Solved when I click a link in IE it redirects me

June 17, 2013 at 08:57:17
Specs: Windows 7
In IE when I click a link either from a search or from a website it a screen comes up that says redirecting. The web address is It most of the times redirects me to a search related to the link, but sometimes it takes me to a porn site. I have run SuperAntiSpyware but the problem still exists. I am using Windows 7. If anyone can help I would greatly appreciate it.

✔ Best Answer
July 5, 2013 at 16:36:15
" It found 3 threats and cleared them"
"but there is no log"
Weird, I have no other answers.
"The original problem I started with is no longer happening so maybe everything is taken care of"
Sounds good, just update & run Malwarebytes ( MBAM ) again.

June 17, 2013 at 14:21:01
I don't know about SuperAntiSpyware but ADWcleaner and malwarebytes work pretty good for redirecting malware. Derek's # 3 here has some download links:

Try those first. Post back if you have additional problems.

June 17, 2013 at 16:48:30
redirects are usually unwanted rootkits. To easily remove the problem, download and run these 3 progs in the EXACT order listed and DO NOT reboot until after the last scan is done.

1- rkill.exe
2- tdss killer
3- Malwarebytes

Some HELP in posting on plus free progs and instructions 7 Golds

June 17, 2013 at 17:08:09
stacyeh, Copy & Paste the contents of the infection cleaning logs in your next reply, please.

June 19, 2013 at 05:13:28
Below are the logs from Rkill & Malware. The TDSS killer didn't find anything. Thanks so much for everyone's help. So far everything is working fine. If I have anymore problems I know where to come. Thanks again.

Rkill 2.5.3 by Lawrence Abrams (Grinler)
Copyright 2008-2013
More Information about Rkill can be found at this link:

Invalid arguments ignored: InternetFiles\Content.IE5\0MSCMEOK\rkill.exe

Program started at: 06/19/2013 06:37:57 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Users\logan\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (PID: 412) [UP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\exefile\shell\open\command\\IsolatedCommand was changed. It was reset to "%1" %*!

* HKLM\Software\Classes\exefile\shell\runas\command\\IsolatedCommand was changed. It was reset to "%1" %*!

Performing miscellaneous checks:

* ALERT: ZEROACCESS rootkit symptoms found!

* HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 [ZA Reg Hijack]
* C:\$Recycle.Bin\S-1-5-21-774832544-3403919201-2401829686-1000\$34abdb91f75e6e4d3541138e74b7a4fe\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-774832544-3403919201-2401829686-1000\$34abdb91f75e6e4d3541138e74b7a4fe\@ [ZA File]
* C:\$Recycle.Bin\S-1-5-21-774832544-3403919201-2401829686-1000\$34abdb91f75e6e4d3541138e74b7a4fe\L\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-774832544-3403919201-2401829686-1000\$34abdb91f75e6e4d3541138e74b7a4fe\L\00000004.@ [ZA File]
* C:\$Recycle.Bin\S-1-5-21-774832544-3403919201-2401829686-1000\$34abdb91f75e6e4d3541138e74b7a4fe\U\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-774832544-3403919201-2401829686-1000\$34abdb91f75e6e4d3541138e74b7a4fe\U\00000004.$ [ZA File]
* C:\$Recycle.Bin\S-1-5-21-774832544-3403919201-2401829686-1000\$34abdb91f75e6e4d3541138e74b7a4fe\U\00000008.$ [ZA File]
* C:\$Recycle.Bin\S-1-5-21-774832544-3403919201-2401829686-1000\$34abdb91f75e6e4d3541138e74b7a4fe\U\000000cb.$ [ZA File]
* C:\$Recycle.Bin\S-1-5-21-774832544-3403919201-2401829686-1000\$34abdb91f75e6e4d3541138e74b7a4fe\U\80000000.$ [ZA File]
* C:\$Recycle.Bin\S-1-5-21-774832544-3403919201-2401829686-1000\$34abdb91f75e6e4d3541138e74b7a4fe\U\80000032.$ [ZA File]
* C:\$Recycle.Bin\S-1-5-21-774832544-3403919201-2401829686-1000\$34abdb91f75e6e4d3541138e74b7a4fe\U\80000064.@ [ZA File]

Checking Windows Service Integrity:

