dell laptop PUP infections

Ghost · March 28, 2014, 12:47:02 PM

Hi all,
was told that he is getting popups.
ran malwarebytes first:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.28.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
aparker :: APARKER-PC [administrator]

3/28/2014 8:23:16 AM
MBAM-log-2014-03-28 (08-29-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218832
Time elapsed: 5 minute(s), 35 second(s)

Memory Processes Detected: 3
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brmon.exe (PUP.Optional.MindSpark) -> 3776 -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brmon64.exe (PUP.Optional.MindSpark.A) -> 3520 -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\AppIntegrator64.exe (PUP.Optional.MindSpark.A) -> 3704 -> No action taken.

Memory Modules Detected: 1
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brstub.dll (PUP.Optional.MindSpark.A) -> No action taken.

Registry Keys Detected: 64
HKLM\SYSTEM\CurrentControlSet\Services\MapsGalaxy_39Service (PUP.Optional.AudioToAudioToolBar.A) -> No action taken.
HKCR\CLSID\{1e91a655-bb4b-4693-a05e-2edebc4c9d89} (PUP.Optional.MindSpark.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MapsGalaxy_39bar Uninstall Firefox (PUP.Optional.MindSpark.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E91A655-BB4B-4693-A05E-2EDEBC4C9D89} (PUP.Optional.MindSpark.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1E91A655-BB4B-4693-A05E-2EDEBC4C9D89} (PUP.Optional.MindSpark.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1E91A655-BB4B-4693-A05E-2EDEBC4C9D89} (PUP.Optional.MindSpark.A) -> No action taken.
HKCR\CLSID\{26842a09-ffa8-4e2c-ae12-0c80f01c3295} (PUP.Optional.MindSpark.A) -> No action taken.
HKCR\CLSID\{71c1d63a-c944-428a-a5bd-ba513190e5d2} (PUP.Optional.MindSpark.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71C1D63A-C944-428A-A5BD-BA513190E5D2} (PUP.Optional.MindSpark.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{71C1D63A-C944-428A-A5BD-BA513190E5D2} (PUP.Optional.MindSpark.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{71C1D63A-C944-428A-A5BD-BA513190E5D2} (PUP.Optional.MindSpark.A) -> No action taken.
HKCR\CLSID\{364ea597-e728-4ce4-bb4a-ed846ef47970} (PUP.Optional.MindSpark.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{364EA597-E728-4CE4-BB4A-ED846EF47970} (PUP.Optional.MindSpark.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{364EA597-E728-4CE4-BB4A-ED846EF47970} (PUP.Optional.MindSpark.A) -> No action taken.
HKCR\CLSID\{4369f96e-4071-43e7-8fd2-4d8f96918ef3} (PUP.Optional.MindSpark.A) -> No action taken.
HKCR\TypeLib\{69d0bac4-a1b1-45ce-944f-9eeb1479f059} (PUP.Optional.MindSpark.A) -> No action taken.
HKCR\Interface\{269D72FF-8629-4DB6-AB4F-86AA3A92F8A9} (PUP.Optional.MindSpark.A) -> No action taken.
HKCR\MapsGalaxy_39.ToolbarProtector.1 (PUP.Optional.MindSpark.A) -> No action taken.
HKCR\MapsGalaxy_39.ToolbarProtector (PUP.Optional.MindSpark.A) -> No action taken.
HKCR\CLSID\{4f28fa5f-7d15-4753-b4fc-d548a0f02bfb} (PUP.Optional.MindSpark.A) -> No action taken.
HKCR\TypeLib\{0396d01a-1323-4a15-bd0c-1bc7510f46c6} (PUP.Optional.MindSpark.A) -> No action taken.
HKCR\Interface\{A8168AFE-9F36-49DE-A80A-00D19FB50207} (PUP.Optional.MindSpark.A) -> No action taken.
HKCR\CLSID\{f3477e9d-d2f6-49f0-9b23-854d7958d07e} (PUP.Optional.MindSpark.A) -> No action taken.
HKCR\TypeLib\{bf78452b-f168-4310-9ec0-4b9b66b845f0} (PUP.Optional.MindSpark.A) -> No action taken.
HKCR\Interface\{7A739956-FB82-4379-AF60-E38C48226AA7} (PUP.Optional.MindSpark.A) -> No action taken.
HKCR\CLSID\{c4a25b73-8ef5-4282-9d21-c8920dd577a1} (PUP.Optional.MindSpark.A) -> No action taken.
