Homepage hijack

[labman]

Hi all,

 

Found this forum while searching why my browser home page has suddenly changed to yahoo-spigot search.

 

I feel this occured after an update to Iobit smart defrag 3 but am not positive.

 

Based upon previous posts regarding this subject I ran Malwarebytes and Rouge Remover but did not remove any findings.

 

My main browser is FF, but occasionally need to IE and the same problem exists there.

 

The following are the reports.

 

Thanks in advance for any and all help.

 

 

 

Malwarebytes scan log

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Mark :: MARK-LAPTOP [administrator]

2/18/2014 10:22:30 PM
mbam-log-2014-02-18 (22-22-30).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218112
Time elapsed: 7 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


=======================================================================================================================



RogueKiller V8.8.7 [Feb 11 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Mark [Admin rights]
Mode : Scan -- Date : 02/18/2014 22:36:45
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS725025A9A364 ATA Device +++++
--- User ---
[MBR] c2f93443d00de645c84fbba2e03178c5
[bSP] 3d91004ce31ad201d4ec981aa0fcc305 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 224319 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 459814912 | Size: 13852 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 488183808 | Size: 103 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_02182014_223645.txt >>

[labman]

DDS reports

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 10.51.2
Run by Mark at 0:10:15 on 2014-02-19
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3836.2277 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\explorer.exe
C:\Windows\notepad.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

uURLSearchHooks: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.7\iobitappsToolbarIE.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.7\iobitappsToolbarIE.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: URLHooker2 Class: {93935F7F-9C88-42F8-8445-95251D27FABC} - C:\Program Files (x86)\Flash Video Downloader\URLHooker.dll
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.7\iobitappsToolbarIE.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
dRun: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
uPolicies-Explorer: Preview = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.





TCP: NameServer = 208.180.42.68 208.180.42.100 192.168.1.1
TCP: Interfaces\{A90C6FCA-C020-4B2B-B5B2-CB05E4520259} : DHCPNameServer = 208.180.42.68 208.180.42.100 192.168.1.1
TCP: Interfaces\{C7E7C7EB-3A45-4AEE-AB47-03826FA07B25} : DHCPNameServer = 208.180.42.68 208.180.42.100 192.168.1.1
TCP: Interfaces\{C7E7C7EB-3A45-4AEE-AB47-03826FA07B25}\0516D607169716 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C7E7C7EB-3A45-4AEE-AB47-03826FA07B25}\052796E636563737 : DHCPNameServer = 64.71.255.198
TCP: Interfaces\{C7E7C7EB-3A45-4AEE-AB47-03826FA07B25}\27F657475627D22656C6B696E6534376 : DHCPNameServer = 192.168.2.1 198.190.226.3 198.190.226.30
TCP: Interfaces\{C7E7C7EB-3A45-4AEE-AB47-03826FA07B25}\34F6E636F62746 : DHCPNameServer = 192.168.100.200
TCP: Interfaces\{C7E7C7EB-3A45-4AEE-AB47-03826FA07B25}\C6F636B6F6E683631353 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C7E7C7EB-3A45-4AEE-AB47-03826FA07B25}\E4544574541425 : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
x64-BHO: Slick Savings: {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.7\iobitappsToolbarIE64.dll
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [HP Software Update] c:\program files (x86)\hp\hp software update\hpwuschd2.exe



