Computer locked with a FBI warning, cant use it at all

Status
Not open for further replies.
uninstall

I am having a few problems uninstalling a couple of the programs.

I don't see Bearshare on the uninstall list.

FreePriceAlerts 2.3.5:
An error occured while trying to uninstall FreePriceAlerts 2.3.5. It may have already been uninstalled. Would you like to remove FreePriceAlerts 2.3.5 from the Programs and Features list.. What should I do? Click yes or no?, or should I do something else?


Yahoo! Toolbar:
I clicked for it to be uninstalled, it went through the uninstall process. It said the program was uninstalled but it is still in the Programs and Features list. I tried to uninstall it again and it said:Please wait until the current program is finished uninstalling or being changed... It as been awhile and it still says the same thing.

I am going ahead to the next item on your list of things to to. Thank you..
 
Hi. :)

I don't see Bearshare on the uninstall list.
Click to expand...
Not a problem, have a look and see if there is a folder for it in Program Files (x86). If there is open it and a uninstaller for it should be there.

If no folder present, not a problem either and merely means it is not installed at all.

Would you like to remove FreePriceAlerts 2.3.5 from the Programs and Features list.. What should I do? Click yes or no?, or should I do something else?
Click to expand...
Click on Yes, any problems just leave it and inform myself in your next reply and we can tackle it via a different methodology.

Yahoo! Toolbar:
I clicked for it to be uninstalled, it went through the uninstall process. It said the program was uninstalled but it is still in the Programs and Features list. I tried to uninstall it again and it said:Please wait until the current program is finished uninstalling or being changed... It as been awhile and it still says the same thing.
Click to expand...
Just leave that then and reboot the machine, then afterwards check if the entry is still present and if is we can tackle that also via the aforementioned different methodology.

Overall none of the above are that major a concern and I am not surprised any of the dross is not playing nice uninstall wise. ;)
 
Ok. I clicked yes for the FreePriceAlerts 2.3.5.

I rebooted for the Yahoo! Toolbar and it is still there.

Reset Google Chrome:
I can't reset it. There's not a little wrench to click on next to the address bar. There is a little box with 3 lines in it that does open a drop-down box, but within that there is not an "option" link to click.

The time on the laptop is still wrong but the date has fixed itself.

Here is the OTL log:
OTL logfile created on: 4/10/2013 7:42:10 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Shermqn Cooper\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.60 Gb Total Physical Memory | 2.54 Gb Available Physical Memory | 70.41% Memory free
7.21 Gb Paging File | 5.93 Gb Available in Paging File | 82.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446.98 Gb Total Space | 342.17 Gb Free Space | 76.55% Space Free | Partition Type: NTFS
Drive D: | 14.62 Gb Total Space | 1.62 Gb Free Space | 11.11% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.32% Space Free | Partition Type: FAT32

Computer Name: BLACKLIGHT | User Name: Shermqn Cooper | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Shermqn Cooper\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\ActivePath\ActiveMail\UpdateClient.exe (ActivePath Ltd.)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Raptr\raptr.exe (Raptr, Inc)
PRC - C:\Program Files (x86)\Raptr\raptr_im.exe (Raptr, Inc)
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Users\Shermqn Cooper\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe ()
PRC - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe ()
PRC - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
PRC - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Raptr\heliotrope._purple.pyd ()
MOD - C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd ()
MOD - C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd ()
MOD - C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd ()
MOD - C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd ()
MOD - C:\Program Files (x86)\Raptr\sip.pyd ()
MOD - C:\Program Files (x86)\Raptr\Crypto.Util._counter.pyd ()
MOD - C:\Program Files (x86)\Raptr\Crypto.Cipher.AES.pyd ()
MOD - C:\Program Files (x86)\Raptr\Crypto.Random.OSRNG.winrandom.pyd ()
MOD - C:\Program Files (x86)\Raptr\liboscar.dll ()
MOD - C:\Program Files (x86)\Raptr\libjabber.dll ()
MOD - C:\Program Files (x86)\Raptr\libymsg.dll ()
MOD - C:\Program Files (x86)\Raptr\plugins\libaim.dll ()
MOD - C:\Program Files (x86)\Raptr\plugins\libicq.dll ()
MOD - C:\Program Files (x86)\Raptr\plugins\libirc.dll ()
MOD - C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll ()
MOD - C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll ()
MOD - C:\Program Files (x86)\Raptr\plugins\ssl.dll ()
MOD - C:\Program Files (x86)\Raptr\plugins\libmsn.dll ()
MOD - C:\Program Files (x86)\Raptr\plugins\libxmpp.dll ()
MOD - C:\Program Files (x86)\Raptr\plugins\libyahoo.dll ()
MOD - C:\Program Files (x86)\Raptr\simplejson._speedups.pyd ()
MOD - C:\Program Files (x86)\Raptr\libxml2-2.dll ()
MOD - C:\Program Files (x86)\Raptr\sqlite3.dll ()
MOD - C:\Program Files (x86)\Raptr\zlib1.dll ()
MOD - C:\Program Files (x86)\Raptr\win32gui.pyd ()
MOD - C:\Program Files (x86)\Raptr\win32file.pyd ()
MOD - C:\Program Files (x86)\Raptr\win32api.pyd ()
MOD - C:\Program Files (x86)\Raptr\win32process.pyd ()
MOD - C:\Program Files (x86)\Raptr\gobject._gobject.pyd ()
MOD - C:\Program Files (x86)\Raptr\pywintypes26.dll ()
MOD - C:\Program Files (x86)\Raptr\PIL._imaging.pyd ()
MOD - C:\Program Files (x86)\Raptr\_ssl.pyd ()
MOD - C:\Program Files (x86)\Raptr\unicodedata.pyd ()
MOD - C:\Program Files (x86)\Raptr\_hashlib.pyd ()
MOD - C:\Program Files (x86)\Raptr\pyexpat.pyd ()
MOD - C:\Program Files (x86)\Raptr\_elementtree.pyd ()
MOD - C:\Program Files (x86)\Raptr\_ctypes.pyd ()
MOD - C:\Program Files (x86)\Raptr\_sqlite3.pyd ()
MOD - C:\Program Files (x86)\Raptr\_socket.pyd ()
MOD - C:\Program Files (x86)\Raptr\winsound.pyd ()


========== Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (CLEARWIRERcAppSvc) -- C:\Program Files (x86)\Clearwire\Connection Manager\RcAppSvc.exe (SmithMicro Inc.)
SRV - (CACLEARWIRE) -- C:\Program Files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe (SmithMicro Inc.)
SRV - (SMSI Device Launch Service) -- C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe ()
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clearwireDeviceDiagnosticsService) -- C:\Program Files (x86)\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe ()
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (RoxioNow Service) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (bcm) -- C:\Windows\SysNative\drivers\drxvi314_64.sys (Beceem communications pvt ltd.)
DRV:64bit: - (bcmbusctr) -- C:\Windows\SysNative\drivers\BcmBusCtr_64.sys (Beceem communications pvt ltd.)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (PCTINDIS5X64) -- C:\Windows\SysNative\PCTINDIS5X64.sys (Smith Micro Inc.)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{94601678-74C9-4D3D-BCE3-D745F66E7FF3}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{94601678-74C9-4D3D-BCE3-D745F66E7FF3}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.yahoo.com/ [binary data]
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\URLSearchHook: {93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} - No CLSID value found
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\SearchScopes\{317D3F46-EAFE-415B-BC52-E8D648A2C775}: "URL" = http://start.funmoods.com/results.php?f=4&a=ironto&q={searchTerms}
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\SearchScopes\{94601678-74C9-4D3D-BCE3-D745F66E7FF3}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\SearchScopes\{9D3A49F8-CFF3-4DEC-A8A1-77A404F045C9}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3150609
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\SearchScopes\{BF5CDBD7-EC78-41F8-A1B1-01829572104D}: "URL" = http://us.yhs4.search.yahoo.com/yhs/search?hspart=w3i&hsimp=yhs-geneiotransfer&type=W3i_IA,206,0_0,StartPage,20120102,18570,0,0,6434&p={searchTerms}
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.5.7.20130322105505
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Shermqn Cooper\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Shermqn Cooper\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp1950@crossrider.com: C:\Users\Shermqn Cooper\AppData\Local\RewardsArcadeSuite\1950\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/07/10 18:44:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/12/20 18:08:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012/12/20 18:08:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/05 08:49:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/12/29 14:43:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Extensions
[2013/04/09 09:25:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions
[2013/04/09 05:51:53 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/04/09 06:15:32 | 000,000,000 | ---D | M] (ActiveMail) -- C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\activemail@activepath.com
[2012/12/20 18:05:53 | 000,000,000 | ---D | M] (FreePriceAlerts.com) -- C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\extension@freepricealerts.com
[2012/12/20 18:05:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\extension@freepricealerts.com\chrome
[2012/12/20 18:05:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\extension@freepricealerts.com\defaults
[2012/12/29 14:43:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/12/05 08:49:36 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/24 10:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/24 10:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&gct=ds&appid=390&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=8433553062244335&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://search.yahoo.com/web?fr=w3is/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Shermqn Cooper\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Shermqn Cooper\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Shermqn Cooper\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Shermqn Cooper\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: GoogleChromeRemotePlugin (Enabled) = C:\Users\Shermqn Cooper\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\GoogleChromeRemotePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Shermqn Cooper\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: McAfee SiteAdvisor = C:\Users\Shermqn Cooper\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.131.2_0\
CHR - Extension: PowerInbox = C:\Users\Shermqn Cooper\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmmgljeemhhajnponhffhpjioiclpmbh\1.4.0.0_0\
CHR - Extension: RealDownloader = C:\Users\Shermqn Cooper\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do-Not-Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (ActiveMail) - {EF7AED5F-0C26-4820-A570-7DA8B6D93F4A} - C:\ProgramData\ActivePath\ActiveMail\ActiveMailBHO64.dll (ActivePath Ltd.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (AVG Do-Not-Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll File not found
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (ActiveMail) - {EF7AED5F-0C26-4820-A570-7DA8B6D93F4A} - C:\ProgramData\ActivePath\ActiveMail\ActiveMailBHO.dll (ActivePath Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (no name) - !{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - !{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\Toolbar\WebBrowser: (no name) - {93C338DE-5FB5-4FB5-AB4E-0EEDC0BD9F3A} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Clearwire Connection Manager] C:\Program Files (x86)\Clearwire\Connection Manager\ClearwireCM.exe (ClearwireCM)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-884558749-3894208209-999701670-1001..\Run: [Akamai NetSession Interface] C:\Users\Shermqn Cooper\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-884558749-3894208209-999701670-1001..\Run: [Raptr] C:\Program Files (x86)\Raptr\raptrstub.exe (Raptr, Inc)
O4 - HKU\S-1-5-21-884558749-3894208209-999701670-1001..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-884558749-3894208209-999701670-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-21-884558749-3894208209-999701670-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..Trusted Domains: genieo.com ([yahoo] http in Trusted sites)
O15 - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..Trusted Ranges: Range1 ([*] in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26AE02A1-4B39-46A9-89C7-F777F66FFCFD}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E51AE88A-6CA5-4D53-803F-A6EF3053E57E}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/10 06:31:35 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2013/04/10 05:42:28 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/04/10 05:42:28 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/04/10 05:42:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/04/10 05:42:26 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/04/10 05:42:26 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/04/10 05:42:26 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/04/10 05:42:26 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/04/10 05:42:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/04/10 05:42:25 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/04/10 05:42:25 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/04/10 05:42:25 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/04/10 05:42:25 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/04/10 05:42:23 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/04/10 05:42:23 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/04/10 05:42:22 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/04/09 18:46:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013/04/09 09:09:08 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/04/09 09:08:23 | 000,000,000 | ---D | C] -- C:\JRT
