1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Popup Message From Webpage

Discussion in 'Virus & Other Malware Removal' started by Agranny, Nov 12, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,592
    Start HiJackThis, then click "Do a system scan only".

    The scan is quick and should be finished in less than a minute.

    After it's finished, put a checkmark in these log entries:

    R3 - Default URLSearchHook is missing

    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

    O2 - BHO: FCSB000062035 Class - {20FEC4E7-F7B7-438B-8191-33D2EFC5EBEA} - C:\Program Files\Shop to Win 2\ShoppingBHO.dl

    O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)

    O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - http://coupons.smartsource.com/download/cscmv5X.cab

    O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/dow...in/actxcab.cab

    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab


    After you confirm that you selected the correct log entries, click "Fix Checked - Yes".

    Close HiJackThis, then restart the computer.

    -------------------------------------------------------

    Start Malwarebytes Anti-Malware.

    Click "Updates(tab) - Check for Updates".

    When the definition files have updated, click "OK".

    Click "Scanner(tab) - Perform quick scan - Scan".

    If infections or problems are found during the scan, the number of them will be highlighted in red.

    When the scan is finished, click "Show Results".

    Make sure that EVERYTHING is selected, then click "Remove Selected".

    If you're prompted to restart to finish the removal process, click "Yes".

    Start Malwarebytes Anti-Malware again.

    Click "Logs"(tab).

    Highlight the scan log entry, then click "Open".

    When the scan log appears in Notepad, copy-and-paste it here.

    -------------------------------------------------------

    Start SUPERAntiSpyware.

    Click "Check for Updates".

    When the definition files have updated, click "Close".

    Select the Quick Scan option, then click "Scan your Computer".

    If infections or problems are found during the scan, a list will appear and the number of them will be highlighted in red.

    When the scan is finished and the scan summary window appears, click "Continue".

    Make sure that EVERYTHING in the list is selected, then click "Remove Threats".

    Click "OK - Finish".

    If you're prompted to restart to finish the removal process, do so.

    Start SUPERAntiSpyware again.

    Click "View Scan Logs".

    Highlight the scan log entry, then click "View Selected Log".

    When the scan log appears in Notepad, copy-and-paste it here.

    -------------------------------------------------------
     
  2. Agranny

    Agranny Thread Starter

    Joined:
    Nov 12, 2011
    Messages:
    35
    Thx - I had a dickens of a time trying to figure out the hijack this log - but looks like I finally got it. I'll be around until around 5:00 p.m (6:00 your time) and then I'll leave to go back to church. I'll check back with you every so often - I know by the size of the file that this step may take a while. I should be back home around 7:30 - 8:00 p.m. (8:30 to 9:00 your time) so you may not want to mess with this that late. That is fine - I appreciate everything you are trying to do for me. If I don't catch you tonight, I'll check back with you tomorrow night. Thx again.
     
  3. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,592
    The quick scans won't take long at all.

    Just make sure you don't accidentally select the full/complete scan because it'll take much longer.

    Don't use your computer while each scan is in progress.

    You may have time to get it all done before you go to church and before I sign off for the day.

    ---------------------------------------------------------
     
  4. Agranny

    Agranny Thread Starter

    Joined:
    Nov 12, 2011
    Messages:
    35
    ok - here goes.
     
  5. Agranny

    Agranny Thread Starter

    Joined:
    Nov 12, 2011
    Messages:
    35
    I tried to delete the files you asked from HiJackThis but I got an error message.
    Also, do I have to complete this step before I do the malwarebytes Anti-Malware and the Super Anti Spyware and do I have to purchase these programs before I can use?
     
  6. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,592
    Skip the section about fixing the log entries.

    You do NOT need to purchase those 2 programs. If you're prompted to purchase the fully-functional version, decline to do so. The free version works fine for what you need it for.

    I'm getting ready to go off-line for the night. Unless you ran into a problem, I'll check your scan logs in the morning.