x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-10-24 194872]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2014-2-17 21184]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-5 150808]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-4 240920]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-10-31 212280]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [2013-12-10 881440]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2010-2-3 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-4 203264]
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2014-2-7 807800]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-11-7 341824]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-2-3 215040]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-2-3 36408]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-11-11 3478544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2013-12-10 2151744]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-10-30 228408]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-2-7 103064]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 HtcUsbMdmV64;HTC Proprietary USB Driver;C:\Windows\System32\drivers\HtcUsbMdmV64.sys [2010-11-19 121800]
S3 HtcVCom32;HTC Diagnostic Port;C:\Windows\System32\drivers\HtcVComV64.sys [2010-11-19 121800]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-14 111616]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-12-17 25928]
S3 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-17 418376]
S3 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-17 701512]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-5-20 36720]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 PulseUsb;Livescribe Smartpen USB Driver;C:\Windows\System32\drivers\PulseUsb.sys [2010-7-28 26112]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-24 19456]
S3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2013-10-19 34848]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-2-3 216576]
S3 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-2-7 203672]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-17 56832]
S3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2013-10-19 23016]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-9 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2013-10-19 23048]
S4 PenCommService;Livescribe Pulse Smartpen Service; [x]
.
=============== Created Last 30 ================
.
2014-02-19 03:15:20    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-02-19 01:35:43    --------    d-----w-    C:\Users\Mark\AppData\Local\{7363A725-3F1E-4334-B93A-A23706692C66}
2014-02-17 20:39:50    6573056    ----a-w-    C:\Windows\System32\mstscax.dll
2014-02-17 20:39:50    5693440    ----a-w-    C:\Windows\SysWow64\mstscax.dll
2014-02-17 20:22:33    792576    ----a-w-    C:\Windows\SysWow64\TSWorkspace.dll
2014-02-17 20:17:43    --------    d-----w-    C:\Users\Mark\AppData\Local\{55BBEEC7-A3CF-4ABB-9B9E-7668263A99DC}
2014-02-17 20:17:19    --------    d-----w-    C:\Program Files (x86)\Application Updater
2014-02-17 20:17:18    --------    d-----w-    C:\Program Files (x86)\IObit Apps Toolbar
2014-02-17 20:17:18    --------    d-----w-    C:\Program Files (x86)\Common Files\Spigot
2014-02-17 20:16:28    34080    ----a-w-    C:\Windows\System32\SmartDefragBootTime.exe
2014-02-17 20:15:53    128320    ----a-w-    C:\Windows\System32\IObitSmartDefragExtension.dll
