Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Unwanted Yahoo Search page

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unwanted Yahoo Search page

Unread postby Somersetboy1942 » January 1st, 2014, 10:11 am

http://uk.search.yahoo.com/?type=293224&fr=spigot-yhp-ff

Hello, I keep getting the above page when I switch on. I have altered the home page to Google but still get this Yahoo page. Can this error be fixed without having to re-install everything again.

I am not very skilled with computers and this is the second time I have posted. I don't understand all the technical terms.

What is Bumping??

Please help.

John

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428
Run by John at 10:45:47 on 2013-12-31
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4079.2440 [GMT 0:00]
.
AV: AVG AntiVirus 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\Explorer.EXE
C:\Windows\vVX1000.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\John\AppData\Roaming\Search Protection\SearchProtection.exe
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
mWinlogon: Userinit = userinit.exe
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [CAHeadless] C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe
uRun: [SearchProtection] "C:\Users\John\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
StartupFolder: C:\Users\John\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{BB54AFA7-0621-4F84-8F4D-EF25D5814F3F} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [VX1000] C:\Windows\vVX1000.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\f6scdwrk.default\
FF - prefs.js: browser.startup.homepage - hxxp://uk.search.yahoo.com/?type=293224&fr=spigot-yhp-ff
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=293224&p=
FF - plugin: C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMSS.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-10-24 194872]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-12-22 56336]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-5 150808]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-4 240920]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-10-31 212280]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R2 AdobeActiveFileMonitor12.0;Adobe Active File Monitor V12;C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [2013-9-3 181152]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-20 203776]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-11-11 3478544]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-12-12 646248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-25 111616]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-9-6 288776]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-1 178824]
S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2013-12-22 16152]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-12-24 1255736]
.
=============== Created Last 30 ================
.
2013-12-29 17:32:35 -------- d-----w- C:\Program Files\McAfee Security Scan
2013-12-29 09:59:40 -------- d-----w- C:\ProgramData\Visan
2013-12-29 09:59:40 -------- d-----w- C:\ProgramData\HP Photo Creations
2013-12-29 09:59:40 -------- d-----w- C:\Program Files (x86)\HP Photo Creations
2013-12-29 09:59:29 -------- d-----w- C:\Windows\Hewlett-Packard
2013-12-27 20:01:25 -------- d-----w- C:\Windows\System32\MRT
2013-12-27 18:43:54 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2013-12-27 18:43:30 -------- d-----w- C:\ProgramData\regid.1991-06.com.microsoft
2013-12-27 18:43:06 -------- d-----w- C:\Windows\PCHEALTH
2013-12-27 18:43:06 -------- d-----w- C:\Program Files\Microsoft SQL Server
2013-12-27 18:41:13 -------- d-----w- C:\Program Files\Microsoft Analysis Services
2013-12-27 18:41:13 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2013-12-27 18:40:59 -------- d-----w- C:\Users\John\AppData\Local\Microsoft Help
2013-12-26 00:06:47 -------- d-----w- C:\Users\John\AppData\Local\Microsoft Games
2013-12-25 23:59:40 -------- d-----w- C:\Users\John\AppData\Roaming\Search Protection
2013-12-25 23:58:11 -------- d-----w- C:\Users\John\AppData\Roaming\uTorrent
2013-12-24 18:24:00 -------- d-----w- C:\Users\John\AppData\Local\Macromedia
2013-12-24 18:23:20 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-24 18:23:20 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-24 16:12:19 27136 ----a-w- C:\Windows\~GLH0001.TMP
2013-12-24 11:11:59 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2013-12-24 11:11:59 48128 ----a-w- C:\Windows\System32\imgutil.dll
2013-12-24 11:11:59 142336 ----a-w- C:\Program Files\Internet Explorer\jsdebuggeride.dll
2013-12-24 08:26:22 -------- d-----w- C:\Windows\SysWow64\Wat
2013-12-24 08:26:22 -------- d-----w- C:\Windows\System32\Wat
2013-12-24 03:52:16 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-24 03:52:16 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-24 03:52:16 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2013-12-24 03:52:15 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2013-12-24 02:45:16 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-12-24 02:20:03 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2013-12-24 01:59:52 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2013-12-24 01:59:52 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2013-12-24 01:59:51 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2013-12-24 01:59:51 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2013-12-24 01:59:51 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2013-12-24 01:59:51 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2013-12-24 01:59:51 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2013-12-24 01:40:31 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2013-12-24 01:40:31 5120 ----a-w- C:\Windows\System32\wmi.dll
2013-12-24 01:40:31 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2013-12-23 09:28:54 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2013-12-23 09:27:57 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys
2013-12-23 09:26:59 76800 ----a-w- C:\Windows\System32\drivers\hidclass.sys
2013-12-23 09:25:54 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2013-12-23 09:24:58 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2013-12-23 09:23:53 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-12-23 09:22:59 723456 ----a-w- C:\Windows\System32\EncDec.dll
2013-12-23 09:07:20 77312 ----a-w- C:\Windows\System32\packager.dll
2013-12-23 09:07:20 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2013-12-22 18:13:55 -------- d-----w- C:\MM Map Folder
2013-12-22 17:56:31 -------- d-----w- C:\Users\John\AppData\Local\Memory-Map-License
2013-12-22 17:56:31 -------- d-----w- C:\ProgramData\Memory-Map-License
2013-12-22 17:55:37 -------- d-----w- C:\Maps_v5
2013-12-22 17:55:18 -------- d-----w- C:\Program Files (x86)\Memory-Map
2013-12-22 17:54:44 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-12-22 17:25:19 -------- d-----w- C:\Program Files\Microsoft LifeCam
2013-12-22 17:25:19 -------- d-----w- C:\Program Files (x86)\Microsoft LifeCam
2013-12-22 17:25:13 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll
2013-12-22 17:25:13 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2013-12-22 17:14:42 -------- d-----r- C:\Program Files (x86)\Skype
2013-12-22 16:59:22 -------- d-----w- C:\ProgramData\McAfee Security Scan
2013-12-22 15:32:03 -------- d-----w- C:\Windows\Panther
2013-12-22 15:21:06 -------- d-----w- C:\Windows.old.000
2013-12-22 10:41:51 -------- d-----w- C:\Users\John\AppData\Roaming\TrackLogs
2013-12-22 10:41:51 -------- d-----w- C:\Program Files (x86)\TrackLogs
2013-12-22 10:41:19 -------- d-----w- C:\ProgramData\TrackLogs
2013-12-22 10:22:33 -------- d-----w- C:\Users\John\AppData\Roaming\FamilyTreeMaker
2013-12-22 10:21:23 -------- d-----w- C:\Users\John\AppData\Local\IsolatedStorage
2013-12-22 10:18:35 -------- d-----w- C:\Users\John\AppData\Local\Ancestry.com
2013-12-22 10:17:34 -------- d-----w- C:\Program Files (x86)\Family Tree Maker 2012
2013-12-22 10:17:34 -------- d-----w- C:\Program Files (x86)\BCL Technologies
2013-12-22 10:17:26 -------- d-----w- C:\IExp5.tmp
2013-12-22 10:17:23 -------- d-----w- C:\Windows\RegisteredPackages
2013-12-22 10:17:23 -------- d-----w- C:\IExp4.tmp
2013-12-22 10:17:22 -------- d--h--w- C:\Windows\msdownld.tmp
2013-12-22 10:17:21 -------- d-----w- C:\Program Files (x86)\Windows Media Components
2013-12-22 10:10:47 -------- d--h--w- C:\ProgramData\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}
2013-12-22 10:10:39 -------- d-----w- C:\Users\John\AppData\Local\PackageAware
2013-12-22 10:07:43 -------- d-----w- C:\ProgramData\Avanquest Software Publishing Ltd
2013-12-22 09:59:22 -------- d-----w- C:\Users\John\AppData\Roaming\AVG2014
2013-12-22 09:58:54 -------- d-----w- C:\Users\John\AppData\Roaming\TuneUp Software
2013-12-22 09:58:31 -------- d-----w- C:\ProgramData\AVG2014
2013-12-22 09:58:04 -------- d-----w- C:\Program Files (x86)\AVG
2013-12-22 09:54:50 -------- d--h--w- C:\ProgramData\Common Files
2013-12-22 09:54:50 -------- d-----w- C:\Users\John\AppData\Local\MFAData
2013-12-22 09:54:50 -------- d-----w- C:\Users\John\AppData\Local\Avg2014
2013-12-22 09:54:50 -------- d-----w- C:\ProgramData\MFAData
2013-12-22 09:25:19 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2013-12-22 09:25:09 56336 ------w- C:\Windows\System32\drivers\PxHlpa64.sys
2013-12-22 09:25:09 11376 ------w- C:\Windows\System32\drivers\cdralw2k.sys
2013-12-22 09:25:09 10864 ------w- C:\Windows\System32\drivers\cdr4_xp.sys
2013-12-22 09:24:35 -------- d-----w- C:\Program Files (x86)\Common Files\Sonic Shared
2013-12-22 09:24:35 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2013-12-22 09:23:17 -------- d-----w- C:\Users\John\AppData\Local\Adobe
2013-12-22 08:58:56 -------- d-----w- C:\Program Files (x86)\MyPC Backup
2013-12-22 08:58:03 16152 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys
2013-12-22 08:58:01 -------- d-----w- C:\Users\John\AppData\Local\SlimWare Utilities Inc
2013-12-22 08:57:55 -------- d-----w- C:\Program Files (x86)\DriverUpdate
2013-12-22 08:49:51 0 ----a-w- C:\Windows\ativpsrm.bin
2013-12-22 08:41:24 -------- d-----w- C:\Program Files (x86)\Microsoft
2013-12-22 08:41:12 -------- d-----w- C:\Users\John\AppData\Roaming\HpUpdate