[2013/04/09 06:23:43 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013/04/09 06:11:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013/04/09 06:11:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2013/04/08 10:29:55 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/04/08 10:29:55 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/04/08 10:29:54 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/04/08 10:27:27 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013/04/08 10:27:27 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013/04/08 10:27:27 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013/04/08 10:27:27 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013/04/08 10:27:27 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013/04/08 10:27:27 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013/04/08 10:27:27 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013/04/08 10:27:27 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013/04/08 10:27:27 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013/04/08 10:27:27 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013/04/08 10:27:27 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013/04/08 10:27:27 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013/04/08 10:27:27 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013/04/08 10:27:27 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013/04/08 10:27:27 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013/04/08 10:27:27 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013/04/08 10:27:27 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013/04/08 10:27:27 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013/04/08 10:27:27 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013/04/08 10:27:27 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013/04/08 10:27:27 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013/04/08 10:27:27 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013/04/08 10:27:27 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013/04/08 10:27:27 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013/04/08 10:27:26 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013/04/08 10:27:26 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013/04/08 10:27:26 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013/04/08 10:27:26 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013/04/08 10:27:26 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013/04/08 10:27:26 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013/04/08 10:27:26 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013/04/08 10:27:26 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013/04/08 10:21:36 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/04/08 10:21:36 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/04/08 10:17:38 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023x.sys
[2013/04/08 10:17:38 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013/04/08 10:17:21 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/04/08 10:17:20 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/04/08 10:17:19 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/04/08 10:17:19 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/04/08 10:17:19 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/04/08 10:17:19 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/04/08 10:17:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/04/08 10:17:18 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013/04/08 10:17:16 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013/04/08 10:15:45 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/04/08 10:15:45 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/04/08 10:15:44 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/04/08 10:15:44 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/04/08 10:15:44 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/04/08 10:15:44 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/04/08 10:15:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/04/08 10:15:44 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/04/08 10:15:44 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/04/08 10:15:44 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/04/08 10:15:44 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/04/08 10:15:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/04/08 10:15:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/04/08 10:15:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/04/08 10:15:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/04/08 10:15:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/04/08 10:15:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/04/08 10:15:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/04/08 10:15:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/04/08 10:15:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/04/08 10:15:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/04/08 10:15:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/04/08 10:15:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/04/08 10:15:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/04/08 10:15:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/04/08 10:11:20 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013/04/08 09:18:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Shermqn Cooper\Desktop\OTL.exe
[2013/04/08 07:21:56 | 000,000,000 | ---D | C] -- C:\Users\Shermqn Cooper\AppData\Roaming\Malwarebytes
[2013/04/08 07:21:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/08 07:21:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/04/08 07:21:15 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/04/08 07:21:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/04/08 07:20:08 | 000,000,000 | ---D | C] -- C:\Users\Shermqn Cooper\AppData\Local\Programs
[2013/04/05 12:58:19 | 000,000,000 | ---D | C] -- C:\FRST
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/10 07:46:00 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\ActiveMail Chrome Watcher.job
[2013/04/10 07:38:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/10 07:27:00 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-884558749-3894208209-999701670-1001UA.job
[2013/04/10 07:10:38 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/10 07:10:38 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/10 07:03:52 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\ActiveMail Updater.job
[2013/04/10 07:03:37 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Shermqn Cooper.job
[2013/04/10 07:03:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/10 07:03:13 | 2902,646,784 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/10 07:02:00 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_Shermqn Cooper.job
[2013/04/10 06:27:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-884558749-3894208209-999701670-1001Core.job
[2013/04/10 05:47:34 | 000,000,118 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2013/04/10 05:33:06 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForShermqn Cooper.job
[2013/04/09 18:52:25 | 000,009,728 | ---- | M] () -- C:\Users\Shermqn Cooper\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/04/09 18:46:24 | 000,002,046 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/04/09 18:46:24 | 000,002,046 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/04/09 08:03:22 | 000,275,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/09 06:25:00 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-BLACKLIGHT-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/04/09 06:20:15 | 000,002,235 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2013/04/09 05:59:41 | 000,757,060 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/09 05:59:41 | 000,636,268 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/09 05:59:41 | 000,110,694 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/08 09:45:54 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/04/08 09:45:54 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/04/08 09:18:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Shermqn Cooper\Desktop\OTL.exe
[2013/04/08 09:04:34 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Shermqn Cooper.job
[2013/04/08 07:21:17 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/10 05:47:34 | 000,000,118 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2013/04/09 06:25:00 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-BLACKLIGHT-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/04/09 06:20:15 | 000,002,235 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2013/04/09 05:46:14 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\ActiveMail Updater.job
[2013/04/09 05:46:03 | 000,000,396 | ---- | C] () -- C:\Windows\tasks\ActiveMail Chrome Watcher.job
[2013/04/08 07:21:17 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/08 07:01:02 | 000,000,412 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Shermqn Cooper.job
[2013/04/08 07:01:00 | 000,000,406 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Shermqn Cooper.job
[2013/04/08 07:00:49 | 000,000,402 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_Shermqn Cooper.job
[2013/04/07 14:11:52 | 000,000,368 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForShermqn Cooper.job
[2012/08/20 18:29:04 | 000,000,238 | ---- | C] () -- C:\Windows\SysWow64\initparams.ini
[2012/06/30 09:52:44 | 000,009,728 | ---- | C] () -- C:\Users\Shermqn Cooper\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/13 21:56:05 | 000,001,199 | ---- | C] () -- C:\Users\Shermqn Cooper\AppData\Roaming\result.db
[2012/04/13 21:34:55 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/03/02 17:01:47 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2012/02/02 18:34:26 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/26 02:33:38 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/07/05 12:47:06 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/06/09 19:17:36 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/05/13 08:33:18 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
 