2014-02-17 20:14:25    21184    ----a-w-    C:\Windows\System32\drivers\SmartDefragDriver.sys
2014-02-14 19:25:48    548864    ----a-w-    C:\Windows\System32\vbscript.dll
2014-02-14 19:25:48    454656    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-02-14 02:12:30    --------    d-----w-    C:\Users\Mark\AppData\Local\{C8F52A2D-E89D-47CC-95F8-6E773B4956E5}
2014-02-12 22:32:46    --------    d-----w-    C:\Users\Mark\AppData\Local\{29A89918-7E7C-4FF2-B3DC-3CDCD8662EAB}
2014-02-12 02:31:37    2048    ----a-w-    C:\Windows\SysWow64\msxml3r.dll
2014-02-12 02:31:37    2048    ----a-w-    C:\Windows\System32\msxml3r.dll
2014-02-12 02:31:37    1882112    ----a-w-    C:\Windows\System32\msxml3.dll
2014-02-12 02:31:37    1237504    ----a-w-    C:\Windows\SysWow64\msxml3.dll
2014-02-12 02:25:52    3928064    ----a-w-    C:\Windows\System32\d2d1.dll
2014-02-12 02:25:52    3419136    ----a-w-    C:\Windows\SysWow64\d2d1.dll
2014-02-12 02:25:52    2565120    ----a-w-    C:\Windows\System32\d3d10warp.dll
2014-02-12 02:25:52    1987584    ----a-w-    C:\Windows\SysWow64\d3d10warp.dll
2014-02-12 01:49:11    --------    d-----w-    C:\Users\Mark\AppData\Local\{97D1B32E-5038-4FED-8C5A-DEBACBA1972C}
2014-02-11 01:45:28    --------    d-----w-    C:\Users\Mark\AppData\Local\{E016CA8C-2BD7-4A13-8D1A-FCB7624D60B1}
2014-02-10 04:19:09    --------    d-----w-    C:\Users\Mark\AppData\Local\{FD1F0519-FC63-44A7-AC64-98FDF2F96AC6}
2014-02-09 16:18:57    --------    d-----w-    C:\Users\Mark\AppData\Local\{A64B035F-94C7-42F1-8A44-DBEBB145DBDE}
2014-02-08 16:28:04    --------    d-----w-    C:\Users\Mark\AppData\Local\{4C74EECF-1F4F-4E02-8CDE-90C7F752E247}
2014-02-08 00:09:33    --------    d-----w-    C:\Users\Mark\AppData\Local\{40446A37-B4C1-4136-9EF6-A482CA79E442}
2014-02-07 05:53:38    --------    d-----w-    C:\Users\Mark\AppData\Roaming\ProductData
2014-02-07 05:08:31    --------    d-----w-    C:\Program Files (x86)\Samsung
2014-02-07 05:04:36    203672    ----a-w-    C:\Windows\System32\drivers\ssudmdm.sys
2014-02-07 05:04:36    103064    ----a-w-    C:\Windows\System32\drivers\ssudbus.sys
2014-02-07 05:04:35    --------    d-----w-    C:\Program Files\SAMSUNG
2014-02-07 05:04:08    --------    d-----w-    C:\ProgramData\Samsung
2014-02-07 04:57:35    --------    d-----w-    C:\Users\Mark\AppData\Roaming\VERIZON
2014-02-07 03:09:04    --------    d-----w-    C:\Users\Mark\AppData\Local\{9A90140D-49BA-4965-81CB-C3DAA09A549B}
2014-02-06 02:04:13    --------    d-----w-    C:\Users\Mark\AppData\Local\{C04EDB32-493A-453A-A904-1801228C76F5}
2014-02-05 01:27:03    --------    d-----w-    C:\Users\Mark\AppData\Local\{72659762-F7AF-4D5A-8303-7F02959A39B4}
2014-02-04 00:02:14    --------    d-----w-    C:\Users\Mark\AppData\Local\{3E255AD3-70D6-4B29-9469-862A3016DF84}
2014-02-02 17:24:42    --------    d-----w-    C:\Users\Mark\AppData\Local\{072EA091-99FC-4DF6-9E42-36A32188F101}
2014-02-01 23:43:01    --------    d-----w-    C:\Users\Mark\AppData\Local\{38A1B241-81C9-4582-97CA-F39AB8515975}
2014-02-01 11:14:03    --------    d-----w-    C:\Users\Mark\AppData\Local\{882686C7-1035-4512-9CD4-C4031AA0324C}
2014-01-31 23:13:50    --------    d-----w-    C:\Users\Mark\AppData\Local\{B8726C46-0E6F-4E15-B03C-8BF24CDBD258}
2014-01-30 23:42:58    --------    d-----w-    C:\Users\Mark\AppData\Local\{5CCF5C97-4405-4DC5-A3F2-E124E7161CE3}
2014-01-30 01:10:34    --------    d-----w-    C:\Users\Mark\AppData\Local\{FF858F44-421F-4D95-B590-FB143DF2D581}
