1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

need to remove funmoods

Discussion in 'Virus & Other Malware Removal' started by Cheryl910, Jun 23, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. Cheryl910

    Cheryl910 Thread Starter

    Joined:
    Jun 23, 2012
    Messages:
    51
    Fun moods browser has become my unimvited web page. I uninstlled it in add remove programs but it still is there.

    I have followed the instructions for logs and they are as follows



    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Cheryl at 21:15:35 on 2012-06-22
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.4137 [GMT -7:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\PROGRA~2\COUPON~1\bar\3.bin\2pbarsvc.exe
    C:\Windows\system32\dleecoms.exe
    C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe
    C:\PROGRA~2\GAMING~2\bar\1.bin\gtbarsvc.exe
    C:\ProgramData\IBUpdaterService\ibsvc.exe
    C:\Windows\system32\mfevtps.exe
    C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
    C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\Dell V715w\dleemon.exe
    C:\Program Files (x86)\Dell V715w\ezprint.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Kaspersky Security Scan\KSS.exe
    C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe
    C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
    c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files\mcafee.com\agent\mcagent.exe
    C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtbrmon.exe
    C:\Program Files (x86)\Iminent\Iminent.exe
    C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\CouponAlert_2p\bar\3.bin\2pbrmon.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\Nero\Update\NASvc.exe
    C:\Windows\system32\StikyNot.exe
    C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
    C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingBar.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Opera\opera.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.iminent.com/?appId=650823d0-5818-4dfc-ac5d-10ecb493b3b7&ref=homepage
    mStart Page = hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzutAtN2Y1L1Qzu0DtDyCyB0EyDtD0AtCtD0CyC0FyE0BtAtN0D0TzutBtDtCtBtDyCtCyE&cr=686938904
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    uURLSearchHooks: N/A: {a8625cb7-85fe-4936-92a4-b2a7c925209e} - C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtSrcAs.dll
    uURLSearchHooks: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll
    uURLSearchHooks: N/A: {7b9f8c21-46ec-4c0b-8683-e755ef84577a} - C:\Program Files (x86)\CouponAlert_2p\bar\3.bin\2pSrcAs.dll
    uURLSearchHooks: MW2 Hack Lobby Post Your Gamertag Toolbar: {078076e7-229b-400e-95b6-a0b8ea60aedb} - C:\Program Files (x86)\MW2_Hack_Lobby_Post_Your_Gamertag\prxtbMW20.dll
    mURLSearchHooks: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll
    mURLSearchHooks: MW2 Hack Lobby Post Your Gamertag Toolbar: {078076e7-229b-400e-95b6-a0b8ea60aedb} - C:\Program Files (x86)\MW2_Hack_Lobby_Post_Your_Gamertag\prxtbMW20.dll
    mWinlogon: Userinit=userinit.exe
    BHO: MW2 Hack Lobby Post Your Gamertag Toolbar: {078076e7-229b-400e-95b6-a0b8ea60aedb} - C:\Program Files (x86)\MW2_Hack_Lobby_Post_Your_Gamertag\prxtbMW20.dll
    BHO: I Want This: {11111111-1111-1111-1111-110011221158} - C:\Program Files (x86)\I Want This\I Want This.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Facetheme: {27a220b7-bb43-4faf-b27b-f803d18eea28} - C:\Program Files (x86)\Object\bho_project.dll
    BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
    BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    BHO: Toolbar BHO: {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} - C:\PROGRA~2\COUPON~1\bar\3.bin\2pbar.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO: {3D8DDF5B-60F5-2FC7-BA91-41C0E8E82D7B} - No File
    BHO: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll
    BHO: TBSB01620 Class: {58124a0b-dc32-4180-9bff-e0e21ae34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll
    BHO: {59749E81-BFEA-A317-8D43-77D43422ECD0} - No File
    BHO: Search Assistant BHO: {60e91567-ef8a-4520-bce2-83aba5256799} - C:\Program Files (x86)\CouponAlert_2p\bar\3.bin\2pSrcAs.dll
    BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
    BHO: Funmoods Helper Object: {75ebb0aa-4214-4cb4-90ec-e3e07ecd04f7} - C:\PROGRA~2\Funmoods\1.5.23.22\bh\escort.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Toolbar BHO: {7c8f8fe5-9785-4f74-bcf8-895ef9752d97} - C:\PROGRA~2\GAMING~2\bar\1.bin\gtbar.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120622170453.dll
    BHO: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
    BHO: Fantapper: {8a86d350-37ab-410a-8531-7d1363f317b3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
    BHO: IMinent WebBooster (BHO): {a09ab6eb-31b5-454c-97ec-9b294d92ee2a} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll
    BHO: WinZip Courier BHO: {a8fb70fa-0fdf-4601-9dc4-bfa1b357204f} - C:\PROGRA~2\WINZIP~2\wzwmcie.dll
    BHO: Search Assistant BHO: {ab5d199e-9659-47a2-930b-fc3b69061353} - C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtSrcAs.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: DataMngr: {b939cf93-f2cb-443d-956c-dc523d85c9db} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\BROWSE~1.DLL
    BHO: Wincore Mediabar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: TBSB07898 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll
    BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
    TB: GamingWonderland: {a899079d-206f-43a6-be6a-07e0fa648ea0} - C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtbar.dll
    TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
    TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
    TB: IMinent Toolbar: {977ae9cc-af83-45e8-9e03-e2798216e2d5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll
    TB: Funmoods Toolbar: {a4c272ec-ed9e-4ace-a6f2-9558c7f29ef3} - C:\PROGRA~2\Funmoods\1.5.23.22\escorTlbr.dll
    TB: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll
    TB: Coupon Alert: {3462c343-be19-4143-af70-cefb56f46fc6} - C:\Program Files (x86)\CouponAlert_2p\bar\3.bin\2pbar.dll
    TB: Coupons.com CouponBar: {8660e5b3-6c41-44de-8503-98d99bbecd41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
    TB: MW2 Hack Lobby Post Your Gamertag Toolbar: {078076e7-229b-400e-95b6-a0b8ea60aedb} - C:\Program Files (x86)\MW2_Hack_Lobby_Post_Your_Gamertag\prxtbMW20.dll
    TB: Wincore Mediabar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll
    uRun: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
    uRun: [AROReminder]
    uRun: [RESTART_STICKY_NOTES] C:\Windows\system32\StikyNot.exe
    mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [<NO NAME>]
    mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
    mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
    mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
    mRun: [GamingWonderland Search Scope Monitor] "C:\PROGRA~2\GAMING~2\bar\1.bin\gtsrchmn.exe" /m=2 /w /h
    mRun: [GamingWonderland Browser Plugin Loader] C:\PROGRA~2\GAMING~2\bar\1.bin\gtbrmon.exe
    mRun: [Dell V715w] "C:\Program Files (x86)\Dell V715w\fm3032.exe" /s
    mRun: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
    mRun: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe /startup
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [CouponAlert_2p Browser Plugin Loader] C:\PROGRA~2\COUPON~1\bar\3.bin\2pbrmon.exe
    mRun: [Coupon Alert Search Scope Monitor] "C:\PROGRA~2\COUPON~1\bar\3.bin\2psrchmn.exe" /m=2 /w /h
    mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun: [DATAMNGR] C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\KASPER~1.LNK - C:\Program Files (x86)\Kaspersky Security Scan\KSS.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
    TCP: Interfaces\{9A2C600D-A613-4124-8012-60BE4E7920C1} : DhcpNameServer = 192.168.0.1 205.171.3.25
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
    BHO-X64: MW2 Hack Lobby Post Your Gamertag Toolbar: {078076e7-229b-400e-95b6-a0b8ea60aedb} - C:\Program Files (x86)\MW2_Hack_Lobby_Post_Your_Gamertag\prxtbMW20.dll
    BHO-X64: MW2 Hack Lobby Post Your Gamertag - No File
    BHO-X64: I Want This: {11111111-1111-1111-1111-110011221158} - C:\Program Files (x86)\I Want This\I Want This.dll
    BHO-X64: CrossriderApp0002258 - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Facetheme: {27a220b7-bb43-4faf-b27b-f803d18eea28} - C:\Program Files (x86)\Object\bho_project.dll
    BHO-X64: BHO Project - No File
    BHO-X64: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
    BHO-X64: Babylon toolbar helper - No File
    BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    BHO-X64: AVG Do Not Track - No File
    BHO-X64: Toolbar BHO: {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} - C:\PROGRA~2\COUPON~1\bar\3.bin\2pbar.dll
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: {3D8DDF5B-60F5-2FC7-BA91-41C0E8E82D7B} - No File
    BHO-X64: Bcool - No File
    BHO-X64: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll
    BHO-X64: WinZipBar - No File
    BHO-X64: TBSB01620 Class: {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll
    BHO-X64: TBSB01620 - No File
    BHO-X64: {59749E81-BFEA-A317-8D43-77D43422ECD0} - No File
    BHO-X64: Bcool - No File
    BHO-X64: Search Assistant BHO: {60e91567-ef8a-4520-bce2-83aba5256799} - C:\Program Files (x86)\CouponAlert_2p\bar\3.bin\2pSrcAs.dll
    BHO-X64: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
    BHO-X64: StartNow Toolbar Helper - No File
    BHO-X64: Funmoods Helper Object: {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\PROGRA~2\Funmoods\1.5.23.22\bh\escort.dll