* Windows Firewall (MpsSvc) is not Running.
Startup Type set to: Automatic

* SharedAccess [Missing ImagePath]
* WinDefend [Missing ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 06/19/2013 06:40:05 AM
Execution time: 0 hours(s), 2 minute(s), and 8 seconds(s)

Malwarebytes Anti-Malware

Database version: v2013.06.19.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
logan :: LOGAN-HP [administrator]

6/19/2013 6:44:42 AM
mbam-log-2013-06-19 (06-44-42).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 501448
Time elapsed: 1 hour(s), 13 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 9
C:\Users\logan\AppData\Local\tfm.exe (Rogue.Agent) -> Quarantined and deleted successfully.
C:\Users\logan\AppData\Local\Temp\is1373634743\PricePeepInstaller-IronSource.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\logan\AppData\Local\Temp\RarSFX0\proxycheck.exe (Trojan.Zbot.AI) -> Quarantined and deleted successfully.
C:\Users\logan\AppData\Local\Temp\RarSFX1\proxycheck.exe (Trojan.Zbot.AI) -> Quarantined and deleted successfully.
C:\Users\logan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\6109ad24-2e20b280 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\logan\Templates\6o4v7yr6ikfw18072u (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\logan\AppData\Local\Temp\6o4v7yr6ikfw18072u (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\ProgramData\6o4v7yr6ikfw18072u (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\logan\AppData\Local\6o4v7yr6ikfw18072u (Trojan.FakeAlert) -> Quarantined and deleted successfully.


June 19, 2013 at 05:31:24
That is a very good result stacyeh.

I like to make sure no remnants are lurking.

1: Download & run Unhide
A introduction as to what this program does.
For those of you who no longer have the %Temp%\Smtmp folder, you will not be able to use Unhide to restore your Start Menu items. With this in mind, I have created some scripts to restore the default Start Menu for specific versions of Windows that I have access to. You can view the available versions below. I will be adding more as time goes on.
Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run, it does take some time, be patient. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.
When Unhide is complete, it will create a logfile on the Windows Desktop called Unhide.txt.
Copy & Paste the contents of the log. Let me know if it doesn't produce a log please.

2: Reboot

3: Run ComboFix & post the contents of the log please. ComboFix's log should be located at C:\COMBOFIX.TXT.
A guide and tutorial on using ComboFix
Manually restoring the Internet connection
"There are circumstances ComboFix will hang, crash or stall at various stages due to malware interference, failure to disable other real-time protection tools or the presence of CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) so that it does not complete successfully. Also, depending on how badly a system is infected, ComboFix may take longer to complete its routine than it normally does or fail to run properly. While that is not normal behavior, it is not unusual"
Run Defogger
This program can enable and disable CD emulation, often required in removing difficult malware. Some CD Emulation programs use a hidden driver that may be seen as a rootkit or that will interfere with the proper operation of the anti-rootkit scanner.
If you think it's frozen, look at the computer clock.
If it's running, Combofix is still working.
Do not mouseclick combofix's window while it is running. That may cause it to stall.
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes.
If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.
Can't Install an Antivirus - Windows Security Center still detects previous AV
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.

June 24, 2013 at 15:37:27
Hey JohnW. Sorry it has taken a few days to respond to your instructions. I have been out of town. Below is the log from Unhide. I did notice in the log that the Temp\smtmp\ folder does not exist. What do I need to do about that? I am now going to reboot and start the instructions for Combofix. I will post the log when finished.

Unhide by Lawrence Abrams (Grinler)
Copyright 2008-2013
More Information about Unhide.exe can be found at this link:

Program started at: 06/24/2013 06:12:36 PM
Windows Version: Windows 7

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 362123 files processed.

Processing the D:\ drive
Finished processing the D:\ drive. 227 files processed.

Processing the Q:\ drive
Finished processing the Q:\ drive. 0 files processed.

The C:\Users\logan\AppData\Local\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts:

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
No registry changes detected.

Program finished at: 06/24/2013 06:25:42 PM
Execution time: 0 hours(s), 13 minute(s), and 6 seconds(s)

June 24, 2013 at 15:47:18
" I did notice in the log that the Temp\smtmp\ folder does not exist"
No need to do anything about that stacyeh.

June 24, 2013 at 17:43:47
Johnw, when I did the reboot after the Unhide my computer would not restart. I received a message that gave me the option to repair or start Windows as usual. The first time I chose start windows as usual and still would not start. The screen went black. I powered down and then back up and chose the repair option. After the repair sequence I ran recovery manager and was able to log back in. Could the Unhide have caused the problem. Any suggestions? I appreciate your help.

Report •

June 24, 2013 at 18:14:45
"Any suggestions? I appreciate your help"
My thoughts are that something is still lurking, unknown at this point in time.

The Combofix log may reveal what it is.

Report •

June 24, 2013 at 18:17:38
ok I will proceed with the Combofix. Thanks.

Report •

June 25, 2013 at 07:17:36
Johnw, sorry to be such a problem child but after running combofix and rebooting I am able to open IE to my homepage but it will not let me open any other website. I am using my phone to post this reply. Any suggestions? I will try to figure out a way to paste combofix log using my phone. Any help will be appreciated.

Report •

June 25, 2013 at 07:42:02
See if u can view log here
https://sn1-broadcast.15.officeapps... 0310ff0234c47987%5Faacf3969% 2D730e%2D4c02%2Db403% 2De50674b7da53%2Dasync%2Edocx

Report •

June 25, 2013 at 07:45:05
"IE to my homepage but it will not let me open any other website"
I may be wrong, but I think Combofix has removed some infections & as is often the case, we now have to repair the affected programs.

Look here for starters.
Infection has enabled proxy
Start > Control Panel > Internet Options > Connections > LAN settings, untick > Use a proxy server for your LAN. Click OK twice.

If it is not that, run - Windows Repair

Check the following.

Repair WMI
Repair Internet Explorer
Repair MDAC & MS Jet
Repair Hosts File
Remove Policies Set By Infections

June 25, 2013 at 07:48:15
"See if u can view log here"
No luck stacyeh

June 25, 2013 at 10:08:05
Johnw, for some reason I am unable to post the combofix log. I thought maybe it was too large so I tried breaking into sections and still would not post.

Report •

June 25, 2013 at 15:26:14
stacyeh, try using this.

When any of the logs are too large, upload them to a site of your choosing or, all can be done with this. I use for images & for files.
Image Uploader
How to use
For other files.

June 28, 2013 at 16:51:49
Johnw, thanks for the info on uploading a file to the internet. Here is the link to the combofix log.

Thanks again for all your help

Report •

June 28, 2013 at 17:08:52
Thanks stacyeh, upload the file to as per the screenshot please.

Report •

June 28, 2013 at 17:12:09
Ignore my last post, got around the language thing, now looking at the log.

Report •

June 28, 2013 at 17:22:15
Run AdwCleaner
Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please Copy & Paste the contents of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Run Junkware Removal Tool
Download Junkware Removal Tool to your desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.