    ------------------------------------------------------
     
  7. Agranny

    Agranny Thread Starter

    Joined:
    Nov 12, 2011
    Messages:
    35
    12:15:43 Anne Pease MESSAGE Protection started successfully
    12:15:48 Anne Pease MESSAGE IP Protection started successfully
    12:18:41 Anne Pease MESSAGE Scheduled update executed successfully
    12:18:42 Anne Pease MESSAGE IP Protection stopped
    12:18:47 Anne Pease MESSAGE Database updated successfully
    12:18:50 Anne Pease MESSAGE IP Protection started successfully
    12:56:41 Anne Pease MESSAGE Protection started successfully
    12:56:46 Anne Pease MESSAGE IP Protection started successfully
    12:58:46 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb QUARANTINE
    12:58:47 Anne Pease ERROR Quarantine failed: DeleteFile failed with error code 5
    13:04:59 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
    13:05:02 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
    13:05:08 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
    13:17:38 Anne Pease MESSAGE Protection started successfully
    13:17:46 Anne Pease MESSAGE IP Protection started successfully
    13:20:13 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb QUARANTINE
    13:20:15 Anne Pease ERROR Quarantine failed: DeleteFile failed with error code 5
    13:20:17 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
    13:20:20 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
    13:46:26 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
    14:10:45 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
    14:31:29 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
    14:54:44 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
    14:54:47 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
    15:08:44 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
    15:08:47 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
    15:08:48 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
    15:30:42 Anne Pease MESSAGE Protection started successfully
    15:30:48 Anne Pease MESSAGE IP Protection started successfully
    15:34:56 Anne Pease MESSAGE Protection started successfully
    15:35:02 Anne Pease MESSAGE IP Protection started successfully
    15:39:23 Anne Pease MESSAGE Protection started successfully
    15:39:30 Anne Pease MESSAGE IP Protection started successfully
    15:48:02 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb QUARANTINE
    15:48:03 Anne Pease ERROR Quarantine failed: DeleteFile failed with error code 5
    15:48:16 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
    15:50:09 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
    15:50:10 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
    15:50:12 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
    15:55:20 Anne Pease MESSAGE Protection started successfully
    16:08:48 Anne Pease MESSAGE Protection started successfully
    16:08:55 Anne Pease MESSAGE IP Protection started successfully
    16:13:08 Anne Pease MESSAGE Protection started successfully
    16:13:15 Anne Pease MESSAGE IP Protection started successfully
    16:22:17 Anne Pease MESSAGE Protection started successfully
    16:22:23 Anne Pease MESSAGE IP Protection started successfully
    16:28:38 Anne Pease MESSAGE Protection started successfully
    16:28:45 Anne Pease MESSAGE IP Protection started successfully
    16:32:36 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb QUARANTINE
    16:32:37 Anne Pease ERROR Quarantine failed: DeleteFile failed with error code 5
    16:32:42 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
    16:32:46 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
    16:36:55 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
    16:36:55 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
    16:36:59 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
    16:36:59 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
    16:37:03 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
    16:37:04 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
    16:42:09 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
    16:42:11 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
    16:42:13 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
    16:45:48 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
    16:45:50 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
    16:45:52 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
    16:46:36 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
    16:47:32 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
    16:52:22 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
    16:52:24 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
    16:52:26 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
    16:55:55 Anne Pease MESSAGE IP Protection stopped
    16:56:08 Anne Pease MESSAGE Database updated successfully
    16:56:11 Anne Pease MESSAGE IP Protection started successfully
    17:43:05 Anne Pease MESSAGE Protection started successfully
    17:43:11 Anne Pease MESSAGE IP Protection started successfully
    20:42:40 Anne Pease MESSAGE Protection started successfully
    20:42:48 Anne Pease MESSAGE IP Protection started successfully
     