2014-01-29 11:20:51    --------    d-----w-    C:\Users\Mark\AppData\Local\{33BCB970-8BD3-44C2-A1BB-3A3EBDCFEE72}
2014-01-28 23:20:26    --------    d-----w-    C:\Users\Mark\AppData\Local\{28CDA880-EB0D-462A-A44B-2BD55FE0777C}
2014-01-28 03:37:46    --------    d-----w-    C:\Users\Mark\AppData\Local\{83C1D046-52ED-4E63-9700-0D83CE7C61B6}
2014-01-27 04:08:35    --------    d-----w-    C:\Users\Mark\AppData\Local\{E4DB7628-4343-469C-8D7F-3A4B7A32BE47}
2014-01-26 15:02:55    --------    d-----w-    C:\Users\Mark\AppData\Local\{FF4C6FDF-F2BB-4C17-9C85-63A4879AB4DE}
2014-01-25 23:13:39    --------    d-----w-    C:\Users\Mark\AppData\Local\{2016BBD1-FE9E-45C2-8528-055FD0F4E5EA}
2014-01-25 00:17:43    --------    d-----w-    C:\Users\Mark\AppData\Local\{951C0C31-E866-4BB8-AA06-2AF0C596BDC4}
2014-01-23 22:48:50    --------    d-----w-    C:\Users\Mark\AppData\Local\{15769F31-05D5-4045-957E-153425EAA89F}
2014-01-22 23:06:24    --------    d-----w-    C:\Users\Mark\AppData\Local\{47153413-A648-4EF5-B243-4DFEB50234C9}
2014-01-21 22:41:31    --------    d-----w-    C:\Users\Mark\AppData\Local\{F2CBD60A-61DB-4BAE-B50E-9F2E69358F67}
2014-01-20 23:03:58    --------    d-----w-    C:\Users\Mark\AppData\Local\{F84766DB-72C5-48B0-820A-D3C7AF4DCF9C}
2014-01-20 08:06:47    --------    d-----w-    C:\Users\Mark\AppData\Local\{FA1AD5A9-B320-431A-BE6A-E9C375694535}
.
==================== Find3M  ====================
.
2014-02-06 11:30:46    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37    5768704    ----a-w-    C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32    2041856    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36    4244480    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2014-02-06 09:09:30    1964032    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-02-05 01:27:11    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-05 01:27:11    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-19 02:09:39    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-11 01:21:05    335360    ----a-w-    C:\Windows\System32\msieftp.dll
2013-12-11 01:21:05    301568    ----a-w-    C:\Windows\SysWow64\msieftp.dll
2013-12-11 01:20:48    12625920    ----a-w-    C:\Windows\System32\wmploc.DLL
2013-12-11 01:20:48    12625408    ----a-w-    C:\Windows\SysWow64\wmploc.DLL
2013-12-11 01:20:21    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-12-11 01:20:21    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-12-11 01:20:02    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-12-11 01:20:02    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-12-11 01:19:19    202752    ----a-w-    C:\Windows\System32\scrrun.dll
2013-12-11 01:19:19    168960    ----a-w-    C:\Windows\System32\wscript.exe
2013-12-11 01:19:19    163840    ----a-w-    C:\Windows\SysWow64\scrrun.dll
2013-12-11 01:19:19    156160    ----a-w-    C:\Windows\System32\cscript.exe
2013-12-11 01:19:19    150016    ----a-w-    C:\Windows\System32\wshom.ocx
2013-12-11 01:19:19    141824    ----a-w-    C:\Windows\SysWow64\wscript.exe
2013-12-11 01:19:19    126976    ----a-w-    C:\Windows\SysWow64\cscript.exe
2013-12-11 01:19:19    121856    ----a-w-    C:\Windows\SysWow64\wshom.ocx
2013-12-11 01:19:06    230400    ----a-w-    C:\Windows\System32\drivers\portcls.sys
2013-12-11 01:19:06    116736    ----a-w-    C:\Windows\System32\drivers\drmk.sys