    BHO-X64: Funmoods Helper Object - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Toolbar BHO: {7c8f8fe5-9785-4f74-bcf8-895ef9752d97} - C:\PROGRA~2\GAMING~2\bar\1.bin\gtbar.dll
    BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120622170453.dll
    BHO-X64: scriptproxy - No File
    BHO-X64: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
    BHO-X64: Fantapper: {8A86D350-37AB-410A-8531-7D1363F317B3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll
    BHO-X64: Fantapper - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
    BHO-X64: IMinent WebBooster (BHO): {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll
    BHO-X64: IMinent WebBooster - No File
    BHO-X64: WinZip Courier BHO: {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\PROGRA~2\WINZIP~2\wzwmcie.dll
    BHO-X64: WinZip Courier BHO - No File
    BHO-X64: Search Assistant BHO: {ab5d199e-9659-47a2-930b-fc3b69061353} - C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtSrcAs.dll
    BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: DataMngr: {B939CF93-F2CB-443d-956C-DC523D85C9DB} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\BROWSE~1.DLL
    BHO-X64: Wincore Mediabar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll
    BHO-X64: Wincore Mediabar - No File
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: TBSB07898 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll
    BHO-X64: TBSB07898 - No File
    BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
    BHO-X64: Yontoo Layers - No File
    TB-X64: GamingWonderland: {a899079d-206f-43a6-be6a-07e0fa648ea0} - C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtbar.dll
    TB-X64: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
    TB-X64: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
    TB-X64: IMinent Toolbar: {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll
    TB-X64: Funmoods Toolbar: {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\PROGRA~2\Funmoods\1.5.23.22\escorTlbr.dll
    TB-X64: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll
    TB-X64: Coupon Alert: {3462c343-be19-4143-af70-cefb56f46fc6} - C:\Program Files (x86)\CouponAlert_2p\bar\3.bin\2pbar.dll
    TB-X64: Coupons.com CouponBar: {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
    TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
    TB-X64: MW2 Hack Lobby Post Your Gamertag Toolbar: {078076e7-229b-400e-95b6-a0b8ea60aedb} - C:\Program Files (x86)\MW2_Hack_Lobby_Post_Your_Gamertag\prxtbMW20.dll
    TB-X64: Wincore Mediabar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll
    mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [(Default)]
    mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
    mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
    mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun-x64: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
    mRun-x64: [GamingWonderland Search Scope Monitor] "C:\PROGRA~2\GAMING~2\bar\1.bin\gtsrchmn.exe" /m=2 /w /h
    mRun-x64: [GamingWonderland Browser Plugin Loader] C:\PROGRA~2\GAMING~2\bar\1.bin\gtbrmon.exe
    mRun-x64: [Dell V715w] "C:\Program Files (x86)\Dell V715w\fm3032.exe" /s
    mRun-x64: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
    mRun-x64: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe /startup
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [CouponAlert_2p Browser Plugin Loader] C:\PROGRA~2\COUPON~1\bar\3.bin\2pbrmon.exe
    mRun-x64: [Coupon Alert Search Scope Monitor] "C:\PROGRA~2\COUPON~1\bar\3.bin\2psrchmn.exe" /m=2 /w /h
    mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
    mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun-x64: [DATAMNGR] C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE
    IE-X64: {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk
    AppInit_DLLs-X64: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
    R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
    R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-4-30 5106744]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
    R2 CouponAlert_2pService;Coupon AlertService;C:\PROGRA~2\COUPON~1\bar\3.bin\2pbarsvc.exe [2012-4-5 42504]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 dlee_device;dlee_device;C:\Windows\system32\dleecoms.exe -service --> C:\Windows\system32\dleecoms.exe -service [?]
    R2 FTSvc;Fantapper Player Update Service;C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe [2011-12-15 11776]
    R2 GamingWonderlandService;GamingWonderlandService;C:\PROGRA~2\GAMING~2\bar\1.bin\gtbarsvc.exe [2011-11-17 42504]
    R2 IBUpdaterService;Updater Service;C:\ProgramData\IBUpdaterService\ibsvc.exe [2012-4-29 397848]
    R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
    R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
    R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
    R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-11-11 199272]
    R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-11-11 210584]
    R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
    R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
    R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-11-11 1692480]
    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-5-29 2143072]
    R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [2011-10-25 244960]
    R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-6-11 935480]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
    R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
    R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
    R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
    R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
    R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
    R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
    R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2012-3-29 11856]
    S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-7-13 150920]
    S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-11-11 224704]
    S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-4-10 25072]
    S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-06-19 05:30:22 -------- d-----w- C:\Users\Cheryl\AppData\Roaming\Mael
    2012-06-19 05:26:24 -------- d-----w- C:\Program Files (x86)\HxD
    2012-06-14 22:24:10 -------- d-----w- C:\Program Files (x86)\Yontoo
    2012-06-14 22:24:07 -------- d-----w- C:\ProgramData\Tarma Installer
    2012-06-14 22:23:14 -------- d-----w- C:\Program Files (x86)\1ClickDownload
    2012-06-14 21:18:06 -------- d-----w- C:\Program Files (x86)\ARO 2012
    2012-06-14 21:07:21 35680 ----a-w- C:\Windows\System32\uxtuneup.dll
    2012-06-14 21:07:21 29024 ----a-w- C:\Windows\SysWow64\uxtuneup.dll
    2012-06-14 21:04:53 34656 ----a-w- C:\Windows\System32\TURegOpt.exe
    2012-06-14 21:04:51 25952 ----a-w- C:\Windows\System32\authuitu.dll
    2012-06-14 21:04:50 21344 ----a-w- C:\Windows\SysWow64\authuitu.dll
    2012-06-14 21:04:32 -------- d-----w- C:\Users\Cheryl\AppData\Roaming\TuneUp Software
    2012-06-14 21:04:23 -------- d-----w- C:\Program Files (x86)\TuneUp Utilities 2012
    2012-06-14 21:04:21 -------- d-----w- C:\ProgramData\TuneUp Software
    2012-06-14 21:04:17 -------- d-sh--w- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
    2012-06-14 21:03:39 -------- d-----w- C:\Users\Cheryl\FrostWire
    2012-06-14 21:03:36 -------- d-----w- C:\Users\Cheryl\.frostwire5
    2012-06-14 21:03:34 -------- d-----w- C:\Users\Cheryl\AppData\Roaming\OpenCandy
    2012-06-14 20:12:37 -------- d-----w- C:\Users\Cheryl\AppData\Roaming\MusicNet
    2012-06-14 20:12:36 -------- d-----w- C:\ProgramData\2436C
    2012-06-14 20:12:15 -------- d-----w- C:\ProgramData\boost_interprocess
    2012-06-14 20:11:27 -------- d-----w- C:\Program Files (x86)\BearShare Applications
    2012-06-14 20:10:43 -------- d-----w- C:\Users\Cheryl\AppData\Local\PackageAware
    2012-06-14 01:38:09 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-06-14 01:38:09 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-06-14 01:38:08 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-06-13 06:39:40 -------- d-----w- C:\Users\Cheryl\AppData\Local\{36393369-F3D6-48E4-BD83-F4904D977A78}
    2012-05-27 08:37:42 -------- d-----w- C:\Users\Cheryl\AppData\Roaming\Optimizer Pro
    2012-05-27 08:37:34 -------- d-----w- C:\ProgramData\Premium
    2012-05-27 08:37:32 -------- d-----w- C:\ProgramData\Bcool
    2012-05-27 08:37:18 -------- d-----w- C:\Program Files (x86)\Optimizer Pro
    2012-05-27 08:37:00 -------- d-----w- C:\ProgramData\InstallMate
    2012-05-27 08:16:09 -------- d-----w- C:\Program Files (x86)\MW2_Hack_Lobby_Post_Your_Gamertag
    2012-05-27 07:01:19 -------- d-----w- C:\Users\Cheryl\PDFCreator
    2012-05-24 16:16:03 -------- d-----w- C:\Users\Cheryl\AppData\Local\{FFBF516B-ADB9-4C1A-AF78-BF2632732D2D}
    .
    ==================== Find3M ====================
    .
    2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
    2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
    2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
    2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
    2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
    2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2012-04-19 11:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
    2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
    2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
    2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    .
    ============= FINISH: 21:18:24.54 ===============


