1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Very slow internet Need clean up help

Discussion in 'Virus & Other Malware Removal' started by Camlee98, Jan 8, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. Camlee98

    Camlee98 Thread Starter

    Joined:
    Mar 21, 2004
    Messages:
    184
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:16:56 AM, on 1/8/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
    C:\Users\Cameron\AppData\Local\Smartbar\Application\Smartbar.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
    C:\Program Files (x86)\USB Camera\VM331_STI.EXE
    C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
    C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe
    C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
    C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Ask.com\Updater\Updater.exe
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12brmon.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\Linkury\Linkury.exe
    C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\Cameron\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=4.0002002
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    R3 - URLSearchHook: (no name) - {b3b5c47e-61f7-4d81-af06-461fc86686ce} - C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12SrcAs.dll
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: Toolbar BHO - {0214754e-4e7d-4589-829d-e2523e6a3085} - C:\PROGRA~2\MYSCRA~2\bar\1.bin\12bar.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Search Assistant BHO - {65f159fb-5f5e-46f4-b45d-ccfa236d2073} - C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12SrcAs.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O2 - BHO: EgisPBIE - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111223103703.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: RewardsArcadeSuite - {B6EF6C45-5E8D-4c3b-B580-A5073261A381} - C:\Program Files (x86)\RewardsArcadeSuite\RewardsArcadeSuite.dll
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    O2 - BHO: WeCareReminder - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: My Scrap Nook - {fe6f06fb-0fc0-4499-828f-ee48088f504f} - C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12bar.dll
    O4 - HKLM\..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE
    O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
    O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
    O4 - HKLM\..\Run: [VitaKeyTSR] C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe /run
    O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [PLTSR] "C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe"
    O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
    O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
    O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
    O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
    O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    O4 - HKLM\..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    O4 - HKLM\..\Run: [My Scrap Nook Search Scope Monitor] "C:\PROGRA~2\MYSCRA~2\bar\1.bin\12srchmn.exe" /m=2 /w /h
    O4 - HKLM\..\Run: [MyScrapNook_12 Browser Plugin Loader] C:\PROGRA~2\MYSCRA~2\bar\1.bin\12brmon.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
    O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Linkury Chrome Smartbar] C:\Program Files (x86)\Linkury\Linkury.exe startup
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-3877460089-2181327256-4035426072-1001\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Cameron')
    O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')
    O4 - Global Startup: GamersFirst LIVE!.lnk = C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
    O23 - Service: EgisTec Service - Egis Technology Inc. - C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
    O23 - Service: EgisTec Service Help - Egis Technology Inc. - C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
    O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\mcafee\msc\mcawfwk.exe
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe
    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\windows\system32\mfevtps.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
    O23 - Service: My Scrap NookService (MyScrapNook_12Service) - COMPANYVERS_NAME - C:\PROGRA~2\MYSCRA~2\bar\1.bin\12barsvc.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
    O23 - Service: vToolbarUpdater13.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 19362 bytes
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457
    Run by Dad at 9:36:52 on 2013-01-08
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4010.1995 [GMT -5:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
    C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
    C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\system32\WLANExt.exe
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\windows\system32\mfevtps.exe
    C:\PROGRA~2\MYSCRA~2\bar\1.bin\12barsvc.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\windows\system32\SearchIndexer.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
    C:\windows\system32\rundll32.exe
    C:\windows\system32\rundll32.exe
    C:\windows\SysWOW64\rundll32.exe
    C:\windows\system32\taskhost.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
    C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
    C:\Users\Cameron\AppData\Local\Smartbar\Application\Smartbar.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
    C:\Program Files (x86)\USB Camera\VM331_STI.EXE
    C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
    C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe
    C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
    C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Ask.com\Updater\Updater.exe
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12brmon.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files (x86)\Linkury\Linkury.exe
    C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    C:\windows\system32\taskeng.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
    c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    C:\windows\system32\svchost.exe -k HPService
    C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe
    C:\windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\windows\system32\taskhost.exe
    c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
    mStart Page = hxxp://home.sweetim.com/?crg=4.0002002
    uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    uURLSearchHooks: <No Name>: {b3b5c47e-61f7-4d81-af06-461fc86686ce} - C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12SrcAs.dll
    mWinlogon: Userinit = userinit.exe
    BHO: Toolbar BHO: {0214754e-4e7d-4589-829d-e2523e6a3085} - C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12bar.dll
    BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Search Assistant BHO: {65f159fb-5f5e-46f4-b45d-ccfa236d2073} - C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12SrcAs.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: EgisPBIE Class: {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll
    BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20111223103703.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: RewardsArcadeSuite: {B6EF6C45-5E8D-4c3b-B580-A5073261A381} - C:\Program Files (x86)\RewardsArcadeSuite\RewardsArcadeSuite.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
    BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: SweetIM Toolbar Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
    BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
    TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    TB: SweetIM Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: My Scrap Nook: {fe6f06fb-0fc0-4499-828f-ee48088f504f} - C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12bar.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [Linkury Chrome Smartbar] C:\Program Files (x86)\Linkury\Linkury.exe startup
    uRun: [NCsoft] <no file>
    mRun: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE
    mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
    mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
    mRun: [VitaKeyTSR] C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe /run
    mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun: [PLTSR] "C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe"
    mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
    mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
    mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
    mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
    mRun: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    mRun: [My Scrap Nook Search Scope Monitor] "C:\PROGRA~2\MYSCRA~2\bar\1.bin\12srchmn.exe" /m=2 /w /h
    mRun: [MyScrapNook_12 Browser Plugin Loader] C:\PROGRA~2\MYSCRA~2\bar\1.bin\12brmon.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRunOnce: [GrpConv] grpconv -o
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMERS~1.LNK - C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    TCP: NameServer = 192.168.2.1
    TCP: Interfaces\{B140C977-8BF5-4ED8-A952-BBDE030C470A} : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{B140C977-8BF5-4ED8-A952-BBDE030C470A}\3416D6C65656938314 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{B140C977-8BF5-4ED8-A952-BBDE030C470A}\35D616C6C634865656471686D27657563747 : DHCPNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{B140C977-8BF5-4ED8-A952-BBDE030C470A}\8494464656E634275656B6D27657563747 : DHCPNameServer = 192.168.14.3
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    LSA: Notification Packages = scecli EgisPwdFilter EgisDSPwdFilter EgisPLPwdFilter
    x64-mStart Page = hxxp://lenovo.msn.com
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: EgisPBIE Class: {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll
    x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\SystemCore\ScriptSn.20111223103703.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
    x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
    x64-Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe
    x64-Run: [Logitech Download Assistant] C:\windows\System32\rundll32.exe C:\windows\System32\LogiLDA.dll,LogiFetch
    x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 fbfmon;fbfmon;C:\windows\System32\drivers\fbfmon.sys [2011-10-10 57952]
    R0 LHDmgr;LHDmgr;C:\windows\System32\drivers\LhdX64.sys [2011-10-10 39008]
    R0 mfehidk;McAfee Inc. mfehidk;C:\windows\System32\drivers\mfehidk.sys [2011-3-13 647080]
    R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\System32\drivers\mfewfpk.sys [2011-3-13 284648]
    R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
    R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2012-9-3 30568]
    R1 BPntDrv;BPntDrv;C:\windows\System32\drivers\BPntDrv.sys [2011-10-10 13408]
    R1 EgisTecFF;EgisTecFF;C:\windows\System32\drivers\EgisTecFF.sys [2011-10-10 55880]
    R1 mfenlfk;McAfee NDIS Light Filter;C:\windows\System32\drivers\mfenlfk.sys [2011-3-13 75808]
    R1 mwlPSDFilter;mwlPSDFilter;C:\windows\System32\drivers\mwlPSDFilter.sys [2011-10-10 22912]
    R1 mwlPSDNServ;mwlPSDNServ;C:\windows\System32\drivers\mwlPSDNserv.sys [2011-10-10 20328]
    R1 mwlPSDVDisk;mwlPSDVDisk;C:\windows\System32\drivers\mwlPSDVDisk.sys [2011-10-10 62584]
    R2 EgisTec Service Help;EgisTec Service Help;C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [2010-10-22 327024]
    R2 EgisTec Service;EgisTec Service;C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe [2010-12-13 703856]
    R2 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-12-13 650096]
    R2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);C:\windows\System32\drivers\FPSensor.sys [2010-10-31 35952]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
    R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
    R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
    R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
    R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-10-10 199272]
    R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-10-10 208536]
    R2 mfevtp;McAfee Validation Trust Protection Service;C:\windows\System32\mfevtps.exe [2011-10-10 161168]
    R2 MyScrapNook_12Service;My Scrap NookService;C:\PROGRA~2\MYSCRA~2\bar\1.bin\12barsvc.exe [2012-11-25 42504]
    R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2012-3-20 128456]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-10-10 2656280]
    R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-8 711112]
    R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2010-10-25 29792]
    R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
    R3 cfwids;McAfee Inc. cfwids;C:\windows\System32\drivers\cfwids.sys [2011-3-13 65264]
    R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2010-12-24 31088]
    R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-4-15 317440]
    R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\System32\drivers\mfeavfk.sys [2011-3-13 229528]
    R3 mfefirek;McAfee Inc. mfefirek;C:\windows\System32\drivers\mfefirek.sys [2011-3-13 481768]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
    R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2011-10-10 307304]
    R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-10-10 333928]
    R3 vm331avs;Digital Camera 1;C:\windows\System32\drivers\vm331avs.sys [2011-10-10 228224]
    R3 vmuvcflt;Vimicro USB Camera Filter;C:\windows\System32\drivers\vmuvcflt.sys [2011-10-10 8320]
    RUnknown 38887213;38887213; [x]
    RUnknown 4236652drv;4236652drv; [x]
    S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\System32\drivers\ssudbus.sys [2012-2-15 99384]
    S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-10-10 225216]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-9-5 234776]
    S3 mferkdet;McAfee Inc. mferkdet;C:\windows\System32\drivers\mferkdet.sys [2011-3-13 100912]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\System32\drivers\ssudmdm.sys [2012-2-15 203320]
    S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2011-8-2 51712]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-12-25 1255736]
    S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
    S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2013-01-08 13:53:49 -------- d-----w- C:\ProgramData\Kaspersky Lab
    2013-01-07 14:50:37 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8AF5CD96-E3F1-4278-9702-098ED4DE18F0}\offreg.dll
    2013-01-07 14:43:52 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8AF5CD96-E3F1-4278-9702-098ED4DE18F0}\mpengine.dll
    2013-01-06 14:18:57 9125352 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-12-30 13:45:12 9125352 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D4C6FE2C-A526-4CB0-9036-C8F864D1213C}\mpengine.dll
    2012-12-23 23:40:24 46080 ----a-w- C:\windows\System32\atmlib.dll
    2012-12-23 23:40:24 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
    2012-12-23 23:40:19 367616 ----a-w- C:\windows\System32\atmfd.dll
    2012-12-23 23:40:17 295424 ----a-w- C:\windows\SysWow64\atmfd.dll
    2012-12-19 00:49:08 -------- d-----w- C:\Users\Dad\AppData\Local\ElevatedDiagnostics
    2012-12-12 12:42:35 2048 ----a-w- C:\windows\SysWow64\tzres.dll
    2012-12-12 12:42:35 2048 ----a-w- C:\windows\System32\tzres.dll
    2012-12-12 12:42:01 3149824 ----a-w- C:\windows\System32\win32k.sys
    2012-12-12 12:40:26 478208 ----a-w- C:\windows\System32\dpnet.dll
    2012-12-12 12:40:25 376832 ----a-w- C:\windows\SysWow64\dpnet.dll
    2012-12-10 00:32:00 -------- d-----w- C:\Program Files (x86)\Steam
    .
    ==================== Find3M ====================
    .
    2012-12-11 22:58:51 697272 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
    2012-12-11 22:58:50 73656 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-11-14 06:11:44 2312704 ----a-w- C:\windows\System32\jscript9.dll
    2012-11-14 06:04:11 1392128 ----a-w- C:\windows\System32\wininet.dll
    2012-11-14 06:02:49 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
    2012-11-14 05:57:46 599040 ----a-w- C:\windows\System32\vbscript.dll
    2012-11-14 05:57:35 173056 ----a-w- C:\windows\System32\ieUnatt.exe
    2012-11-14 05:52:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb
    2012-11-14 02:09:22 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
    2012-11-08 21:23:45 30568 ----a-w- C:\windows\System32\drivers\avgtpx64.sys
    2012-10-16 08:38:37 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38:34 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39:52 561664 ----a-w- C:\windows\apppatch\AcLayers.dll
    .
    ============= FINISH: 9:38:31.81 ===============
     