2013-12-11 01:18:54    81408    ----a-w-    C:\Windows\System32\imagehlp.dll
2013-12-11 01:18:54    159232    ----a-w-    C:\Windows\SysWow64\imagehlp.dll
2013-12-11 01:18:28    197120    ----a-w-    C:\Windows\System32\credui.dll
2013-12-11 01:18:28    1930752    ----a-w-    C:\Windows\System32\authui.dll
2013-12-11 01:18:28    190464    ----a-w-    C:\Windows\System32\SmartcardCredentialProvider.dll
2013-12-11 01:18:28    1796096    ----a-w-    C:\Windows\SysWow64\authui.dll
2013-12-11 01:18:28    168960    ----a-w-    C:\Windows\SysWow64\credui.dll
2013-12-11 01:18:28    152576    ----a-w-    C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-12-11 01:17:58    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2013-12-11 01:17:58    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2013-12-11 01:17:38    1474048    ----a-w-    C:\Windows\System32\crypt32.dll
2013-12-11 01:17:38    1168384    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-12-11 01:17:03    497152    ----a-w-    C:\Windows\System32\drivers\afd.sys
2013-12-04 02:27:33    485888    ----a-w-    C:\Windows\System32\secproc_isv.dll
2013-12-04 02:27:33    123392    ----a-w-    C:\Windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33    123392    ----a-w-    C:\Windows\System32\secproc_ssp.dll
2013-12-04 02:27:16    488448    ----a-w-    C:\Windows\System32\secproc.dll
2013-12-04 02:26:32    528384    ----a-w-    C:\Windows\System32\msdrm.dll
2013-12-04 02:16:51    658432    ----a-w-    C:\Windows\System32\RMActivate_isv.exe
2013-12-04 02:16:51    626176    ----a-w-    C:\Windows\System32\RMActivate.exe
2013-12-04 02:16:50    552960    ----a-w-    C:\Windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48    553984    ----a-w-    C:\Windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20    87040    ----a-w-    C:\Windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20    87040    ----a-w-    C:\Windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20    423936    ----a-w-    C:\Windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08    428032    ----a-w-    C:\Windows\SysWow64\secproc.dll
2013-12-04 02:02:06    390144    ----a-w-    C:\Windows\SysWow64\msdrm.dll
2013-12-04 01:54:14    510976    ----a-w-    C:\Windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10    594944    ----a-w-    C:\Windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09    572416    ----a-w-    C:\Windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06    508928    ----a-w-    C:\Windows\SysWow64\RMActivate_ssp_isv.exe
2013-11-27 01:41:37    343040    ----a-w-    C:\Windows\System32\drivers\usbhub.sys
2013-11-27 01:41:15    99840    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2013-11-27 01:41:11    53248    ----a-w-    C:\Windows\System32\drivers\usbehci.sys
2013-11-27 01:41:11    325120    ----a-w-    C:\Windows\System32\drivers\usbport.sys
2013-11-27 01:41:09    25600    ----a-w-    C:\Windows\System32\drivers\usbohci.sys
2013-11-27 01:41:06    30720    ----a-w-    C:\Windows\System32\drivers\usbuhci.sys
2013-11-27 01:41:03    7808    ----a-w-    C:\Windows\System32\drivers\usbd.sys
2013-11-26 17:25:52    267936    ------w-    C:\Windows\System32\MpSigStub.exe
2013-11-26 11:40:00    376768    ----a-w-    C:\Windows\System32\drivers\netio.sys
2013-11-26 10:32:56    3156480    ----a-w-    C:\Windows\System32\win32k.sys
.
============= FINISH:  0:10:34.80 ===============