HKCR\TypeLib\{15106ae4-6bdf-443e-80b0-3e38b59d26ec} (PUP.Optional.MindSpark.A) -> No action taken.
HKCR\Interface\{9EF88362-131D-48B0-8969-CCC96F897AB8} (PUP.Optional.MindSpark.A) -> No action taken.
HKCR\MapsGalaxy_39.FeedManager.1 (PUP.Optional.MindSpark.A) -> No action taken.
HKCR\MapsGalaxy_39.FeedManager (PUP.Optional.MindSpark.A) -> No action taken.
HKCR\CLSID\{3ED5E5EC-0965-4DD3-B7D8-DBC48A1172B9} (PUP.Optional.MindSpark.A) -> No action taken.
HKCR\MapsGalaxy_39.HTMLMenu.1 (PUP.Optional.MindSpark.A) -> No action taken.
HKCR\MapsGalaxy_39.HTMLMenu (PUP.Optional.MindSpark.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3ED5E5EC-0965-4DD3-B7D8-DBC48A1172B9} (PUP.Optional.MindSpark.A) -> No action taken.
HKCR\CLSID\{5e1bdcf6-dd5f-4dd3-8783-b1454aef1830} (PUP.Optional.MindSpark.A) -> No action taken.
HKCR\TypeLib\{d833690c-6e56-46c2-a19f-cf5fd81c9c9a} (PUP.Optional.MindSpark.A) -> No action taken.
HKCR\Interface\{200F1306-1316-473B-90CE-A777144BBDF5} (PUP.Optional.MindSpark.A) -> No action taken.
HKCR\CLSID\{cae88e60-cea5-4fcb-b611-54ea6305d8ab} (PUP.Optional.MindSpark.A) -> No action taken.
HKCR\MapsGalaxy_39.MultipleButton.1 (PUP.Optional.MindSpark.A) -> No action taken.
HKCR\MapsGalaxy_39.MultipleButton (PUP.Optional.MindSpark.A) -> No action taken.
HKCR\CLSID\{37ed966d-4d0e-4d66-9633-bea542c92860} (PUP.Optional.MindSpark.A) -> No action taken.
HKCR\TypeLib\{87792411-b73a-435e-86f3-ae633a690e84} (PUP.Optional.MindSpark.A) -> No action taken.
HKCR\Interface\{E2DAE1A4-09EE-4209-AD3B-1C96330EDCEF} (PUP.Optional.MindSpark.A) -> No action taken.
HKCR\MapsGalaxy_39.RadioSettings.1 (PUP.Optional.MindSpark.A) -> No action taken.
HKCR\MapsGalaxy_39.RadioSettings (PUP.Optional.MindSpark.A) -> No action taken.
HKCR\CLSID\{db1384d8-1bda-4c8d-a743-e9ca671feb00} (PUP.Optional.MindSpark.A) -> No action taken.
HKCR\MapsGalaxy_39.ScriptButton.1 (PUP.Optional.MindSpark.A) -> No action taken.
HKCR\MapsGalaxy_39.ScriptButton (PUP.Optional.MindSpark.A) -> No action taken.
HKCR\CLSID\{1241cebd-9777-4bc6-aae5-2a77e25db246} (PUP.Optional.MindSpark.A) -> No action taken.
HKCR\TypeLib\{64fbf8b6-c770-401a-8b84-f630edaf4448} (PUP.Optional.MindSpark.A) -> No action taken.
HKCR\Interface\{0D8734DB-7110-4CDB-833F-52BC93865AB2} (PUP.Optional.MindSpark.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1241CEBD-9777-4BC6-AAE5-2A77E25DB246} (PUP.Optional.MindSpark.A) -> No action taken.
HKCR\CLSID\{e045df14-bf1d-405c-a37b-a75c1551ad17} (PUP.Optional.MindSpark.A) -> No action taken.
HKCR\TypeLib\{f9b90065-cd7a-4439-b311-b292299182a9} (PUP.Optional.MindSpark.A) -> No action taken.
HKCR\Interface\{47A124BA-A6E2-4ED4-AA6F-84FF29E4D7DC} (PUP.Optional.MindSpark.A) -> No action taken.
HKCR\MapsGalaxy_39.ThirdPartyInstaller.1 (PUP.Optional.MindSpark.A) -> No action taken.
HKCR\MapsGalaxy_39.ThirdPartyInstaller (PUP.Optional.MindSpark.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E045DF14-BF1D-405C-A37B-A75C1551AD17} (PUP.Optional.MindSpark.A) -> No action taken.
HKCR\CLSID\{a35ff019-6dbe-4044-b080-6f3fa78a947f} (PUP.Optional.MindSpark.A) -> No action taken.
HKCR\TypeLib\{8feeda9e-8f71-45df-a797-468226d1d35b} (PUP.Optional.MindSpark.A) -> No action taken.
HKCR\Interface\{C285FFF4-DE32-402D-B8FD-6F34F1D5920C} (PUP.Optional.MindSpark.A) -> No action taken.
HKCR\MapsGalaxy_39.HTMLPanel.1 (PUP.Optional.MindSpark.A) -> No action taken.
HKCR\MapsGalaxy_39.HTMLPanel (PUP.Optional.MindSpark.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A35FF019-6DBE-4044-B080-6F3FA78A947F} (PUP.Optional.MindSpark.A) -> No action taken.