2013-12-22 08:41:03 741480 ------w- C:\Windows\System32\HPDiscoPM4812.dll
2013-12-22 08:40:39 -------- d-----w- C:\Program Files\HP
2013-12-22 08:40:39 -------- d-----w- C:\Program Files (x86)\HP
2013-12-22 08:40:37 -------- d-sh--w- C:\Windows\Installer
2013-12-22 08:40:09 -------- d-----w- C:\Users\John\AppData\Local\HP
2013-12-22 08:27:13 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2013-12-22 08:27:13 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2013-12-22 08:27:13 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2013-12-22 08:23:43 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-12-22 08:23:38 99840 ----a-w- C:\Windows\System32\wudriver.dll
2013-12-22 08:23:25 36864 ----a-w- C:\Windows\System32\wuapp.exe
2013-12-22 08:23:25 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2013-12-22 08:10:36 -------- d-----w- C:\Users\John\AppData\Local\Diagnostics
2013-12-21 08:35:19 -------- d--h--w- C:\$WINDOWS.~Q
2013-12-21 08:31:55 -------- d--h--w- C:\$INPLACE.~TR
2013-12-12 12:12:01 -------- d-----w- C:\Intel
2013-12-12 11:48:07 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2013-12-12 11:48:07 646248 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2013-12-12 11:48:07 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2013-12-12 11:48:06 -------- d-----w- C:\W7
2013-12-12 11:47:46 -------- d-----w- C:\HECI
2013-12-12 11:47:31 -------- d-----w- C:\INFUpdate
2013-12-12 11:46:57 -------- d-----w- C:\Realtek
2013-12-12 08:50:24 -------- d-----w- C:\IExp3.tmp
2013-12-12 08:50:22 -------- d-----w- C:\IExp2.tmp
2013-12-12 00:28:50 -------- d-----w- C:\Windows.old
.
==================== Find3M ====================
.
2013-12-24 15:59:12 27136 ----a-w- C:\Windows\~GLH0000.TMP
2013-12-24 02:34:21 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-11-05 21:55:48 150808 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
2013-11-04 21:52:42 240920 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-10-31 23:00:18 212280 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2013-10-31 22:49:46 294712 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2013-10-30 02:32:01 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-10-30 01:24:31 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-10-24 22:25:58 194872 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-10-12 02:32:04 150016 ----a-w- C:\Windows\System32\wshom.ocx
2013-10-12 02:31:04 202752 ----a-w- C:\Windows\System32\scrrun.dll
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:04:36 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-10-12 02:03:31 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-12 01:33:39 156160 ----a-w- C:\Windows\System32\cscript.exe
2013-10-12 01:33:26 168960 ----a-w- C:\Windows\System32\wscript.exe
2013-10-12 01:15:48 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2013-10-12 01:15:48 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-10-04 02:16:30 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys
2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
.
============= FINISH: 10:46:18.60 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 22/12/2013 07:52:02
System Uptime: 31/12/2013 09:27:46 (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | H67M-D2-B3
Processor: Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz | Socket 1155 | 3601/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 932 GiB total, 761.964 GiB free.
D: is FIXED (NTFS) - 466 GiB total, 253.336 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP15: 24/12/2013 01:32:09 - Windows Update
RP16: 24/12/2013 11:09:29 - Windows Update
RP17: 25/12/2013 12:25:32 - Windows Update
RP18: 27/12/2013 18:39:22 - Installed Microsoft Office Professional Plus 2013
RP19: 27/12/2013 18:39:56 - PROPLUS
RP20: 27/12/2013 18:57:21 - Configured Microsoft Office Professional Plus 2013
RP21: 27/12/2013 18:57:36 - PROPLUS
RP22: 27/12/2013 19:57:48 - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 12
Adobe Premiere Elements 12
Adobe Reader XI (11.0.05)
µTorrent
AVG 2014
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition
Elements 12 Organizer
Family History Resource File Viewer 2.0
Family Tree Maker 2012
HP Officejet 7500 E910 Basic Device Software
HP Officejet 7500 E910 Help
HP Officejet 7500 E910 Product Improvement Study
HP Photo Creations
HP Update
I.R.I.S. OCR
McAfee Security Scan Plus
Memory-Map Navigator
Memory-Map OS Edition Version 5
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Access MUI (English) 2013
Microsoft Access Setup Metadata MUI (English) 2013
Microsoft Corporation
Microsoft DCF MUI (English) 2013
Microsoft Excel MUI (English) 2013
Microsoft Groove MUI (English) 2013
Microsoft InfoPath MUI (English) 2013
Microsoft LifeCam
Microsoft Lync MUI (English) 2013
Microsoft Office 32-bit Components 2013
Microsoft Office OSM MUI (English) 2013
Microsoft Office OSM UX MUI (English) 2013
Microsoft Office Professional Plus 2013
Microsoft Office Proofing (English) 2013
Microsoft Office Proofing Tools 2013 - English
Microsoft Office Proofing Tools 2013 - Español
Microsoft Office Shared 32-bit MUI (English) 2013
Microsoft Office Shared MUI (English) 2013
Microsoft Office Shared Setup Metadata MUI (English) 2013
Microsoft OneNote MUI (English) 2013
Microsoft Outlook MUI (English) 2013
Microsoft PowerPoint MUI (English) 2013
Microsoft Publisher MUI (English) 2013
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Word MUI (English) 2013
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
Outils de vérification linguistique 2013 de Microsoft Office - Français
PRE12 STI 64Installer
PSE12 STI Installer
Search Protection
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Excel 2013 (KB2827238) 64-Bit Edition
Security Update for Microsoft Lync 2013 (KB2850057) 64-Bit Edition
Security Update for Microsoft Office 2013 (KB2768005) 64-Bit Edition
Security Update for Microsoft Office 2013 (KB2810009) 64-Bit Edition
Security Update for Microsoft Office 2013 (KB2850064) 64-Bit Edition
Security Update for Microsoft Outlook 2013 (KB2837618) 64-Bit Edition
Skype Click to Call
Skype™ 6.11
TrackLogs Digital Mapping v3
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update for Microsoft Access 2013 (KB2768008) 64-Bit Edition
Update for Microsoft Access 2013 (KB2827233) 64-Bit Edition
Update for Microsoft InfoPath 2013 (KB2837648) 64-Bit Edition
Update for Microsoft Lync 2013 (KB2817678) 64-Bit Edition
Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition
Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition
Update for Microsoft Office 2013 (KB2738038) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760224) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760242) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760267) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760539) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760553) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition
Update for Microsoft Office 2013 (KB2767845) 64-Bit Edition
Update for Microsoft Office 2013 (KB2768016) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817314) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817316) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817490) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817626) 64-Bit Edition
Update for Microsoft Office 2013 (KB2826004) 64-Bit Edition
Update for Microsoft Office 2013 (KB2827225) 64-Bit Edition
Update for Microsoft Office 2013 (KB2827227) 64-Bit Edition
Update for Microsoft Office 2013 (KB2827230) 64-Bit Edition
Update for Microsoft Office 2013 (KB2827239) 64-Bit Edition
Update for Microsoft Office 2013 (KB2837626) 64-Bit Edition
Update for Microsoft Office 2013 (KB2837637) 64-Bit Edition
Update for Microsoft Office 2013 (KB2837638) 64-Bit Edition
Update for Microsoft Office 2013 (KB2837655) 64-Bit Edition
Update for Microsoft Office 2013 (KB2850066) 64-Bit Edition
Update for Microsoft OneNote 2013 (KB2850063) 64-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2767850) 64-Bit Edition
Update for Microsoft Project 2013 (KB2727085) 64-Bit Edition
Update for Microsoft Publisher 2013 (KB2837635) 64-Bit Edition
Update for Microsoft SkyDrive Pro (KB2817495) 64-Bit Edition
Update for Microsoft SkyDrive Pro (KB2837652) 64-Bit Edition
Update for Microsoft Visio 2013 (KB2817306) 64-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit Edition
Update for Microsoft Word 2013 (KB2837647) 64-Bit Edition
Update for Microsoft Word 2013 (KB2850060) 64-Bit Edition
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
Windows Media Encoder 9 Series
.
==== Event Viewer Messages From Past Week ========
.
29/12/2013 17:28:40, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa8005ceb060, 0xfffff800040a93d8, 0xfffffa8006120230). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122913-53820-01.
24/12/2013 11:31:37, Error: Service Control Manager [7043] - The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.
24/12/2013 08:34:04, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Internet Explorer 8 Compatibility View List for Windows 7 for x64-based Systems (KB2598845).
24/12/2013 08:32:34, Error: Service Control Manager [7023] -
24/12/2013 08:28:58, Error: Service Control Manager [7034] - The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s).
24/12/2013 08:28:58, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
24/12/2013 08:28:58, Error: Service Control Manager [7031] - The Microsoft .NET Framework NGEN v4.0.30319_X86 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
24/12/2013 08:28:08, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The process cannot access the file because it is being used by another process.
24/12/2013 08:28:07, Error: Service Control Manager [7023] - The Windows Font Cache Service service terminated with the following error: The process cannot access the file because it is being used by another process.
24/12/2013 08:27:45, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Adobe Active File Monitor V12 service to connect.
24/12/2013 08:27:00, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
24/12/2013 03:32:05, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7 for x64-based Systems.
.
==== End Of File ===========================
Somersetboy1942
Active Member
 
