDA-4C42-BDAF-E4B10C26901A}" = rport=137 | protocol=17 | dir=out | app=system |
"{E04FA165-FD30-4783-9ACC-148AE24D93FC}" = lport=445 | protocol=6 | dir=in | app=system |
"{E31979BD-A412-425F-843E-93D3A18339EF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E80ED0FC-733A-4E89-82AA-E310F6A0F09D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EBE408CC-B31B-4A87-A582-8BF991F3B281}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F9886282-9A0A-4087-81D3-ACC33A147E73}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07EE594B-CDA0-479E-8CB7-A095A260FB62}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1551917A-D088-4240-89A6-1497A2E1548B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{18A541C0-5EC0-4100-BD63-59F5DE76EE50}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{19194CED-63F9-4A14-854A-209060B4C3EE}" = protocol=6 | dir=in | app=c:\users\beth's speed demon\appdata\local\temp\7zs437f\hpdiagnosticcoreui.exe |
"{19D9D15C-0DF7-4A38-9033-BC2C84540F00}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{1CB89DF4-B7E7-4732-8C7A-E13DEA07398D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{284A29BA-02CF-4657-B9F4-465194740A74}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{2929DD47-32F1-48D2-BB02-0C4F4D678ADD}" = protocol=6 | dir=in | app=d:\installer\hpbcsiinstaller.exe |
"{313C4E2D-23ED-4B8E-9EDC-4D5075C26628}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{31BB9D05-4093-4F35-B9C2-896EE9135DB9}" = protocol=17 | dir=in | app=c:\users\beth's speed demon\appdata\local\temp\7zs437f\hpdiagnosticcoreui.exe |
"{332A180E-668B-407A-8A2C-BFA693C52DE5}" = protocol=17 | dir=in | app=d:\installer\hpbcsiinstaller.exe |
"{4A533399-1F4E-4D5E-A034-006A90C535F5}" = protocol=17 | dir=in | app=g:\cnet2_installfreerarextractfrog_exe.exe |
"{57EB3755-3755-42DF-9F96-82B37045EDD1}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{67AF3DAC-A5D7-4612-9B27-D8BC58076922}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{67CAA86A-9456-4AEE-9068-F273EE098628}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6CE5157E-8D10-4956-9AA3-1AD08985A102}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{7848058D-95F7-419A-8723-FC50E01F1435}" = protocol=6 | dir=in | app=g:\cnet2_installfreerarextractfrog_exe.exe |
"{7BC8DF22-1E83-448E-B31D-2F4288932B41}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7D38E136-9046-46CB-A213-02E81BED15D9}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{812BA328-AC31-4288-B2D1-9DC3EF0B3EE3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{84F320FA-D464-4D67-A640-B775CB4B88DE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{85A41C89-A680-423B-8115-FBD4207A5A5F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{89D991AC-E9A8-45E4-9BEE-1F4875B5CB34}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8C92762E-1624-499C-95C5-D248BBD1FCEA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{922B6E6A-FDE9-4B4C-8EE0-DADCAE84CFEF}" = protocol=6 | dir=out | app=system |
"{95176FF0-159D-4B0B-9415-EC93EA5EBBE7}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{AE6DF75E-FFC0-4740-AF36-4D7F267C295E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B2F2A7A2-DB25-4EDA-80B7-213AB5C2AA88}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B4EA358D-35C8-4634-970B-4B2741570031}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DAF05715-47D3-473D-847A-6010493A66E0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E2E84731-061D-4BC3-AA74-8E5DBD664C1F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{EBA30900-38BC-49D7-B5D7-1E43A78B97F7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F1539F9F-8CB2-4E00-8A01-F6BC190CEF00}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F641932D-E473-4F2D-A18A-656BB184D6DC}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{229D6185-BD7E-494B-A73B-C5215BE0690E}" = HPLJUT
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3AC26580-A695-4134-84AE-5121B3AAE545}" = Readiris Pro 12
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4006E354-3D24-49BA-A36F-7EB75D50D575}" = hppLaserJetService
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F38594F-2C4A-4C42-B2C4-505E225F6F80}" = HP Product Detection
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5783F2D7-9001-0409-0002-0060B0CE6BBA}" = AutoCAD 2011 - English
"{5783F2D7-9001-0409-1002-0060B0CE6BBA}" = AutoCAD 2011 Language Pack - English
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74280B5D-A0AF-46c5-9C85-D9EA078262F1}" = HP LaserJet Professional M1530 MFP Series
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{865E1902-B6FE-4AF0-B61D-A82EBC53569E}" = hppSendFaxM1530
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B411F80-3CC1-4CAC-BBA9-7CF30C48851C}" = HP Print View Software
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9112FEA9-0F64-453C-BEA5-9A782F87EDAA}" = hppTLBXFXM1530
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{989FB5FD-9B00-4B32-8663-849CB1370DD1}" = Google Drive
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD2DD45-8763-4F12-BDC6-958FCFEF0FCB}" = Microsoft IntelliType Pro 8.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{A1D53426-D6F3-4886-A72B-E1A8C82259E9}" = hppM1530LaserJetService
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3A18593-62BE-4AE1-AF3F-E35179CF042E}" = hpzTLBXFX
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A82D0C46-EBDF-4B27-A731-D06EF2056E81}" = HP FWUpdateEDO3
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-BA7E-000000000005}" = Adobe Acrobat X Standard
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C05002F1-06F8-4A15-B6F8-E4DC655C28AA}" = HP LJ M1530 MFP Series HP Scan
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C462F75B-9A35-4A84-AE52-E8C9112AAE87}" = hppFaxUtilityM1530
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EC5F4C1B-F838-4CB7-8561-8F809296428B}" = TomTom HOME
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{FD575F8B-6141-455A-8AE5-F2D2E08520FC}" = hppFaxDrvM1530
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"AutoCAD 2011 - English" = AutoCAD 2011 - English
"ERUNT_is1" = ERUNT 1.1j
"Family Tree Builder" = MyHeritage Family Tree Builder
"Free RAR Extract Frog" = Free RAR Extract Frog
"Glary Utilities_is1" = Glary Utilities 2.51.0.1666
"Google Chrome" = Google Chrome
"Host OpenAL (ADI)" = Host OpenAL (ADI)
"HP Marketing Resources" = HP Print View Software
"Logitech Unifying" = Logitech Unifying Software 2.10
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"SP6" = Logitech SetPoint 6.32
"SQL Anywhere Studio 7.0" = Sybase SQL Anywhere 7
"ULTIMATER" = Microsoft Office Ultimate 2007
"Wisdom-soft Set up ScreenHunter 5.1 Free" = Wisdom-soft Set up ScreenHunter 5.1 Free
"Yahoo! Messenger" = Yahoo! Messenger