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 8:53:23 PM, on 6/22/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16446)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Dell V715w\dleemon.exe
    C:\Program Files (x86)\Dell V715w\ezprint.exe
    C:\Program Files (x86)\Kaspersky Security Scan\KSS.exe
    C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe
    C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
    C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtbrmon.exe
    C:\Program Files (x86)\Iminent\Iminent.exe
    C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\CouponAlert_2p\bar\3.bin\2pbrmon.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingBar.exe
    C:\Program Files (x86)\Opera\opera.exe
    C:\Users\Cheryl\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.iminent.com/?appId=650823d0-5818-4dfc-ac5d-10ecb493b3b7&ref=homepage
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=nv...0FyE0BtAtN0D0TzutBtDtCtBtDyCtCyE&cr=686938904
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
    R3 - URLSearchHook: (no name) - {a8625cb7-85fe-4936-92a4-b2a7c925209e} - C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtSrcAs.dll
    R3 - URLSearchHook: WinZipBar Toolbar - {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll
    R3 - URLSearchHook: (no name) - {7b9f8c21-46ec-4c0b-8683-e755ef84577a} - C:\Program Files (x86)\CouponAlert_2p\bar\3.bin\2pSrcAs.dll
    R3 - URLSearchHook: MW2 Hack Lobby Post Your Gamertag Toolbar - {078076e7-229b-400e-95b6-a0b8ea60aedb} - C:\Program Files (x86)\MW2_Hack_Lobby_Post_Your_Gamertag\prxtbMW20.dll
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: MW2 Hack Lobby Post Your Gamertag - {078076e7-229b-400e-95b6-a0b8ea60aedb} - C:\Program Files (x86)\MW2_Hack_Lobby_Post_Your_Gamertag\prxtbMW20.dll
    O2 - BHO: CrossriderApp0002258 - {11111111-1111-1111-1111-110011221158} - C:\Program Files (x86)\I Want This\I Want This.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: BHO Project - {27a220b7-bb43-4faf-b27b-f803d18eea28} - C:\Program Files (x86)\Object\bho_project.dll (file missing)
    O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
    O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    O2 - BHO: Toolbar BHO - {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} - C:\PROGRA~2\COUPON~1\bar\3.bin\2pbar.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    O2 - BHO: Bcool - {3D8DDF5B-60F5-2FC7-BA91-41C0E8E82D7B} - (no file)
    O2 - BHO: WinZipBar - {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll
    O2 - BHO: TBSB01620 - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll
    O2 - BHO: Bcool - {59749E81-BFEA-A317-8D43-77D43422ECD0} - (no file)
    O2 - BHO: Search Assistant BHO - {60e91567-ef8a-4520-bce2-83aba5256799} - C:\Program Files (x86)\CouponAlert_2p\bar\3.bin\2pSrcAs.dll
    O2 - BHO: StartNow Toolbar Helper - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
    O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\PROGRA~2\Funmoods\1.5.23.22\bh\escort.dll (file missing)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O2 - BHO: Toolbar BHO - {7c8f8fe5-9785-4f74-bcf8-895ef9752d97} - C:\PROGRA~2\GAMING~2\bar\1.bin\gtbar.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120622170453.dll
    O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
    O2 - BHO: Fantapper - {8A86D350-37AB-410A-8531-7D1363F317B3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
    O2 - BHO: IMinent WebBooster - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll
    O2 - BHO: WinZip Courier BHO - {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\PROGRA~2\WINZIP~2\wzwmcie.dll
    O2 - BHO: Search Assistant BHO - {ab5d199e-9659-47a2-930b-fc3b69061353} - C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtSrcAs.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: DataMngr - {B939CF93-F2CB-443d-956C-DC523D85C9DB} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\BROWSE~1.DLL
    O2 - BHO: Wincore Mediabar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: TBSB07898 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll
    O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
    O3 - Toolbar: GamingWonderland - {a899079d-206f-43a6-be6a-07e0fa648ea0} - C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtbar.dll
    O3 - Toolbar: StartNow Toolbar - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
    O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
    O3 - Toolbar: IMinent Toolbar - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll
    O3 - Toolbar: Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\PROGRA~2\Funmoods\1.5.23.22\escorTlbr.dll (file missing)
    O3 - Toolbar: WinZipBar Toolbar - {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll
    O3 - Toolbar: Coupon Alert - {3462c343-be19-4143-af70-cefb56f46fc6} - C:\Program Files (x86)\CouponAlert_2p\bar\3.bin\2pbar.dll
    O3 - Toolbar: Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" (file missing)
    O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
    O3 - Toolbar: MW2 Hack Lobby Post Your Gamertag Toolbar - {078076e7-229b-400e-95b6-a0b8ea60aedb} - C:\Program Files (x86)\MW2_Hack_Lobby_Post_Your_Gamertag\prxtbMW20.dll
    O3 - Toolbar: Wincore Mediabar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll
    O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
    O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
    O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
    O4 - HKLM\..\Run: [GamingWonderland Search Scope Monitor] "C:\PROGRA~2\GAMING~2\bar\1.bin\gtsrchmn.exe" /m=2 /w /h
    O4 - HKLM\..\Run: [GamingWonderland Browser Plugin Loader] C:\PROGRA~2\GAMING~2\bar\1.bin\gtbrmon.exe
    O4 - HKLM\..\Run: [Dell V715w] "C:\Program Files (x86)\Dell V715w\fm3032.exe" /s
    O4 - HKLM\..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
    O4 - HKLM\..\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe /startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [CouponAlert_2p Browser Plugin Loader] C:\PROGRA~2\COUPON~1\bar\3.bin\2pbrmon.exe
    O4 - HKLM\..\Run: [Coupon Alert Search Scope Monitor] "C:\PROGRA~2\COUPON~1\bar\3.bin\2psrchmn.exe" /m=2 /w /h
    O4 - HKLM\..\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
    O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE
    O4 - HKCU\..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
    O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\system32\StikyNot.exe
    O4 - Global Startup: Kaspersky Security Scan.lnk = ?
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Fantapper - {AB745E88-1BAD-4B80-A83E-7C964EAC9804} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll (HKCU)
    O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll
    O20 - AppInit_DLLs: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Coupon AlertService (CouponAlert_2pService) - COMPANYVERS_NAME - C:\PROGRA~2\COUPON~1\bar\3.bin\2pbarsvc.exe
    O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
    O23 - Service: dlee_device - - C:\Windows\system32\dleecoms.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Fantapper Player Update Service (FTSvc) - Brand Affinity Technologies - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe
    O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    O23 - Service: GamingWonderlandService - COMPANYVERS_NAME - C:\PROGRA~2\GAMING~2\bar\1.bin\gtbarsvc.exe
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
    O23 - Service: Updater Service (IBUpdaterService) - Unknown owner - C:\ProgramData\IBUpdaterService\ibsvc.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\mcafee\msc\mcawfwk.exe
    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Dell DataSafe Online (NOBU) - Dell, Inc. - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
    O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Updater Service for StartNow Toolbar - Unknown owner - C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: vToolbarUpdater11.1.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 20548 bytes
     