Posts: 9
Joined: December 31st, 2013, 6:11 am
Advertisement
Register to Remove

Re: Unwanted Yahoo Search page

Unread postby Gary R » January 2nd, 2014, 9:58 am

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21864
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Unwanted Yahoo Search page

Unread postby Gary R » January 2nd, 2014, 10:11 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Infected? Virus, malware, adware, ransomware, oh my!" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi Somersetboy1942

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

As an added safety precaution, before we start removing anything, I'd like you to make a backup of your Registry, which we can restore to if necessary.

Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Please observe these rules while we work:
  • Do not edit your logs in any way whatsoever.
  • Perform all actions in the order given.
  • If you don't know, or don't understand something, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using Windows 7, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


OK, the Yahoo thing should be pretty simple to resolve, and we'll deal with it shortly, but first there's a couple of lines showing in your DDS logs that suggests you might have something a little more to deal with ...

C:\Users\John\AppData\Roaming\Search Protection\SearchProtection.exe
uRun: [SearchProtection] "C:\Users\John\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart


... this often comes "bundled" with other foistware, and I'd like to investigate a bit more to determine whether that is the case or not.

Please do the following ....

Please download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan.
  • A logfile will automatically open after the scan has finished.
  • Close the adwCleaner window, click ok to the prompt.
  • Please post the contents of that logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[R1].txt.
  • Do not attempt at this time to "Clean" anything that may be found by ADWCleaner.

Next ...

Download OTL by OldTimer to your Desktop.

If you already have a copy of OTL delete it and use this version.

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.
    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)
  • Please post me both logs.

Summary of the logs I need from you in your next post:
  • AdwCleaner[R1].txt
  • OTL.txt
  • Extras.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21864
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Unwanted Yahoo Search page

Unread postby Gary R » January 4th, 2014, 1:05 pm

Received by PM .....

Hi Gary, AdwCleaner log from Somersetboy

# AdwCleaner v3.016 - Report created 04/01/2014 at 11:46:41
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : John - HOMECOMPUTER
# Running from : C:\Users\John\Downloads\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\f6scdwrk.default\searchplugins\conduit-search.xml
File Found : C:\Windows\System32\Tasks\SpeedMaxPc
File Found : C:\Windows\Tasks\SpeedMaxPc.job
Folder Found C:\Program Files (x86)\Common Files\SpeedMaxPc
Folder Found C:\Program Files (x86)\MyPC Backup
Folder Found C:\ProgramData\SpeedMaxPc
Folder Found C:\Users\John\AppData\Local\PackageAware
Folder Found C:\Users\John\AppData\Roaming\DriverCure
Folder Found C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedMaxPc
Folder Found C:\Users\John\AppData\Roaming\Search Protection
Folder Found C:\Users\John\AppData\Roaming\SpeedMaxPc

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\SpeedMaxPC
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKCU\Software\SpeedMaxPC
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\Software\SpeedMaxPC
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\f6scdwrk.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [2711 octets] - [04/01/2014 11:42:02]
AdwCleaner[R1].txt - [2611 octets] - [04/01/2014 11:46:41]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [2671 octets] ##########
User avatar
Gary R
Administrator
Administrator
 
Posts: 21864
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Unwanted Yahoo Search page

Unread postby Gary R » January 4th, 2014, 1:07 pm

OTL Extras logfile created on: 04/01/2014 11:50:12 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\John\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.98 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 57.29% Memory free
7.97 Gb Paging File | 6.11 Gb Available in Paging File | 76.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 770.33 Gb Free Space | 82.70% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 253.33 Gb Free Space | 54.39% Space Free | Partition Type: NTFS

Computer Name: HOMECOMPUTER | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-508561232-3509187553-1591890775-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F3CD139E-C871-4E82-BB2A-4E4A647B591B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DE130F3-C7D6-4953-8076-E2D5352E8DDD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{1751A915-30CE-4CF6-9E2B-6CDBC5500720}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{2AB1B293-5AB9-4C82-AD8B-8E563D68FE52}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{303E7EFB-E2DC-4405-A4B1-48142D162FD9}" = protocol=17 | dir=in | app=c:\users\john\appdata\roaming\utorrent\utorrent.exe |
"{308F702A-AE7A-493F-91A1-85D151F52B56}" = protocol=17 | dir=in | app=c:\program files (x86)\memory-map\os-5\mm3d.exe |
"{3A24F208-F745-4D87-B042-F1DDD449967A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{46BCABA5-6EEF-4F8D-91F2-476FFFF50D99}" = protocol=17 | dir=in | app=c:\program files (x86)\memory-map\os-5\mmnav.exe |
"{4AB697EE-1609-4EB5-A4F4-3DF2F3FD5E5E}" = dir=in | app=c:\program files\hp\hp officejet 7500 e910\bin\hpnetworkcommunicator.exe |
"{56E696DB-FD19-4294-999C-B334BC2A8CB5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{59FF40C0-AAD3-4819-B299-E5344145CD16}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{5ACAD856-51D7-427A-B32B-1D96A746F7E3}" = dir=in | app=c:\program files\hp\hp officejet 7500 e910\bin\devicesetup.exe |
"{65C504A4-8724-4740-AC2D-B9415AA7745D}" = dir=in | app=c:\program files\hp\hp officejet 7500 e910\bin\faxapplications.exe |
"{6E2839B1-59A3-4207-8325-A784AC8922F1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{72A73F8B-1582-4A4D-8421-044EFFCCDD41}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{7AC7EA4E-9D0D-4FA7-8E79-47C63DABB67C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{7D2A7508-8B76-42B8-88F0-A64AC5A935F6}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{7F8D0107-E0AB-4260-BDCD-EE0F548A1DC8}" = protocol=17 | dir=in | app=c:\program files (x86)\memory-map\os-5\showmmcrypt.exe |
"{850D43AA-D0B4-4EA1-8FE5-7CB0302A98E4}" = protocol=6 | dir=in | app=c:\users\john\appdata\roaming\utorrent\utorrent.exe |
"{89CE5F8B-7EAF-4CE6-9966-A3266A96414F}" = protocol=6 | dir=in | app=c:\program files (x86)\memory-map\os-5\mmnav.exe |
"{8D77BD21-AB84-4D3A-BC50-C615016C5A9A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{90F06355-1542-4621-982F-919D4E44C4B6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{93890F77-2E39-4E8A-BF96-92E816CDC41B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{94505CF7-4797-4A33-875B-29308CF379B4}" = dir=in | app=c:\program files\hp\hp officejet 7500 e910\bin\hpnetworkcommunicatorcom.exe |
"{98A4A42F-F573-430D-AB20-D445277EF781}" = protocol=6 | dir=in | app=c:\program files (x86)\memory-map\os-5\mm3d.exe |
"{A4C3004B-968C-4FE8-82CA-1A6CF83CD440}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{A7CB4EB5-67FD-4D44-8403-4A6F97F09A10}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{AF3D8D41-87A5-492B-8E47-E50FA6579411}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{BA6AF0F1-44D2-434A-8A50-685DC749A8C1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{C02A2591-A69B-408D-9342-10193C194E63}" = dir=in | app=c:\program files\hp\hp officejet 7500 e910\bin\sendafax.exe |
"{CDEB6709-09EB-40B3-80C5-DD4A7C88EA99}" = dir=in | app=c:\program files\hp\hp officejet 7500 e910\bin\digitalwizards.exe |
"{E9F38EE9-A1BD-4801-A36F-544F27394059}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{EDE879C9-0B16-4412-9C75-81A64844BDBA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{F19A36C1-5C46-42A1-9BED-26A438C22B81}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{F3A92152-D7A8-4FC8-8E90-E39763B1EBFF}" = protocol=6 | dir=in | app=c:\program files (x86)\memory-map\os-5\showmmcrypt.exe |
"{FFA84520-6C99-4F36-A613-D2BEDE453F23}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{34883B9C-CDFE-46F0-9C5B-935484C218C3}" = AVG 2014
"{4016464A-0C3E-4070-8293-5D7F0D8EAE3A}" = Adobe Premiere Elements 12
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{7CF50183-026B-418D-A26C-A254290BD824}" = HP Officejet 7500 E910 Basic Device Software
"{7F624BD1-4FE0-432F-B928-68302E156D04}" = AVG 2014
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{90150000-0015-0409-1000-0000000FF1CE}" = Microsoft Access MUI (English) 2013
"{90150000-0016-0409-1000-0000000FF1CE}" = Microsoft Excel MUI (English) 2013
"{90150000-0018-0409-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (English) 2013
"{90150000-0019-0409-1000-0000000FF1CE}" = Microsoft Publisher MUI (English) 2013
"{90150000-001A-0409-1000-0000000FF1CE}" = Microsoft Outlook MUI (English) 2013
"{90150000-001B-0409-1000-0000000FF1CE}" = Microsoft Word MUI (English) 2013
"{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français
"{90150000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español
"{90150000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013
"{90150000-0044-0409-1000-0000000FF1CE}" = Microsoft InfoPath MUI (English) 2013
"{90150000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013
"{90150000-0090-0409-1000-0000000FF1CE}" = Microsoft DCF MUI (English) 2013
"{90150000-00A1-0409-1000-0000000FF1CE}" = Microsoft OneNote MUI (English) 2013
"{90150000-00BA-0409-1000-0000000FF1CE}" = Microsoft Groove MUI (English) 2013
"{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
"{90150000-00C1-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2013
"{90150000-00E1-0409-1000-0000000FF1CE}" = Microsoft Office OSM MUI (English) 2013
"{90150000-00E2-0409-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (English) 2013
"{90150000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013
"{90150000-0117-0409-1000-0000000FF1CE}" = Microsoft Access Setup Metadata MUI (English) 2013
"{90150000-012B-0409-1000-0000000FF1CE}" = Microsoft Lync MUI (English) 2013
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{CC9F7DAB-5F9B-43B1-882C-1CC2A231EF40}" = HP Officejet 7500 E910 Product Improvement Study
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2014
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Office15.PROPLUS" = Microsoft Office Professional Plus 2013
"PremElem120" = Adobe Premiere Elements 12