Checked programs and files and there was a file "BearShare" in "My Music" but the folder was empty. Is there a way to deleted the folder?. Thanks.

My machine seems to be slowing down now. :sick:
 
Sorry to keep troubling you

When I open Google Chrome, on the infected machine, 2 tabs open. One says "search" with www.searchnu.com/406. I dont know if this is needed. I thought it would just be a regular Chrome home page that would be opened.
The other tab says "search.babylon.com" in the address bar.

Also I forgot to inform you that on the infected machine, after I finished running the AVG removal tool, it did not produce "avgremover.txt" log on the desktop.
There is something on the desktop (it was already there) that says AVGInstLog. When I place the cursor over it it says "compressed files". Should this be kept or deleted?
 
Hi. :)

My machine seems to be slowing down now. :sick:
Click to expand...
This may be of help:-

What to do if your Computer is running slowly

Also I forgot to inform you that on the infected machine, after I finished running the AVG removal tool, it did not produce "avgremover.txt" log on the desktop.
There is something on the desktop (it was already there) that says AVGInstLog. When I place the cursor over it it says "compressed files". Should this be kept or deleted?
Click to expand...
Aye go ahead and delete it etc. Every thing else you have mentioned should be taken care of by the below...

Reset Google Chrome:

Click on Start(Windows 7 Orb) >> Run... and copy and paste the below from the code-box and click on OK

Code: 
%USERPROFILE%\AppData\Local\Google\Chrome\User Data
Navigate to the folder called Default in the directory window that opens and right-click on it and select Rename.

Now rename it as Backup Default. Now launch Google Chrome and check if the issues you mentioned are still present.

Custom OTL Script:

  • Right-click OTL.exe and select Run as Administrator to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code: 
:Commands
[CreateRestorePoint]

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\URLSearchHook: {93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} - No CLSID value found
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\SearchScopes\{317D3F46-EAFE-415B-BC52-E8D648A2C775}: "URL" = http://start.funmoods.com/results.php?f=4&a=ironto&q={searchTerms}
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\SearchScopes\{9D3A49F8-CFF3-4DEC-A8A1-77A404F045C9}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3150609
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\SearchScopes\{BF5CDBD7-EC78-41F8-A1B1-01829572104D}: "URL" = http://us.yhs4.search.yahoo.com/yhs/search?hspart=w3i&hsimp=yhs-geneiotransfer&type=W3i_IA,206,0_0,StartPage,20120102,18570,0,0,6434&p={searchTerms}
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp1950@crossrider.com: C:\Users\Shermqn Cooper\AppData\Local\RewardsArcadeSuite\1950\Firefox
[2013/04/09 05:51:53 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/12/20 18:05:53 | 000,000,000 | ---D | M] (FreePriceAlerts.com) -- C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\extension@freepricealerts.com
[2012/12/20 18:05:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\extension@freepricealerts.com\chrome
[2012/12/20 18:05:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\extension@freepricealerts.com\defaults
O2:64bit: - BHO: (AVG Do-Not-Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (AVG Do-Not-Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll File not found
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (no name) - !{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3 - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\Toolbar\WebBrowser: (no name) - {93C338DE-5FB5-4FB5-AB4E-0EEDC0BD9F3A} - No CLSID value found.
O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O9:64bit: - Extra Button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
O9 - Extra Button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll File not found
O15 - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..Trusted Domains: genieo.com ([yahoo] http in Trusted sites)
O15 - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..Trusted Ranges: Range1 ([*] in Trusted sites)

:Files
C:\Program Files (x86)\AVG
C:\Program Files (x86)\Java
C:\Program Files (x86)\Yahoo!
C:\Users\Shermqn Cooper\Music\BearShare
ipconfig /flushdns /c
netsh advfirewall reset /c 
netsh advfirewall set allprofiles state on /c 

:Reg
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=-
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar]

:Commands
[ResetHosts]
[EmptyTemp]
  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Install Microsoft Security Essentials:

Download the installer for Microsoft Security Essentials to the desktop.