    Attached Files:

    • DDS.txt
      File size:
      36.8 KB
      Views:
      1
  2. Sponsor

  3. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    69,227
    Your DDS log shows both McAfee and AVG 2012 installed and running.

    Multiple antivirus programs installed and running in the same computer will fight each other and bog it down and cause other problems.

    I suggest you get rid of BOTH of them and then install Microsoft Security Essentials 4.0.1526.0 to replace them.

    If you do decide to get rid of BOTH of them, you need to run McAfee Consumer Product Removal Tool and AVG Remover(64bit) 2012 afterwards so they find and remove the leftover file and registry "debris" from their uninstalls.

    After that's all done, you can then install Microsoft Security Essentials.

    It's light-weight and very user-friendly and well-recommended here.

    -----------------------------------------------------------

    We need to get a better picture of what's currently installed in your computer, so do the following:

    Start HiJackThis.

    Click on the "Open The Misc Tools Section" button.

    Click on the "Open Uninstall Manager" button.

    Click on the "Save List" button.

    Save the "uninstall_list.txt" file somewhere.

    It'll then open in Notepad.

    Return here to your thread, then copy-and-paste the entire file here.

    ---------------------------------------------------------

    Your computer is infested with malware, spyware, etc. and has a number of other issues that need to be resolved.