  2. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    Hi, you are running two Anti Virus programs which is not recommended. I would suggest you uninstall McAfee and keep Microsoft Security Essentials as it is lower on system resources. Then run this tool to clean up the remnants: McAfee Removal Tool

    You can install this to replace the Firewall: Comodo Free Firewall Click on the CONTINUE button and the download will start. Double click on the downloaded file when complete and it will install.

    Please run these two scans and post the logs:

    SCAN 1
    Click on this link to download : ADWCleaner and save it to your desktop.

    NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

    Close your browser and click on this icon on your desktop: [​IMG]

    You will then see the screen below, click on the Delete button (as indicated), accept any prompts that appear and allow it to reboot the PC. When the PC has rebooted you will be presented with the report, copy & paste it into your next post.

    [​IMG]



    SCAN 2
    Download RogueKiller (by tigzy) and save direct to your Desktop.
    On the web page click on this: [​IMG]

    • Quit all running programs
    • Start RogueKiller.exe
    • Wait until Prescan has finished.
    • Ensure all boxes are ticked under "Report" tab.
    • Click on Scan.
    • Click on Report when complete. Copy/paste the contents of the report and paste into your next reply.
    • NOTE: DO NOT attempt to remove anything that the scan detects.

    [​IMG]
     
  3. Camlee98

    Camlee98 Thread Starter

    Joined:
    Mar 21, 2004
    Messages:
    184
    Here are the 2 scans. I doing all of this on my login which is the admin login. Will I need to do this with my sons login also or will these firewalls and scans reside on all logins?