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/15/2012 7:55:17 PM | Computer Name = BethsSpeedDemon | Source = Application Hang | ID = 1002
Description = The program OUTLOOK.EXE version 12.0.6665.5003 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 12b4 Start
Time: 01cdc38c710e0f12 Termination Time: 20 Application Path: C:\Program Files\Microsoft
Office\Office12\OUTLOOK.EXE Report Id: d73c8f02-2f7f-11e2-bbd2-001e8c6f7edb

Error - 11/17/2012 7:18:51 PM | Computer Name = BethsSpeedDemon | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16455,
time stamp: 0x507284ba Faulting module name: Flash32_11_4_402_287.ocx, version: 11.4.402.287,
time stamp: 0x5066dd49 Exception code: 0xc0000005 Fault offset: 0x000df906 Faulting
process id: 0x1718 Faulting application start time: 0x01cdc509b294fcc7 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\Macromed\Flash\Flash32_11_4_402_287.ocx
Report
Id: 2552527b-310d-11e2-83cf-001e8c6f7edb

Error - 11/18/2012 11:19:37 PM | Computer Name = BethsSpeedDemon | Source = Windows Backup | ID = 4104
Description =

Error - 11/23/2012 12:27:37 PM | Computer Name = BethsSpeedDemon | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16455,
time stamp: 0x507284ba Faulting module name: MSHTML.dll, version: 9.0.8112.16455,
time stamp: 0x50728e5d Exception code: 0xc0000005 Fault offset: 0x004c4545 Faulting
process id: 0x1750 Faulting application start time: 0x01cdc98e236dccf5 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\MSHTML.dll
Report
Id: b0f0ad8a-358a-11e2-82b9-001e8c6f7edb

Error - 11/23/2012 12:27:55 PM | Computer Name = BethsSpeedDemon | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16455,
time stamp: 0x507284ba Faulting module name: MSHTML.dll, version: 9.0.8112.16455,
time stamp: 0x50728e5d Exception code: 0xc0000005 Fault offset: 0x004c4545 Faulting
process id: 0x118c Faulting application start time: 0x01cdc9977a68cad5 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\MSHTML.dll
Report
Id: bbd4738b-358a-11e2-82b9-001e8c6f7edb