    --------------------------------------------------------
     
  4. Cheryl910

    Cheryl910 Thread Starter

    Joined:
    Jun 23, 2012
    Messages:
    51
    1ClickDownloader
    Adobe AIR
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Reader X (10.1.3) MUI
    All Star Slots
    ATI Catalyst Control Center
    Babylon toolbar on IE
    Bcool
    Bejeweled 2 Deluxe
    Bing Bar
    Bing Rewards Client Installer
    Blackhawk Striker 2
    Blio
    Bounce Symphony
    Build-a-lot 2
    Cake Mania
    Catalyst Control Center - Branding
    Chuzzle Deluxe
    Consumer In-Home Service Agreement
    Coupon Printer for Windows
    CouponAlert Toolbar
    CouponBar
    D3DX10
    Dell DataSafe Local Backup
    Dell DataSafe Local Backup - Support Software
    Dell DataSafe Online
    Dell Digital Delivery
    Dell Getting Started Guide
    Dell Marketplace Webslice IE8
    Dell MusicStage
    Dell PhotoStage
    Dell PhotoStage
    Dell Stage
    Dell VideoStage
    Dell VideoStage
    Diner Dash 2 Restaurant Rescue
    DirectX 9 Runtime
    Dora's World Adventure
    eBay
    Escape Whisper Valley (TM)
    Facetheme
    Family Tree Maker 9.0
    Fantapper Player
    Farm Frenzy
    FATE
    Final Drive Fury
    Final Drive Nitro
    GamingWonderland
    GoToAssist 8.0.0.514
    High-Definition Video Playback
    HxD Hex Editor version 1.7.7.0
    I Want This
    Iminent
    Iminent
    IMinent Toolbar
    Internet Explorer
    Java(TM) 6 Update 31
    Jewel Quest
    Jewel Quest Solitaire 2
    Junk Mail filter update
    Kaspersky Security Scan
    Luxor
    McAfee SecurityCenter
    Mesh Runtime
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Starter 2010 - English
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MW2 Hack Lobby Post Your Gamertag Toolbar
    Namco All-Stars PAC-MAN
    Nero 10 Movie ThemePack Basic
    Nero Control Center 10
    Nero ControlCenter 10 Help (CHM)
    Nero Core Components 10
    Nero Update
    Opera 11.61
    Optimizer Pro v3.0
    Penguins!
    PhotoScape
    PhotoShowExpress
    Plants vs. Zombies - Game of the Year
    PlayReady PC Runtime x86
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    Realtek High Definition Audio Driver
    Roxio Activation Module
    Roxio BackOnTrack
    Roxio Burn
    Roxio Creator Starter
    Roxio Creator Starter
    Roxio Creator Starter
    Roxio Express Labeler 3
    Samantha Swift
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Skype Toolbars
    Skype&#8482; 4.2
    Sonic CinePlayer Decoder Pack
    StartNow Toolbar
    SyncUP
    SyncUP
    TrustedID
    TuneUp Utilities 2012
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update Installer for WildTangent Games App
    Updater Service
    Virtual Villagers 4 - The Tree of Life
    Visual Studio 2008 x64 Redistributables
    Wedding Dash - Ready, Aim, Love!
    WildTangent Games
    WildTangent Games App (Dell Games)
    Wincore MediaBar
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR 4.20 beta 3 (32-bit)
    WinZip Courier
    WinZipBar Toolbar
    Zinio Reader 4
    Zinio Reader 4
    Zuma Deluxe
     
  5. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    69,227
    Do the following in the order that they're listed.

    ------------------------------------------------------------

    Download and SAVE

    Adobe Flash Player ActiveX 11.3.300.257

    Adobe Flash Player Plugin 11.3.300.257

    Java Runtime Environment 1.6.0.33(6 Update 33)

    Malwarebytes Anti-Malware 1.61.0.1400

    Opera 11.64

    SUPERAntiSpyware 5.1.0.1002

    Just download and SAVE them and DON'T do anything with them yet.

    ------------------------------------------------------------

    Go to Control Panel - Programs And Features, then uninstall

    Babylon Toolbar

    Bing Bar

    CouponAlert Toolbar

    CouponBar

    Fantapper Player

    Funmoods Toolbar

    GamingWonderland Toolbar

    I Want This

    Iminent

    IMinent Toolbar

    MW2 Hack Lobby Post Your Gamertag Toolbar

    Optimizer Pro

    StartNow Toolbar

    TuneUp Utilities

    Wincore MediaBar

    WinZipBar Toolbar

    Yontoo Layers


    ------------------------------------------------------------

    Install Malwarebytes Anti-Malware and SUPERAntiSpyware.

    Make sure to update their definition files during the install process.

    Make sure to uncheck and decline to install any extras, such as toolbars and homepages, they may offer.

    Decline to use the "trial" version.

    After they've been installed and updated, restart the computer.

    DON'T run any scans with them yet.

    ------------------------------------------------------------

    Advise when all of the above has been done.

    ------------------------------------------------------------
     
  6. Cheryl910

    Cheryl910 Thread Starter

    Joined:
    Jun 23, 2012
    Messages:
    51
    All of the above has been done. 2 issues though
    Although funmood is removed from the list of programs it remains the initial browser that pops up.
    and
    2. Yontoo layers would not uninstall. message said "set up iniatialization error"
     
  7. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    69,227
    Do the following in the order listed.

    DON'T use the computer while each scan is in progress.

    --------------------------------------------------------

    Start Malwarebytes Anti-Malware.

    Click "Scanner(tab) - Perform quick scan - Scan".

    If infections or problems are found during the scan, the number of them will be highlighted in red.

    When the scan is finished, click "Show Results".

    Make sure that EVERYTHING is selected, then click "Remove Selected".

    If you're prompted to restart to finish the removal process, click "Yes".

    Start Malwarebytes Anti-Malware again.

    Click "Logs"(tab).

    Highlight the scan log entry, then click "Open".

    When the scan log appears in Notepad, copy-and-paste it here.

    --------------------------------------------------------

    Start SUPERAntiSpyware.

    Select the "Quick Scan" option, then click "Scan your Computer".

    If infections or problems are found during the scan, a list will appear and the number of them will be highlighted in red.

    When the scan is finished and the scan summary window appears, click "Continue".

    Make sure that EVERYTHING in the list is selected, then click "Remove Threats".

    Click "OK - Finish".

    If you're prompted to restart to finish the removal process, do so.

    Start SUPERAntiSpyware again.

    Click "View Scan Logs".

    Highlight the scan log entry, then click "View Selected Log".

    When the scan log appears in Notepad, copy-and-paste it here.

    --------------------------------------------------------

    Start HiJackThis, then click "Do a system scan and save a log file"

    Save the new log that appears, then copy-and-paste it here.