    # AdwCleaner v2.105 - Logfile created 01/09/2013 at 08:39:14
    # Updated 08/01/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Dad - CAMERON-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Dad\Desktop\virus protection\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
    Folder Deleted : C:\Program Files (x86)\Ask.com
    Folder Deleted : C:\Program Files (x86)\AVG Secure Search
    Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
    Folder Deleted : C:\Program Files (x86)\Linkury
    Folder Deleted : C:\Program Files (x86)\SweetIM
    Folder Deleted : C:\Program Files (x86)\Yontoo
    Folder Deleted : C:\ProgramData\Ask
    Folder Deleted : C:\ProgramData\AVG Secure Search
    Folder Deleted : C:\ProgramData\Linkury
    Folder Deleted : C:\ProgramData\Partner
    Folder Deleted : C:\ProgramData\SweetIM
    Folder Deleted : C:\ProgramData\Tarma Installer
    Folder Deleted : C:\ProgramData\WeCareReminder
    Folder Deleted : C:\Users\cambuscus\AppData\Local\AVG Secure Search
    Folder Deleted : C:\Users\cambuscus\AppData\Local\Linkury
    Folder Deleted : C:\Users\cambuscus\AppData\LocalLow\AskToolbar
    Folder Deleted : C:\Users\Cameron\AppData\Local\AVG Secure Search
    Folder Deleted : C:\Users\Cameron\AppData\Local\Linkury
    Folder Deleted : C:\Users\Cameron\AppData\Local\Smartbar
    Folder Deleted : C:\Users\Cameron\AppData\Local\Temp\Smartbar
    Folder Deleted : C:\Users\Cameron\AppData\LocalLow\AskToolbar
    Folder Deleted : C:\Users\Cameron\AppData\LocalLow\AVG Secure Search
    Folder Deleted : C:\Users\Dad\AppData\Local\APN
    Folder Deleted : C:\Users\Dad\AppData\Local\AVG Secure Search
    Folder Deleted : C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
    Folder Deleted : C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Folder Deleted : C:\Users\Dad\AppData\Local\Linkury
    Folder Deleted : C:\Users\Dad\AppData\Local\Temp\AskSearch
    Folder Deleted : C:\Users\Dad\AppData\Local\Temp\[email protected]
    Folder Deleted : C:\Users\Dad\AppData\Local\TempDir
    Folder Deleted : C:\Users\Dad\AppData\LocalLow\AskToolbar
    Folder Deleted : C:\Users\Dad\AppData\LocalLow\AVG Secure Search
    Folder Deleted : C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

    ***** [Registry] *****

    Key Deleted : HKCU\Software\APN
    Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
    Key Deleted : HKCU\Software\Ask.com
    Key Deleted : HKCU\Software\AVG Secure Search
    Key Deleted : HKCU\Software\Cr_Installer
    Key Deleted : HKCU\Software\IGearSettings
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\SweetIM
    Key Deleted : HKCU\Software\wecarereminder
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\Software\APN
    Key Deleted : HKLM\Software\AskToolbar
    Key Deleted : HKLM\Software\AVG Secure Search
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
    Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
    Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
    Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
    Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
    Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
    Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
    Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
    Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
    Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\S
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\sim-packages
    Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
    Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
    Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
    Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
    Key Deleted : HKLM\Software\Freeze.com
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Deleted : HKLM\Software\SweetIM
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23119123-0854-469D-807A-171568457991}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Key Deleted : HKLM\SOFTWARE\Tarma Installer
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
    Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Linkury Chrome Smartbar]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=4.0002002 --> hxxp://www.google.com

    -\\ Google Chrome v23.0.1271.97

    File : C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Deleted [l.8] : homepage = "hxxp://feed.helperbar.com/?publisher=W3i&dpid=W3i&co=US&userid=bdf805ab-bca5-4936[...]
    Deleted [l.12] : urls_to_restore_on_startup = [ "hxxp://feed.helperbar.com/?publisher=W3i&dpid=W3i&co=US&us[...]
    Deleted [l.45] : keyword = "feed.helperbar.com",
    Deleted [l.48] : search_url = "hxxp://feed.helperbar.com/?publisher=W3i&dpid=W3i&co=US&userid=bdf805ab-bca5-49[...]
    Deleted [l.1739] : homepage = "hxxp://feed.helperbar.com/?publisher=W3i&dpid=W3i&co=US&userid=bdf805ab-bca5-4936-ad[...]
    Deleted [l.2119] : urls_to_restore_on_startup = [ "hxxp://feed.helperbar.com/?publisher=W3i&dpid=W3i&co=US&useri[...]

    File : C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Deleted [l.9] : homepage = "hxxp://www.ask.com/?l=dis&o=APN10169cr&gct=hp",
    Deleted [l.13] : urls_to_restore_on_startup = [ "hxxps://isearch.avg.com/?cid={2995E159-C6AC-4E23-8ACF-DA0D[...]
    Deleted [l.40] : icon_url = "hxxp://www.ask.com/favicon.ico",
    Deleted [l.43] : keyword = "ask.com",
    Deleted [l.46] : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=67[...]
    Deleted [l.47] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms[...]
    Deleted [l.1916] : homepage = "hxxp://www.ask.com/?l=dis&o=APN10169cr&gct=hp",
    Deleted [l.2179] : urls_to_restore_on_startup = [ "hxxps://isearch.avg.com/?cid={2995E159-C6AC-4E23-8ACF-DA0D73B[...]

    File : C:\Users\cambuscus\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [19831 octets] - [09/01/2013 08:39:14]

    ########## EOF - C:\AdwCleaner[S1].txt - [19892 octets] ##########RogueKiller V8.4.3 [Jan 8 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Dad [Admin rights]
    Mode : Scan -- Date : 01/09/2013 08:52:55

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 4 ¤¤¤
    [STARTUP][SUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
    [STARTUP][SUSP PATH] Best Buy pc app.lnk @Default User : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: HITACHI HTS547550A9E384 +++++
    --- User ---
    [MBR] 3ce20c676674fa56bdc7febf7370d243
    [BSP] d03871c42c5310a7683df689eb3a301b : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 431938 Mo
    2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 885020672 | Size: 29692 Mo
    3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 945829888 | Size: 15109 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1]_S_01092013_02d0852.txt >>
    RKreport[1]_S_01092013_02d0852.txt
     
  4. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    ADWCleaner has removed a bunch of Adware related items and RogueKiller has found an unnecessary start up item.

    Please run RogueKiller again and when the pre-scan completes hit the scan button, then click on the Delete button followed by the Report button and post the new log.

    Have you noticed any improvement in performance after those scans and uninstalling McAfee?
     
  5. Camlee98

    Camlee98 Thread Starter

    Joined:
    Mar 21, 2004
    Messages:
    184
    Yes seems to be getting better. Less hang ups.
    Will I need to run these processes on the other accounts on this computer?

    RogueKiller V8.4.3 [Jan 8 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Dad [Admin rights]
    Mode : Remove -- Date : 01/10/2013 00:54:40

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 3 ¤¤¤
    [STARTUP][SUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> DELETED
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: HITACHI HTS547550A9E384 +++++
    --- User ---
    [MBR] 3ce20c676674fa56bdc7febf7370d243
    [BSP] d03871c42c5310a7683df689eb3a301b : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 431938 Mo
    2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 885020672 | Size: 29692 Mo
    3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 945829888 | Size: 15109 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[3]_D_01102013_02d0054.txt >>
    RKreport[1]_S_01092013_02d0852.txt ; RKreport[2]_S_01102013_02d0054.txt ; RKreport[3]_D_01102013_02d0054.txt
     
  6. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    You do not need to run the scans on the other accounts, if you look at the Files deleted by ADWCleaner you can see three user accounts it removed items from.