  8. Agranny

    Agranny Thread Starter

    Joined:
    Nov 12, 2011
    Messages:
    35
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com
    Generated 11/13/2011 at 09:39 PM
    Application Version : 5.0.1136
    Core Rules Database Version : 7937
    Trace Rules Database Version: 5749
    Scan type : Quick Scan
    Total Scan Time : 00:45:53
    Operating System Information
    Windows Vista Home Premium 32-bit, Service Pack 1 (Build 6.00.6001)
    UAC On - Limited User (Administrator User)
    Memory items scanned : 602
    Memory threats detected : 0
    Registry items scanned : 37141
    Registry threats detected : 3
    File items scanned : 76889
    File threats detected : 156
    Trojan.DNSChanger-Codec
    HKU\S-1-5-21-3861044452-3139563411-3663233647-1000\Software\uninstall
    Adware.IWinGames
    HKU\S-1-5-21-3861044452-3139563411-3663233647-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8CA5ED52-F3FB-4414-A105-2E3491156990}
    Adware.ShopAtHomeSelect
    HKU\S-1-5-21-3861044452-3139563411-3663233647-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
    Adware.Tracking Cookie
    C:\Users\Anne Pease\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /ads.bridgetrack ]
    C:\Users\Anne Pease\AppData\Roaming\Microsoft\Windows\Cookies\anne_pease@adxpose[1].txt [ /adxpose ]
    C:\Users\Anne Pease\AppData\Roaming\Microsoft\Windows\Cookies\anne_pease@atdmt[2].txt [ /atdmt ]
    C:\Users\Anne Pease\AppData\Roaming\Microsoft\Windows\Cookies\anne_pease@doubleclick[1].txt [ /doubleclick ]
    C:\Users\Anne Pease\AppData\Roaming\Microsoft\Windows\Cookies\anne_pease@doubleclick[3].txt [ /doubleclick ]
    C:\Users\Anne Pease\AppData\Roaming\Microsoft\Windows\Cookies\anne_pease@eyewonder[2].txt [ /eyewonder ]
    C:\Users\Anne Pease\AppData\Roaming\Microsoft\Windows\Cookies\anne_pease@hotels-and-discounts[1].txt [ /hotels-and-discounts ]
    C:\Users\Anne Pease\AppData\Roaming\Microsoft\Windows\Cookies\anne_pease@invitemedia[2].txt [ /invitemedia ]
    C:\Users\Anne Pease\AppData\Roaming\Microsoft\Windows\Cookies\anne_pease@mywebsearch[1].txt [ /mywebsearch ]
    C:\Users\Anne Pease\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /oracle.112.2o7 ]
    C:\Users\Anne Pease\AppData\Roaming\Microsoft\Windows\Cookies\anne_pease@questionmarket[1].txt [ /questionmarket ]
    C:\Users\Anne Pease\AppData\Roaming\Microsoft\Windows\Cookies\anne_pease@specificclick[1].txt [ /specificclick ]
    C:\Users\Anne Pease\AppData\Roaming\Microsoft\Windows\Cookies\anne_pease@specificmedia[1].txt [ /specificmedia ]
    C:\Users\Anne Pease\AppData\Roaming\Microsoft\Windows\Cookies\anne_pease@specificmedia[3].txt [ /specificmedia ]
    C:\Users\Anne Pease\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /track.freenewgifts ]
    C:\Users\Anne Pease\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /track.yourrewardinside ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:anne [email protected]/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:anne [email protected]/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@adbrite[1].txt [ Cookie:anne [email protected]/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@popularscreensavers[1].txt [ Cookie:anne [email protected]/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:anne [email protected]/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@serving-sys[1].txt [ Cookie:anne [email protected]/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:anne [email protected]/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@specificclick[1].txt [ Cookie:anne [email protected]/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@liveperson[4].txt [ Cookie:anne [email protected]/hc/LPservicemagic ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:anne [email protected]/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@xiti[1].txt [ Cookie:anne [email protected]/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@media6degrees[3].txt [ Cookie:anne [email