Registry Values Detected: 10
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{26842A09-FFA8-4E2C-AE12-0C80F01C3295} (PUP.Optional.MindSpark.A) -> Data: -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{364EA597-E728-4CE4-BB4A-ED846EF47970} (PUP.Optional.MindSpark.A) -> Data: —¥N6(çäL»Jí,,nôyp -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{364EA597-E728-4CE4-BB4A-ED846EF47970} (PUP.Optional.MindSpark.A) -> Data: -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{364EA597-E728-4CE4-BB4A-ED846EF47970} (PUP.Optional.MindSpark.A) -> Data: -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{26842a09-ffa8-4e2c-ae12-0c80f01c3295} (PUP.Optional.MindSpark.A) -> Data: -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{364ea597-e728-4ce4-bb4a-ed846ef47970} (PUP.Optional.MindSpark.A) -> Data: -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MapsGalaxy Search Scope Monitor (PUP.Optional.MindSpark.A) -> Data: "C:\PROGRA~2\MAPSGA~2\bar\1.bin\39srchmn.exe" /m=2 /w /h -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MapsGalaxy_39 Browser Plugin Loader (PUP.Optional.MindSpark) -> Data: C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brmon.exe -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MapsGalaxy_39 Browser Plugin Loader 64 (PUP.Optional.MindSpark.A) -> Data: C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brmon64.exe -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MapsGalaxy EPM Support (PUP.Optional.MindSpark.A) -> Data: "C:\PROGRA~2\MAPSGA~2\bar\1.bin\39medint.exe" T8EPMSUP.DLL,S -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 9
C:\Program Files (x86)\MapsGalaxy_39 (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\chrome (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\ThirdPartyInstallers (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\gen1 (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\IE9Mesg (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\Message (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\Settings (PUP.Optional.MindSpark.A) -> No action taken.