    Please run these two scans:


    Download Security Check by screen317 from Here or Here.
    Save it to your Desktop.
    Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
    A Notepad document should open automatically called checkup.txt; please Copy & Paste the contents of that document into your next reply.



    Eset online scan instructions.
    IMPORTANT ---> Please make sure you follow the instruction to uncheck the box next to Remove found threats. Eset will detect anything that looks even remotely suspicious, this can include legitimate program files. If you do not uncheck the box, as instructed, Eset will automatically remove all suspect files which could leave some of your software inoperative. If you make a mistake these files can be restored from quarantine, but it would be preferable not to add any extra work to the clean up of your system.

    • Disable your existing Anti Virus following these instructions.
    • Please go here to use the Eset Online Scanner.
    • When the web page opens click on this button [​IMG]
    • If you are not using Internet Explorer you will see a message box open asking you to to download the ESET Smart Installer, click on the link and allow it to download and then run it. Accept the Terms of use and click on Start. The required components will download.
    • If using Internet Explorer the Terms of use box will open immediately, accept it and click on Start.
    • After the download is complete the Computer scan settings window will open, IMPORTANT ----> uncheck the box next to Remove found threats and click on Start. The virus signature database will then download which may take some time depending on the speed of your internet connection. The scan will automatically start when the download is complete.
    • This is a very thorough scan and may take several hours to complete depending on how much data you have on your hard drive. Do not interrupt it, be patient and let it finish.
    • A Scan Results window will appear at the end of the scan. If it lists any number of Infected Files click on List of found threats. Click on Copy to clipboard, come back to this thread and right click on the message box. Select Paste and the report will appear, add any comments you have and post the reply.
    • Back on the Eset window, click the Back button and then click on Finish.
     
  7. Camlee98

    Camlee98 Thread Starter

    Joined:
    Mar 21, 2004
    Messages:
    184
    Here you go and thank you for the help so far! I have noticed a difference so far.

    Results of screen317's Security Check version 0.99.56
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Disabled!
    Microsoft Security Essentials
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Java(TM) 6 Update 37
    Java version out of Date!
    Adobe Reader 9 Adobe Reader out of Date!
    Google Chrome 21.0.1180.83
    Google Chrome 21.0.1180.89
    Google Chrome 22.0.1229.79
    Google Chrome 22.0.1229.92
    Google Chrome 22.0.1229.94
    Google Chrome 23.0.1271.64
    Google Chrome 23.0.1271.91
    Google Chrome 23.0.1271.95
    Google Chrome 23.0.1271.97
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    Comodo Firewall cmdagent.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 7%
    ````````````````````End of Log``````````````````````

    C:\ProgramData\Microsoft\Windows\DRM\4490.tmp.dat a variant of Win32/Kryptik.AKON trojan
    C:\Users\All Users\Microsoft\Windows\DRM\4490.tmp.dat a variant of Win32/Kryptik.AKON trojan
    C:\Users\Dad\AppData\Local\EgisTec\Best Buy pc app\yxuoo.dll a variant of Win32/Kryptik.AFRA trojan
    C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Default\aahpmbnpodmgfnlolhapljignfkaedjj\background.html Win32/BHO.OEI trojan
    C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3V5BSW5H\47233-2[2].htm HTML/ScrInject.B.Gen virus
    C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4HJGNVLZ\tt[1].htm HTML/ScrInject.B.Gen virus
    C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5YRFFU10\if[1].htm HTML/ScrInject.B.Gen virus
    C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6NI1O1CS\47233-9[1].htm HTML/ScrInject.B.Gen virus
    C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BLU2LWQ3\tt[1].htm HTML/ScrInject.B.Gen virus
    C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BLU2LWQ3\tt[2].htm HTML/ScrInject.B.Gen virus
    C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GIF11UBE\if[1].htm HTML/ScrInject.B.Gen virus
    C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GIF11UBE\if[2].htm HTML/ScrInject.B.Gen virus
    C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GIF11UBE\if[3].htm HTML/ScrInject.B.Gen virus
    C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GIF11UBE\if[4].htm HTML/ScrInject.B.Gen virus
    C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GIF11UBE\if[5].htm HTML/ScrInject.B.Gen virus
    C:\Users\Dad\AppData\Local\Temp\0.7971786022674157 multiple threats
    C:\Users\Dad\AppData\Local\Temp\12CA.tmp a variant of Win32/Kryptik.AKON trojan
    C:\Users\Dad\AppData\Local\Temp\DropDownDeals-S-Setup_Suite1.exe Win32/Adware.Yontoo application
    C:\Users\Dad\AppData\Local\Temp\YontooSetup-S.exe Win32/Adware.Yontoo application
    C:\Users\Dad\AppData\Local\Temp\nsmD628.tmp\rlrjomrye.dll a variant of Win32/Kryptik.AFRA trojan
    C:\Users\Dad\AppData\Local\Temp\nsmD628.tmp\yxuoo.dll a variant of Win32/Kryptik.AFRA trojan
     
  8. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    You're welcome, glad to hear things are improving.

    Java and Adobe Reader are out of date but first we need to deal with the infections Eset found.

    Please download OTM by OldTimer. Save it to your desktop.

    Double click OTM.exe to start the tool.

    • Copy the text in the code box below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code:
    :Processes
    explorer.exe
    
    :Files
    C:\ProgramData\Microsoft\Windows\DRM\4490.tmp.dat    
    C:\Users\All Users\Microsoft\Windows\DRM\4490.tmp.dat    
    C:\Users\Dad\AppData\Local\EgisTec\Best Buy pc app
    C:\Users\Dad\AppData\Local\Google\Chrome\User  Data\Default\Default\aahpmbnpodmgfnlolhapljignfkaedjj\background.html    
    C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet  Files\Low\Content.IE5\3V5BSW5H\47233-2[2].htm    
    C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet  Files\Low\Content.IE5\4HJGNVLZ\tt[1].htm    
    C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet  Files\Low\Content.IE5\5YRFFU10\if[1].htm    
    C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet  Files\Low\Content.IE5\6NI1O1CS\47233-9[1].htm    
    C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet  Files\Low\Content.IE5\BLU2LWQ3\tt[1].htm    
    C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet  Files\Low\Content.IE5\BLU2LWQ3\tt[2].htm 
    C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet  Files\Low\Content.IE5\GIF11UBE\if[1].htm    
    C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet  Files\Low\Content.IE5\GIF11UBE\if[2].htm    
    C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet  Files\Low\Content.IE5\GIF11UBE\if[3].htm    
    C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet  Files\Low\Content.IE5\GIF11UBE\if[4].htm    
    C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet  Files\Low\Content.IE5\GIF11UBE\if[5].htm    
    C:\Users\Dad\AppData\Local\Temp\0.7971786022674157    
    C:\Users\Dad\AppData\Local\Temp\12CA.tmp    
    C:\Users\Dad\AppData\Local\Temp\DropDownDeals-S-Setup_Suite1.exe    
    C:\Users\Dad\AppData\Local\Temp\YontooSetup-S.exe    
    C:\Users\Dad\AppData\Local\Temp\nsmD628.tmp\rlrjomrye.dll    
    C:\Users\Dad\AppData\Local\Temp\nsmD628.tmp\yxuoo.dll    
    
    :Commands
    [createrestorepoint]
    [emptyflash]
    [emptytemp]
    [resethosts]
    [reboot]
    
    • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • All your desktop icons will disappear as the scan begins. It should complete within a few minutes.
    • Once complete you may see a box appear asking you to Restart the system to complete the file removal, accept it and it will reboot.
    • Even if that box does not appear the system should reboot as the command is included in the script.
    • When the system has come back to the desktop a Notepad document will open, please copy and paste that into your next post.