protected]/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@adecn[2].txt [ Cookie:anne [email protected]/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@adxpose[1].txt [ Cookie:anne [email protected]/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:anne [email protected]/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@insightexpressai[2].txt [ Cookie:anne [email protected]/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:anne [email protected]/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:anne [email protected]/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@mywebsearch[5].txt [ Cookie:anne [email protected]/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/cgi-bin/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@revsci[1].txt [ Cookie:anne [email protected]/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt [ Cookie:anne [email protected]/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][4].txt [ Cookie:anne [email protected]/ak/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@collective-media[1].txt [ Cookie:anne [email protected]/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@usnuc[1].txt [ Cookie:anne [email protected]/servlet/ajrotator/track/pt628637 ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@invitemedia[2].txt [ Cookie:anne [email protected]/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@mediabrandsww[2].txt [ Cookie:anne [email protected]/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:anne [email protected]/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@advertising[1].txt [ Cookie:anne [email protected]/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@trafficmp[2].txt [ Cookie:anne [email protected]/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@liveperson[1].txt [ Cookie:anne [email protected]/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@2o7[1].txt [ Cookie:anne [email protected]/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@liveperson[3].txt [ Cookie:anne [email protected]/hc/19452074 ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@pointroll[2].txt [ Cookie:anne [email protected]/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@ihireaccounting[2].txt [ Cookie:anne [email protected]/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@doubleclick[1].txt [ Cookie:anne [email protected]/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:anne [email protected]/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/clicksense/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@lucidmedia[2].txt [ Cookie:anne [email protected]/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:anne [email protected]/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@accountonline[2].txt [ Cookie:anne [email protected]/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@traveladvertising[1].txt [ Cookie:anne [email protected]/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne pease@www.gmbtrack.com/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@112.2o7[1].txt [ Cookie:anne pease@112.2o7.net/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@adsonar[1].txt [ Cookie:anne pease@adsonar.com/adserving ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@in.getclicky[1].txt [ Cookie:anne pease@in.getclicky.com/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@lfstmedia[1].txt [ Cookie:anne pease@lfstmedia.com/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@media.fans.predators.nhl[1].txt [ Cookie:anne pease@media.fans.predators.nhl.com/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@mm.chitika[2].txt [ Cookie:anne pease@mm.chitika.net/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@ar.atwola[1].txt [ Cookie:anne pease@ar.atwola.com/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@usnuc[2].txt [ Cookie:anne pease@usnuc.com/servlet/ajrotator/track/pt628650 ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@counter.surfcounters[1].txt [ Cookie:anne pease@counter.surfcounters.com/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@www.findstuff[1].txt [ Cookie:anne pease@www.findstuff.com/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@technoratimedia[2].txt [ Cookie:anne pease@technoratimedia.com/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@adserver.innovativemetrics[1].txt [ Cookie:anne pease@adserver.innovativemetrics.com/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@lynxtrack[1].txt [ Cookie:anne pease@lynxtrack.com/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@healthgrades.112.2o7[1].txt [ Cookie:anne pease@healthgrades.112.2o7.net/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@adfarm1.adition[2].txt [ Cookie:anne pease@adfarm1.adition.com/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@tracking.servedbyy[2].txt [ Cookie:anne pease@tracking.servedbyy.com/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@s.clickability[1].txt [ Cookie:anne pease@s.clickability.com/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@rtst.122.2o7[1].txt [ Cookie:anne pease@rtst.122.2o7.net/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@media.mercola[2].txt [ Cookie:anne pease@media.mercola.com/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@ad.doubleclick[1].txt [ Cookie:anne pease@ad.doubleclick.net/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@adlegend[2].txt [ Cookie:anne pease@adlegend.com/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@ad3.adfarm1.adition[2].txt [ Cookie:anne pease@ad3.adfarm1.adition.com/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@dc.tremormedia[2].txt [ Cookie:anne pease@dc.tremormedia.com/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@testdata.coremetrics[1].txt [ Cookie:anne pease@testdata.coremetrics.com/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@adserver.ignitad[1].txt [ Cookie:anne pease@adserver.ignitad.com/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@eyewonder[2].txt [ Cookie:anne pease@eyewonder.com/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@www.kntrack[2].txt [ Cookie:anne pease@www.kntrack.com/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@f.blogads[1].txt [ Cookie:anne pease@f.blogads.com/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@questionmarket[2].txt [ Cookie:anne pease@questionmarket.com/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@forum.rotator.hadj7.adjuggler[1].txt [ Cookie:anne pease@forum.rotator.hadj7.adjuggler.net/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@kontera[1].txt [ Cookie:anne pease@kontera.com/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@citygridmedia[2].txt [ Cookie:anne pease@citygridmedia.com/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@uol.realmedia[1].txt [ Cookie:anne pease@uol.realmedia.com/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@liveperson[5].txt [ Cookie:anne pease@liveperson.net/hc/56294818 ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@googleads.g.doubleclick[1].txt [ Cookie:anne pease@googleads.g.doubleclick.net/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@c5.zedo[1].txt [ Cookie:anne pease@c5.zedo.com/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@burstbeacon[1].txt [ Cookie:anne pease@burstbeacon.com/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@warnerbros.112.2o7[1].txt [ Cookie:anne pease@warnerbros.112.2o7.net/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@auto-price-finder[2].txt [ Cookie:anne pease@auto-price-finder.com/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@jmp.clickbooth[1].txt [ Cookie:anne pease@jmp.clickbooth.com/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@track.supercoolprizes[1].txt [ Cookie:anne pease@track.supercoolprizes.com/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@hotwire.db.advertising[1].txt [ Cookie:anne pease@hotwire.db.advertising.com/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@wstat.wibiya[1].txt [ Cookie:anne pease@wstat.wibiya.com/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@cdn.eyewonder[3].txt [ Cookie:anne