Files Detected: 59
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39barsvc.exe (PUP.Optional.AudioToAudioToolBar.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrchMn.exe (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brmon.exe (PUP.Optional.MindSpark) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39auxstb.dll (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39auxstb64.dll (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bprtct.dll (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brmon64.exe (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brstub.dll (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brstub64.dll (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39datact.dll (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39dlghk.dll (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39dlghk64.dll (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39feedmg.dll (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39highin.exe (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39hkstub.dll (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39htmlmu.dll (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39httpct.dll (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39idle.dll (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39ieovr.dll (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39medint.exe (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39mlbtn.dll (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39Plugin.dll (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39radio.dll (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39regfft.dll (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39reghk.dll (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39regiet.dll (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39script.dll (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39skin.dll (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39skplay.exe (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39srchmr.dll (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39tpinst.dll (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\AppIntegrator64.exe (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\AppIntegratorStub64.dll (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\BOOTSTRAP.JS (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\CHROME.MANIFEST (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\CREXT.DLL (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\CrExtP39.exe (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\DPNMNGR.DLL (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\EXEMANAGER.DLL (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\Hpg64.dll (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\INSTALL.RDF (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\installKeys.js (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\LOGO.BMP (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\NP39Stub.dll (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\T8EPMSUP.DLL (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\T8EXTEX.DLL (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\T8EXTPEX.DLL (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\T8HTML.DLL (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\T8RES.DLL (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\T8TICKER.DLL (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\UNIFIEDLOGGING.DLL (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\VERIFY.DLL (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\chrome\39ffxtbr.jar (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\gen1\COMMON.T8S (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\IE9Mesg\COMMON.T8S (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\Message\COMMON.T8S (PUP.Optional.MindSpark.A) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\Settings\s_pid.dat (PUP.Optional.MindSpark.A) -> No action taken.

(end)