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06934A7E-D27F-4C5C-9D93-9715E274D736}" = PRE12 STI 64Installer
"{11F9A376-342F-4297-82DA-1F6EA8ED4B6B}" = PSE12 STI Installer
"{1CB0993B-1CD4-4A18-9C85-9732AFD9843F}" = Family Tree Maker 2012
"{24DC9885-E759-4BD2-8A20-D4AC509A7FDE}" = HP Officejet 7500 E910 Help
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{777B751F-C904-4BD7-8DFF-81F97A3C0BC5}" = Adobe Photoshop Elements 12
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9D80A7B7-DC01-485D-AE93-710D559B5C56}" = Elements 12 Organizer
"{A7A59CB1-5FAE-42A1-B335-17B1C942B43E}" = Memory-Map OS Edition Version 5
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92D8C2A-6B1B-4ED7-BAFB-2816E5D8DBFF}" = TrackLogs Digital Mapping v3
"{C9C16728-F308-4EF4-A2F4-A3E2D8A4843E}" = Memory-Map Navigator
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EF4F8650-7710-4CA0-831D-4AA9C1CF6D87}" = SpeedMaxPc
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 12" = Adobe Photoshop Elements 12
"Family History Resource File Viewer 2.0" = Family History Resource File Viewer 2.0
"Family Tree Maker 2012" = Family Tree Maker 2012
"HP Photo Creations" = HP Photo Creations
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Tweaking.com - Registry Backup" = Tweaking.com - Registry Backup
"Windows Media Encoder 9" = Windows Media Encoder 9 Series

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-508561232-3509187553-1591890775-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Search Protection" = Search Protection
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 31/12/2013 05:29:45 | Computer Name = HomeComputer | Source = WinMgmt | ID = 10
Description =

Error - 31/12/2013 09:06:46 | Computer Name = HomeComputer | Source = Family Tree Maker | ID = 100
Description =

Error - 31/12/2013 09:06:46 | Computer Name = HomeComputer | Source = Family Tree Maker | ID = 100
Description =

Error - 31/12/2013 09:06:46 | Computer Name = HomeComputer | Source = .NET Runtime | ID = 1026
Description =

Error - 31/12/2013 09:06:47 | Computer Name = HomeComputer | Source = Application Error | ID = 1000
Description = Faulting application name: FTM.exe, version: 21.0.0.723, time stamp:
0x50b65783 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp:
0x51fb1116 Exception code: 0xe0434352 Fault offset: 0x0000c41f Faulting process id:
0x123c Faulting application start time: 0x01cf061f6bcc6c19 Faulting application path:
C:\Program Files (x86)\Family Tree Maker 2012\FTM.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report
Id: 6756bc34-721c-11e3-bd86-50e54939f74f

Error - 31/12/2013 11:02:03 | Computer Name = HomeComputer | Source = WinMgmt | ID = 10
Description =

Error - 01/01/2014 09:51:33 | Computer Name = HomeComputer | Source = WinMgmt | ID = 10
Description =

Error - 02/01/2014 03:49:51 | Computer Name = HomeComputer | Source = WinMgmt | ID = 10
Description =

Error - 03/01/2014 19:46:45 | Computer Name = HomeComputer | Source = WinMgmt | ID = 10
Description =

Error - 04/01/2014 06:52:06 | Computer Name = HomeComputer | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 29/12/2013 13:28:40 | Computer Name = HomeComputer | Source = BugCheck | ID = 1001
Description =

Error - 29/12/2013 20:50:26 | Computer Name = HomeComputer | Source = DCOM | ID = 10010
Description =

Error - 30/12/2013 09:30:49 | Computer Name = HomeComputer | Source = DCOM | ID = 10010
Description =

Error - 30/12/2013 20:46:05 | Computer Name = HomeComputer | Source = DCOM | ID = 10010
Description =

Error - 31/12/2013 09:06:55 | Computer Name = HomeComputer | Source = DCOM | ID = 10010
Description =

Error - 31/12/2013 14:43:37 | Computer Name = HomeComputer | Source = DCOM | ID = 10010
Description =

Error - 01/01/2014 16:37:43 | Computer Name = HomeComputer | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 01/01/2014 19:05:22 | Computer Name = HomeComputer | Source = DCOM | ID = 10010
Description =

Error - 02/01/2014 05:18:42 | Computer Name = HomeComputer | Source = DCOM | ID = 10010
Description =

Error - 03/01/2014 20:37:53 | Computer Name = HomeComputer | Source = DCOM | ID = 10010
Description =


< End of report >
User avatar
Gary R
Administrator
Administrator
 
Posts: 21864
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Unwanted Yahoo Search page

Unread postby Gary R » January 4th, 2014, 1:18 pm

The otl.txt log you posted me is incomplete, this is because the PM system has a character limit that is unsuited to the posting of large logs, and the log therefore got cut short.

Please run another scan for me with OTL, using the new instructions below ...