pease@cdn.eyewonder.com/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@farecastcom.122.2o7[1].txt [ Cookie:anne pease@farecastcom.122.2o7.net/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@media2.legacy[1].txt [ Cookie:anne pease@media2.legacy.com/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@adtrackrs[2].txt [ Cookie:anne pease@adtrackrs.com/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@statsadv.dadapro[1].txt [ Cookie:anne pease@statsadv.dadapro.com/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@govtrack[1].txt [ Cookie:anne pease@govtrack.us/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@networldmedia[2].txt [ Cookie:anne pease@networldmedia.net/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@intermundomedia[2].txt [ Cookie:anne pease@intermundomedia.com/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@findlaw[1].txt [ Cookie:anne pease@findlaw.com/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@akamai.interclickproxy[2].txt [ Cookie:anne pease@akamai.interclickproxy.com/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@www.googleadservices[7].txt [ Cookie:anne pease@www.googleadservices.com/pagead/conversion/1002798411/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@liveperson[6].txt [ Cookie:anne pease@liveperson.net/hc/53965383 ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@www.googleadservices[5].txt [ Cookie:anne pease@www.googleadservices.com/pagead/conversion/1072605658/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@lm.logicalmedia[1].txt [ Cookie:anne pease@lm.logicalmedia.com/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@hotels-and-discounts[1].txt [ Cookie:anne pease@hotels-and-discounts.com/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@tracking.callmeasurement[1].txt [ Cookie:anne pease@tracking.callmeasurement.com/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@www.googleadservices[1].txt [ Cookie:anne pease@www.googleadservices.com/pagead/conversion/1046803300/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@www.googleadservices[3].txt [ Cookie:anne pease@www.googleadservices.com/pagead/conversion/975728701/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@web-stat[2].txt [ Cookie:anne pease@web-stat.com/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@gmcnglobal.112.2o7[1].txt [ Cookie:anne pease@gmcnglobal.112.2o7.net/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@server.iad.liveperson[1].txt [ Cookie:anne pease@server.iad.liveperson.net/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@gmgmacmortgage.112.2o7[1].txt [ Cookie:anne pease@gmgmacmortgage.112.2o7.net/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@ussearch.122.2o7[1].txt [ Cookie:anne pease@ussearch.122.2o7.net/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@reunioncom.112.2o7[1].txt [ Cookie:anne pease@reunioncom.112.2o7.net/ ]
    C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne_pease@static.getclicky[1].txt [ Cookie:anne pease@static.getclicky.com/ ]
    C:\USERS\ANNE PEASE\Cookies\anne_pease@specificclick[1].txt [ Cookie:anne pease@specificclick.net/ ]
    C:\USERS\ANNE PEASE\Cookies\anne_pease@hotels-and-discounts[1].txt [ Cookie:anne pease@hotels-and-discounts.com/ ]
    C:\USERS\ANNE PEASE\Cookies\anne_pease@adxpose[1].txt [ Cookie:anne pease@adxpose.com/ ]
    C:\USERS\ANNE PEASE\Cookies\anne_pease@mywebsearch[1].txt [ Cookie:anne pease@mywebsearch.com/ ]
    C:\USERS\ANNE PEASE\Cookies\anne_pease@track.yourrewardinside[1].txt [ Cookie:anne pease@track.yourrewardinside.com/ ]
    C:\USERS\ANNE PEASE\Cookies\anne_pease@invitemedia[2].txt [ Cookie:anne pease@invitemedia.com/ ]
    C:\USERS\ANNE PEASE\Cookies\anne_pease@atdmt[2].txt [ Cookie:anne pease@atdmt.com/ ]
    C:\USERS\ANNE PEASE\Cookies\anne_pease@oracle.112.2o7[1].txt [ Cookie:anne pease@oracle.112.2o7.net/ ]
    C:\USERS\ANNE PEASE\Cookies\anne_pease@doubleclick[3].txt [ Cookie:anne pease@doubleclick.net/ ]
    C:\USERS\ANNE PEASE\Cookies\anne_pease@eyewonder[2].txt [ Cookie:anne pease@eyewonder.com/ ]
     
  9. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,592
    I have no idea what you submitted in post #22.

    That's NOT a Malwarebytes Anti-Malware scan log.

    -------------------------------------------------------

    Did you select and remove all 159 threats that the SUPERAntiSpyware scan found?

    -------------------------------------------------------
     
  10. Agranny

    Agranny Thread Starter

    Joined:
    Nov 12, 2011
    Messages:
    35
    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org
    Database version: 8156
    Windows 6.0.6001 Service Pack 1
    Internet Explorer 8.0.6001.19048
    11/13/2011 5:37:50 PM
    mbam-log-2011-11-13 (17-37-50).txt
    Scan type: Quick scan
    Objects scanned: 208902
    Time elapsed: 38 minute(s), 59 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 1
    Registry Keys Infected: 71
    Registry Values Infected: 6
    Registry Data Items Infected: 1
    Folders Infected: 15
    Files Infected: 18
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    c:\program files\arcadeweb\arcadeweb32.dll (Adware.ArcadeWeb) -> Delete on reboot.
    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{0656A137-B161-CADD-9777-E37A75727E78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0B682CC1-FB40-4006-A5DD-99EDD3C9095D} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{78919608-B066-4B5A-B248-38E12A783E05} (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9F531FB1-7C1F-4e1a-8C0C-E8D6177130E2} (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{2A04A1D0-1969-400e-A53C-6A5433A4B658} (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{21C1577D-B190-4F9D-8034-F26DE5F9F3C2} (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AWGames.Addon.1 (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AWGames.Addon (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9F531FB1-7C1F-4E1A-8C0C-E8D6177130E2} (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{9F531FB1-7C1F-4E1A-8C0C-E8D6177130E2} (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9F531FB1-7C1F-4E1A-8C0C-E8D6177130E2} (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{A670E878-A272-443D-BD19-ED0A9BFD3FD8} (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{5F280841-8023-4BE6-9A4F-184D3E79A785} (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ExplorerPlugin.Extension.1 (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ExplorerPlugin.Extension (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78919608-B066-4B5A-B248-38E12A783E05} (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78919608-B066-4B5A-B248-38E12A783E05} (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9DD4258A-7138-49C4-8D34-587879A5C7A4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B8C0220D-763D-49A4-95F4-61DFDEC66EE6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C3BCC488-1AE7-11D4-AB82-0010A4EC2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000DA-0786-4633-87C6-1AA7A4429EF1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (Adware.Minibug) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Arcadeweb (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\TYPELIB (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\MPMFC1 (Rogue.SearchAndDestroy) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\System\CurrentControlSet\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\System\CurrentControlSet\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656A137-B161-CADD-9777-E37A75727E78} (Fake.Dropped.Malware) -> Value: {0656A137-B161-CADD-9777-E37A75727E78} -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AW TrayIcon (Adware.ArcadeWeb) -> Value: AW TrayIcon -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\TrayIcRun (Adware.ArcadeWeb) -> Value: TrayIcRun -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656A137-B161-CADD-9777-E37A75727E78} (Fake.Dropped.Malware) -> Value: {0656A137-B161-CADD-9777-E37A75727E78} -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SpywareSweeperProMFC (Rogue.SpywareSweeper) -> Value: SpywareSweeperProMFC -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Value: SystemCheck2 -> Quarantined and deleted successfully.
    Registry Data Items Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    Folders Infected:
    c:\programdata\19113520 (Rogue.Multiple) -> Quarantined and deleted successfully.
    c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\funwebproducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\funwebproducts\Installr\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\funwebproducts\Installr\setups (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\Windows\spyware sweeper pro (Rogue.SpywareSweeper) -> Quarantined and deleted successfully.
    c:\Users\anne pease\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@arcadeweb.com (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
    c:\Users\anne pease\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@arcadeweb.com\Chrome (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
    c:\Users\anne pease\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@arcadeweb.com\components (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
    Files Infected:
    c:\program files\arcadeweb\arcadeweb32.dll (Adware.ArcadeWeb) -> Delete on reboot.
    c:\$Recycle.Bin\s-1-5-21-3861044452-3139563411-3663233647-1000\$RME174Z\adobe_flash_player.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\$Recycle.Bin\s-1-5-21-3861044452-3139563411-3663233647-1000\$RME174Z\wpbt0.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\program files\arcadeweb\awun.exe (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
    c:\Users\anne pease\Desktop\click to find and fix errors.lnk (Rogue.Link) -> Quarantined and deleted successfully.
    c:\Windows\spyware sweeper pro setup log.txt (Rogue.SpywareSweeper) -> Quarantined and deleted successfully.
    c:\Windows\spyware sweeper pro uninstall log.txt (Rogue.SpywareSweeper) -> Quarantined and deleted successfully.
    c:\program files\funwebproducts\Installr\1.bin\F3EZSETP.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\funwebproducts\Installr\1.bin\F3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\funwebproducts\Installr\1.bin\NPFUNWEB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\Windows\spyware sweeper pro\uninstall.exe (Rogue.SpywareSweeper) -> Quarantined and deleted successfully.
    c:\Users\anne pease\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@arcadeweb.com\chrome.manifest (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
    c:\Users\anne pease\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@arcadeweb.com\install.rdf (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
    c:\Users\anne pease\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@arcadeweb.com\Chrome\awtextlinks.jar (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
    c:\Users\anne pease\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@arcadeweb.com\components\arcadewebfirefox.dll (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
    c:\Users\anne pease\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@arcadeweb.com\components\arcadewebfirefox.xpt (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
    c:\Users\anne pease\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@arcadeweb.com\components\awextension.js (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
     
  11. Agranny

    Agranny Thread Starter

    Joined:
    Nov 12, 2011
    Messages:
    35
    Sorry - I think I copied the protection log rather than the scan log. I re-posted in #25 - Let me know if that isn't what you are looking for.