then dds:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16521
Run by aparker at 8:37:39 on 2014-03-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.2579 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Users\aparker\AppData\LocalLow\alotservice\alotservice.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\PROGRA~2\MAPSGA~2\bar\1.bin\39barsvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\AppIntegrator64.exe
C:\Program Files (x86)\Dell\ErrorApp\dkab1err.exe
C:\Program Files (x86)\Dell V520 Series\DKADGmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brmon.exe
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brmon64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = g.msn.com/USCON/1
uURLSearchHooks: <No Name>: {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Toolbar BHO: {1e91a655-bb4b-4693-a05e-2edebc4c9d89} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Search Assistant BHO: {71c1d63a-c944-428a-a5bd-ba513190e5d2} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: ALOT Appbar Helper: {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: MapsGalaxy: {364EA597-E728-4CE4-BB4A-ED846EF47970} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll
TB: ALOT Appbar: {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll
TB: MapsGalaxy: {364ea597-e728-4ce4-bb4a-ed846ef47970} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll
uRun: [DKab1err] C:\Program Files (x86)\Dell\ErrorApp\dkab1err.exe
uRun: [DKADGmon] "C:\Program Files (x86)\Dell V520 Series\DKADGmon.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [DellSupportCenter] "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [MapsGalaxy EPM Support] "C:\PROGRA~2\MAPSGA~2\bar\1.bin\39medint.exe" T8EPMSUP.DLL,S
mRun: [MapsGalaxy Search Scope Monitor] "C:\PROGRA~2\MAPSGA~2\bar\1.bin\39srchmn.exe" /m=2 /w /h
mRun: [MapsGalaxy_39 Browser Plugin Loader] C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brmon.exe
mRun: [MapsGalaxy_39 Browser Plugin Loader 64] C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brmon64.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\aparker\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{035F14EB-3B33-4F46-AA02-25C068A20EFF} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{95BA6312-2795-4B34-A69C-66B7CB8E1102} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{95BA6312-2795-4B34-A69C-66B7CB8E1102}\84F4D454D253935323 : DHCPNameServer = 75.75.76.76 75.75.75.75
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
x64-Run: [MapsGalaxy Home Page Guard 64 bit] "C:\PROGRA~2\MAPSGA~2\bar\1.bin\AppIntegrator64.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-1-5 647208]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-12-11 55280]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-12-12 98208]
R2 AlotService;ALOT Update Service;C:\Users\aparker\AppData\LocalLow\alotservice\alotservice.exe [2012-6-18 255880]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 MapsGalaxy_39Service;MapsGalaxyService;C:\PROGRA~2\MAPSGA~2\bar\1.bin\39barsvc.exe [2013-12-1 89160]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-12-11 1692480]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-11 2533400]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\System32\drivers\bcmvwl64.sys [2010-12-12 20984]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-12-12 53800]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-12-11 35104]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-12-11 172704]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-12-12 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-12-12 158976]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-12-12 287232]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-12-12 74280]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 mfevtp;McAfee Validation Trust Protection Service;"C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe" --> C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2011-1-27 35840]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-16 111616]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-12-12 245792]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-8-6 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-29 1255736]
.
=============== Created Last 30 ================
.
2014-03-28 12:31:28   --------   d-----w-   C:\Users\aparker\AppData\Local\Mozilla
2014-03-28 12:12:39   --------   d-----w-   C:\Users\aparker\AppData\Local\Programs
2014-03-28 12:11:44   --------   d-----w-   C:\Users\aparker\AppData\Roaming\Malwarebytes
2014-03-28 12:11:32   --------   d-----w-   C:\ProgramData\Malwarebytes
2014-03-28 12:11:31   25928   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2014-03-28 12:11:31   --------   d-----w-   C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-28 12:10:20   --------   d-----w-   C:\Users\aparker\AppData\Local\IAC
2014-03-28 12:10:10   --------   d-----w-   C:\Program Files (x86)\VS Revo Group
2014-03-28 12:08:59   --------   d-----w-   C:\Program Files (x86)\CCleaner
2014-03-28 12:08:28   10521840   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9CEAE4DB-B8DD-4854-B610-CB99A5A00041}\mpengine.dll
2014-03-16 18:47:57   --------   d-----w-   C:\Program Files\iPod
2014-03-16 18:47:56   --------   d-----w-   C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-16 18:47:56   --------   d-----w-   C:\Program Files\iTunes
2014-03-16 18:47:56   --------   d-----w-   C:\Program Files (x86)\iTunes
2014-03-16 18:40:46   624128   ----a-w-   C:\Windows\System32\qedit.dll
2014-03-16 18:40:45   509440   ----a-w-   C:\Windows\SysWow64\qedit.dll
2014-03-16 18:40:45   1424384   ----a-w-   C:\Windows\System32\WindowsCodecs.dll
2014-03-16 18:40:45   1230336   ----a-w-   C:\Windows\SysWow64\WindowsCodecs.dll
.
==================== Find3M ====================
.