Error - 11/23/2012 12:28:22 PM | Computer Name = BethsSpeedDemon | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16455,
time stamp: 0x507284ba Faulting module name: MSHTML.dll, version: 9.0.8112.16455,
time stamp: 0x50728e5d Exception code: 0xc0000005 Fault offset: 0x004c4545 Faulting
process id: 0x4cc Faulting application start time: 0x01cdc9977a62d754 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\MSHTML.dll
Report
Id: cbd44e39-358a-11e2-82b9-001e8c6f7edb

Error - 11/23/2012 12:28:48 PM | Computer Name = BethsSpeedDemon | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16455,
time stamp: 0x507284ba Faulting module name: MSHTML.dll, version: 9.0.8112.16455,
time stamp: 0x50728e5d Exception code: 0xc0000005 Fault offset: 0x0079a915 Faulting
process id: 0x1620 Faulting application start time: 0x01cdc9978fbd360a Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\MSHTML.dll
Report
Id: db08db21-358a-11e2-82b9-001e8c6f7edb

Error - 11/23/2012 12:34:27 PM | Computer Name = BethsSpeedDemon | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16455,
time stamp: 0x507284ba Faulting module name: MSHTML.dll, version: 9.0.8112.16455,
time stamp: 0x50728e5d Exception code: 0xc0000005 Fault offset: 0x00247a38 Faulting
process id: 0x150c Faulting application start time: 0x01cdc997aad62f9c Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\MSHTML.dll
Report
Id: a54e3e8b-358b-11e2-82b9-001e8c6f7edb

Error - 11/23/2012 6:30:30 PM | Computer Name = BethsSpeedDemon | Source = Application Hang | ID = 1002
Description = The program OUTLOOK.EXE version 12.0.6665.5003 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: a80 Start
Time: 01cdc9c9cb473b9c Termination Time: 10 Application Path: C:\Program Files\Microsoft
Office\Office12\OUTLOOK.EXE Report Id: 51c58a77-35bd-11e2-85cd-001e8c6f7edb

Error - 11/25/2012 11:00:06 PM | Computer Name = BethsSpeedDemon | Source = Windows Backup | ID = 4103
Description =

[ OSession Events ]
Error - 2/18/2013 3:20:09 PM | Computer Name = BethsSpeedDemon | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 426
seconds with 420 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/18/2013 3:52:11 PM | Computer Name = BethsSpeedDemon | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort3.

Error - 6/18/2013 3:52:11 PM | Computer Name = BethsSpeedDemon | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort3.

Error - 6/18/2013 3:52:11 PM | Computer Name = BethsSpeedDemon | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort3.

Error - 6/18/2013 3:52:11 PM | Computer Name = BethsSpeedDemon | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort3.

Error - 6/18/2013 3:52:14 PM | Computer Name = BethsSpeedDemon | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort3.

Error - 6/18/2013 3:52:14 PM | Computer Name = BethsSpeedDemon | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort3.

Error - 6/18/2013 3:52:14 PM | Computer Name = BethsSpeedDemon | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort3.

Error - 6/18/2013 3:52:14 PM | Computer Name = BethsSpeedDemon | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort3.

Error - 6/22/2013 11:56:58 PM | Computer Name = BethsSpeedDemon | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.3
with the system having network hardware address 00-07-5C-56-66-50. Network operations
on this system may be disrupted as a result.

Error - 6/24/2013 11:34:10 AM | Computer Name = BethsSpeedDemon | Source = Microsoft-Windows-Application-Experience | ID = 205
Description = The Program Compatibility Assistant service failed to perform the
phase two initialization.


< End of report >

I need to see

1. AdwCleaner log
2. Malwarebytes log
3. OTL log[/QUOTE]
ken545
2013-06-26, 22:07
Hello Beth,

How are ya doing ? Thanks for the logs, good job. Nothing real serious going on that I can see


Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL




:OTL
O2 - BHO: (DownloadTerms) - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Users\Beth's Speed Demon\AppData\Local\DownloadTerms\temp.dat File not found
O3 - HKU\S-1-5-21-3239291453-3162581592-1990427089-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.