    And yes, I deleted all 159 threats that anit-spyware found.
     
  12. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,592
    Your computer was infested worse than I expected.

    It looks like you selected and removed EVERYTHING.

    Are you still receiving the pop-up messages?

    -------------------------------------------------------

    Start HiJackThis, then click "Do a system scan and save a log file".

    Save the new log that appears, then submit it here.

    -------------------------------------------------------
     
  13. Agranny

    Agranny Thread Starter

    Joined:
    Nov 12, 2011
    Messages:
    35
    I'm still receiving the pop up messages. I need to do this for you - but I had to leave work early today for a Dr.'s appointment and they are asking for a report that I need to get to them and I have a physical therapy appointment in the morning. I know you are trying diligently to help me, but I may have to work late tomorrow and I have church on Wednesday night. But, I will try to get back to you in between - I really do appreciate everything you are trying to do for me!
     
  14. Agranny

    Agranny Thread Starter

    Joined:
    Nov 12, 2011
    Messages:
    35
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 7:58:36 PM, on 11/14/2011
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v8.00 (8.00.6001.19048)
    Boot mode: Normal
    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\hp\support\hpsysdrv.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Real\RealPlayer\Update\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
    C:\Users\Anne Pease\AppData\Roaming\Smilebox\SmileboxTray.exe
    C:\Program Files\Free Ride Games\GPlayer.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
    C:\Program Files\Windows Mail\WinMail.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Documents\Apease\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg.dll
    O2 - BHO: FCSB000062035 Class - {20FEC4E7-F7B7-438B-8191-33D2EFC5EBEA} - C:\Program Files\Shop to Win 2\ShoppingBHO.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] "C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe" -1 --delay 15
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
    O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
    O4 - HKLM\..\Run: [BrMfcWnd] "C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
    O4 - HKLM\..\Run: [ControlCenter3] "C:\Program Files\Brother\ControlCenter3\brctrcen.exe" /autorun
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800
    O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL ""
    O4 - HKLM\..\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
    O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
    O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
    O4 - HKCU\..\Run: [SmileboxTray] "C:\Users\Anne Pease\AppData\Roaming\Smilebox\SmileboxTray.exe"
    O4 - HKCU\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
    O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup (User 'Default user')
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v47/scrabblecubes/scrabblecubes.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
    O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - http://coupons.smartsource.com/download/cscmv5X.cab
    O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
    O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) - https://clients.parking.com/eds/arview2.cab
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} (WorldWinner ActiveX Launcher Control) - http://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab
    O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {EBC1356E-7D5E-44EC-831D-847882F06FE5} (Gateway Client for MetaFrame) - https://portal.parking.com/cpc%20access%20portal/cds/CGC/en/CSGProxy.cab
    O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
    O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\Windows\system32\brsvc01a.exe
    O23 - Service: Google Update Service (gupdate1cac3f3697c9f91) (gupdate1cac3f3697c9f91) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    --
    End of file - 12861 bytes

    I couldn't get the report they need for work as I am still getting the same error message I was before - IT still don't have my "work" issue fixed - but that is their problem. Here is the new HiJACK This scan log.
     
  15. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,592
    Click Start - Run, then type in MSCONFIG and then click OK - "Startup" tab.

    Write down only the names in the "Startup Item" column that have a checkmark.

    If the column isn't wide enough to see the entire name of any of them, widen the column.

    Submit those names here in a vertical list.

    Make sure to spell them exactly as you see them there.

    -------------------------------------------------------
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1026629