    -- Note: The logs are saved here: C:\_OTM\MovedFiles
    ============================================================================

    Please also download and run these two tools:

    Download Temporary file cleaner and save it to the desktop.
    Double click on the icon to run it (it appears as a dark grey dustbin). For Windows 7 and Vista right click the icon and select Run as Administrator.
    When the window opens click on Start. It will close all running programs and clear the desktop icons.
    When complete you may be asked to reboot, if so accept the request and your PC will reboot automatically. NOTE: there is no log to post from this scan.



    Please download Malwarebytes [​IMG] and save it to your desktop. Open the tool, let it update and run a Full system scan with it and post the log produced.
    ============================================================================
     
  9. Camlee98

    Camlee98 Thread Starter

    Joined:
    Mar 21, 2004
    Messages:
    184
    All processes killed
    ========== PROCESSES ==========
    No active process named explorer.exe was found!
    ========== FILES ==========
    C:\ProgramData\Microsoft\Windows\DRM\4490.tmp.dat moved successfully.
    File/Folder C:\Users\All Users\Microsoft\Windows\DRM\4490.tmp.dat not found.
    C:\Users\Dad\AppData\Local\EgisTec\Best Buy pc app folder moved successfully.
    File/Folder C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Default\aahpmbnpodmgfnlolhapljignfkaedjj\background.html not found.
    File/Folder C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3V5BSW5H\47233-2[2].htm not found.
    File/Folder C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4HJGNVLZ\tt[1].htm not found.
    File/Folder C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5YRFFU10\if[1].htm not found.
    File/Folder C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6NI1O1CS\47233-9[1].htm not found.
    File/Folder C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BLU2LWQ3\tt[1].htm not found.
    File/Folder C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BLU2LWQ3\tt[2].htm not found.
    File/Folder C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GIF11UBE\if[1].htm not found.
    File/Folder C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GIF11UBE\if[2].htm not found.
    File/Folder C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GIF11UBE\if[3].htm not found.
    File/Folder C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GIF11UBE\if[4].htm not found.
    File/Folder C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GIF11UBE\if[5].htm not found.
    C:\Users\Dad\AppData\Local\Temp\0.7971786022674157 moved successfully.
    C:\Users\Dad\AppData\Local\Temp\12CA.tmp moved successfully.
    C:\Users\Dad\AppData\Local\Temp\DropDownDeals-S-Setup_Suite1.exe moved successfully.
    C:\Users\Dad\AppData\Local\Temp\YontooSetup-S.exe moved successfully.
    LoadLibrary failed for C:\Users\Dad\AppData\Local\Temp\nsmD628.tmp\rlrjomrye.dll
    C:\Users\Dad\AppData\Local\Temp\nsmD628.tmp\rlrjomrye.dll moved successfully.
    LoadLibrary failed for C:\Users\Dad\AppData\Local\Temp\nsmD628.tmp\yxuoo.dll
    C:\Users\Dad\AppData\Local\Temp\nsmD628.tmp\yxuoo.dll moved successfully.
    ========== COMMANDS ==========
    Restore point Set: OTM Restore Point

    [EMPTYFLASH]

    User: All Users

    User: cambuscus
    ->Flash cache emptied: 58874 bytes

    User: Cameron
    ->Flash cache emptied: 61646 bytes

    User: Dad
    ->Flash cache emptied: 8276245 bytes

    User: Default
    ->Flash cache emptied: 58264 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Mom

    User: Public

    Total Flash Files Cleaned = 8.00 mb


    [EMPTYTEMP]

    User: All Users

    User: cambuscus
    ->Temp folder emptied: 714780 bytes
    ->Temporary Internet Files folder emptied: 189521 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 8287552 bytes
    ->Flash cache emptied: 0 bytes

    User: Cameron
    ->Temp folder emptied: 281443631 bytes
    ->Temporary Internet Files folder emptied: 740477341 bytes
    ->Java cache emptied: 370776 bytes
    ->Google Chrome cache emptied: 83490362 bytes
    ->Flash cache emptied: 0 bytes

    User: Dad
    ->Temp folder emptied: 659310356 bytes
    ->Temporary Internet Files folder emptied: 610961457 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 110689790 bytes
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Mom

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 675719798 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46310988 bytes
    %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 761 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50400 bytes
    RecycleBin emptied: 234608 bytes

    Total Files Cleaned = 3,069.00 mb

    C:\windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    OTM by OldTimer - Version 3.1.21.0 log created on 01112013_081545

    Files moved on Reboot...
    C:\Users\Dad\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SG9O00QX\google_com[2].htm moved successfully.
    C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
    C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

    Registry entries deleted on Reboot...
    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.01.11.08

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Dad :: CAMERON-PC [administrator]

    1/11/2013 8:46:42 AM
    MBAM-log-2013-01-11 (10-37-20).txt

    Scan type: Full scan (C:\|D:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 469625
    Time elapsed: 1 hour(s), 25 minute(s), 28 second(s)

    Memory Processes Detected: 1
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12brmon.exe (PUP.MyWebSearch) -> 1272 -> No action taken.

    Memory Modules Detected: 5
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12brstub.dll (PUP.MyWebSearch) -> No action taken.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12auxstb.dll (PUP.MyWebSearch) -> No action taken.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12SrcAs.dll (PUP.MyWebSearch) -> No action taken.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12dlghk.dll (PUP.MyWebSearch) -> No action taken.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12ieovr.dll (PUP.MyWebSearch) -> No action taken.