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/9/2010 11:31:25 AM
System Uptime: 2/18/2014 8:23:05 PM (4 hours ago)
.
Motherboard: Hewlett-Packard |  | 363F
Processor: AMD Athlon II Dual-Core M320 | Socket S1G3 | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 219 GiB total, 122.581 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 2.245 GiB free.
E: is FIXED (FAT32) - 0 GiB total, 0.09 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 4500 G510n-z
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet 4500 G510n-z
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Officejet 4500 G510n-z
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Officejet 4500 G510n-z
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
==== System Restore Points ===================
.
RP394: 1/18/2014 3:43:32 PM - Installed Java 7 Update 51
RP395: 1/26/2014 4:20:48 PM - Scheduled Checkpoint
RP396: 2/4/2014 10:30:02 PM - Scheduled Checkpoint
RP397: 2/7/2014 12:07:47 AM - Installed SUABnR
RP398: 2/14/2014 12:20:55 AM - Scheduled Checkpoint
RP399: 2/14/2014 2:24:21 PM - Windows Update
RP400: 2/17/2014 3:22:49 PM - Windows Update
RP401: 2/17/2014 11:46:02 PM - Windows Update
.
==== Installed Programs ======================
.
4500_G510nz_Help
4500G510nz
4500G510nz_Software_Min
64 Bit HP CIO Components Installer
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader X (10.1.9)
Adobe Shockwave Player
Adobe Shockwave Player 11.6
Advanced SystemCare 7
Amazon Cloud Player
Amazon Kindle
Amazon MP3 Downloader 1.0.17
AMD USB Filter Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Applian FLV and Media Player 3.1.1.12
Atheros Driver Installation Program
ATI Catalyst Install Manager
AVG 2014
Bonjour
BufferChm
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
ConvertHelper 2.2
CyberLink DVD Suite
CyberLink MediaShow
CyberLink PowerDVD 9
D3DX10
Destinations
DeviceDiscovery
DocMgr
DocProc
Eraser 6.0.7.1893
FastStone Image Viewer 4.6
Fax
Flash Video Downloader 0.1
FLV Player 2.0 (build 25)
FormatFactory 3.0.1
GIMP 2.8.6
Google Earth Plug-in
Google Update Helper
GPBaseService2
HP Advisor
HP Customer Experience Enhancements
HP Customer Participation Program 13.0
HP Document Manager 2.0
HP Games
HP Imaging Device Functions 13.0
HP Officejet 4500 G510n-z
HP Quick Launch Buttons
HP Setup
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Support Assistant
HP Update
HP User Guides 0148
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPDiagnosticAlert
HPProductAssistant
HPSSupply
IDT Audio
Image Plugin
IObit Malware Fighter
IObit Uninstaller
iTunes
Japanese Fonts Support For Adobe Reader X
Java 7 Update 51
Java 7 Update 7 (64-bit)
Java Auto Updater
Junk Mail filter update
LabelPrint
LightScribe System Software
Link'Em
Livescribe Connect
Livescribe Desktop
Livescribe Desktop Documentation
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Corporation
Microsoft LifeCam
Microsoft Live Search Toolbar
Microsoft Mouse and Keyboard Center
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 8.0 (x86 en-US)
MPC-HC 1.6.8
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
Network64
OCR Software by I.R.I.S. 13.0
OpenOffice 4.0.0
Power2Go
PowerDirector
PowerTools Lite 2011
QLBCASL
QuickTime
Realtek 8136 8168 8169 Ethernet Driver
Realtek USB 2.0 Card Reader
Recovery Manager
SAMSUNG USB Driver for Mobile Phones
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Shop for HP Supplies
Skype™ 6.6
Smart Defrag 3
SmartWebPrinting
SolutionCenter
Status
SUABnR
Surfing Protection
swMSM
Synaptics Pointing Device Driver
Toolbox
TrayApp
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wohiper
TurboTax 2010 wrapper
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update Installer for WildTangent Games App
Verizon Wireless Software Upgrade Assistant - Samsung(ar)
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
WebReg
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WModem Driver Installer
.
==== Event Viewer Messages From Past Week ========
.
2/18/2014 12:43:17 AM, Error: Service Control Manager [7034]  - The hpqcxs08 service terminated unexpectedly.  It has done this 1 time(s).
2/18/2014 12:43:17 AM, Error: Service Control Manager [7034]  - The HP CUE DeviceDiscovery Service service terminated unexpectedly.  It has done this 1 time(s).
2/18/2014 12:40:18 AM, Error: Service Control Manager [7034]  - The LiveUpdate service terminated unexpectedly.  It has done this 1 time(s).
2/18/2014 12:39:07 AM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
2/18/2014 12:37:59 AM, Error: atikmdag [52236]  - CPLIB :: General - Invalid Parameter
2/17/2014 3:10:12 PM, Error: volmgr [46]  - Crash dump initialization failed!
2/12/2014 11:31:41 PM, Error: atikmdag [52250]  - CPLIB :: OPM - Failed the HFS
.
==== End Of File ===========================