  • Double click OTL.exe to launch the programme.
  • Check the following are selected.
    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.
  • Check the following are selected in the "File Scans" section.
    • Skip Microsoft files
    • Use No-Company-Name Whitelist
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce one log.
    • OTL.txt (open on your desktop).
  • Please post me the log.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21864
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Unwanted Yahoo Search page

Unread postby Somersetboy1942 » January 4th, 2014, 1:38 pm

OTL logfile created on: 04/01/2014 17:34:51 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\John\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.98 Gb Total Physical Memory | 2.64 Gb Available Physical Memory | 66.33% Memory free
7.97 Gb Paging File | 5.74 Gb Available in Paging File | 72.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 770.31 Gb Free Space | 82.69% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 253.33 Gb Free Space | 54.39% Space Free | Partition Type: NTFS

Computer Name: HOMECOMPUTER | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/04 11:48:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\John\Downloads\OTL.exe
PRC - [2014/01/04 11:41:31 | 001,233,962 | ---- | M] () -- C:\Users\John\Downloads\adwcleaner.exe
PRC - [2013/12/24 18:23:20 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
PRC - [2013/12/05 19:34:42 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/12/05 13:17:18 | 013,504,512 | ---- | M] (www.tracklogs.co.uk) -- C:\Program Files (x86)\TrackLogs\Digital Mapping v3\TrackLogsV3.exe
PRC - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2013/11/07 22:03:50 | 004,956,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/09/05 14:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/09/03 21:17:22 | 000,832,360 | ---- | M] (Spigot, Inc.) -- C:\Users\John\AppData\Roaming\Search Protection\SearchProtection.exe
PRC - [2013/09/03 06:27:02 | 000,181,152 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2013/06/03 05:33:34 | 000,815,992 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2010/05/20 15:26:28 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe


========== Modules (No Company Name) ==========

MOD - [2014/01/04 11:41:31 | 001,233,962 | ---- | M] () -- C:\Users\John\Downloads\adwcleaner.exe
MOD - [2013/12/24 18:23:20 | 016,242,056 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
MOD - [2013/12/05 19:36:56 | 003,559,024 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/10/17 11:25:48 | 008,866,472 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/26 09:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/09/06 17:32:06 | 000,288,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2013/05/27 05:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/05/20 15:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV - [2013/12/24 18:23:20 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/05 19:36:33 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/09/05 14:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/03 06:27:02 | 000,181,152 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor12.0)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/12/23 08:51:51 | 000,016,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2013/11/05 21:55:48 | 000,150,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2013/11/04 21:52:42 | 000,240,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/10/31 23:00:18 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/10/31 22:49:46 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/10/24 22:25:58 | 000,194,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/10/01 00:52:08 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/09/10 00:43:02 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/08/01 16:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/07/19 03:01:00 | 000,056,336 | ---- | M] (Corel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/29 09:30:34 | 000,646,248 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/21 03:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 03:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 03:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/05/20 15:26:28 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VX1000.sys -- (VX1000)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B9 AB C2 4A EF FE CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0CD9EE19-E502-4579-B571-EFEB297EC4BF}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.conduit.com/Results.aspx? ... 1430D6E&q={searchTerms}&SSPV=
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\..\SearchScopes\{0CD9EE19-E502-4579-B571-EFEB297EC4BF}: "URL" = http://uk.search.yahoo.com/search?fr=ch ... =293224&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=293224"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://uk.search.yahoo.com/?type=293224&fr=spigot-yhp-ff"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=293224&p="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/12/27 20:06:37 | 000,000,000 | ---D | M]