    Registry Keys Detected: 66
    HKLM\SYSTEM\CurrentControlSet\Services\MyScrapNook_12Service (PUP.MyWebSearch) -> No action taken.
    HKCR\CLSID\{65f159fb-5f5e-46f4-b45d-ccfa236d2073} (PUP.MyWebSearch) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65F159FB-5F5E-46F4-B45D-CCFA236D2073} (PUP.MyWebSearch) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{65F159FB-5F5E-46F4-B45D-CCFA236D2073} (PUP.MyWebSearch) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{65F159FB-5F5E-46F4-B45D-CCFA236D2073} (PUP.MyWebSearch) -> No action taken.
    HKCR\CLSID\{9d691733-7ee6-48e6-adae-2be39b132bd1} (PUP.MyWebSearch) -> No action taken.
    HKCR\TypeLib\{9664e31f-b2bc-4de2-87c7-43694e33ecc4} (PUP.MyWebSearch) -> No action taken.
    HKCR\Interface\{661A3047-196C-40BE-B957-98532655A787} (PUP.MyWebSearch) -> No action taken.
    HKCR\CLSID\{0214754e-4e7d-4589-829d-e2523e6a3085} (PUP.MyWebSearch) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0214754E-4E7D-4589-829D-E2523E6A3085} (PUP.MyWebSearch) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0214754E-4E7D-4589-829D-E2523E6A3085} (PUP.MyWebSearch) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0214754E-4E7D-4589-829D-E2523E6A3085} (PUP.MyWebSearch) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyScrapNook_12bar Uninstall (PUP.MyWebSearch) -> No action taken.
    HKCR\CLSID\{122e5f70-9c86-4e54-ac4c-d85d003b9935} (PUP.MyWebSearch) -> No action taken.
    HKCR\TypeLib\{dd51b24f-4ad0-43e2-83bb-ed9af4475a0d} (PUP.MyWebSearch) -> No action taken.
    HKCR\Interface\{0CEC5206-43FA-4BC8-91A7-DC5B121F7960} (PUP.MyWebSearch) -> No action taken.
    HKCR\CLSID\{4aee45aa-b3b1-4eff-ba81-3e3afa0fbfb9} (PUP.MyWebSearch) -> No action taken.
    HKCR\MyScrapNook_12.DynamicBarButton.1 (PUP.MyWebSearch) -> No action taken.
    HKCR\MyScrapNook_12.DynamicBarButton (PUP.MyWebSearch) -> No action taken.
    HKCR\CLSID\{c80ddfba-1646-4b6d-845f-85288c7b8201} (PUP.MyWebSearch) -> No action taken.
    HKCR\TypeLib\{c43dde8b-9428-4c43-9a64-fc66912fe6a4} (PUP.MyWebSearch) -> No action taken.
    HKCR\Interface\{DFF78A48-9941-4ABF-8E21-E1D66F6AF4B1} (PUP.MyWebSearch) -> No action taken.
    HKCR\MyScrapNook_12.FeedManager.1 (PUP.MyWebSearch) -> No action taken.
    HKCR\MyScrapNook_12.FeedManager (PUP.MyWebSearch) -> No action taken.
    HKCR\CLSID\{5DB6F0A5-C6E8-41C6-B88A-94551911A53F} (PUP.MyWebSearch) -> No action taken.
    HKCR\MyScrapNook_12.HTMLMenu.1 (PUP.MyWebSearch) -> No action taken.
    HKCR\MyScrapNook_12.HTMLMenu (PUP.MyWebSearch) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5DB6F0A5-C6E8-41C6-B88A-94551911A53F} (PUP.MyWebSearch) -> No action taken.
    HKCR\CLSID\{c401ebc5-c988-48d7-a721-42c59fb48d0d} (PUP.MyWebSearch) -> No action taken.
    HKCR\TypeLib\{e9934f5d-7a0f-4240-a709-11c91854ce21} (PUP.MyWebSearch) -> No action taken.
    HKCR\Interface\{4EECBA27-86E3-49FF-9084-986F22CFDE7B} (PUP.MyWebSearch) -> No action taken.
    HKCR\CLSID\{0f2a56e1-2b3f-4a50-9f44-946532ab3279} (PUP.MyWebSearch) -> No action taken.
    HKCR\MyScrapNook_12.MultipleButton.1 (PUP.MyWebSearch) -> No action taken.
    HKCR\MyScrapNook_12.MultipleButton (PUP.MyWebSearch) -> No action taken.
    HKCR\CLSID\{ee718602-1282-4d49-ac4e-afab43840b99} (PUP.MyWebSearch) -> No action taken.
    HKCR\TypeLib\{a7d84ee2-a611-4726-b353-3732a55c734c} (PUP.MyWebSearch) -> No action taken.
    HKCR\Interface\{3EA07715-76B5-4572-85D4-592263F48907} (PUP.MyWebSearch) -> No action taken.
    HKCR\MyScrapNook_12.XMLSessionPlugin.1 (PUP.MyWebSearch) -> No action taken.
    HKCR\MyScrapNook_12.XMLSessionPlugin (PUP.MyWebSearch) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EE718602-1282-4D49-AC4E-AFAB43840B99} (PUP.MyWebSearch) -> No action taken.
    HKCR\CLSID\{8a3b777d-5f5b-448d-b3cd-fdf00932306d} (PUP.MyWebSearch) -> No action taken.
    HKCR\TypeLib\{2addcc11-40ad-4244-afc6-90feeb3bb2e9} (PUP.MyWebSearch) -> No action taken.
    HKCR\Interface\{943D23D4-4C0C-4668-AE21-3483CCA4DCEF} (PUP.MyWebSearch) -> No action taken.
    HKCR\MyScrapNook_12.RadioSettings.1 (PUP.MyWebSearch) -> No action taken.
    HKCR\MyScrapNook_12.RadioSettings (PUP.MyWebSearch) -> No action taken.
    HKCR\CLSID\{69b8636b-4a89-4e55-bcf3-a45464ad2171} (PUP.MyWebSearch) -> No action taken.
    HKCR\MyScrapNook_12.ScriptButton.1 (PUP.MyWebSearch) -> No action taken.
    HKCR\MyScrapNook_12.ScriptButton (PUP.MyWebSearch) -> No action taken.
    HKCR\CLSID\{34afd9f3-f1b2-4e3d-9836-04c592956564} (PUP.MyWebSearch) -> No action taken.
    HKCR\TypeLib\{0fa48495-56eb-4eba-be5f-183846983a48} (PUP.MyWebSearch) -> No action taken.
    HKCR\Interface\{098E4E5F-7877-4EBE-9A51-49CDEFBED242} (PUP.MyWebSearch) -> No action taken.
    HKCR\CLSID\{ccea288e-f1bf-4044-b3e9-e41b1656084c} (PUP.MyWebSearch) -> No action taken.
    HKCR\TypeLib\{a12635f7-09ea-479c-8fa0-65c98b053c3a} (PUP.MyWebSearch) -> No action taken.
    HKCR\Interface\{0C40607D-5922-4D40-9AAF-8AF96DF5C704} (PUP.MyWebSearch) -> No action taken.
    HKCR\MyScrapNook_12.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> No action taken.
    HKCR\MyScrapNook_12.ThirdPartyInstaller (PUP.MyWebSearch) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCEA288E-F1BF-4044-B3E9-E41B1656084C} (PUP.MyWebSearch) -> No action taken.
    HKCR\CLSID\{ffbe11e1-494b-4396-895e-9776dc069ab7} (PUP.MyWebSearch) -> No action taken.
    HKCR\MyScrapNook_12.UrlAlertButton.1 (PUP.MyWebSearch) -> No action taken.
    HKCR\MyScrapNook_12.UrlAlertButton (PUP.MyWebSearch) -> No action taken.
    HKCR\CLSID\{25d62e1a-bd8b-4e6e-b7cc-1e0ee04a4622} (PUP.MyWebSearch) -> No action taken.
    HKCR\TypeLib\{4a9994e4-a107-4c07-abe2-832242bf8486} (PUP.MyWebSearch) -> No action taken.
    HKCR\Interface\{962DE9EA-6508-4D38-B5A1-EA8E431CF0A0} (PUP.MyWebSearch) -> No action taken.
    HKCR\MyScrapNook_12.HTMLPanel.1 (PUP.MyWebSearch) -> No action taken.
    HKCR\MyScrapNook_12.HTMLPanel (PUP.MyWebSearch) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25D62E1A-BD8B-4E6E-B7CC-1E0EE04A4622} (PUP.MyWebSearch) -> No action taken.