July 1, 2013 at 06:44:47
Johnw, here is the log from AdwCleaner
# AdwCleaner v2.303 - Logfile created 07/01/2013 at 09:38:33
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : logan - LOGAN-HP
# Boot Mode : Normal
# Running from : C:\Users\logan\Desktop\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Users\logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
File Deleted : C:\END
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\logan\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Windows\Tasks\AmiUpdXp.job
File Deleted : C:\Windows\Tasks\DSite.job
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Free Offers from
Folder Deleted : C:\Program Files (x86)\MapsGalaxy_39EI
Folder Deleted : C:\Program Files (x86)\Surf Canyon
Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\logan\AppData\Local\Conduit
Folder Deleted : C:\Users\logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Folder Deleted : C:\Users\logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Folder Deleted : C:\Users\logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Folder Deleted : C:\Users\logan\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\logan\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\logan\AppData\LocalLow\Delta
Folder Deleted : C:\Users\logan\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\logan\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\logan\AppData\Roaming\Babylon
Folder Deleted : C:\Users\logan\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\logan\AppData\Roaming\DSite
Folder Deleted : C:\Users\logan\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\iWon
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Surf Canyon
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{09971CEE-01B8-42BC-9D91-456B1FAAD6BE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A3514F71-E63F-440B-8076-14226E21B2BF}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\surfcanyon.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD
Key Deleted : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\surfcanyon.BhoSite
Key Deleted : HKLM\SOFTWARE\Classes\surfcanyon.BhoSite.1
Key Deleted : HKLM\SOFTWARE\Classes\surfcanyon.ShowSettings
Key Deleted : HKLM\SOFTWARE\Classes\surfcanyon.ShowSettings.1
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898.3
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2260173
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BA3105E9-5DE6-4A1E-A819-6F5046AB67F5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\5953dfd9bd6aee40
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AAFFE112-08AB-4B91-8428-C008A22864FB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{68AD96A1-2A28-4841-ABD0-F5AA45F008C9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{09971CEE-01B8-42BC-9D91-456B1FAAD6BE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Surf Canyon
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{004EB151-885B-4A9E-A22D-CA98DD998D75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{041278C7-DF92-486D-AE85-921BDFC75A43}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F1794F2-900B-4C81-8146-9234E5CC5BE2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1116A14B-F6A3-4FD9-A00E-FF8CF270EE48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{21D9997E-5D2A-4737-BCBA-C958C0590295}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{36A7148B-639E-423C-90BB-30B6E1A40BD7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{56965DCF-718F-4148-BECF-5A2B466F4556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5F701D7D-C869-41F0-B0E2-8136F02B539C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{61DAB0AD-AD23-4E40-84AC-7C6CE64D4EB3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{65D8E17B-312E-4E12-913B-A841A8631143}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{68AD96A1-2A28-4841-ABD0-F5AA45F008C9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6BDA50D2-5597-4C68-A842-9B857FCCDA49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6CA3D0AB-F807-462C-BA7F-E27F07F91E32}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{860AF5D1-0735-409D-8E5F-E3E99356D7E9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8997561D-CF0B-42C7-AAE6-78801B3ADC7F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{92580E8C-88F5-4551-9D9E-8147E7EE2C32}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A0636D37-97D0-4DC4-95A6-93AABA07437F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A786F51D-B3C7-4F52-91EF-E1A892C2A2AE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D244EAC5-A0F5-4859-A1F8-18ABC0AC3A00}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8AF87C1-0B1E-494B-AAF0-CECC3FFEDF99}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC4DAE-7794-4E16-9A98-F6001303DCD0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAB77009-B974-48DF-8229-E70CFAA11C69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EBAA6283-B61F-4DDD-9659-56635433A307}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFB0C189-5077-4340-9838-AF7B8E792A54}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFB4F034-3EB5-48D5-84DD-89BBCF9A182F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F9D45087-1CF1-452E-9649-FDFDAC578E03}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF2EBC1C-6579-41DB-91DD-945A1C8DB2D2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16490

[OK] Registry is clean.

-\\ Google Chrome v27.0.1453.116

File : C:\Users\logan\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.


AdwCleaner[S1].txt - [20314 octets] - [01/07/2013 09:38:33]

########## EOF - C:\AdwCleaner[S1].txt - [20375 octets] ##########

July 1, 2013 at 07:03:32
Johnw, here is the JRT log:

Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by logan on Mon 07/01/2013 at 9:51:04.28

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-774832544-3403919201-2401829686-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sparktrust
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sparktrust
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{03CE22A4-1025-480D-9F92-B6336B6D973E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{22728545-C313-4088-8A79-8894A4DD5FEA}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{54F48BFD-0BA2-4A92-B97E-A9E12EA15027}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BF5CDBD7-EC78-41F8-A1B1-01829572104D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E5D1EE06-4C63-45F9-A7FE-1910BC2640D7}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{22728545-C313-4088-8A79-8894A4DD5FEA}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{E5D1EE06-4C63-45F9-A7FE-1910BC2640D7}

~~~ Files

Successfully deleted: [File] "C:\Windows\couponprinter.ocx"

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\big fish games"
Successfully deleted: [Folder] "C:\ProgramData\sparktrust"
Successfully deleted: [Folder] "C:\Users\logan\AppData\Roaming\sparktrust"
Successfully deleted: [Folder] "C:\Users\logan\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Users\logan\appdata\locallow\couponalert_2pei"
Successfully deleted: [Folder] "C:\Users\logan\appdata\locallow\iac"
Successfully deleted: [Folder] "C:\Users\logan\appdata\locallow\toolbar4"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Folder] "C:\Program Files (x86)\ couponbar"

~~~ Event Viewer Logs were cleared

Scan was completed on Mon 07/01/2013 at 9:55:52.80
End of JRT log

July 1, 2013 at 16:14:19
Thanks staceyeh, big mess eh.