[MrCharlie]

Welcome to the forum, please start with this:

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner from HERE or HERE to your desktop.

• Double click on AdwCleaner.exe to run the tool.

  Vista/Windows 7/8 users right-click and select Run As Administrator

• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• When it's done you'll see: Pending: Please uncheck elements you don't want removed.
• Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
• Look over the log especially under Files/Folders for any program you want to save.
• If there's a program you may want to save, just uncheck it from AdwCleaner.
• If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
• If you're ready to clean it all up.....click the Clean button.
• After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
• Copy and paste the contents of that logfile in your next reply.
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.
• Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
• To restore an item that has been deleted:
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

[labman]

Results of AdwCleaner - cleaned all found items

 

 

# AdwCleaner v3.019 - Report created 19/02/2014 at 13:28:19
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Mark - MARK-LAPTOP
# Running from : C:\Users\Mark\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : Application Updater

***** [ Files / Folders ] *****

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Folder Found C:\Program Files (x86)\Application Updater
Folder Found C:\Program Files (x86)\Common Files\Spigot
Folder Found C:\Program Files (x86)\IObit Apps Toolbar
Folder Found C:\Users\Mark\AppData\LocalLow\AVG Security Toolbar
Folder Found C:\Users\Mark\AppData\LocalLow\Search Settings

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Found : HKCU\Software\Search Settings
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\AVG Secure Search
Key Found : [x64] HKCU\Software\Search Settings
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\Application Updater
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
Key Found : HKLM\Software\PIP
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


*************************

AdwCleaner[R0].txt - [3608 octets] - [19/02/2014 13:28:19]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3668 octets] ##########

[labman]

AdwCleaner report after reboot

 

# AdwCleaner v3.019 - Report created 19/02/2014 at 13:32:51
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Mark - MARK-LAPTOP
# Running from : C:\Users\Mark\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : Application Updater

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Application Updater
Folder Deleted : C:\Program Files (x86)\IObit Apps Toolbar
Folder Deleted : C:\Program Files (x86)\Common Files\Spigot
Folder Deleted : C:\Users\Mark\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\Mark\AppData\LocalLow\Search Settings
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


*************************

AdwCleaner[R0].txt - [3780 octets] - [19/02/2014 13:28:19]
AdwCleaner[s0].txt - [3579 octets] - [19/02/2014 13:32:51]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3639 octets] ##########

 

 

 

Malwarebyte scan log

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.19.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Mark :: MARK-LAPTOP [administrator]

2/19/2014 1:41:26 PM
mbam-log-2014-02-19 (13-41-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218861
Time elapsed: 7 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

 

I will reboot and report.

[MrCharlie]

Malwarebytes????

MrC

[labman]

Hi MrC

 

The Malwarebytes scan report is in the post right above yours, it is designated by the Malwarebyte scan log heading.

 

I opened both FF and IE and here are the respective home pages that come up

 

http://search.yahoo.com/?type=541231&fr=spigot-yhp-ff

 

http://search.yahoo.com/?type=541231&fr=spigot-yhp-ie

[MrCharlie]

OK..Please do this:

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Then..........

Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.

(use correct version for your system.....Which system am I using?)

FRST <----for 32 bit systems

FRST64 <----for 64 bit systems

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

New window that comes up.

MrC

[labman]

Scans done and attached - the JRT file was too long to post.

Addition.txt

FRST.txt

JRT.txt

[MrCharlie]

I believe that Advanced SystemCare has a feature that prevents changes to your browsers, if this is the case...please disable it during the fix.

 

--------------------------

Also your Google preferences are corrupt:
Error reading preferences. Please check "preferences" file for possible corruption.
 

-------------------------

All I see in the log are Chrome and IE, no FF.

 

------------------------

Download the attached fixlist.txt to the same folder as FRST.
Run FRST.exe and click Fix only once and wait
The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Let me know how it is, you can always reset your browsers if needed:
http://www.howtogeek.com/171924/how-to-reset-your-web-browser-to-its-default-settings/

MrC

[labman]

ASC does have a homepage protect feature - I turned this off prior to the FRST.exe fix and checked it afterward and it is still off.

 

 

Not sure why FF is not showing up, that is the browser I use 99% of the time (v 27.0.1), then IE I have never used Chrome and don't believe it is installed as a browser although some Chrome files are present.

 

The is still my browser homepage in FF http://search.yahoo.com/?type=541231&fr=spigot-yhp-ff

 

in IE http://www.msn.com/?ocid=iehp   So it appears that IE has been fixed, but FF is still not directing properly.