    Registry Values Detected: 2
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MyScrapNook_12 Browser Plugin Loader (PUP.MyWebSearch) -> Data: C:\PROGRA~2\MYSCRA~2\bar\1.bin\12brmon.exe -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|My Scrap Nook Search Scope Monitor (PUP.MyWebSearch) -> Data: "C:\PROGRA~2\MYSCRA~2\bar\1.bin\12srchmn.exe" /m=2 /w /h -> No action taken.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 36
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12barsvc.exe (PUP.MyWebSearch) -> No action taken.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12brmon.exe (PUP.MyWebSearch) -> No action taken.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12brstub.dll (PUP.MyWebSearch) -> No action taken.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12auxstb.dll (PUP.MyWebSearch) -> No action taken.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12SrcAs.dll (PUP.MyWebSearch) -> No action taken.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12dlghk.dll (PUP.MyWebSearch) -> No action taken.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12ieovr.dll (PUP.MyWebSearch) -> No action taken.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12SrchMn.exe (PUP.MyWebSearch) -> No action taken.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12bar.dll (PUP.MyWebSearch) -> No action taken.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12datact.dll (PUP.MyWebSearch) -> No action taken.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12dyn.dll (PUP.MyWebSearch) -> No action taken.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12feedmg.dll (PUP.MyWebSearch) -> No action taken.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12highin.exe (PUP.MyWebSearch) -> No action taken.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12hkstub.dll (PUP.MyWebSearch) -> No action taken.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12htmlmu.dll (PUP.MyWebSearch) -> No action taken.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12httpct.dll (PUP.MyWebSearch) -> No action taken.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12idle.dll (PUP.MyWebSearch) -> No action taken.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12impipe.exe (PUP.MyWebSearch) -> No action taken.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12medint.exe (PUP.MyWebSearch) -> No action taken.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12mlbtn.dll (PUP.MyWebSearch) -> No action taken.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12msg.dll (PUP.MyWebSearch) -> No action taken.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12Plugin.dll (PUP.MyWebSearch) -> No action taken.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12radio.dll (PUP.MyWebSearch) -> No action taken.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12regfft.dll (PUP.MyWebSearch) -> No action taken.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12reghk.dll (PUP.MyWebSearch) -> No action taken.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12regiet.dll (PUP.MyWebSearch) -> No action taken.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12script.dll (PUP.MyWebSearch) -> No action taken.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12skin.dll (PUP.MyWebSearch) -> No action taken.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12skplay.exe (PUP.MyWebSearch) -> No action taken.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12tpinst.dll (PUP.MyWebSearch) -> No action taken.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12uabtn.dll (PUP.MyWebSearch) -> No action taken.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\NP12Stub.dll (PUP.MyWebSearch) -> No action taken.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\T8HTML.DLL (PUP.MyWebSearch) -> No action taken.
    C:\_OTM\MovedFiles\01112013_081545\C_ProgramData\Microsoft\Windows\DRM\4490.tmp.dat (Trojan.Agent.BRVGen) -> No action taken.
    C:\_OTM\MovedFiles\01112013_081545\C_Users\Dad\AppData\Local\Temp\0.7971786022674157 (Trojan.Happili) -> No action taken.
    C:\_OTM\MovedFiles\01112013_081545\C_Users\Dad\AppData\Local\Temp\12CA.tmp (Trojan.Agent.BRVGen) -> No action taken.

    (end)
     
  10. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    Please run another Full scan with Malwarebyes and this time select everything found for removal and post the new log.
     
  11. Camlee98

    Camlee98 Thread Starter

    Joined:
    Mar 21, 2004
    Messages:
    184
    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.01.11.08

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Dad :: CAMERON-PC [administrator]

    1/11/2013 8:46:42 AM
    mbam-log-2013-01-11 (08-46-42).txt

    Scan type: Full scan (C:\|D:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 469625
    Time elapsed: 1 hour(s), 25 minute(s), 28 second(s)

    Memory Processes Detected: 1
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12brmon.exe (PUP.MyWebSearch) -> 1272 -> Delete on reboot.

    Memory Modules Detected: 5
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12brstub.dll (PUP.MyWebSearch) -> Delete on reboot.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12auxstb.dll (PUP.MyWebSearch) -> Delete on reboot.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12SrcAs.dll (PUP.MyWebSearch) -> Delete on reboot.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12dlghk.dll (PUP.MyWebSearch) -> Delete on reboot.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12ieovr.dll (PUP.MyWebSearch) -> Delete on reboot.

