Thanks for your response.
I completed your instructions as prescribed. Then I disabled Norton so I was able to test Chrome and IE. Both still came up with Spendbull as the home page. I went into settings for both and restored to default settings and restarted. This seems to have worked for Chrome but not IE. Good news is, at this stage none of the additional pop up ad windows are appearing.
Here is the FixLog:
Fix result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by Christina at 2015-07-15 21:34:55 Run:1
Running from C:\Users\Christina\Desktop
Loaded Profiles: Christina (Available Profiles: roobarb & Christina & Amelia & Levi & Guest)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
() C:\Users\Christina\AppData\Local\yuw0bzfvnm4zc2e\yuw0bzfvnm4zc2e.exe
C:\Users\Christina\AppData\Local\yuw0bzfvnm4zc2e\yuw0bzfvnm4zc2e.exe
(Google) C:\Program Files\WindowsApps\GoogleInc.GoogleSearch_1.2.1.12_x64__yfg5n0ztvskxp\google-search.exe
C:\Program Files\WindowsApps\GoogleInc.GoogleSearch_1.2.1.12_x64__yfg5n0ztvskxp
HKLM-x32\...\Run: [mwyyntm1ndi1zdz] => C:\Program Files (x86)\Smwyyntm1ndi1zdz\ywi0mzf2nnmzbgf.exe [2423296 2015-07-12] ()
C:\Program Files (x86)\Smwyyntm1ndi1zdz
HKLM\...\Winlogon: [Shell] [0 ] () <=== ATTENTION
Startup: C:\Users\Christina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\loons.lnk [2015-07-02]
ShortcutTarget: loons.lnk -> C:\Users\Christina\AppData\Local\yuw0bzfvnm4zc2e\yuw0bzfvnm4zc2e.exe ()
C:\Users\Christina\AppData\Local\yuw0bzfvnm4zc2e
HKU\S-1-5-21-312760304-1295043521-704437419-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM -> {56256A51-B582-467e-B8D4-7786EDA79AE0} URL =
www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJxdm302YYNZ&fl=0&ptb=hFYSxMdGK8fpYnWlftdbUA&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = dts.search-results.com/sr?src=ieb&appid=287&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-312760304-1295043521-704437419-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll No File
C:\Program Files (x86)\SupTab
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKU\S-1-5-21-312760304-1295043521-704437419-1002 -> No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe
www.istartsurf.com/?type=sc&ts=1408788440&from=tugs&uid=SAMSUNGXMZMTD128HAFV-00000_S153NEAD209718CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-08-23]
C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx
CHR Extension: (Quick start) - C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma [2014-09-15]
C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
R2 UniversalUpdater; C:\Program Files (x86)\0ca45c95134d\cf3e08d747e4.exe [696832 2014-12-02] () [File not signed] <==== ATTENTION
C:\Program Files (x86)\0ca45c95134d
R1 ywi0mzf2nnmzbgf; C:\Windows\System32\drivers\ywi0mzf2nnmzbgf.sys [59736 2015-07-12] (NetFilterSDK.com)
S1 b786bdb3c67d; system32\drivers\b786bdb3c67d.sys [X]
S1 mwiynzm4ndy1yjz; system32\drivers\mwiynzm4ndy1yjz.sys [X]
C:\Windows\System32\drivers\ywi0mzf2nnmzbgf.sys
C:\Windows\system32\drivers\b786bdb3c67d.sys
C:\Windows\system32\drivers\mwiynzm4ndy1yjz.sys
2015-07-12 20:19 - 2015-07-15 13:01 - 00000000 ____D C:\Program Files (x86)\Hades
2015-07-12 20:19 - 2015-07-12 20:20 - 00000000 ____D C:\Program Files (x86)\Smwyyntm1ndi1zdz
2015-07-12 17:56 - 2015-07-12 17:56 - 00059736 _____ (NetFilterSDK.com) C:\WINDOWS\system32\Drivers\ywi0mzf2nnmzbgf.sys
2015-07-02 14:12 - 2015-07-02 14:12 - 00000000 ____D C:\Users\Christina\AppData\Local\yuw0bzfvnm4zc2e
2015-06-19 13:25 - 2015-07-15 13:27 - 00000000 ____D C:\Users\Christina\AppData\Local\yva0vtetnkkzbmf
2015-06-23 16:23 - 2014-11-20 16:11 - 00000000 __SHD C:\Users\roobarb\AppData\Local\EmieBrowserModeList
2015-06-23 16:23 - 2014-05-13 14:59 - 00000000 __SHD C:\Users\roobarb\AppData\Local\EmieUserList
2015-06-23 16:23 - 2014-05-13 14:59 - 00000000 __SHD C:\Users\roobarb\AppData\Local\EmieSiteList
2015-06-20 15:17 - 2014-11-24 18:54 - 00000000 __SHD C:\Users\Christina\AppData\Local\EmieBrowserModeList
2015-06-20 15:17 - 2014-05-22 20:23 - 00000000 __SHD C:\Users\Christina\AppData\Local\EmieUserList
2015-06-20 15:17 - 2014-05-22 20:23 - 00000000 __SHD C:\Users\Christina\AppData\Local\EmieSiteList
C:\Users\Christina\21713-Fx-MPEG-Writer.exe
C:\Users\Christina\setup_avitompeg.exe
2013-04-16 20:43 - 2013-04-16 20:43 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
C:\Users\Christina\AppData\Local\Temp\dlLogic.exe
C:\Users\Christina\AppData\Local\Temp\Launcher__10623.exe
C:\Users\Christina\AppData\Local\Temp\Launcher__13221.exe
C:\Users\Christina\AppData\Local\Temp\post1.exe
C:\Users\Christina\AppData\Local\Temp\post2.dll
C:\Users\Christina\AppData\Local\Temp\post2.exe
C:\Users\Christina\AppData\Local\Temp\SPSetup.exe
C:\Users\Christina\AppData\Local\Temp\spstub.exe
C:\Users\Christina\AppData\Local\Temp\uobnyv04ydl6.exe
C:\Users\roobarb\AppData\Local\Temp\CloudBackup3165.exe
C:\Users\roobarb\AppData\Local\Temp\nsbAF1F.exe
C:\Users\roobarb\AppData\Local\Temp\nseB5D7.exe
C:\Users\roobarb\AppData\Local\Temp\nsgFBBD.exe
C:\Users\roobarb\AppData\Local\Temp\nsjF65D.exe
C:\Users\roobarb\AppData\Local\Temp\nsn404D.exe
C:\Users\roobarb\AppData\Local\Temp\SPSetup.exe
C:\Users\roobarb\AppData\Local\Temp\vcredist_x64.exe
C:\Users\roobarb\AppData\Local\Temp\vcredist_x86.exe
LPT System Updater Service (x32 Version: 1.0.0.0 - LPT) Hidden <==== ATTENTION
Task: {749E4181-6293-42DC-88C5-A42D6E0EF894} - System32\Tasks\{5E96BE2D-E5E4-4378-A4E7-B66B2C68951D} => pcalua.exe -a C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -c -uninstall
C:\ProgramData\WindowsMangerProtect
HKLM\...\StartupApproved\Run32: => "mwyyntm1ndi1zdz"
HKU\S-1-5-21-312760304-1295043521-704437419-1002\...\StartupApproved\Run: => "Browser Infrastructure Helper"
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end
*****************
Restore point was successfully created.
Processes closed successfully.
C:\Users\Christina\AppData\Local\yuw0bzfvnm4zc2e\yuw0bzfvnm4zc2e.exe => No running process found
C:\Users\Christina\AppData\Local\yuw0bzfvnm4zc2e\yuw0bzfvnm4zc2e.exe => moved successfully.
C:\Program Files\WindowsApps\GoogleInc.GoogleSearch_1.2.1.12_x64__yfg5n0ztvskxp\google-search.exe => No running process found
C:\Program Files\WindowsApps\GoogleInc.GoogleSearch_1.2.1.12_x64__yfg5n0ztvskxp => moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mwyyntm1ndi1zdz => value removed successfully
C:\Program Files (x86)\Smwyyntm1ndi1zdz => moved successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value restored successfully
C:\Users\Christina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\loons.lnk => moved successfully.
C:\Users\Christina\AppData\Local\yuw0bzfvnm4zc2e\yuw0bzfvnm4zc2e.exe not found.
C:\Users\Christina\AppData\Local\yuw0bzfvnm4zc2e => moved successfully.
"HKU\S-1-5-21-312760304-1295043521-704437419-1002\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}" => key removed successfully
HKCR\CLSID\{56256A51-B582-467e-B8D4-7786EDA79AE0} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => key removed successfully
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKU\S-1-5-21-312760304-1295043521-704437419-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}" => key removed successfully
"C:\Program Files (x86)\SupTab" => File/Folder not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => value removed successfully
"HKCR\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => value removed successfully
"HKCR\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}" => key removed successfully
HKU\S-1-5-21-312760304-1295043521-704437419-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} => value removed successfully
HKCR\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} => key not found.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma" => key removed successfully
C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx => moved successfully.
"C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx" => File/Folder not found.
C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma => moved successfully.
"C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma" => File/Folder not found.
UniversalUpdater => Service stopped successfully.
UniversalUpdater => Service removed successfully
C:\Program Files (x86)\0ca45c95134d => moved successfully.
ywi0mzf2nnmzbgf => Unable to stop service.
ywi0mzf2nnmzbgf => Service removed successfully
b786bdb3c67d => Service removed successfully
mwiynzm4ndy1yjz => Service removed successfully
C:\Windows\System32\drivers\ywi0mzf2nnmzbgf.sys => moved successfully.
"C:\Windows\system32\drivers\b786bdb3c67d.sys" => File/Folder not found.
"C:\Windows\system32\drivers\mwiynzm4ndy1yjz.sys" => File/Folder not found.
C:\Program Files (x86)\Hades => moved successfully.
"C:\Program Files (x86)\Smwyyntm1ndi1zdz" => File/Folder not found.
"C:\WINDOWS\system32\Drivers\ywi0mzf2nnmzbgf.sys" => File/Folder not found.
"C:\Users\Christina\AppData\Local\yuw0bzfvnm4zc2e" => File/Folder not found.
C:\Users\Christina\AppData\Local\yva0vtetnkkzbmf => moved successfully.
C:\Users\roobarb\AppData\Local\EmieBrowserModeList => moved successfully.
C:\Users\roobarb\AppData\Local\EmieUserList => moved successfully.
C:\Users\roobarb\AppData\Local\EmieSiteList => moved successfully.
C:\Users\Christina\AppData\Local\EmieBrowserModeList => moved successfully.
C:\Users\Christina\AppData\Local\EmieUserList => moved successfully.
C:\Users\Christina\AppData\Local\EmieSiteList => moved successfully.
C:\Users\Christina\21713-Fx-MPEG-Writer.exe => moved successfully.
C:\Users\Christina\setup_avitompeg.exe => moved successfully.
C:\ProgramData\DP45977C.lfl => moved successfully.
C:\Users\Christina\AppData\Local\Temp\dlLogic.exe => moved successfully.
C:\Users\Christina\AppData\Local\Temp\Launcher__10623.exe => moved successfully.
C:\Users\Christina\AppData\Local\Temp\Launcher__13221.exe => moved successfully.
C:\Users\Christina\AppData\Local\Temp\post1.exe => moved successfully.
C:\Users\Christina\AppData\Local\Temp\post2.dll => moved successfully.
C:\Users\Christina\AppData\Local\Temp\post2.exe => moved successfully.
C:\Users\Christina\AppData\Local\Temp\SPSetup.exe => moved successfully.
C:\Users\Christina\AppData\Local\Temp\spstub.exe => moved successfully.
C:\Users\Christina\AppData\Local\Temp\uobnyv04ydl6.exe => moved successfully.
C:\Users\roobarb\AppData\Local\Temp\CloudBackup3165.exe => moved successfully.
C:\Users\roobarb\AppData\Local\Temp\nsbAF1F.exe => moved successfully.
C:\Users\roobarb\AppData\Local\Temp\nseB5D7.exe => moved successfully.
C:\Users\roobarb\AppData\Local\Temp\nsgFBBD.exe => moved successfully.
C:\Users\roobarb\AppData\Local\Temp\nsjF65D.exe => moved successfully.
C:\Users\roobarb\AppData\Local\Temp\nsn404D.exe => moved successfully.
C:\Users\roobarb\AppData\Local\Temp\SPSetup.exe => moved successfully.
C:\Users\roobarb\AppData\Local\Temp\vcredist_x64.exe => moved successfully.
C:\Users\roobarb\AppData\Local\Temp\vcredist_x86.exe => moved successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}\\SystemComponent => value removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{749E4181-6293-42DC-88C5-A42D6E0EF894}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{749E4181-6293-42DC-88C5-A42D6E0EF894}" => key removed successfully
C:\Windows\System32\Tasks\{5E96BE2D-E5E4-4378-A4E7-B66B2C68951D} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5E96BE2D-E5E4-4378-A4E7-B66B2C68951D}" => key removed successfully
C:\ProgramData\WindowsMangerProtect => moved successfully.
HKLM\...\StartupApproved\Run32: => "mwyyntm1ndi1zdz" => Error: No automatic fix found for this entry.
HKU\S-1-5-21-312760304-1295043521-704437419-1002\Software\Microsoft\Windows\CurrentVersion\Run\\HKU\S-1-5-21-312760304-1295043521-704437419-1002\...\StartupApproved\Run: => "Browser Infrastructure Helper" => value not found.
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
The operation completed successfully.
========= End of Reg: =========
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
The operation completed successfully.
========= End of Reg: =========
========= bitsadmin /reset /allusers =========
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
{7A0EC522-17E1-4B5F-A608-C4A312726786} canceled.
1 out of 1 jobs canceled.
========= End of CMD: =========
========= RemoveProxy: =========
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-312760304-1295043521-704437419-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-312760304-1295043521-704437419-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
========= End of RemoveProxy: =========
EmptyTemp: => 813.8 MB temporary data Removed.
The system needed a reboot..
==== End of Fixlog 21:35:33 ====