  • Right-click on the installer for Microsoft Security Essentials(mseinstall.exe) and select Run as Administrator.
  • Follow the prompts to install >> when asked if you want to turn one the Windows Firewall, agree to this...
  • Update >> Carry Out a Quick Scan. Have it fix/remove anything it finds.
Note: If anything was removed please make a note of it, to copy anything found/removed:-

Click on Start(Windows 7 Orb) >> Control Panel >> Administrative Tools >> Event Viewer >> Windows Logs >> System

Locate:-

Source= Microsoft Antimalware Event ID=1001 (scan finished)

Next:

When completed the above, please post back the following in the order asked for:

  • How is the computer performing now, any further symptoms and or problems encountered ?
  • OTL Log from the Custom Script.
  • Did Microsoft Security Essentials find/remove anything ?
 
Hi.

Computer seems be be running fine.
Yahoo! Toolbar is back in Programs and Features, but it seems to be ok. Is that ok?


OTL:
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-884558749-3894208209-999701670-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-884558749-3894208209-999701670-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a}\ not found.
HKEY_USERS\S-1-5-21-884558749-3894208209-999701670-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-884558749-3894208209-999701670-1001\Software\Microsoft\Internet Explorer\SearchScopes\{317D3F46-EAFE-415B-BC52-E8D648A2C775}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{317D3F46-EAFE-415B-BC52-E8D648A2C775}\ not found.
Registry key HKEY_USERS\S-1-5-21-884558749-3894208209-999701670-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9D3A49F8-CFF3-4DEC-A8A1-77A404F045C9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D3A49F8-CFF3-4DEC-A8A1-77A404F045C9}\ not found.
Registry key HKEY_USERS\S-1-5-21-884558749-3894208209-999701670-1001\Software\Microsoft\Internet Explorer\SearchScopes\{BF5CDBD7-EC78-41F8-A1B1-01829572104D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF5CDBD7-EC78-41F8-A1B1-01829572104D}\ not found.
Prefs.js: 0 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1\ deleted successfully.
C:\Windows\SysWOW64\npDeployJava1.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp1950@crossrider.com deleted successfully.
File C:\Users\Shermqn Cooper\AppData\Local\RewardsArcadeSuite\1950\Firefox not found.
C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.
C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences folder moved successfully.
C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully.
C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components folder moved successfully.
C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome folder moved successfully.
C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.
C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\extension@freepricealerts.com\defaults\preferences folder moved successfully.
C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\extension@freepricealerts.com\defaults folder moved successfully.
C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\extension@freepricealerts.com\chrome\skin folder moved successfully.
C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\extension@freepricealerts.com\chrome\locale\en-US folder moved successfully.
C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\extension@freepricealerts.com\chrome\locale folder moved successfully.
C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\extension@freepricealerts.com\chrome\content folder moved successfully.
C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\extension@freepricealerts.com\chrome folder moved successfully.
C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\extension@freepricealerts.com folder moved successfully.
Folder C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\extension@freepricealerts.com\chrome\ not found.
Folder C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\extension@freepricealerts.com\defaults\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{D7E97865-918F-41E4-9CD0-25AB1C574CE8} deleted successfully.
Registry value HKEY_USERS\S-1-5-21-884558749-3894208209-999701670-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_USERS\S-1-5-21-884558749-3894208209-999701670-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{93C338DE-5FB5-4FB5-AB4E-0EEDC0BD9F3A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93C338DE-5FB5-4FB5-AB4E-0EEDC0BD9F3A}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vProt deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DA58ACA7-18A6-403A-93DA-6E4172D43709}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DA58ACA7-18A6-403A-93DA-6E4172D43709}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DA58ACA7-18A6-403A-93DA-6E4172D43709}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DA58ACA7-18A6-403A-93DA-6E4172D43709}\ not found.
Registry key HKEY_USERS\S-1-5-21-884558749-3894208209-999701670-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\genieo.com\yahoo\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-884558749-3894208209-999701670-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\* deleted successfully.
Invalid CLSID key: *
========== FILES ==========
C:\Program Files (x86)\AVG\AVG2012\Drivers folder moved successfully.
C:\Program Files (x86)\AVG\AVG2012 folder moved successfully.
C:\Program Files (x86)\AVG folder moved successfully.
C:\Program Files (x86)\Java\jre6\lib\ext folder moved successfully.
C:\Program Files (x86)\Java\jre6\lib folder moved successfully.
C:\Program Files (x86)\Java\jre6\bin folder moved successfully.
C:\Program Files (x86)\Java\jre6 folder moved successfully.
C:\Program Files (x86)\Java folder moved successfully.
C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0 folder moved successfully.
C:\Program Files (x86)\Yahoo!\Companion\Installs folder moved successfully.
C:\Program Files (x86)\Yahoo!\Companion\Data folder moved successfully.
C:\Program Files (x86)\Yahoo!\Companion folder moved successfully.
C:\Program Files (x86)\Yahoo!\Common folder moved successfully.
C:\Program Files (x86)\Yahoo! folder moved successfully.
C:\Users\Shermqn Cooper\Music\BearShare folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Shermqn Cooper\Desktop\cmd.bat deleted successfully.
C:\Users\Shermqn Cooper\Desktop\cmd.txt deleted successfully.
< netsh advfirewall reset /c >
Ok.
C:\Users\Shermqn Cooper\Desktop\cmd.bat deleted successfully.
C:\Users\Shermqn Cooper\Desktop\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state on /c >
Ok.
C:\Users\Shermqn Cooper\Desktop\cmd.bat deleted successfully.
C:\Users\Shermqn Cooper\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Sidebar deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Sidebar not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar\ deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: hedev
->Temp folder emptied: 43164427 bytes

User: Public

User: Shermqn Cooper
->Temp folder emptied: 3948389448 bytes
->Temporary Internet Files folder emptied: 833709167 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 87144297 bytes
->Google Chrome cache emptied: 6678718 bytes
->Flash cache emptied: 60973 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 3307728 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 369740986 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes
RecycleBin emptied: 990766 bytes

Total Files Cleaned = 5,048.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 04112013_071919

Files\Folders moved on Reboot...
File\Folder C:\Users\Shermqn Cooper\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\DP4MUX61\e=2;sz=728x90,1008x150,1008x200,1008x30,9x1;p=t;p=top;ct=com;ua=2;r=afc;g=brc;id=tt0024339;g=dr;g=ro;tt=f;coo=usa;k=c;ab=e;;u=3686446292805891.5;ord=3686446292805891[1].js not found!
File\Folder C:\Users\Shermqn Cooper\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\DP4MUX61\maindetails;tile=3;sz=300x250,300x600,11x1;p=tr;p=tc;ct=com;ua=2;r=afc;g=brc;id=tt0024339;g=dr;g=ro;tt=f;coo=usa;k=c;ab=e;;u=3686446292805891.5;ord=3686446292805891[1].js not found!
File\Folder C:\Users\Shermqn Cooper\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\DP4MUX61\metro_metrotv_tvap;area=tv;subarea=tv;target=;page=ap;article=884991;content=;section=;env=prod;slot=300x120_top;tile=4;sz=300x120;test=pagepeel;ord=3058252066174628[1].js not found!
File\Folder C:\Users\Shermqn Cooper\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\DP4MUX61\metro_metrotv_tvap;area=tv;subarea=tv;target=;page=ap;article=884991;content=;section=;env=prod;slot=300x250;tile=3;sz=300x250;test=pagepeel;ord=3058252066174628[1].js not found!
File\Folder C:\Users\Shermqn Cooper\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\DP4MUX61\metro_metrotv_tvap;area=tv;subarea=tv;target=;page=ap;article=884991;content=;section=;env=prod;slot=300x250;tile=7;sz=300x250;test=pagepeel;ord=3058252066174628[1].js not found!
File\Folder C:\Users\Shermqn Cooper\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\DP4MUX61\sz=450x60;mpvid=AAS68ygeuK2rWYN1;!c=1123;k2=3;k2=34;k2=1106;kvid=8tCqSm4Phug;shortform=1;kpid=1123;kga=-1;kgg=-1;kcr=us;kvz=204;longads=1;ytexp=907529.914041.909903[1].asx not found!
File\Folder C:\Users\Shermqn Cooper\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\DP4MUX61\t_videoclipsmoviedownloads;sz=300x250;tile=1;dcopt=ist;klg=en;kt=K;kga=-1;kr=F;kw=the+reader+trailer;kgg=-1;kcr=us;dc_dedup=1;kmyd=ad_creative_1;ord=1903681969128292[1].js not found!
File\Folder C:\Users\Shermqn Cooper\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\DP4MUX61\t_videoclipsmoviedownloads;sz=300x250;tile=1;dcopt=ist;klg=en;kt=K;kga=-1;kr=F;kw=the+reader+trailer;kgg=-1;kcr=us;dc_dedup=1;kmyd=ad_creative_1;ord=3838866801900785[1].js not found!
File\Folder C:\Users\Shermqn Cooper\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CW9RV76M\metro_metrotv_tvap;area=tv;subarea=tv;target=;page=ap;article=884991;content=;section=;env=prod;slot=120x600;tile=5;sz=120x600;test=pagepeel;ord=3058252066174628[1].js not found!
File\Folder C:\Users\Shermqn Cooper\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\C9NPSE7J\252525252520Itachi%252525252520Kakuzu%252525252520kisame%252525252520Konan%252525252520Naruto%252525252520Pein%252525252520sasori%252525252520Tobi%252525252520zetsu[1].jpg not found!
File\Folder C:\Users\Shermqn Cooper\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\C9NPSE7J\e;aff=communities;aff=teens;artid=3856;dmn=wikiacom;hostpre=naruto;pos=TOP_RIGHT_BOXAD;wpage=mikoto_uchiha;lang=en;dis=large;hasp=yes;cat=characters;loc=top;admeld=0[1].js not found!
File\Folder C:\Users\Shermqn Cooper\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\C9NPSE7J\nities;aff=teens;artid=3856;dmn=wikiacom;hostpre=naruto;pos=TOP_LEADERBOARD;wpage=mikoto_uchiha;lang=en;dis=large;hasp=yes;cat=characters;loc=top;dcopt=ist;admeld=-1[1].js not found!
File\Folder C:\Users\Shermqn Cooper\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\B4RD71HK\afct=site_content;tile=1;kvz=204;tves=2;kvid=8tCqSm4Phug;pos=pre;sz=480x70,480x360,480x361;k5=3_34_1106;khd=0;longads=1;!c=1123;kt=K;ko=c;ytexp=907529.914041.909903[1].asx not found!
File\Folder C:\Users\Shermqn Cooper\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\B4RD71HK\esatelliteproviders;sz=300x250;tile=1;dcopt=ist;klg=en;kt=K;kga=-1;kr=R;kw=cinemax+nightcap+episodes;kgg=-1;kcr=us;dc_dedup=1;kmyd=ad_creative_1;ord=6324308902185103[1].js not found!
File\Folder C:\Users\Shermqn Cooper\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\B4RD71HK\lesatelliteproviders;sz=300x250;tile=1;dcopt=ist;klg=en;kt=K;kga=-1;kr=R;kw=cinemax+nightcap+episodes;kgg=-1;kcr=us;dc_dedup=1;kmyd=ad_creative_1;ord=596017488604290[1].js not found!
File\Folder C:\Users\Shermqn Cooper\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\6R3UEZLS\0,300x250;mpvid=AAS68ygeuK2rWYN1;!c=1123;k2=3;k2=34;k2=1106;kvid=8tCqSm4Phug;shortform=1;kpid=1123;kga=-1;kgg=-1;kcr=us;kvz=204;longads=1;ytexp=907529.914041.909903[1].htm not found!
File\Folder C:\Users\Shermqn Cooper\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\6R3UEZLS\;area=tv;subarea=tv;target=;page=ap;article=884991;content=;section=;env=prod;dcopt=ist;slot=728x90,468x60;tile=1;sz=728x90,468x60;test=pagepeel;ord=3058252066174628[1].js not found!
File\Folder C:\Users\Shermqn Cooper\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\6R3UEZLS\metro_metrotv_tvap;area=tv;subarea=tv;target=;page=ap;article=884991;content=;section=;env=prod;slot=900x250;tile=2;sz=900x250;test=pagepeel;ord=3058252066174628[1].js not found!
File\Folder C:\Users\Shermqn Cooper\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\6R3UEZLS\ro_metrotv_tvap;area=tv;subarea=tv;target=;page=ap;article=884991;content=;section=;env=prod;slot=300x120_bottom;tile=6;sz=300x120;test=pagepeel;ord=3058252066174628[1].js not found!
C:\Users\Shermqn Cooper\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