    --------------------------------------------------------
     
  8. Cheryl910

    Cheryl910 Thread Starter

    Joined:
    Jun 23, 2012
    Messages:
    51
    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.06.24.04

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Cheryl :: CHERYL-PC [administrator]

    6/25/2012 10:54:42 AM
    mbam-log-2012-06-25 (10-54-42).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 208201
    Time elapsed: 4 minute(s), 19 second(s)

    Memory Processes Detected: 1
    C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> 1888 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 29
    HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.
    HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
    HKCR\funmoods.funmoodsHlpr.1 (PUP.FunMoods) -> Quarantined and deleted successfully.
    HKCR\funmoods.funmoodsHlpr (PUP.FunMoods) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
    HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\funmoods.dskBnd (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\f (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{23B38049-323F-443D-9732-F454E5B15B72} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
    HKCR\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facetheme-apl (PUP.FCTPlugin) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Quarantined and deleted successfully.

    Registry Values Detected: 2
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 2
    C:\Program Files (x86)\Object (PUP.FCTPlugin) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Object\chromeaddon (PUP.FCTPlugin) -> Quarantined and deleted successfully.

    Files Detected: 16
    C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> Delete on reboot.
    C:\ProgramData\Bcool\bhoclass.dll (PUP.DownloadnSave) -> Quarantined and deleted successfully.
    C:\Users\Cheryl\Desktop\DownloadSetup.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
    C:\Users\Cheryl\Downloads\FLVPlayerSetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Users\Cheryl\Downloads\freefileviewer_2_1283.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.
    C:\Users\Cheryl\Downloads\IWONSetup2.3.96.3.ZLchr999.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Object\enable.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Object\ChromeAddon.pem (PUP.FCTPlugin) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Object\config.ini (PUP.FCTPlugin) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Object\facetheme-apl_uninstall.exe (PUP.FCTPlugin) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Object\status2.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Object\status3.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Object\chromeaddon\._included.js (PUP.FCTPlugin) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Object\chromeaddon\background.html (PUP.FCTPlugin) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Object\chromeaddon\included.js (PUP.FCTPlugin) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Object\chromeaddon\manifest.json (PUP.FCTPlugin) -> Quarantined and deleted successfully.

    (end)
     
  9. Cheryl910

    Cheryl910 Thread Starter

    Joined:
    Jun 23, 2012
    Messages:
    51
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 06/25/2012 at 11:13 AM

    Application Version : 5.1.1002

    Core Rules Database Version : 8788
    Trace Rules Database Version: 6600

    Scan type : Quick Scan
    Total Scan Time : 00:06:08

    Operating System Information
    Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
    UAC On - Limited User

    Memory items scanned : 656
    Memory threats detected : 0
    Registry items scanned : 54346
    Registry threats detected : 7
    File items scanned : 11874
    File threats detected : 199

    PUP.StartNow Toolbar
    (x86) HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
    (x86) HKU\S-1-5-21-232740147-1963858834-2666491947-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
    (x86) HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}

    Adware.Tracking Cookie
    C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\FVIC35HT.txt [ /thetrafficstat.net ]
    C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\4MB8G3BP.txt [ /doubleclick.net ]
    C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\768YHN6S.txt [ /apmebf.com ]
    C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\EFE4H949.txt [ /r1-ads.ace.advertising.com ]
    C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\AWDPARNX.txt [ /ru4.com ]
    C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\0TMMNF0X.txt [ /mediaplex.com ]
    C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\JU90PBFE.txt [ /mywebsearch.com ]
    C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\6NUGLZWO.txt [ /statse.webtrendslive.com ]
    C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\BLDS6RG1.txt [ /bs.serving-sys.com ]
    C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\JQ0R2KJF.txt [ /pointroll.com ]
    C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\I6ZIRVMO.txt [ /msnportal.112.2o7.net ]
    C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\TO6E55AA.txt [ /atdmt.com ]
    C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\346MQ2NX.txt [ /adserv.brandaffinity.net ]
    C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\0KULRR63.txt [ /avgtechnologies.112.2o7.net ]
    C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\H2BVRE7Z.txt [ /interclick.com ]
    C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\9IT5RREK.txt [ /invitemedia.com ]
    C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\23DA90J0.txt [ /api31.thetrafficstat.net ]
    C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\QIC9LPB9.txt [ /lucidmedia.com ]
    C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\CDHC3DNE.txt [ /casalemedia.com ]
    C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\Z1EB5IJS.txt [ /adxpose.com ]
    C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\91QVX1SQ.txt [ /mm.chitika.net ]
    C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\3RDJTG38.txt [ /ads.pointroll.com ]
    C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\CNOG5VXA.txt [ /search.mywebsearch.com ]
    C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\TX1KYHOC.txt [ /questionmarket.com ]
    C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\DEHS8ZUM.txt [ /ads.undertone.com ]
    C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\E3TEO0UU.txt [ /tags.toolbarsmedia.com ]
    C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\SUAM3ZGC.txt [ /at.atwola.com ]
    C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\BNW9SCH1.txt [ /a1.interclick.com ]
    C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\7TG4TBLP.txt [ /home.mywebsearch.com ]
    C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\MJ6AFAZH.txt [ /pro-market.net ]
    C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\Q2OJHKUL.txt [ /adbrite.com ]
    C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\Z4T0O3G6.txt [ /mywebsearch.com ]
    C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\33VO8ZYR.txt [ /chitika.net ]
    C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\P7LSMPWI.txt [ /advertising.com ]
    C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\LRXYU3S4.txt [ /yieldmanager.net ]
    C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\MWNCZITU.txt [ /imrworldwide.com ]
    C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\5HJM9YKY.txt [ /ad.yieldmanager.com ]
    C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\7Z20O0G5.txt [ /c.atdmt.com ]
    C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\6KYQDY6A.txt [ /adserver.adtechus.com ]
    C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\STJUT4HT.txt [ /thetrafficstat.net ]
    C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\8SUIHOYC.txt [ /zgstats.com ]
    C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\OVSEBYM0.txt [ /media6degrees.com ]
    C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\YN73NS9D.txt [ /api32.thetrafficstat.net ]
    C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\KECXHIJ6.txt [ /serving-sys.com ]
    C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\D34KLLFV.txt [ /zedo.com ]
    C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\4Q0V53LZ.txt [ /tags.toolbarsmedia.com ]
    C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\MOCKFOKB.txt [ Cookie:[email protected]/pagead/conversion/1001747818/ ]
    C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\CP4VLVPY.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\MLPIB6X7.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\W41S26YC.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\NKGWRIFL.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\O269MC8V.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\07MD0YIQ.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\CE43HL19.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\TMS3VYJ2.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZLVC2SBW.txt [ Cookie:[email protected]/pagead/conversion/1061409011/ ]
    C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\R1473B7V.txt [ Cookie:[email protected]/adserving ]
    C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\9XOPUOIS.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZA0SAANO.txt [ Cookie:[email protected]/pagead/conversion/1029939769/ ]
    C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\OOV9S2X5.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\PWKVPXAL.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\PMWP30GZ.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\LVAUNMZN.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\DUR28JA5.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\D1DN2ZGM.txt [ Cookie:[email protected]/pagead/conversion/1017653003/ ]
    C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\BC0HWH0V.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\IQ4WO8HP.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\M4157BEP.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\JCBOJIK9.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\B02RNRWK.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\PTOYTMHV.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\SO1D4V61.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\H5TKL24N.txt [ Cookie:[email protected]/adi/tgn.rootsweb.com/ ]
    C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\9R5OA1N1.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\53E07K7Y.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z44EP05H.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\S2WS9P5B.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\EF5Z1CEV.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\9IJL5B1A.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\9SEDWKQ7.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\BFTM1CCX.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\E4AH32F3.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\IM0FQLH1.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\KF449NYV.txt [ Cookie:[email protected]/pagead/conversion/1010576464/ ]
    C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\226QO8YU.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\6Y6C239M.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\SZ83W9AF.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\PYSKN0L2.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\GN8S3JGY.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\JHN92TQ5.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\M6E7WDIG.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\4L9MS45V.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\4QEZXKWE.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\OUQBK3VC.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\9FNKONTW.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\Cookies\FVIC35HT.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\Cookies\4MB8G3BP.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\Cookies\EFE4H949.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\Cookies\AWDPARNX.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\Cookies\0TMMNF0X.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\Cookies\JU90PBFE.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\Cookies\6NUGLZWO.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\Cookies\JQ0R2KJF.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\Cookies\I6ZIRVMO.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\Cookies\TO6E55AA.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\Cookies\346MQ2NX.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\Cookies\0KULRR63.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\Cookies\H2BVRE7Z.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\Cookies\QIC9LPB9.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\Cookies\Z1EB5IJS.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\Cookies\91QVX1SQ.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\Cookies\CNOG5VXA.txt [ Cookie:[email protected]/mywebsearch/ ]
    C:\USERS\CHERYL\Cookies\TX1KYHOC.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\Cookies\E3TEO0UU.txt [ Cookie:[email protected]/track/ ]
    C:\USERS\CHERYL\Cookies\SUAM3ZGC.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\Cookies\BNW9SCH1.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\Cookies\MJ6AFAZH.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\Cookies\33VO8ZYR.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\Cookies\P7LSMPWI.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\Cookies\LRXYU3S4.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\Cookies\5HJM9YKY.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\Cookies\6KYQDY6A.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\Cookies\OVSEBYM0.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\Cookies\YN73NS9D.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\Cookies\KECXHIJ6.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\Cookies\D34KLLFV.txt [ Cookie:[email protected]/ ]
    C:\USERS\CHERYL\Cookies\4Q0V53LZ.txt [ Cookie:[email protected]/ ]