[2013/12/22 09:05:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Extensions
[2013/12/23 09:18:40 | 000,000,975 | ---- | M] () -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\f6scdwrk.default\searchplugins\conduit-search.xml
[2013/12/26 00:01:41 | 000,000,921 | ---- | M] () -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\f6scdwrk.default\searchplugins\yahoo.xml
[2013/12/22 17:15:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/12/22 17:15:17 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/12/22 17:15:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/22 17:15:17 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/12/22 09:04:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/11/15 03:32:00 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKCU..\Run: [CAHeadless] C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [SearchProtection] C:\Users\John\AppData\Roaming\Search Protection\SearchProtection.EXE (Spigot, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB54AFA7-0621-4F84-8F4D-EF25D5814F3F}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/04 11:41:59 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/04 11:38:07 | 000,000,000 | ---D | C] -- C:\RegBackup
[2014/01/04 11:34:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2014/01/04 11:34:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2014/01/01 22:25:55 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\Custom Office Templates
[2014/01/01 16:33:55 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\SparkTrust
[2014/01/01 16:33:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SparkTrust
[2013/12/31 16:13:26 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\SpeedMaxPc
[2013/12/31 16:13:26 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\DriverCure
[2013/12/31 16:13:22 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedMaxPc
[2013/12/31 16:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedMaxPc
[2013/12/31 16:13:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedMaxPc
[2013/12/29 17:32:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013/12/29 17:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2013/12/29 17:28:14 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/12/29 09:59:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Visan
[2013/12/29 09:59:40 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations
[2013/12/29 09:59:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP Photo Creations
[2013/12/29 09:59:29 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2013/12/27 20:11:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2013/12/27 20:01:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/12/27 18:44:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2013/12/27 18:44:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2013/12/27 18:43:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2013/12/27 18:43:30 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1991-06.com.microsoft
[2013/12/27 18:43:06 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013/12/27 18:43:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2013/12/27 18:41:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2013/12/27 18:41:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2013/12/27 18:40:59 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Microsoft Help
[2013/12/27 18:40:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2013/12/27 18:40:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013/12/27 18:40:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2013/12/26 00:06:47 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Microsoft Games
[2013/12/25 23:59:40 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Search Protection
[2013/12/25 23:58:11 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\uTorrent
[2013/12/24 18:24:00 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Macromedia
[2013/12/24 18:23:20 | 000,692,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/12/24 18:23:20 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/12/24 18:23:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013/12/24 15:59:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Folio Shared
[2013/12/24 15:59:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Family History
[2013/12/24 15:59:40 | 001,215,488 | ---- | C] (Inso Corporation) -- C:\Windows\SysWow64\Isgdi32.dll
[2013/12/24 15:59:38 | 000,154,392 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\Windows\SysWow64\Splitter.ocx
[2013/12/24 15:59:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RFViewer
[2013/12/24 14:36:15 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\Adobe
[2013/12/24 14:15:19 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Macromedia
[2013/12/24 08:37:44 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2013/12/24 08:37:44 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2013/12/24 08:26:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2013/12/24 08:26:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2013/12/23 17:41:30 | 000,000,000 | ---D | C] -- C:\Users\John\Desktop\New folder
[2013/12/23 09:27:44 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013/12/23 09:27:44 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013/12/23 09:27:44 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013/12/23 09:27:44 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013/12/22 20:54:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallConverter
[2013/12/22 20:38:19 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\LDWA
[2013/12/22 18:13:55 | 000,000,000 | ---D | C] -- C:\MM Map Folder
[2013/12/22 17:56:31 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Memory-Map-License
[2013/12/22 17:56:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Memory-Map-License
[2013/12/22 17:56:31 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\Map Overlays
[2013/12/22 17:55:37 | 000,000,000 | ---D | C] -- C:\Maps_v5
[2013/12/22 17:55:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Memory-Map
[2013/12/22 17:54:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013/12/22 17:26:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft LifeCam
[2013/12/22 17:25:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft LifeCam
[2013/12/22 17:25:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft LifeCam
[2013/12/22 17:14:45 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Skype
[2013/12/22 17:14:42 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/12/22 17:14:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/12/22 17:14:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/12/22 17:14:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013/12/22 16:59:22 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2013/12/22 16:59:21 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/12/22 15:32:03 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013/12/22 15:21:06 | 000,000,000 | ---D | C] -- C:\Windows.old.000
[2013/12/22 10:41:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrackLogs
[2013/12/22 10:41:51 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\TrackLogs
[2013/12/22 10:41:51 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\TrackLogs
[2013/12/22 10:41:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrackLogs
[2013/12/22 10:41:19 | 000,000,000 | ---D | C] -- C:\ProgramData\TrackLogs
[2013/12/22 10:22:33 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\FamilyTreeMaker
[2013/12/22 10:21:23 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\IsolatedStorage
[2013/12/22 10:21:19 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\Family Tree Maker
[2013/12/22 10:18:35 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Ancestry.com
[2013/12/22 10:17:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Family Tree Maker 2012
[2013/12/22 10:17:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Family Tree Maker 2012
[2013/12/22 10:17:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BCL Technologies
[2013/12/22 10:17:23 | 000,000,000 | ---D | C] -- C:\Windows\RegisteredPackages
[2013/12/22 10:17:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Media Components
[2013/12/22 10:17:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media
[2013/12/22 10:12:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013/12/22 10:10:47 | 000,000,000 | -H-D | C] -- C:\ProgramData\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}
[2013/12/22 10:10:39 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\PackageAware
[2013/12/22 10:07:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Avanquest Software Publishing Ltd
[2013/12/22 09:59:22 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\AVG2014
[2013/12/22 09:58:54 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\TuneUp Software
[2013/12/22 09:58:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/12/22 09:58:31 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2013/12/22 09:58:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2013/12/22 09:54:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/12/22 09:54:50 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\MFAData
[2013/12/22 09:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/12/22 09:54:50 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Avg2014
[2013/12/22 09:30:49 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013/12/22 09:28:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2013/12/22 09:27:04 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Adobe
[2013/12/22 09:25:19 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2013/12/22 09:25:09 | 000,056,336 | ---- | C] (Corel Corporation) -- C:\Windows\SysNative\drivers\PxHlpa64.sys
[2013/12/22 09:25:09 | 000,011,376 | ---- | C] (Corel Corporation) -- C:\Windows\SysNative\drivers\cdralw2k.sys
[2013/12/22 09:25:09 | 000,010,864 | ---- | C] (Corel Corporation) -- C:\Windows\SysNative\drivers\cdr4_xp.sys
[2013/12/22 09:24:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2013/12/22 09:24:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2013/12/22 09:24:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013/12/22 09:23:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013/12/22 09:23:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013/12/22 09:23:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/12/22 09:23:17 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Adobe
[2013/12/22 09:04:49 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Mozilla
[2013/12/22 09:04:49 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Mozilla
[2013/12/22 09:04:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/12/22 09:04:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/12/22 09:04:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/12/22 08:58:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2013/12/22 08:58:01 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\SlimWare Utilities Inc
[2013/12/22 08:57:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverUpdate
[2013/12/22 08:57:49 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2013/12/22 08:41:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2013/12/22 08:41:12 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\HpUpdate
[2013/12/22 08:41:03 | 000,741,480 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\HPDiscoPM4812.dll
[2013/12/22 08:41:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2013/12/22 08:40:39 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2013/12/22 08:40:39 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2013/12/22 08:40:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2013/12/22 08:40:37 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013/12/22 08:40:09 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\HP
[2013/12/22 08:10:36 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Diagnostics
[2013/12/22 07:52:25 | 000,000,000 | R--D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/12/22 07:52:25 | 000,000,000 | R--D | C] -- C:\Users\John\Searches
[2013/12/22 07:52:25 | 000,000,000 | R--D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/12/22 07:52:25 | 000,000,000 | -H-D | C] -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/12/22 07:52:16 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Identities
[2013/12/22 07:52:13 | 000,000,000 | R--D | C] -- C:\Users\John\Contacts
[2013/12/22 07:52:12 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\VirtualStore
[2013/12/22 07:52:04 | 000,000,000 | --SD | C] -- C:\Users\John\AppData\Roaming\Microsoft
[2013/12/22 07:52:04 | 000,000,000 | R--D | C] -- C:\Users\John\Videos
[2013/12/22 07:52:04 | 000,000,000 | R--D | C] -- C:\Users\John\Saved Games
[2013/12/22 07:52:04 | 000,000,000 | R--D | C] -- C:\Users\John\Pictures
[2013/12/22 07:52:04 | 000,000,000 | R--D | C] -- C:\Users\John\Music
[2013/12/22 07:52:04 | 000,000,000 | R--D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/12/22 07:52:04 | 000,000,000 | R--D | C] -- C:\Users\John\Links
[2013/12/22 07:52:04 | 000,000,000 | R--D | C] -- C:\Users\John\Favorites
[2013/12/22 07:52:04 | 000,000,000 | R--D | C] -- C:\Users\John\Downloads
[2013/12/22 07:52:04 | 000,000,000 | R--D | C] -- C:\Users\John\Documents
[2013/12/22 07:52:04 | 000,000,000 | R--D | C] -- C:\Users\John\Desktop
[2013/12/22 07:52:04 | 000,000,000 | R--D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/12/22 07:52:04 | 000,000,000 | -HSD | C] -- C:\Users\John\AppData\Local\Temporary Internet Files