MSE: there were no problems found.:bigthumb:
 
Unsure what to do

I just restarted the infected machine. When the desktop came it there is a "Windows Security Alert" box in the middle of the screen.
It says "Windows Firewall has blocked some features of this program".
Windows Firewall has blocked some features of Akamai NetSession Client on all public and private networks.
Name: Akamai NetSession Client
Publisher: Akamai Technologies, Inc.
Path: C:\users\shermqn cooper \appdata\local\akamai
\netsession_win.exe

Allow Akamai NetSession Client to communicate on these networks:

then it has the Private Networks box checked and the public networks box unchecked. It then asks to Allow access or Cancel.

I am not sure what to do so I have just left it there and not checked anything until I hear from you. Thanks.
 
Hi. :)

MSE: there were no problems found.:bigthumb:
Click to expand...
Good.

I am not sure what to do so I have just left it there and not checked anything until I hear from you. Thanks.
Click to expand...
This is fine to allow, reason for the prompt the prior custom OTL script reset the inbuilt Windows 7 Firewall settings etc.

Yahoo! Toolbar is back in Programs and Features, but it seems to be ok. Is that ok?
Click to expand...
Hmm a strange one that as according to the custom OTL script log the entry was deleted successfully.

OK not a problem...download and install the toolbar from here, then uninstall it.

Next:

Let check/update some software as follows shall we...

  • Download and install FileHippo Update Checker from here.
  • Once installed(during the installation process deselect the option:- Run at Startup >> Start(Windows 7 Orb) >> All Programs >> right-click on Update Checker and select Run as Administrator >> a browser window will open after the scan is complete.
  • Download any updates detected(apart from beta updates) to the desktop >> uninstall anything that requires updating via Programs and Features in the Control Panel.
  • Re-install the updated software, delete the installers and then empty the Recycle Bin.
  • When completed the above let myself know and if any further issues remaining, thank you.
Note: When I give the all clear my advice would be to consider keeping FileHippo Update Checker installed. Then periodically use it to check for any updates as having certain software outdated is a potential for malware to gain a foothold and exploit a system etc.
 
Hi

Ok. I allowed Akamai NetSession Client.

I went to reinstall the Yahoo! Toolbar but it was blocked. It said the one that was installed was the updated version. Should I just leave it alone or will it cause more problems.