 

Here is the txt file after downloading fixlist.txt and running FRST

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-02-2014
Ran by Mark at 2014-02-19 19:46:41 Run:1
Running from C:\Users\Mark\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [] - [X]
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?type=541231&fr=spigot-yhp-ie
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {5C336625-E4E3-45EA-9371-130B0AEB48E9} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
SearchScopes: HKLM-x32 - {5C336625-E4E3-45EA-9371-130B0AEB48E9} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
SearchScopes: HKCU - {5C336625-E4E3-45EA-9371-130B0AEB48E9} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
CHR Extension: (Ads Removal) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod [2013-12-17]
C:\Users\Mark\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Mark\AppData\Local\Temp\Quarantine.exe
C:\Users\Mark\AppData\Local\Temp\Resource_Toolbar.exe

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5C336625-E4E3-45EA-9371-130B0AEB48E9} => Key deleted successfully.
HKCR\CLSID\{5C336625-E4E3-45EA-9371-130B0AEB48E9} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{5C336625-E4E3-45EA-9371-130B0AEB48E9} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{5C336625-E4E3-45EA-9371-130B0AEB48E9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5C336625-E4E3-45EA-9371-130B0AEB48E9} => Key deleted successfully.
HKCR\CLSID\{5C336625-E4E3-45EA-9371-130B0AEB48E9} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Value deleted successfully.
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Value deleted successfully.
HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Key not found.
C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod => Moved successfully.
C:\Users\Mark\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.
C:\Users\Mark\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Mark\AppData\Local\Temp\Resource_Toolbar.exe => Moved successfully.

==== End of Fixlog ====

[MrCharlie]

Lets try this scanner:

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassociates.com/OT-Tools/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

[labman]

MrC - prior to getting your latest response I decided to reset my FF setting to their default values utlizing FF's troubleshooting tab in the help menu.

 

It saved my favorites/bookmarks, I closed FF and the default (FF start page came up) no more spigot-yahoo search!!!

 

To verify the change was not related to something that would load upon reboot I performed a restart and it remained FF start page upon starting.

 

My IE is staying with its default page as well - so I believe we may be good.

 

Would you still like me to download the OTL and do a scan?

 

Like others, I believe this came from an IObit update, IObit Smart defrag 3 was updated and then this problem occurred - should I remove IOBIT?

 

When this update happened it brought with it Spigot and Slick Savings Coupons.

 

Spigot appears to be totally gone now even from my registry, however there are still 20+ hits in my registry for Slick Savings should these be removed?

 

Thanks for your help!!

[MrCharlie]

Would you still like me to download the OTL and do a scan?

No

Like others, I believe this came from an IObit update, IObit Smart defrag 3 was updated and then this problem occurred - should I remove IOBIT?

None of their products would be on my computer, I would remove them.

When this update happened it brought with it Spigot and Slick Savings Coupons.

Spigot appears to be totally gone now even from my registry, however there are still 20+ hits in my registry for Slick Savings should these be removed?

Yes

 

------------------------------

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• If you get Unsupported operating system. Aborting now, just reboot and try again.
• A Notepad document should open automatically called checkup.txt.
• Please Post the contents of that document.
• Do Not Attach It!!!

MrC

[labman]

Content of checkup.txt

 

 Results of screen317's Security Check version 0.99.79  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2014   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 51  
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Flash Player 11.9.900.170  
 Mozilla Firefox 8.0 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe
 IObit IObit Malware Fighter IMFsrv.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

[MrCharlie]

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I would uninstall these:
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.9.900.170

Install the latest:
http://www.adobe.com/software/flash/about/
Downloads are at the top of the page

-------------------------------

Mozilla Firefox 8.0 Firefox out of Date! <----please check for an update if available.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /



Then hit enter. (it may look like CF is re-installing but it's not)
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

Please download OTC to your desktop. (This will clean up most of the tools and logs)
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.

-------------------------------

Any questions...please post back.
If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

[labman]

Took care of ComboFix, ran OTC, FRST with fixlist.txt, some manual clean up, clean registry of Slick Saver entries and eliminating IObit programs since that is where this originated from.

 

All appears to be good.

 

Thanks for your help MrC - much appreciated.

[MrCharlie]

OK...Take Care MrC

[Maurice Naggar]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.