[2013/12/22 07:52:04 | 000,000,000 | -HSD | C] -- C:\Users\John\Templates
[2013/12/22 07:52:04 | 000,000,000 | -HSD | C] -- C:\Users\John\Start Menu
[2013/12/22 07:52:04 | 000,000,000 | -HSD | C] -- C:\Users\John\SendTo
[2013/12/22 07:52:04 | 000,000,000 | -HSD | C] -- C:\Users\John\Recent
[2013/12/22 07:52:04 | 000,000,000 | -HSD | C] -- C:\Users\John\PrintHood
[2013/12/22 07:52:04 | 000,000,000 | -HSD | C] -- C:\Users\John\NetHood
[2013/12/22 07:52:04 | 000,000,000 | -HSD | C] -- C:\Users\John\Documents\My Videos
[2013/12/22 07:52:04 | 000,000,000 | -HSD | C] -- C:\Users\John\Documents\My Pictures
[2013/12/22 07:52:04 | 000,000,000 | -HSD | C] -- C:\Users\John\Documents\My Music
[2013/12/22 07:52:04 | 000,000,000 | -HSD | C] -- C:\Users\John\My Documents
[2013/12/22 07:52:04 | 000,000,000 | -HSD | C] -- C:\Users\John\Local Settings
[2013/12/22 07:52:04 | 000,000,000 | -HSD | C] -- C:\Users\John\AppData\Local\History
[2013/12/22 07:52:04 | 000,000,000 | -HSD | C] -- C:\Users\John\Cookies
[2013/12/22 07:52:04 | 000,000,000 | -HSD | C] -- C:\Users\John\Application Data
[2013/12/22 07:52:04 | 000,000,000 | -HSD | C] -- C:\Users\John\AppData\Local\Application Data
[2013/12/22 07:52:04 | 000,000,000 | -H-D | C] -- C:\Users\John\AppData
[2013/12/22 07:52:04 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Temp
[2013/12/22 07:52:04 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Microsoft
[2013/12/22 07:52:04 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Media Center Programs
[2013/12/22 07:35:36 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/12/22 07:33:26 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013/12/21 08:35:19 | 000,000,000 | -H-D | C] -- C:\$WINDOWS.~Q
[2013/12/21 08:31:55 | 000,000,000 | -H-D | C] -- C:\$INPLACE.~TR
[2013/12/12 12:12:01 | 000,000,000 | ---D | C] -- C:\Intel
[2013/12/12 11:48:07 | 000,646,248 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2013/12/12 11:48:07 | 000,107,552 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RTNUninst64.dll
[2013/12/12 11:48:06 | 000,000,000 | ---D | C] -- C:\W7
[2013/12/12 11:47:46 | 000,000,000 | ---D | C] -- C:\HECI
[2013/12/12 11:47:31 | 000,000,000 | ---D | C] -- C:\INFUpdate
[2013/12/12 11:46:57 | 000,000,000 | ---D | C] -- C:\Realtek
[2013/12/12 00:28:50 | 000,000,000 | ---D | C] -- C:\Windows.old
[6 C:\*.tmp files -> C:\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/04 17:21:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/04 17:21:55 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/04 14:24:24 | 000,310,846 | ---- | M] () -- C:\Users\John\Documents\Scan0001.jpg
[2014/01/04 11:38:46 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-HOMECOMPUTER-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014/01/04 11:34:30 | 000,002,242 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2014/01/04 11:32:44 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/04 11:32:44 | 000,664,320 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/04 11:32:44 | 000,125,056 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/04 10:57:45 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/04 10:57:45 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/04 10:50:45 | 000,001,932 | ---- | M] () -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 7500 E910.lnk
[2014/01/04 10:50:29 | 3208,192,000 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/01 22:05:19 | 002,871,966 | ---- | M] () -- C:\Users\John\Desktop\Certificate 5B Pentlands from Mount Maw V2.jpg
[2014/01/01 22:03:25 | 000,667,992 | ---- | M] () -- C:\Users\John\Desktop\Certificate 5B Greatmoor Hill & Maiden Paps VI.jpg
[2014/01/01 18:00:00 | 000,000,462 | ---- | M] () -- C:\Windows\tasks\SpeedMaxPc Registration3.job
[2014/01/01 13:50:04 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\SpeedMaxPc Update3.job
[2014/01/01 13:50:04 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\SpeedMaxPc.job
[2013/12/29 17:32:38 | 000,001,938 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/12/29 17:32:38 | 000,001,938 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/12/29 17:27:48 | 442,752,943 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/12/29 09:59:40 | 000,001,998 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2013/12/27 19:17:02 | 003,459,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/27 18:59:56 | 000,002,837 | ---- | M] () -- C:\Users\John\Desktop\Word 2013.lnk
[2013/12/27 18:59:56 | 000,002,789 | ---- | M] () -- C:\Users\John\Desktop\Excel 2013.lnk
[2013/12/27 11:27:17 | 000,921,624 | ---- | M] () -- C:\img2-001.raw
[2013/12/25 23:59:33 | 000,000,819 | ---- | M] () -- C:\Users\John\Desktop\µTorrent.lnk
[2013/12/25 23:59:33 | 000,000,799 | ---- | M] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/12/24 18:23:20 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/12/24 18:23:20 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/12/24 11:12:01 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/12/24 11:12:00 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/12/24 03:46:06 | 000,763,958 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/12/23 08:51:51 | 000,016,152 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2013/12/22 18:11:12 | 000,002,447 | ---- | M] () -- C:\Users\Public\Desktop\Memory-Map Navigator.lnk
[2013/12/22 17:56:31 | 000,000,058 | ---- | M] () -- C:\Users\John\AppData\Local\mm-device-08.ini
[2013/12/22 17:55:20 | 000,000,615 | ---- | M] () -- C:\Windows\{A7A59CB1-5FAE-42A1-B335-17B1C942B43E}_WiseFW.ini
[2013/12/22 17:55:18 | 000,002,453 | ---- | M] () -- C:\Users\Public\Desktop\Memory-Map OS-5.lnk
[2013/12/22 17:26:01 | 000,002,036 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft LifeCam.lnk
[2013/12/22 17:14:42 | 000,002,697 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/12/22 16:59:06 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/12/22 15:31:52 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2013/12/22 10:46:59 | 000,002,619 | ---- | M] () -- C:\Users\Public\Desktop\TrackLogs Digital Mapping v3.lnk
[2013/12/22 10:18:16 | 000,000,977 | ---- | M] () -- C:\Users\Public\Desktop\Family Tree Maker 2012.lnk
[2013/12/22 09:58:54 | 000,000,972 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2013/12/22 09:32:12 | 000,001,224 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Premiere Elements 12.lnk
[2013/12/22 09:25:11 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 12.lnk
[2013/12/22 09:04:42 | 000,001,154 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/12/22 08:49:51 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2013/12/22 08:41:02 | 000,002,219 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet 7500 E910.lnk
[2013/12/22 08:41:02 | 000,001,166 | ---- | M] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Officejet 7500 E910.lnk
[2013/12/22 08:40:36 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2013/12/22 08:09:16 | 000,001,444 | ---- | M] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/12/22 07:36:04 | 000,108,227 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013/12/22 07:36:04 | 000,108,227 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013/12/22 07:34:07 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[6 C:\*.tmp files -> C:\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/01/04 14:24:24 | 000,310,846 | ---- | C] () -- C:\Users\John\Documents\Scan0001.jpg
[2014/01/04 11:38:46 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-HOMECOMPUTER-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014/01/04 11:34:30 | 000,002,242 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2014/01/01 22:05:16 | 002,871,966 | ---- | C] () -- C:\Users\John\Desktop\Certificate 5B Pentlands from Mount Maw V2.jpg
[2014/01/01 22:03:22 | 000,667,992 | ---- | C] () -- C:\Users\John\Desktop\Certificate 5B Greatmoor Hill & Maiden Paps VI.jpg
[2013/12/31 16:13:31 | 000,000,462 | ---- | C] () -- C:\Windows\tasks\SpeedMaxPc Registration3.job
[2013/12/31 16:13:21 | 000,000,420 | ---- | C] () -- C:\Windows\tasks\SpeedMaxPc Update3.job
[2013/12/31 16:13:20 | 000,000,398 | ---- | C] () -- C:\Windows\tasks\SpeedMaxPc.job
[2013/12/29 17:27:48 | 442,752,943 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/12/29 09:59:40 | 000,001,998 | ---- | C] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2013/12/27 18:44:58 | 000,002,837 | ---- | C] () -- C:\Users\John\Desktop\Word 2013.lnk
[2013/12/27 18:44:58 | 000,002,789 | ---- | C] () -- C:\Users\John\Desktop\Excel 2013.lnk
[2013/12/25 23:59:33 | 000,000,819 | ---- | C] () -- C:\Users\John\Desktop\µTorrent.lnk
[2013/12/25 23:59:33 | 000,000,799 | ---- | C] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/12/24 18:23:20 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/24 15:59:40 | 000,025,600 | ---- | C] () -- C:\Windows\Regit.exe
[2013/12/24 15:59:40 | 000,004,352 | ---- | C] () -- C:\Windows\Isgdi32.ini
[2013/12/24 15:59:40 | 000,000,267 | ---- | C] () -- C:\Windows\SysWow64\RFSystem.bat
[2013/12/24 11:12:01 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/12/24 11:12:00 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/12/24 01:59:51 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/12/23 09:27:21 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/12/22 18:11:12 | 000,002,459 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Memory-Map Navigator.lnk
[2013/12/22 18:11:12 | 000,002,447 | ---- | C] () -- C:\Users\Public\Desktop\Memory-Map Navigator.lnk
[2013/12/22 17:56:31 | 000,000,058 | ---- | C] () -- C:\Users\John\AppData\Local\mm-device-08.ini
[2013/12/22 17:55:18 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Memory-Map OS-5.lnk
[2013/12/22 17:55:18 | 000,002,453 | ---- | C] () -- C:\Users\Public\Desktop\Memory-Map OS-5.lnk
[2013/12/22 17:55:14 | 000,000,615 | ---- | C] () -- C:\Windows\{A7A59CB1-5FAE-42A1-B335-17B1C942B43E}_WiseFW.ini
[2013/12/22 17:26:01 | 000,002,036 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft LifeCam.lnk
[2013/12/22 17:14:42 | 000,002,697 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/12/22 16:59:21 | 000,001,938 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/12/22 16:59:21 | 000,001,938 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/12/22 16:59:06 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/12/22 16:59:06 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/12/22 10:41:53 | 000,002,619 | ---- | C] () -- C:\Users\Public\Desktop\TrackLogs Digital Mapping v3.lnk
[2013/12/22 10:18:16 | 000,000,977 | ---- | C] () -- C:\Users\Public\Desktop\Family Tree Maker 2012.lnk
[2013/12/22 10:14:56 | 000,763,958 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/12/22 09:58:54 | 000,000,972 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2013/12/22 09:32:12 | 000,002,244 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Elements 12.lnk
[2013/12/22 09:32:12 | 000,001,224 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Premiere Elements 12.lnk
[2013/12/22 09:25:11 | 000,001,912 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 12.lnk
[2013/12/22 09:25:11 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 12.lnk
[2013/12/22 09:04:42 | 000,001,166 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/12/22 09:04:42 | 000,001,154 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/12/22 08:58:03 | 000,016,152 | ---- | C] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2013/12/22 08:49:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/12/22 08:42:41 | 000,001,932 | ---- | C] () -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 7500 E910.lnk
[2013/12/22 08:41:17 | 000,000,962 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2013/12/22 08:41:02 | 000,002,219 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet 7500 E910.lnk
[2013/12/22 08:41:02 | 000,001,166 | ---- | C] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Officejet 7500 E910.lnk
[2013/12/22 08:40:36 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/12/22 08:09:16 | 000,001,444 | ---- | C] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/12/22 07:52:26 | 000,001,420 | ---- | C] () -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/12/22 07:52:04 | 000,000,290 | ---- | C] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/12/22 07:52:04 | 000,000,272 | ---- | C] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/12/22 07:35:52 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013/12/22 07:35:48 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013/12/22 07:34:07 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/12/21 01:15:31 | 3208,192,000 | -HS- | C] () -- C:\hiberfil.sys
[2013/12/12 11:48:07 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 02:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 01:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/12/22 09:59:22 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\AVG2014
[2013/12/31 16:13:26 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\DriverCure
[2014/01/01 23:05:16 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\FamilyTreeMaker
[2013/12/25 23:59:40 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Search Protection
[2014/01/01 16:33:55 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\SparkTrust
[2013/12/31 16:13:26 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\SpeedMaxPc
[2013/12/22 10:47:13 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\TrackLogs
[2013/12/22 09:58:54 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\TuneUp Software
[2013/12/27 19:11:56 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\uTorrent

