Lynn needs help

[lynneasum]

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d944bb61-2e34-4dbf-a683-47e505c587dc}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d944bb61-2e34-4dbf-a683-47e505c587dc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{8a7d2060-824d-4b17-b00a-759b1b5f30d9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a7d2060-824d-4b17-b00a-759b1b5f30d9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8a7d2060-824d-4b17-b00a-759b1b5f30d9}\ deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d944bb61-2e34-4dbf-a683-47e505c587dc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@photoproduct.rocketlife.com/RocketLife App Viewer;version=0.8\ deleted successfully.
C:\Users\katy\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\zoomext@starfield\locale\en-US folder moved successfully.
C:\Users\katy\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\zoomext@starfield\locale folder moved successfully.
C:\Users\katy\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\zoomext@starfield\defaults\preferences folder moved successfully.
C:\Users\katy\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\zoomext@starfield\defaults folder moved successfully.
C:\Users\katy\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\zoomext@starfield\content folder moved successfully.
C:\Users\katy\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\zoomext@starfield folder moved successfully.
C:\Users\katy\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\wbepaste@starfield\locale\en-US folder moved successfully.
C:\Users\katy\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\wbepaste@starfield\locale folder moved successfully.
C:\Users\katy\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\wbepaste@starfield\defaults\preferences folder moved successfully.
C:\Users\katy\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\wbepaste@starfield\defaults folder moved successfully.
C:\Users\katy\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\wbepaste@starfield\content folder moved successfully.
C:\Users\katy\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\wbepaste@starfield folder moved successfully.
C:\Users\katy\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} folder moved successfully.
C:\Users\katy\AppData\Roaming\mozilla\Extensions folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{a0154e07-2b48-475c-a82a-80efd84ea33e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0154e07-2b48-475c-a82a-80efd84ea33e}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A0154E07-2B48-475C-A82A-80EFD84EA33E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A0154E07-2B48-475C-A82A-80EFD84EA33E}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\intu-help-qb5\ deleted successfully.
File Protocol\Handler\intu-help-qb5 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\qbwc\ deleted successfully.
File Protocol\Handler\qbwc - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Program Files (x86)\Common Files\SparkTrust\UUS3\Images folder moved successfully.
C:\Program Files (x86)\Common Files\SparkTrust\UUS3 folder moved successfully.
C:\Program Files (x86)\Common Files\SparkTrust folder moved successfully.
C:\Windows\Tasks\SparkTrust Update Version3_triggeronce.job moved successfully.
C:\Windows\Tasks\SparkTrust Registration3.job moved successfully.
C:\Users\katy\Desktop\SpyHunter.lnk moved successfully.
C:\Windows\Tasks\SparkTrust Update Version3.job moved successfully.
C:\Users\katy\Desktop\SparkTrust PC Cleaner Plus.lnk moved successfully.
File C:\Users\katy\Desktop\SpyHunter.lnk not found.
File C:\Windows\tasks\SparkTrust Registration3.job not found.
File C:\Users\katy\Desktop\SparkTrust PC Cleaner Plus.lnk not found.
File C:\Windows\tasks\SparkTrust Update Version3.job not found.
File C:\Windows\tasks\SparkTrust Update Version3_triggeronce.job not found.
C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_0BF92B28-EB5C-11E3-9889-F42ECBEA7CAA.job moved successfully.
========== COMMANDS ==========
 
[EMPTYJAVA]
 
User: Administrator
 
User: All Users
 
User: Default
 
User: Default User
 
User: Guest
->Java cache emptied: 0 bytes
 
User: katy
->Java cache emptied: 39217 bytes
 
User: Public
 
User: TEMP
 
User: TLG Admin
 
Total Java Files Cleaned = 0.00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
 
User: All Users
 
User: Default
->Flash cache emptied: 56504 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Guest
->Flash cache emptied: 65122 bytes
 
User: katy
->Flash cache emptied: 86571 bytes
 
User: Public
 
User: TEMP
->Flash cache emptied: 2872 bytes
 
User: TLG Admin
->Flash cache emptied: 56504 bytes
 
Total Flash Files Cleaned = 0.00 mb
 
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Guest
->Temp folder emptied: 1106264 bytes
->Temporary Internet Files folder emptied: 181422 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: katy
->Temp folder emptied: 16555658 bytes
->Temporary Internet Files folder emptied: 30234454 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 122932648 bytes
->Apple Safari cache emptied: 183631872 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
->Flash cache emptied: 0 bytes
 
User: TLG Admin
->Temp folder emptied: 1365398 bytes
->Temporary Internet Files folder emptied: 33298 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 190429 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2907124 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 95403 bytes
RecycleBin emptied: 19325102 bytes
 
Total Files Cleaned = 361.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.69.0 log created on 06242014_174939

Files\Folders moved on Reboot...
C:\Users\katy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\katy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QBLHAYME\2q6dNtNfG1YHziVjQ1hUSA[1].woff moved successfully.
C:\Users\katy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QBLHAYME\34530-lynn-needs-help[1].htm moved successfully.
C:\Users\katy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QBLHAYME\ads[3].htm moved successfully.
C:\Users\katy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QBLHAYME\like[1].htm moved successfully.
C:\Users\katy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QBLHAYME\sNpRL69iYnSa-pHm90cZTA[1].woff moved successfully.
C:\Users\katy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QBLHAYME\xti[1].htm moved successfully.
C:\Users\katy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MOZRY1AS\ads[4].htm moved successfully.
C:\Users\katy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MOZRY1AS\DhmkJ2TR0QN[1].htm moved successfully.
C:\Users\katy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MOZRY1AS\DhmkJ2TR0QN[2].htm moved successfully.
File\Folder C:\Users\katy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MOZRY1AS\like[1].htm not found!
C:\Users\katy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MOZRY1AS\xti[1].htm moved successfully.
C:\Users\katy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AZVD2JX7\ai[1].htm moved successfully.
C:\Users\katy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AZVD2JX7\KVG8254Y.htm moved successfully.
C:\Users\katy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AZVD2JX7\zrt_lookup[1].htm moved successfully.
C:\Users\katy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\04G0JX85\ads[2].htm moved successfully.
C:\Users\katy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\04G0JX85\fastbutton[1].htm moved successfully.
C:\Users\katy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\04G0JX85\page-2[1].htm moved successfully.
C:\Users\katy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\04G0JX85\postmessageRelay[1].htm moved successfully.
C:\Users\katy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\04G0JX85\xti[1].htm moved successfully.
C:\Users\katy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\04G0JX85\xti[2].htm moved successfully.
C:\Users\katy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\4A72F430-B40C-4D36-A068-CE33ADA5ADF9.dat moved successfully.
C:\Users\katy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\katy\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

[flashh4]

Good job Lynn.almost done.

 

Last program to see if your up to date !

 

Security Check

Please download and save SecurityCheck.exe to your Desktop from one of the links below.

Link 1 >>> http://screen317.spywareinfoforum.org/SecurityCheck.exe.

Link 2 >>> http://screen317.changelog.fr/SecurityCheck.exe

    * Double click SecurityCheck.exe and follow the onscreen instructions inside the black box.
    * A Notepad document should open automatically called checkup.txt
    * Please post the contents of that document in your next reply.
 

 

NEXT

 

 

Clean up with OTL


    Right-click OTL.exe and select " Run as administrator " to run it.
    This will remove all the tools we used to clean your pc.
    Close all other programs apart from OTL as this step will require a reboot
    On the OTL main screen, press the CleanUp! button
    Say Yes to the prompt and then allow the program to reboot your computer.

You can now delete any tools we used if they remain on your Desktop.
 

Post the Security check log !!

 

 

Thanks

Chuck

[lynneasum]

 Results of screen317's Security Check version 0.99.85 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Norton 360   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 SparkTrust PC Cleaner Plus 
 Java 6 Update 26 
 Java version out of Date!
  Adobe Flash Player 13.0.0.214 Flash Player out of Date! 
 Adobe Reader 10.1.10 Adobe Reader out of Date! 
 Google Chrome 35.0.1916.114 
 Google Chrome 35.0.1916.153 
 Google Chrome plugins... 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe  
 Symantec Norton Online Backup NOBuAgent.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

[flashh4]

Lynn one last thing !

Go to add/remove/uninstall panel & remove these if present !

SparkTrust PC Cleaner Plus
Javaâ„¢ 6 Update 26

Adobe Flash Player 13.0.0.214

Adobe Reader 10.1.10

Sorry i forgot to have you remove them !!

============================

Lynn update these !!

Make sure you uncheck any boxes that want you to install tool bars or anything other than Java.

Please go here to up date Java >>> Go to > adblock plus

 
3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis.  With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.
 
4. Firewall Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly.   **There are firewalls that could be downloaded and used but I would personally only recommend using one of the following below:
> How to prevent malware .

Happy Surfing

Chuck

Let me know how it's running & if any problems exist !! It will run some faster after a few normal re-boots !!

[lynneasum]

Thank you so much for all your help!!  I will finish the recommended safety things you said!!  Again thanks so much!!  Lynn

[flashh4]

Glad i could help Lynn ! I will lock this topic after 5 days, if you need it re-opened just PM me or any Mod !!

 

Chuck

[flashh4]

This topic is now locked if for some reason you need it re-opened please PM me or any Mod !

 

Chuck