2014-03-16 18:50:22   71048   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-16 18:50:22   692616   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-01 05:17:02   2724864   ----a-w-   C:\Windows\System32\mshtml.tlb
2014-03-01 05:16:26   4096   ----a-w-   C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55   66048   ----a-w-   C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59   48640   ----a-w-   C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52   139264   ----a-w-   C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34   111616   ----a-w-   C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59   708608   ----a-w-   C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49   940032   ----a-w-   C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20   2724864   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33   5768704   ----a-w-   C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43   61952   ----a-w-   C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53   51200   ----a-w-   C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26   112128   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35   553472   ----a-w-   C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11   2041856   ----a-w-   C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15   4244480   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28   2334208   ----a-w-   C:\Windows\System32\wininet.dll
2014-03-01 03:00:08   1964032   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16   1820160   ----a-w-   C:\Windows\SysWow64\wininet.dll
2014-02-07 01:23:30   3156480   ----a-w-   C:\Windows\System32\win32k.sys
2014-01-29 02:32:18   484864   ----a-w-   C:\Windows\System32\wer.dll
2014-01-29 02:06:47   381440   ----a-w-   C:\Windows\SysWow64\wer.dll
2014-01-28 02:32:46   228864   ----a-w-   C:\Windows\System32\wwansvc.dll
.
============= FINISH: 8:38:05.79 ===============
and:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 1/21/2011 4:36:45 PM
System Uptime: 3/28/2014 8:19:46 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 08VFX1
Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz | U2E1 | 2399/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 399.392 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP219: 2/1/2014 9:13:51 AM - Scheduled Checkpoint
RP220: 2/5/2014 6:52:36 PM - Windows Update
RP221: 2/13/2014 4:41:01 AM - Windows Update
RP222: 2/14/2014 7:41:34 PM - Windows Update
RP223: 2/20/2014 4:37:35 AM - Windows Update
RP224: 2/22/2014 4:10:20 AM - Windows Update
RP225: 3/2/2014 8:51:20 AM - Windows Update
RP226: 3/4/2014 10:03:34 AM - Windows Update
RP227: 3/16/2014 2:39:16 PM - Windows Update
RP228: 3/28/2014 7:56:09 AM - Windows Update
RP229: 3/28/2014 8:16:47 AM - Revo Uninstaller's restore point - PC Fix Speed 1.2.0.24
.
==== Installed Programs ======================
.
ABBYY FineReader 9.0 Sprint
Adobe Flash Player 12 ActiveX
Adobe Reader 9.1.2
Advanced Audio FX Engine
ALOT Appbar
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Bonjour
CCleaner (remove only)
Consumer In-Home Service Agreement
Cozi
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell V520 Series Uninstaller
Dell Webcam Central
DW WLAN Card
GoToAssist 8.0.0.514
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
iTunes
Java(TM) 6 Update 21 (64-bit)
Java(TM) 6 Update 33
Junk Mail filter update
Live! Cam Avatar Creator
LoJack Factory Installer
Malwarebytes Anti-Malware version 1.75.0.1300
MapsGalaxy Internet Explorer Toolbar
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSVCRT
MSVCRT_amd64
PokerStars.net
Quickset64
Realtek High Definition Audio Driver
Revo Uninstaller 1.95
Roxio Burn
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype Toolbars
Skype™ 6.11
Synaptics Pointing Device Driver
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
Update Installer for WildTangent Games App
WIDCOMM Bluetooth Software
WildTangent Games
WildTangent Games App (Dell Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Mobile Device Updater Component
Zune
Zune Language Pack (DEU)
Zune Language Pack (ESP)
Zune Language Pack (FRA)
Zune Language Pack (ITA)
Zune Language Pack (NLD)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
.
==== Event Viewer Messages From Past Week ========
.
3/28/2014 8:21:49 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
3/28/2014 8:20:35 AM, Error: Service Control Manager [7000] - The McAfee Validation Trust Protection Service service failed to start due to the following error: The system cannot find the file specified.
3/28/2014 8:19:05 AM, Error: Service Control Manager [7034] - The SoftThinks Agent Service service terminated unexpectedly. It has done this 1 time(s).
3/28/2014 8:19:05 AM, Error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
3/28/2014 8:19:05 AM, Error: Service Control Manager [7034] - The MapsGalaxyService service terminated unexpectedly. It has done this 1 time(s).
3/28/2014 8:19:05 AM, Error: Service Control Manager [7034] - The Intel(R) Management & Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s).
3/28/2014 8:19:05 AM, Error: Service Control Manager [7034] - The Dock Login Service service terminated unexpectedly. It has done this 1 time(s).
3/28/2014 8:19:05 AM, Error: Service Control Manager [7034] - The ALOT Update Service service terminated unexpectedly. It has done this 1 time(s).
3/28/2014 8:19:05 AM, Error: Service Control Manager [7034] - The ABBYY FineReader 9.0 Sprint Licensing Service service terminated unexpectedly. It has done this 1 time(s).
3/28/2014 8:19:05 AM, Error: Service Control Manager [7031] - The Intel(R) Management and Security Application Local Management Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
3/28/2014 8:19:05 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
.
==== End Of File ===========================

and last but not least:
Results of screen317's Security Check version 0.99.81
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````[/u]
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner (remove only)
Java(TM) 6 Update 33
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````[/u]
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````[/u]

thanks,
Ghost

winchester73 · March 28, 2014, 01:33:31 PM

MindSpark comes bundled with assorted freeware downloads (video recording/streaming, download-managers or PDF creators are the usual culprits), in this case the computer acquired the MapsGalaxy Toolbar. Most folks consider it a browser hijacker as it usually resets your home page to ask.com ... :(

MapsGalaxy Internet Explorer Toolbar shows in the installed programs list. Use add/remove programs to get rid of it.

Reboot, and run MBAM again.

Ghost · March 28, 2014, 02:02:42 PM

Hi winchester73,
after i posted i noticed i had forgot to quarentine the items malwarebytes found. reran malwarebytes again and quarentined all it found.
uninstalled mapsGalaxy and reran malwarebytes:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.28.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
aparker :: APARKER-PC [administrator]

3/28/2014 9:51:19 AM
mbam-log-2014-03-28 (09-51-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218749
Time elapsed: 5 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

thanks,
ghost

winchester73 · March 28, 2014, 04:05:37 PM

Are the pop-ups gone?

Ghost · March 28, 2014, 04:31:33 PM

Hi winchester73,
im not seeing any;-)
Ghost

LilBambi · March 28, 2014, 04:34:20 PM

As a follow up, might also want to run JRT (Junk Removal Tool) and AdwCleaner to clear out anything extra that Malwarebytes might have missed. No tool does it all. ;)

Mindspark.com is listed as RED in WOT saying "malware or viruses' and 'scam'.

Mapsgalaxy.com is also listed the same way.

winchester73 · March 28, 2014, 04:54:18 PM

LilBambi is a mind reader :D

Ghost · March 28, 2014, 05:05:40 PM

Hi winchester73 and LilBambi,

QuoteLilBambi is a mind reader :D

oh you got right;-)
Hi LilBambi,
here are the logs from the scans. i did not delete anything that awdcleaner found.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x64
Ran by aparker on Fri 03/28/2014 at 12:48:09.84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

Successfully stopped: [Service] alotservice
Successfully deleted: [Service] alotservice

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.pseudotransparentplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.pseudotransparentplugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.radio
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.radio.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.settingsplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.settingsplugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{173A5778-34BF-48A2-8A5E-6963CE922FED}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4B7D0B0C-CFF3-49C5-9BC3-FFABC031C822}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{7D4DFAF7-F2CE-4C91-91A4-514C9612914D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{9B58A6CE-B337-43D5-9C2F-8C6D92FBA094}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\mapsgalaxy_39
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\mapsgalaxy_39
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\mapsgalaxy_39
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\alotservice_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\alotservice_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\alotappbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85F5CF95-EC8F-49FC-BB3F-38C79455CBA2}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\aparker\appdata\local\iac"
Successfully deleted: [Folder] "C:\Users\aparker\appdata\local\mapsgalaxy_39"
Successfully deleted: [Folder] "C:\Users\aparker\appdata\locallow\alotappbar"
Successfully deleted: [Folder] "C:\Users\aparker\appdata\locallow\alotservice"
Successfully deleted: [Folder] "C:\Users\aparker\appdata\locallow\iac"
Successfully deleted: [Folder] "C:\Users\aparker\appdata\locallow\mapsgalaxy_39"
Successfully deleted: [Folder] "C:\Program Files (x86)\alotappbar"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 03/28/2014 at 12:54:57.94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

and

# AdwCleaner v3.022 - Report created 28/03/2014 at 12:56:35
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : aparker - APARKER-PC
# Running from : C:\Users\aparker\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\alotserviceruntime.log

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\alotservice
Key Found : HKCU\Software\AppDataLow\Software\alotAppbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{85F5CF95-EC8F-49FC-BB3F-38C79455CBA2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A531D99C-5A22-449B-83DA-872725C6D0ED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{85F5CF95-EC8F-49FC-BB3F-38C79455CBA2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A531D99C-5A22-449B-83DA-872725C6D0ED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKCU\Software\alotservice
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{85F5CF95-EC8F-49FC-BB3F-38C79455CBA2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A531D99C-5A22-449B-83DA-872725C6D0ED}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{343263AB-D732-4066-A274-4A487A07F108}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C42103E4-7D10-4CC9-B2B4-C546BCCF8706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@MapsGalaxy_39.com/Plugin

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages] - hxxp://home.tb.ask.com/index.jhtml?n=77FD35DB&p2=^UX^xdm002^MI0000^us&ptb=3B72BF8B-43E9-4D70-8C4E-7EDD410CF9D7&si=CP60vKaLkLsCFccRMwodtxcAUQ

*************************

AdwCleaner[R0].txt - [2452 octets] - [28/03/2014 12:56:35]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2512 octets] ##########

thanks,
Ghost

LilBambi · March 28, 2014, 05:21:57 PM

Ah, shucks! :mitch:

Well, winchester73 did the heavy lifting ... :Hammys pint:

I would go ahead and remove those all those entries from AdwCleaner now.

When you go back into your browers, you may want to check that the addressbar search works as intended and report back any anomalies in that regard.

winchester73 · March 28, 2014, 05:34:33 PM

He should be good to go now. :goodie:

LilBambi · March 28, 2014, 05:35:46 PM

Oh, yea! :mitch:

Ghost · March 28, 2014, 05:48:34 PM

well, alot of confidence here;-))

QuoteWell, winchester73 did the heavy lifting ... :Hammys pint:

i agree;-D

QuoteHe should be good to go now. :goodie:

all is good now.
# AdwCleaner v3.022 - Report created 28/03/2014 at 13:31:42
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : aparker - APARKER-PC
# Running from : C:\Users\aparker\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

File Deleted : C:\alotserviceruntime.log

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@MapsGalaxy_39.com/Plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{85F5CF95-EC8F-49FC-BB3F-38C79455CBA2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A531D99C-5A22-449B-83DA-872725C6D0ED}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{85F5CF95-EC8F-49FC-BB3F-38C79455CBA2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A531D99C-5A22-449B-83DA-872725C6D0ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{85F5CF95-EC8F-49FC-BB3F-38C79455CBA2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A531D99C-5A22-449B-83DA-872725C6D0ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{343263AB-D732-4066-A274-4A487A07F108}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C42103E4-7D10-4CC9-B2B4-C546BCCF8706}
Key Deleted : HKCU\Software\alotservice
Key Deleted : HKCU\Software\AppDataLow\Software\alotAppbar

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages]

*************************

AdwCleaner[R0].txt - [2596 octets] - [28/03/2014 12:56:35]
AdwCleaner[R1].txt - [2656 octets] - [28/03/2014 13:30:49]
AdwCleaner[S0].txt - [2428 octets] - [28/03/2014 13:31:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2488 octets] ##########

boots nicely, no oddities with home page or addressbar search.
you guys riock..................and girl;-D
thank you,
Ghost

LilBambi · March 28, 2014, 05:51:18 PM

Awesome!!!! :thumbsup:

I was raised at the Jersey Shore ... you guys is non-gender specific. ;)

:cheers:

Ghost · March 28, 2014, 05:55:18 PM

:GRAFX:
Ghost

Corrine · March 28, 2014, 05:56:57 PM

Ghost, Anna needs to tell Brad to be more careful with what he installs. :D

Not quite good to go yet. If you haven't yet, please uninstall the following outdated, vulnerable versions of Java:

Java(TM) 6 Update 21 (64-bit)
Java(TM) 6 Update 33

Most home computer users do not need Java installed on their computer. In the past, Java was needed for websites to be properly displayed. However, that is generally not the case now and Java can be enabled for trusted sites (More information in Java, The Never-Ending Saga ~ Security Garden.

If he does need Java, the current version is available here: Java Version 7 Update 51. As usual, be alert for unwanted extras. Note also that Java version 8 was recently released but the release notes did not list security updates. So, you can wait on that if Java is needed. The next Java security update is scheduled for April 15.

Critical security updates were released for Adobe Reader in January. Please update to Adobe Reader XI (11.0.06) for Windows, available here: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows. Again, watch for unwanted extras.