I downloaded FileHippo Update Checker. Ran it and it found about 8 updates and about 3 beta updates. I did not download the beta ones.
When I did the downloads they did not go to the desktop, they went to the downloads folder. I sent them to the desktop from there. I have ran all of them except one "Evernote4". When I clicked to update Evernote4 from the desktop icon I received a message saying "Setup error, The installer was unable to uninstall a previous version of Evernote4 from your computer. Please uninstall Evernote4 manually then restart the installer from this location: C:Users\Shermqn Cooper\Downloads\Evernote4_4.6.4.8136.exe.
Just thought I would check with you before I did it.

You also said to delete the installers am I right to assume that I will need to delete them from the downloads folder as well as the desktop icons?..Many, many thanks again for all of your help.
 
Hi. :)

I went to reinstall the Yahoo! Toolbar but it was blocked. It said the one that was installed was the updated version. Should I just leave it alone or will it cause more problems.
Click to expand...
Aye leave it for the time being please...

However do check for myself if there is anything absolutely Yahoo related in either of the Program Files or Program Files (x86) folders. In the event their is, double-click on the respective folder and check if anything is present inside etc.

Also check again if either Yahoo! Software Update or Yahoo! Toolbar are still present in Programs and Features.

When I did the downloads they did not go to the desktop, they went to the downloads folder. I sent them to the desktop from there. I have ran all of them except one "Evernote4". When I clicked to update Evernote4 from the desktop icon I received a message saying "Setup error, The installer was unable to uninstall a previous version of Evernote4 from your computer. Please uninstall Evernote4 manually then restart the installer from this location: C:Users\Shermqn Cooper\Downloads\Evernote4_4.6.4.8136.exe.
Just thought I would check with you before I did it.
Click to expand...
Aye that is fine so is what you enquired about etc.

You also said to delete the installers am I right to assume that I will need to delete them from the downloads folder as well as the desktop icons?..Many, many thanks again for all of your help.
Click to expand...
Correct, as in once finished with the installers go ahead and delete them and you're welcome!
 
Last edited:
Yahoo! Toolbar:
There's nothing in either Program Files or Program Files (x86) folders.
When I checked Programs and Features it said an error occurred trying to uninstall Yahoo! Toolbar. It may have already been uninstalled. Would you like to remove Yahoo! Toolbar from Programs and Features. I clicked yes.

Evernote4 updated correctly. I have no idea what it is for but its not my computer. ;)

I have deleted the installers...

:clap:
 
Hi. :)

Yahoo! Toolbar:
There's nothing in either Program Files or Program Files (x86) folders.
When I checked Programs and Features it said an error occurred trying to uninstall Yahoo! Toolbar. It may have already been uninstalled. Would you like to remove Yahoo! Toolbar from Programs and Features. I clicked yes.
Click to expand...
Good, that's sorted then.

Evernote4 updated correctly. I have no idea what it is for but its not my computer. ;)
Click to expand...
Basically it is like a Filofax for a computer, it may be used in this instance to save information about games since your friends son appears to be a online gamer. This is just a guess what it may actually be used for as you would have to ask the lad himself.

I have deleted the installers...

:clap:
Click to expand...
Acknowledged...

Congratulations the computer appears to be malware free!

Clean up with OTL:

  • Right-click OTL and select Run as Administrator to start the program.
  • Close all other programs apart from OTL as this step will require a reboot.
  • On the OTL main screen, depress the CleanUp button.
  • Say Yes to the prompt and then allow the program to reboot your computer.
The above process should clean up and remove the vast majority of scanners used and logs created etc.

Any left over merely delete yourself and empty the Recycle Bin.

Reset the System Restore points:

Create a new, clean System Restore point:-
  • Right click on Computer and select Properties >> System protection >> Create.
  • Give this restore point a descriptive name and click Create.
  • When the new restore point is created click on OK >> close the System Properties window.
Note: Do not clear infected/old System Restore points before creating a new System Restore point first!

Flush Old System Restore points:-
  • Next click Start(Windows 7 Orb) >> Run (or the Windows key and R together) to bring up the Run box and and copy and paste in:
    Code: 
    cleanmgr
  • in the box and press OK.
  • Select the system drive, C >> OK.
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Click on Clean up system files >> Select the system drive, C >> OK.
  • Now click on the More Options tab.
  • Under:-
System Restore and Shadow Copies
  • Click on Clean up... >> Delete >> OK >> Delete Files.
Next:

Be a good idea to bookmark this topic on the computer we have been working on and show it your friends son etc.

Any questions? Feel free to ask, if not stay safe!
 
Yay!!!!!!!

Thank you so very, very much..I know this will be one very happy young man. None of us can afford the cost of going to a so call pro, they dont always complete the job anyway. I have be coming here for a few years and I know you all are the best and will do whatever it takes to help. You do this because you want too and that is what makes you so very special.
The young man has been without this computer for awhile, I know he will be over joyed.
I thank you again and I will be sure to show him this thread so that he can see all the trouble you went through to get it going.
Are there any other things I should do at this point?.. If not, be blessed and you are "AWESOME!!!":crowned: :thanks:
 
You're most welcome/thank you for the compliment...

No further action/advice is required on my behalf per-say and your good to go so to speak, give the computer back to the lad etc. :)
 
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

Note: If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh set of DDS logs and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.
 
Status
Not open for further replies.
Back
Top