    PUP.MyWebSearch
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2EJJS7UY\unified[2].css [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5NKZB03R\query[3].js [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YUWOL2MT\GGmain[1].htm [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YM4BU9V1\hp.home-base[1].js [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YM4BU9V1\GGmain[1].htm [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YM4BU9V1\query[2].js [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YUWOL2MT\query[1].js [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YM4BU9V1\redirect[3].jhtml [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SWV26LM6\query[2].js [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YUWOL2MT\redirect[1].jhtml [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SWV26LM6\enable_mywebsearch_com[1].htm [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SWV26LM6\mwsGBv2-compressed[1].js [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YM4BU9V1\redirect[1].jhtml [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U1E1OWLX\ads[1].htm [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5NKZB03R\query[9].js [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U1E1OWLX\query[9].js [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YUWOL2MT\query[2].js [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U1E1OWLX\GGmain[2].htm [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5NKZB03R\query[2].js [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2EJJS7UY\query[11].js [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5SLDYQGT\unified[1].css [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YM4BU9V1\query[1].js [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YM4BU9V1\redirect[2].jhtml [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2EJJS7UY\query[4].js [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2EJJS7UY\query[10].js [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5NKZB03R\queryCAKCYT9M.js [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QEGZ2KQ1\query[3].js [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U1E1OWLX\query[8].js [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YM4BU9V1\query[5].js [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SWV26LM6\query[5].js [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YM4BU9V1\standard[2].js [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U1E1OWLX\query[3].js [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YUWOL2MT\ads[4].js [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QEGZ2KQ1\query[1].js [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2EJJS7UY\query[9].js [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5NKZB03R\query[1].js [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2EJJS7UY\query[5].js [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2EJJS7UY\query[1].js [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SWV26LM6\query[1].js [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5SLDYQGT\query[1].js [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QEGZ2KQ1\redirect[2].jhtml [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QEGZ2KQ1\query[11].js [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5NKZB03R\query[7].js [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YM4BU9V1\query[6].js [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2EJJS7UY\query[8].js [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QEGZ2KQ1\query[5].js [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U1E1OWLX\query[11].js [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5NKZB03R\ads[1].htm [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QEGZ2KQ1\query[2].js [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2EJJS7UY\query[3].js [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U1E1OWLX\query[5].js [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QEGZ2KQ1\query[6].js [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2EJJS7UY\GGmain[1].htm [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QEGZ2KQ1\query[9].js [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U1E1OWLX\query[7].js [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2EJJS7UY\query[7].js [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QEGZ2KQ1\query[4].js [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5NKZB03R\query[11].js [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5NKZB03R\redirect[1].jhtml [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U1E1OWLX\query[4].js [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5NKZB03R\query[4].js [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5NKZB03R\query[10].js [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QEGZ2KQ1\query[10].js [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5NKZB03R\getSegment[1].htm [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U1E1OWLX\query[6].js [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2EJJS7UY\query[2].js [ cache:mywebsearch.com ]
    C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U1E1OWLX\GGmain[1].htm [ cache:mywebsearch.com ]

    Browser Hijacker.Deskbar
    (x64) HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
    (x64) HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32
    (x64) HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib
    (x64) HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version

    Adware.ShopAtHome/SelectRebates
    C:\USERS\CHERYL\DESKTOP\SHOPATHOME_TOOLBAR.EXE

    Adware.Casino Games (Golden Palace Casino)
    ZIP ARCHIVE( C:\USERS\CHERYL\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\LTSHX907\CASINO.EXE[1].ZIP )/CASINO.EXE
    C:\USERS\CHERYL\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\LTSHX907\CASINO.EXE[1].ZIP
    ZIP ARCHIVE( C:\USERS\CHERYL\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\LTSHX907\CASINO.EXE[1].ZIP )/CASINO.EXE
    C:\USERS\CHERYL\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\LTSHX907\CASINO.EXE[1].ZIP
     