========== Purity Check ==========



< End of report >
Somersetboy1942
Active Member
 
Posts: 9
Joined: December 31st, 2013, 6:11 am

Re: Unwanted Yahoo Search page

Unread postby Gary R » January 4th, 2014, 2:16 pm

OK, lets get started on cleaning up your computer ...

First

Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:

µTorrent


Use of P2P programs is the fastest way to contract an infection that I know of.

Reboot your computer once it's uninstalled

Next ...

  • Double click AdwCleaner.exe to run it.
  • Click Scan and allow the scan to finish.
  • Now click Clean to remove the items found.
  • Click OK to the prompt.
  • The tool will run & your computer will be rebooted automatically. A logfile will open after the restart.
  • Post the contents of the logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[s1].txt.

Next ...

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box. (don't include Code: Select all)
Code: Select all
:OTL
PRC - [2013/09/03 21:17:22 | 000,832,360 | ---- | M] (Spigot, Inc.) -- C:\Users\John\AppData\Roaming\Search Protection\SearchProtection.exe
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.conduit.com/Results.aspx? ... 1430D6E&q= {searchTerms}&SSPV=
O4 - HKCU..\Run: [SearchProtection] C:\Users\John\AppData\Roaming\Search Protection\SearchProtection.EXE (Spigot, Inc.)
[2013/12/31 16:13:26 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\SpeedMaxPc
[2013/12/31 16:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedMaxPc
[2013/12/31 16:13:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedMaxPc
[2013/12/25 23:59:40 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Search Protection
[2013/12/25 23:58:11 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\uTorrent
[6 C:\*.tmp files -> C:\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2014/01/01 18:00:00 | 000,000,462 | ---- | M] () -- C:\Windows\tasks\SpeedMaxPc Registration3.job
[2014/01/01 13:50:04 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\SpeedMaxPc Update3.job
[2014/01/01 13:50:04 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\SpeedMaxPc.job
[2013/12/25 23:59:33 | 000,000,819 | ---- | M] () -- C:\Users\John\Desktop\µTorrent.lnk
[2013/12/25 23:59:33 | 000,000,799 | ---- | M] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/12/25 23:59:40 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Search Protection
[2013/12/31 16:13:26 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\SpeedMaxPc
[2013/12/27 19:11:56 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\uTorrent

:Files
ipconfig /flushdns /c

:Commands
[emptytemp]
[resethosts]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Next ...

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on Run ESET Online Scanner
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed click on Start to start the scan.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed you will be presented with a list of found threats ....
    • Click on the List of found threats link
    • Click on Export to text file
    • Save as ESET.txt to your Desktop
  • Exit out of ESET Online Scanner.
  • Post me the contents of ESET.txt please.

Summary of the logs I need from you in your next post:
  • AdwCleaner[s1].txt
  • OTL fix log
  • ESET.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21864
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Unwanted Yahoo Search page

Unread postby Somersetboy1942 » January 4th, 2014, 2:29 pm

# AdwCleaner v3.016 - Report created 04/01/2014 at 18:24:53
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : John - HOMECOMPUTER
# Running from : C:\Users\John\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\SpeedMaxPc
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\Common Files\SpeedMaxPc
Folder Deleted : C:\Users\John\AppData\Local\PackageAware
Folder Deleted : C:\Users\John\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\John\AppData\Roaming\Search Protection
Folder Deleted : C:\Users\John\AppData\Roaming\SpeedMaxPc
Folder Deleted : C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedMaxPc
File Deleted : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\f6scdwrk.default\searchplugins\conduit-search.xml
File Deleted : C:\Windows\Tasks\SpeedMaxPc.job
File Deleted : C:\Windows\System32\Tasks\SpeedMaxPc

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\SpeedMaxPC
Key Deleted : HKLM\Software\SpeedMaxPC

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\f6scdwrk.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [2711 octets] - [04/01/2014 11:42:02]
AdwCleaner[R1].txt - [2771 octets] - [04/01/2014 11:46:41]
AdwCleaner[R2].txt - [2831 octets] - [04/01/2014 17:33:27]
AdwCleaner[R3].txt - [2891 octets] - [04/01/2014 18:24:27]
AdwCleaner[S0].txt - [2670 octets] - [04/01/2014 18:24:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2730 octets] ##########
Somersetboy1942
Active Member
 
Posts: 9
Joined: December 31st, 2013, 6:11 am

Re: Unwanted Yahoo Search page

Unread postby Somersetboy1942 » January 4th, 2014, 2:37 pm

All processes killed
========== OTL ==========
No active process named SearchProtection.exe was found!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtection deleted successfully.
File C:\Users\John\AppData\Roaming\Search Protection\SearchProtection.EXE not found.
Folder C:\Users\John\AppData\Roaming\SpeedMaxPc\ not found.
Folder C:\ProgramData\SpeedMaxPc\ not found.
Folder C:\Program Files (x86)\Common Files\SpeedMaxPc\ not found.
Folder C:\Users\John\AppData\Roaming\Search Protection\ not found.
C:\Users\John\AppData\Roaming\uTorrent\updates folder moved successfully.
C:\Users\John\AppData\Roaming\uTorrent\share folder moved successfully.
C:\Users\John\AppData\Roaming\uTorrent\ie folder moved successfully.
C:\Users\John\AppData\Roaming\uTorrent\dlimagecache folder moved successfully.
C:\Users\John\AppData\Roaming\uTorrent\apps folder moved successfully.
C:\Users\John\AppData\Roaming\uTorrent folder moved successfully.
C:\IExp0.tmp folder deleted successfully.
C:\IExp1.tmp folder deleted successfully.
C:\IExp2.tmp folder deleted successfully.
C:\IExp3.tmp folder deleted successfully.
C:\IExp4.tmp folder deleted successfully.
C:\IExp5.tmp folder deleted successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
C:\Windows\~GLH0000.TMP deleted successfully.
C:\Windows\~GLH0001.TMP deleted successfully.
C:\Windows\Tasks\SpeedMaxPc Registration3.job moved successfully.
C:\Windows\Tasks\SpeedMaxPc Update3.job moved successfully.
File C:\Windows\tasks\SpeedMaxPc.job not found.
File C:\Users\John\Desktop\µTorrent.lnk not found.
File C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk not found.
Folder C:\Users\John\AppData\Roaming\Search Protection\ not found.
Folder C:\Users\John\AppData\Roaming\SpeedMaxPc\ not found.
Folder C:\Users\John\AppData\Roaming\uTorrent\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\John\Downloads\cmd.bat deleted successfully.
C:\Users\John\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: John
->Temp folder emptied: 1070250266 bytes
->Temporary Internet Files folder emptied: 160543897 bytes
->FireFox cache emptied: 18766278 bytes
->Flash cache emptied: 3213 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 233775250 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 43278547 bytes
RecycleBin emptied: 101499 bytes

Total Files Cleaned = 1,456.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 01042014_183135

Files\Folders moved on Reboot...
C:\Users\John\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Somersetboy1942
Active Member
 
Posts: 9
Joined: December 31st, 2013, 6:11 am

Re: Unwanted Yahoo Search page

Unread postby Gary R » January 4th, 2014, 5:16 pm

I presume you haven't yet finished the e-set scan, please post the log once it is available.

Any problems running e-set please let me know.

My apologies, I should also have included the yahoo entries that were causing your initial request for help ....

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:OTL
IE - HKCU\..\SearchScopes\{0CD9EE19-E502-4579-B571-EFEB297EC4BF}: "URL" = http://uk.search.yahoo.com/search?fr=ch ... =293224&p= {searchTerms}
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=293224"
FF - prefs.js..browser.startup.homepage: "http://uk.search.yahoo.com/?type=293224&fr=spigot-yhp-ff"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=293224&p="
[2013/12/26 00:01:41 | 000,000,921 | ---- | M] () -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\f6scdwrk.default\searchplugins\yahoo.xml

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The new fix log will open.
  • Copy/Paste the new fix log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21864
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Unwanted Yahoo Search page

Unread postby Somersetboy1942 » January 4th, 2014, 7:04 pm

C:\Windows.old\Users\John\Downloads\Installer_Regwork.exe a variant of Win32/Adware.RegRevive.A application
C:\Windows.old\Documents and Settings\John\Downloads\Installer_Regwork.exe a variant of Win32/Adware.RegRevive.A application cleaned by deleting - quarantined
Somersetboy1942
Active Member
 
Posts: 9
Joined: December 31st, 2013, 6:11 am

Re: Unwanted Yahoo Search page

Unread postby Somersetboy1942 » January 4th, 2014, 7:11 pm

========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0CD9EE19-E502-4579-B571-EFEB297EC4BF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CD9EE19-E502-4579-B571-EFEB297EC4BF}\ not found.
Prefs.js: "chr-greentree_ff&ilc=12&type=293224" removed from browser.search.param.yahoo-fr
Prefs.js: "http://uk.search.yahoo.com/?type=293224&fr=spigot-yhp-ff" removed from browser.startup.homepage
Prefs.js: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=293224&p=" removed from keyword.URL
File C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\f6scdwrk.default\searchplugins\yahoo.xml not found.

OTL by OldTimer - Version 3.2.69.0 log created on 01042014_231057
Somersetboy1942
Active Member
 
Posts: 9
Joined: December 31st, 2013, 6:11 am

Re: Unwanted Yahoo Search page

Unread postby Gary R » January 4th, 2014, 9:11 pm

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:Files
C:\Windows.old\Users\John\Downloads\Installer_Regwork.exe
C:\Windows.old\Documents and Settings\John\Downloads\Installer_Regwork.exe

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Please let me know how your computer is behaving now.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21864
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Unwanted Yahoo Search page

Unread postby Somersetboy1942 » January 5th, 2014, 6:26 am

========== FILES ==========
File\Folder C:\Windows.old\Users\John\Downloads\Installer_Regwork.exe not found.
File\Folder C:\Windows.old\Documents and Settings\John\Downloads\Installer_Regwork.exe not found.

OTL by OldTimer - Version 3.2.69.0 log created on 01052014_102314

Hi Gary, computer seems to be working OK. Many thanks for your help. I will take your advice about inappropriate programmes. Best Wishes

John
Somersetboy1942
Active Member
 
Posts: 9
Joined: December 31st, 2013, 6:11 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 28 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware