SStart
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
Task: {3054E5A6-1451-4C9B-B0AC-73175B31126C} - \Security Center Update - 3303202799 -> No File <==== ATTENTION
Task: {8164C7D7-4576-480C-B197-F6DA51FBF72E} - System32\Tasks\Norton PC Checkup Setup => C:\Users\Laurie\AppData\Local\Temp\PCCUStubInstaller\SymcPCCUInstaller.exe <==== ATTENTION
Task: {B1489F73-AF38-4614-8CFD-AFCEB326A4E2} - System32\Tasks\4791 => Wscript.exe C:\Users\Laurie\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {C4072BA1-334B-445B-970B-B2DFE47C87B1} - \task14512835 -> No File <==== ATTENTION
Task: {D9D364CE-9E05-4693-B4FB-E62FCEA84A0A} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:3A171849
AlternateDataStreams: C:\ProgramData\TEMP:75B1A93C
AlternateDataStreams: C:\ProgramData\TEMP:A9C7B545
AlternateDataStreams: C:\ProgramData\TEMP:F84B8DB5
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-287398816-2082105823-3791064297-1000\...\Run: [Torozbnemd] => regsvr32.exe /s "C:\Users\Laurie\AppData\Local\Windows Live Writer\Torozbnemd.dll" <===== ATTENTION
HKU\S-1-5-21-287398816-2082105823-3791064297-1000\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume1\Users\Laurie\AppData\Local\Temp\spofcne\seipvhs\wow.dllATTENTION! ====> ZeroAccess?
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-287398816-2082105823-3791064297-1005\User: Restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-287398816-2082105823-3791064297-1004\User: Restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-287398816-2082105823-3791064297-1003\User: Restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-287398816-2082105823-3791064297-1002\User: Restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-287398816-2082105823-3791064297-1001\User: Restriction detected <======= ATTENTION
SearchScopes: HKLM -> {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = hxxp://search.mywebsearch.com/mywebsearch/dft_redir.jhtml?id=ZRxdm7195DUS&ptnrS=ZRxdm7195DUS&ptb=wR7wleVBUN8ebv.dckzP0w&ind=2011010520&n=&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM -> {5a1d0d31-749c-4186-a295-4106e6e7b26a} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AFA^xdm072^S06083^us&si=cd3772&ptb=9273F583-8FFA-49CA-9CCD-3A2219ED73F4&ind=2013081716&n=77fd3074&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM -> {74322DF1-2894-438D-B2E4-ADF7A3B1703F} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM -> {98290752-E9BC-47AB-AE7F-3BCEE77A1556} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKLM -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKLM -> {CD10120B-C165-4f8d-8C74-639629E238FF} URL = hxxp://mystart.magentic.com/?search={searchTerms}&loc=search_box
SearchScopes: HKU\.DEFAULT -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-19 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-20 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-21-287398816-2082105823-3791064297-1000 -> DefaultScope {C1E00E2A-211D-4C4B-936B-1E885C37AB5D} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN15795858271509719&UM=2
SearchScopes: HKU\S-1-5-21-287398816-2082105823-3791064297-1000 -> {25D35721-2593-463A-93B8-79CA3849D200} URL = hxxp://www.fastbrowsersearch.com/results/results.aspx?q={searchTerms}&c=web&s=DSP&v=19&tid={438F6934-136E-4206-86CC-FEF4979D3247}
SearchScopes: HKU\S-1-5-21-287398816-2082105823-3791064297-1000 -> {2B96D3FF-33E5-4D00-A1EE-7FDBDFA15464} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3300033&SearchSource=45&q={searchTerms}
SearchScopes: HKU\S-1-5-21-287398816-2082105823-3791064297-1000 -> {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZRxdm7195DUS&ptnrS=ZRxdm7195DUS&ptb=wR7wleVBUN8ebv.dckzP0w&ind=2010120702&n=77d001fe&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-287398816-2082105823-3791064297-1000 -> {5a1d0d31-749c-4186-a295-4106e6e7b26a} URL = 
SearchScopes: HKU\S-1-5-21-287398816-2082105823-3791064297-1000 -> {74322DF1-2894-438D-B2E4-ADF7A3B1703F} URL = 
SearchScopes: HKU\S-1-5-21-287398816-2082105823-3791064297-1000 -> {98290752-E9BC-47AB-AE7F-3BCEE77A1556} URL = 
SearchScopes: HKU\S-1-5-21-287398816-2082105823-3791064297-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-21-287398816-2082105823-3791064297-1000 -> {C1E00E2A-211D-4C4B-936B-1E885C37AB5D} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN15795858271509719&UM=2
SearchScopes: HKU\S-1-5-21-287398816-2082105823-3791064297-1000 -> {CD10120B-C165-4f8d-8C74-639629E238FF} URL = 
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Extension: No Name - C:\Program Files\BetterSurf\BetterSurfPlus\ff [not found]
FF Extension: No Name - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha893\ff [not found]
FF Extension: No Name - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha2167\ff [not found]
FF Extension: No Name - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta20\ff [not found]
FF Extension: No Name - C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha830\ff [not found]
FF Extension: No Name - C:\Program Files\MediaViewerV1\MediaViewerV1alpha794\ff [not found]
FF Extension: No Name - C:\Program Files\MediaViewV1\MediaViewV1alpha2807\ff [not found]
FF Extension: No Name - C:\Program Files\MediaViewV1\MediaViewV1alpha7175\ff [not found]
FF Extension: No Name - C:\Program Files\MediaWatchV1\MediaWatchV1home211\ff [not found]
FF HKLM\...\Firefox\Extensions: [xz123@ya456.com] - C:\Program Files\BetterSurf\ff
FF HKLM\...\Firefox\Extensions: [12x3q4@3244516.com] - C:\Program Files\Better-Surf\ff
FF HKLM\...\Firefox\Extensions: [ext@WebexpEnhancedV1alpha893.net] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha893\ff
FF HKU\S-1-5-21-287398816-2082105823-3791064297-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
C:\Users\Alyssa\AppData\Local\Temp\oaqfvmnixxnamfnsqfm.bfg
C:\Users\Laurie\AppData\Local\Temp\BetterSurfPlusInstaller.exe
C:\Users\Laurie\AppData\Local\Temp\F06E73C7628.exe
C:\Users\Laurie\AppData\Local\Temp\izpv.dll
C:\Users\Laurie\AppData\Local\Temp\lgpwxss.dll
C:\Users\Laurie\AppData\Local\Temp\of3w40728.exe
C:\Users\Laurie\AppData\Local\Temp\set-app.exe
C:\Users\Laurie\AppData\Local\Temp\setapp.exe
C:\Users\Laurie\AppData\Local\Temp\Setup-a.exe
C:\Users\Laurie\AppData\Local\Temp\Setup.exe
C:\Users\Laurie\AppData\Local\Temp\Setup1.exe
C:\Users\Laurie\AppData\Local\Temp\Setup2.exe
C:\Users\Laurie\AppData\Local\Temp\sqlite3.dll
C:\Users\Laurie\AppData\Local\Temp\srv49492.exe
C:\Users\Laurie\AppData\Local\Temp\srv58708.exe
C:\Users\Laurie\AppData\Local\Temp\srv6083.exe
C:\Users\Laurie\AppData\Local\Temp\upd44558.exe
C:\Users\Laurie\AppData\Local\Temp\UpdateFlashPlayer_022eeda7.exe
C:\Users\Laurie\AppData\Local\Temp\UpdateFlashPlayer_0802f3b3.exe
C:\Users\Laurie\AppData\Local\Temp\UpdateFlashPlayer_1ad88211.exe
C:\Users\Laurie\AppData\Local\Temp\UpdateFlashPlayer_5a7c13b7.exe
C:\Users\Laurie\AppData\Local\Temp\UpdateFlashPlayer_8f9a6777.exe
C:\Users\Laurie\AppData\Local\Temp\UpdateFlashPlayer_8ff05a6d.exe
C:\Users\Laurie\AppData\Local\Temp\UpdateFlashPlayer_a526cd4a.exe
C:\Users\Laurie\AppData\Local\Temp\UpdateFlashPlayer_fad62739.exe
C:\Users\Laurie\AppData\Local\Temp\updr19042.exe
C:\Users\Laurie\AppData\Local\Temp\updr28319.exe
C:\Users\Laurie\AppData\Local\Temp\updr62762.exe
C:\Users\Laurie\AppData\Local\Temp\updr77641.exe
C:\Users\Laurie\AppData\Local\Temp\updtr70301.exe
C:\Users\Laurie\AppData\Local\Temp\zxupd37256.exe
C:\Users\Mackenzie\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Tony\AppData\Local\Temp\conduitinstaller.exe
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
End