  10. Cheryl910

    Cheryl910 Thread Starter

    Joined:
    Jun 23, 2012
    Messages:
    51
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:21:11 AM, on 6/25/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16446)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Dell V715w\dleemon.exe
    C:\Program Files (x86)\Dell V715w\ezprint.exe
    C:\Program Files (x86)\Kaspersky Security Scan\KSS.exe
    C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
    C:\Users\Cheryl\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=ironto
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=ir...0FyE0BtAtN0D0TzutBtDtCtBtDyCtBtA&cr=498605432
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - (no file)
    R3 - URLSearchHook: (no name) - {078076e7-229b-400e-95b6-a0b8ea60aedb} - (no file)
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: BHO Project - {27a220b7-bb43-4faf-b27b-f803d18eea28} - C:\Program Files (x86)\Object\bho_project.dll (file missing)
    O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (file missing)
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: Bcool - {3D8DDF5B-60F5-2FC7-BA91-41C0E8E82D7B} - (no file)
    O2 - BHO: Bcool - {59749E81-BFEA-A317-8D43-77D43422ECD0} - (no file)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll
    O2 - BHO: WinZip Courier BHO - {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\PROGRA~2\WINZIP~2\wzwmcie.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: TBSB07898 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll (file missing)
    O2 - BHO: PricePeep - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll
    O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
    O3 - Toolbar: Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll (file missing)
    O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
    O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
    O4 - HKLM\..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
    O4 - HKLM\..\Run: [Dell V715w] "C:\Program Files (x86)\Dell V715w\fm3032.exe" /s
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
    O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: Kaspersky Security Scan.lnk = ?
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (file missing)
    O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
    O23 - Service: dlee_device - - C:\Windows\system32\dleecoms.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Dell DataSafe Online (NOBU) - Dell, Inc. - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
    O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 11965 bytes
     
  11. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    69,227
    As you can see, quick scans with Malwarebytes Anti-Malware and SUPERAntiSpyware found a LOT of infestation.

    I'm going to assume that you selected and removed EVERYTHING that the scans found.

    ----------------------------------------------------------

    Install the updated versions of Adobe Flash Player(activeX and plugin) and Java Runtime Environment and Opera that I advised you to download and save in post #4.

    Uncheck and decline to install any extras, such as toolbars and homepages, they may offer.

    After you're all done, restart the computer.

    ----------------------------------------------------------

    Start HiJackThis, then click "Do a system scan only".

    When the scan is finished in about 30 - 60 seconds, put a checkmark in these log entries:

    R3 - URLSearchHook: (no name) - {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - (no file)

    R3 - URLSearchHook: (no name) - {078076e7-229b-400e-95b6-a0b8ea60aedb} - (no file)

    O2 - BHO: BHO Project - {27a220b7-bb43-4faf-b27b-f803d18eea28} - C:\Program Files (x86)\Object\bho_project.dll (file missing)

    O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (file missing)

    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

    O2 - BHO: Bcool - {3D8DDF5B-60F5-2FC7-BA91-41C0E8E82D7B} - (no file)

    O2 - BHO: Bcool - {59749E81-BFEA-A317-8D43-77D43422ECD0} - (no file)

    O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll

    O2 - BHO: TBSB07898 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll (file missing)

    O2 - BHO: PricePeep - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll

    O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll

    O3 - Toolbar: Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll (file missing)

    O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (file missing)

    O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)


    After you confirm that you selected the correct log entries, click "Fix Checked - Yes".

    Close HiJackThis, then restart the computer.

    Start HiJackThis again, then click "Do a system scan and save a log file".

    Save the new log that appears, then copy-and-paste it here.

    ----------------------------------------------------------
     
  12. Cheryl910

    Cheryl910 Thread Starter

    Joined:
    Jun 23, 2012
    Messages:
    51
    I thought I should tell you, fun moods is trying to remain my opening browser




    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 4:48:11 PM, on 6/25/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16446)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Dell V715w\dleemon.exe
    C:\Program Files (x86)\Dell V715w\ezprint.exe
    C:\Program Files (x86)\Kaspersky Security Scan\KSS.exe
    C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
    C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    C:\Users\Cheryl\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=ironto
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=ir...0FyE0BtAtN0D0TzutBtDtCtBtDyCtBtA&cr=498605432
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: WinZip Courier BHO - {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\PROGRA~2\WINZIP~2\wzwmcie.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
    O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
    O4 - HKLM\..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
    O4 - HKLM\..\Run: [Dell V715w] "C:\Program Files (x86)\Dell V715w\fm3032.exe" /s
    O4 - HKLM\..\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
    O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Global Startup: Kaspersky Security Scan.lnk = ?
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
    O23 - Service: dlee_device - - C:\Windows\system32\dleecoms.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Dell DataSafe Online (NOBU) - Dell, Inc. - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
    O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 11005 bytes
     
  13. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    69,227
    Start HiJackThis, then click "Do a system scan only".

    When the scan is finished in about 30 - 60 seconds, put a checkmark in these log entries:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=ironto

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=iro...A&cr=498605432


    then click "Fix Checked - Yes".

    Close HiJackThis.

    -----------------------------------------------------------

    Go to Start - Run - MSCONFIG - OK - "Startup" tab.

    Write down only the names in the "Startup Item" column that have a checkmark next to them.

    If the "Startup Item" column isn't wide enough to see the entire name of any of them, widen the column.

    Submit those names here in a vertical list.

    Make sure to spell them EXACTLY as you see them there.

    -----------------------------------------------------------
     
  14. Cheryl910

    Cheryl910 Thread Starter

    Joined:
    Jun 23, 2012
    Messages:
    51
    HI

    I ran Hijackthis again and checked those two for fixing. However am unable to find run in
    the start menu. I looked for it in Task Bar and properties menu found it unchecked so I checked it but it
    still does not show.
     
  15. Cheryl910

    Cheryl910 Thread Starter

    Joined:
    Jun 23, 2012
    Messages:
    51
    Going back to undo that check since it did not seem to work
     
  16. Cheryl910

    Cheryl910 Thread Starter

    Joined:
    Jun 23, 2012
    Messages:
    51
    I found system configuration

    here are all checked

    Microsoft windows operating system
    Super Anti Spyware
    Catalyst Control Center
    Adobe Acrobat
    Adobe Acrobat Reader
    Common SDK
    Dell Safe Online
    Roxio Burner
    Nero Launcher
    Fax Solution
    AccuWeather
    Kaspersky Security Scan
     
  17. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1058213