Next step, run RogueKiller
Official tutorial
Download & SAVE to your Desktop.
Quit all programs that you may have started.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7, right-click and select "Run as Administrator to start"
For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
click on "delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and Copy & Paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop
Exit/Close RogueKiller.

July 2, 2013 at 14:12:37
Johnw, boy I'm a glad you are such a computer genius. And thanks so much for your help. Here is the log from RogueKiller:

RogueKiller V8.6.2 _x64_ [Jul 2 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : hxxp://
Website : hxxp://
Blog :

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : logan [Admin rights]
Mode : Scan -- Date : 07/02/2013 17:09:53
| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] gentray.exe -- C:\Users\logan\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe [7] -> KILLED [TermProc]
[SUSP PATH] genupdater.exe -- C:\Users\logan\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 8 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : GenieoUpdaterService ("C:\Users\logan\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe" -wait 5 [7]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : GenieoSystemTray ("C:\Users\logan\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe" [7]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-774832544-3403919201-2401829686-1000\[...]\Run : GenieoUpdaterService ("C:\Users\logan\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe" -wait 5 [7]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-774832544-3403919201-2401829686-1000\[...]\Run : GenieoSystemTray ("C:\Users\logan\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe" [7]) -> FOUND
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][SUSP PATH] DSite : C:\Users\logan\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS725050A9A364 +++++
--- User ---
[MBR] 87e875778970b14844d970d00f4cf266
[BSP] 0ea5069140f28449c6543addd708168b : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 459190 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 940830720 | Size: 17446 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_07022013_170953.txt >>

July 2, 2013 at 15:33:40
"Johnw, boy I'm a glad you are such a computer genius"
Nah stacyeh, the clues are all in the logs, without them, it is impossible to know what is going on. If the infections are not removed 100%, they are like a cancer & will grow again.

Run ESET Online Scanner, Copy and Paste the contents of the log please. This scan may take a very long while, so please be patient. Maybe start it before going to work or bed.
You may have to download ESET from a good computer, put it on a flash/thumb/pen drive & run it from there, if your comp is unbootable, or won't let you download.
Create a ESET SysRescue CD or USB drive
How do I use my ESET SysRescue CD or USB flash drive to scan and clean my system?
Configure ESET this way & disable your AV.
How to Temporarily Disable your Anti-virus
Which web browsers are compatible with ESET Online Scanner?
Online Scanner not working
Why Would I Ever Need an Online Virus Scanner?
I already have an antivirus program installed, isn't that enough?
Once onto a machine, malware can disable antivirus programs, prevent antimalware programs from downloading updates, or prevent a user from running antivirus scans or installing new antivirus software or malware removal tools. At this point even though you are aware the computer is infected, removal is very difficult.
5: Why does the ESET Online Scanner run slowly on my computer?
If you have other antivirus, antispyware or anti-malware programs running on your computer, they may intercept the scan being performed by the ESET Online Scanner and hinder performance. You may wish to disable the real-time protection components of your other security software before running the ESET Online Scanner. Remember to turn them back on after you are finished.
17: How can I view the log file from ESET Online Scanner?
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking on it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start ? Run dialog box from the Start Menu on the desktop.
If no threats are found, you will simply see an information window that no threats were found.

July 4, 2013 at 07:26:40
Well Johnw, I ran the ESET and glad you told me to start it at bedtime because it took over 12 hours. It found 3 threats and cleared them, but I cannot find the log. On my computer the Eset folder is located at c:/programfiles (x86)... but there is no log. Any suggestions?

Report •

July 4, 2013 at 16:22:22
"Any suggestions?"
All in my post #25 or do a search on your drive.

July 5, 2013 at 09:33:48
I followed the instructions in post #25 and have done multiple searches on the c:/ drive using the entire path name and then searching words within the path name and still nothing. I do appreciate all your help. The original problem I started with is no longer happening so maybe everything is taken care of.

Report •

July 5, 2013 at 16:36:15
✔ Best Answer
" It found 3 threats and cleared them"
"but there is no log"
Weird, I have no other answers.
"The original problem I started with is no longer happening so maybe everything is taken care of"
Sounds good, just update & run Malwarebytes ( MBAM ) again.