:Services

:Reg

:Files
ipconfig /flushdns /c
C:\Program Files\Conduit
C:\END


:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces
BethMcM
2013-06-27, 01:24
Hello Ken, doing great here. Thanks for all the help. Will be glad to have this out of the way. This has been an interesting fix.
Have a great evening.
Beth








All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3239291453-3162581592-1990427089-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Beth's Speed Demon\Desktop\cmd.bat deleted successfully.
C:\Users\Beth's Speed Demon\Desktop\cmd.txt deleted successfully.
File\Folder C:\Program Files\Conduit not found.
File\Folder C:\END not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator

User: All Users

User: Beth's Speed Demon
->Temp folder emptied: 53161915 bytes
->Temporary Internet Files folder emptied: 484871927 bytes
->Java cache emptied: 3771001 bytes
->Google Chrome cache emptied: 313976332 bytes
->Apple Safari cache emptied: 43545600 bytes
->Flash cache emptied: 1404 bytes

User: Default
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 53051 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 224104 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 22496704 bytes

Total Files Cleaned = 880.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 06262013_171840

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
ken545
2013-06-27, 01:35
Wonderful, how are things running now ? Go ahead and run a new scan with Spybot and lets see if there gone
BethMcM
2013-06-27, 03:47
Hope this is not a whole new can of worms.
Beth
ken545
2013-06-27, 11:55
Just a leftover entry for downloadterms, not very serious


Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL




:OTL

:Services

:Reg
[-HKEY_LOCAL_MACHINE\Software\DownloadTerms]
[-HKEY_CURRENT_USER\Software\DownloadTerms]

:Files

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces
BethMcM
2013-06-27, 15:22
Here is the log. I will be away most of the morning, but will check back in this afternoon.
Thanks for the help.
Have a great day!
Beth



All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\Software\DownloadTerms\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\DownloadTerms\ not found.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Beth's Speed Demon
->Temp folder emptied: 94165 bytes
->Temporary Internet Files folder emptied: 492163 bytes
->Java cache emptied: 2186195 bytes
->Google Chrome cache emptied: 188287752 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 643 bytes

User: Default
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8984 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 182.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 06272013_071838

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
ken545
2013-06-27, 16:40
Looking good Beth

How are things running now ?


ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.

Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.
BethMcM
2013-06-27, 23:24
I ran the scan while I was making lunch and came back to this screen shot as there was no log to produce, I am hoping that I did this right and all is well. 10785

I went ahead and ran a spy bot scan and here are the results.


--- Search result list ---
MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

Thank you so much for your help, and I am hoping that the missing log means a good thing.
Beth
ken545
2013-06-28, 00:10
Hello Beth,

You have done well, No Threats Found :bigthumb:

All Spybot is showing are tracking cookies, you can remove them yourself, but this is what you need to do

Cookies store your log in info for sites you frequent the require a user name and password, so I would write down all your user names and passwords ( like this site for instance ) so that when you return to that site you can log in and it will be remembered but by cleaning all the cookies all data will be lost but as you reenter your user name and password it will be remembered again for the next time you log into that site.


After you have all your usernames and passwords written down....

Open Up Chrome ( my new love ) and click on the 3 bars up on the top right of your browser, then click on History> Clear all browsing history and put a checkmark in Clear Browsing History and Clear Cookies.


Everything else looks fine
We need to update your Java to keep you more secure

Go to your Control Panel and click on the Java Icon ( looks like a little coffee cup ) click on About and you should have Version 7 Update 25, if not proceed with the instructions.

Go to the update Tab and update it
Important, during the upgrade UNCHECK ASK TOOL BAR. ( you do not need or want this )

Then go to your Add Remove Programs (WIN XP) or Programs and Features (Vista / Win 7) in the Control Panel and uninstall all previous versions.


You can verify the installation Here (http://www.java.com/en/download/help/testvm.xml)


Let me know how it went ??
BethMcM
2013-06-28, 00:53
I did as requested, I am running Windows 7 and Chrome and all is well in the java dept, I deleted the previous version. I normally get updates for java and I do keep it updated, but I have never deleted the previous version before and will do so from now on, as I snoop in areas of my computer to look for surprises.. I recently started a set of index cards with login and passwords which has become very handy.
What should I do with all of the files etc on my desktop (where I saved all of the information and exe's for this process)?
Are any of them worth keeping and using?
Thanks
Beth
ken545
2013-06-28, 01:28
Beth,

Good going on Java, its best when you update to uninstall any previous versions as older versions can be exploited so your on the right path.

Those tracking cookies will return, there is not really anyway around them, you can enable your browser to not accept cookies but then you will not be able to access most sites , so the best thing to do is just delete them on a regular basis. Tracking cookies are not viruses or anything like that but they will track the sites you go into and some sites will send you back adds.


Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.


Malwarebytes is the free version and yours to keep and will not be removed



How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)



Safe Surfn
Ken
BethMcM
2013-06-28, 04:03
Thanks Ken for your time on this fix. I really appreciate the assistance and the information you provided. I have saved the sites and will spend some time reading.
Have a great day!
Thanks
Beth
ken545
2013-06-28, 12:51
Your welcome Beth,

Take Care,

Ken :)