    Registry Keys Detected: 66
    HKLM\SYSTEM\CurrentControlSet\Services\MyScrapNook_12Service (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{65f159fb-5f5e-46f4-b45d-ccfa236d2073} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65F159FB-5F5E-46F4-B45D-CCFA236D2073} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{65F159FB-5F5E-46F4-B45D-CCFA236D2073} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{65F159FB-5F5E-46F4-B45D-CCFA236D2073} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{9d691733-7ee6-48e6-adae-2be39b132bd1} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{9664e31f-b2bc-4de2-87c7-43694e33ecc4} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Interface\{661A3047-196C-40BE-B957-98532655A787} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{0214754e-4e7d-4589-829d-e2523e6a3085} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0214754E-4E7D-4589-829D-E2523E6A3085} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0214754E-4E7D-4589-829D-E2523E6A3085} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0214754E-4E7D-4589-829D-E2523E6A3085} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyScrapNook_12bar Uninstall (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{122e5f70-9c86-4e54-ac4c-d85d003b9935} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{dd51b24f-4ad0-43e2-83bb-ed9af4475a0d} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Interface\{0CEC5206-43FA-4BC8-91A7-DC5B121F7960} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{4aee45aa-b3b1-4eff-ba81-3e3afa0fbfb9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\MyScrapNook_12.DynamicBarButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\MyScrapNook_12.DynamicBarButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{c80ddfba-1646-4b6d-845f-85288c7b8201} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{c43dde8b-9428-4c43-9a64-fc66912fe6a4} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Interface\{DFF78A48-9941-4ABF-8E21-E1D66F6AF4B1} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\MyScrapNook_12.FeedManager.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\MyScrapNook_12.FeedManager (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{5DB6F0A5-C6E8-41C6-B88A-94551911A53F} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\MyScrapNook_12.HTMLMenu.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\MyScrapNook_12.HTMLMenu (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5DB6F0A5-C6E8-41C6-B88A-94551911A53F} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{c401ebc5-c988-48d7-a721-42c59fb48d0d} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{e9934f5d-7a0f-4240-a709-11c91854ce21} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Interface\{4EECBA27-86E3-49FF-9084-986F22CFDE7B} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{0f2a56e1-2b3f-4a50-9f44-946532ab3279} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\MyScrapNook_12.MultipleButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\MyScrapNook_12.MultipleButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{ee718602-1282-4d49-ac4e-afab43840b99} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{a7d84ee2-a611-4726-b353-3732a55c734c} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Interface\{3EA07715-76B5-4572-85D4-592263F48907} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\MyScrapNook_12.XMLSessionPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\MyScrapNook_12.XMLSessionPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EE718602-1282-4D49-AC4E-AFAB43840B99} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{8a3b777d-5f5b-448d-b3cd-fdf00932306d} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{2addcc11-40ad-4244-afc6-90feeb3bb2e9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Interface\{943D23D4-4C0C-4668-AE21-3483CCA4DCEF} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\MyScrapNook_12.RadioSettings.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\MyScrapNook_12.RadioSettings (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{69b8636b-4a89-4e55-bcf3-a45464ad2171} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\MyScrapNook_12.ScriptButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\MyScrapNook_12.ScriptButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{34afd9f3-f1b2-4e3d-9836-04c592956564} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{0fa48495-56eb-4eba-be5f-183846983a48} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Interface\{098E4E5F-7877-4EBE-9A51-49CDEFBED242} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{ccea288e-f1bf-4044-b3e9-e41b1656084c} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{a12635f7-09ea-479c-8fa0-65c98b053c3a} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Interface\{0C40607D-5922-4D40-9AAF-8AF96DF5C704} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\MyScrapNook_12.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\MyScrapNook_12.ThirdPartyInstaller (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCEA288E-F1BF-4044-B3E9-E41B1656084C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{ffbe11e1-494b-4396-895e-9776dc069ab7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\MyScrapNook_12.UrlAlertButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\MyScrapNook_12.UrlAlertButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{25d62e1a-bd8b-4e6e-b7cc-1e0ee04a4622} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{4a9994e4-a107-4c07-abe2-832242bf8486} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Interface\{962DE9EA-6508-4D38-B5A1-EA8E431CF0A0} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\MyScrapNook_12.HTMLPanel.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\MyScrapNook_12.HTMLPanel (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25D62E1A-BD8B-4E6E-B7CC-1E0EE04A4622} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Values Detected: 2
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MyScrapNook_12 Browser Plugin Loader (PUP.MyWebSearch) -> Data: C:\PROGRA~2\MYSCRA~2\bar\1.bin\12brmon.exe -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|My Scrap Nook Search Scope Monitor (PUP.MyWebSearch) -> Data: "C:\PROGRA~2\MYSCRA~2\bar\1.bin\12srchmn.exe" /m=2 /w /h -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 36
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12barsvc.exe (PUP.MyWebSearch) -> Delete on reboot.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12brmon.exe (PUP.MyWebSearch) -> Delete on reboot.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12brstub.dll (PUP.MyWebSearch) -> Delete on reboot.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12auxstb.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12SrcAs.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12dlghk.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12ieovr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12SrchMn.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12bar.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12datact.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12dyn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12feedmg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12highin.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12hkstub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12htmlmu.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12httpct.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12idle.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12impipe.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12medint.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12mlbtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12msg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12Plugin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12radio.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12regfft.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12reghk.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12regiet.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12script.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12skin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12skplay.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12tpinst.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12uabtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\NP12Stub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\T8HTML.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\_OTM\MovedFiles\01112013_081545\C_ProgramData\Microsoft\Windows\DRM\4490.tmp.dat (Trojan.Agent.BRVGen) -> Quarantined and deleted successfully.
    C:\_OTM\MovedFiles\01112013_081545\C_Users\Dad\AppData\Local\Temp\0.7971786022674157 (Trojan.Happili) -> Quarantined and deleted successfully.
    C:\_OTM\MovedFiles\01112013_081545\C_Users\Dad\AppData\Local\Temp\12CA.tmp (Trojan.Agent.BRVGen) -> Quarantined and deleted successfully.

    (end)
     
  12. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    Please run one more Full system scan with Malwarebytes and post the log, select anything found for removal. If all is well it should find nothing.

    How well is the system running now, please describe any remaining issues.
     
  13. Camlee98

    Camlee98 Thread Starter

    Joined:
    Mar 21, 2004
    Messages:
    184
    It seems that all is well now. Internet is quick and responsive and opening and closing programs is much better. If you feel that everything is clean then I'll mark this solved. Thank you very much for your help. I'm glad this site is still around after all these years!



    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.01.11.08

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Dad :: CAMERON-PC [administrator]

    1/12/2013 3:49:58 PM
    mbam-log-2013-01-12 (15-49-58).txt

    Scan type: Full scan (C:\|D:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 470688
    Time elapsed: 18 hour(s), 8 minute(s), 52 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  14. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    Ok, all you need do now is update Java and Adobe reader.

    Please also open OTM and click on the CleanUp¡ button which will remove itself and other tools used, any remaining logs or tools left on the desktop can be deleted.

    Adobe
    Close any programs you may have running - especially your web browser.
    Click on Start [​IMG] > Control Panel, double-click on Programs and Features and uninstall the following Adobe entries:

    Adobe Reader 9

    NOTE: For XP click on [​IMG] > Control Panel, double-click on Add or Remove Programs and continue as above.

    Then go to this link Adobe Downloads and select the latest version to download and install. You will see this page below, click on the appropriate button for for the Adobe product that was just removed.

    [​IMG]

    You will now see a page similar to this one:

    [​IMG]

    All four Adobe products, Reader, Flash Player, Air and Shockwave Player are set by default to download the version for Windows Operating Systems and for Internet Explorer in English. If you are using a Macintosh, or you want to use the Adobe product with a different Browser or language you must click on the line (as indicated in the above image) to make further selections to meet your requirements.

    As you will see in the above image the Adobe Reader is set for Windows 7, please click (as indicated) if you are using a different version of Windows to make further selections. All the other Adobe products are universal and you will only need to change the selection for different Browsers, Languages or for Macintosh.
    NOTE: In all the downloads look out for the Google Toolbar and uncheck the box if you do not need it.

    Some additional instructions may appear for XP installations. In all cases save the download to your desktop, then close your browser and double click on the Adobe icon on your desktop to install it. If you have any problems installing, disconnect from the internet and disable your Anti Virus and any other security software, instructions for most AV's, etc. can be found here: How to disable security software.
    =====================================================================


    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
    Please follow these steps to remove older version of Java and update.

    How to update Java:
    Be aware that the act of downloading any Java installer means that you have read and agree to abide by the end users license agreement.
    End user licence agreement

    First uninstall all existing versions of Java.

    • Go to Start > Control Panel double-click on Add/Remove programs (or Programs and Features) and click on any item with Java, Java(TM), JRE or J2SE in the name.
    • Click the Uninstall, Remove or Change/Remove button and allow it to uninstall.
    • If a User Account Control warning appears click on Allow.
    • Repeat as many times as necessary to remove each and every item.
    • Reboot your computer once all Java components are removed.

    NOTE: If you have a 64bit version of Windows and are using the 64bit version of Internet Explorer the Java site will automatically give you the correct Java version using the instructions below,
    but it is recommended that you use only 32bit browsers and versions of Java. Please read this for further information: Which Java download should I choose for my 64bit operating system?.
    If you install Java for the 64bit version of Internet Explorer and you use any other browser you will also need to repeat the installation while using your other browser which will most likely be 32bit. If in doubt please ask.


    How to install the latest version.

    • Open the browser that you normally use and click on this link: Java Download
    • Click on the big red button Free Java Download
    • On the next page click on the big red button Agree and Start Free Download
    • Select Run whenever the option appears. If no Run option appears click on Save and then when the download completes click on Run. If a User Account Control warning appears click on Continue.
    • When the Welcome to Java window appears click on Install.
    • It may takes several minutes to download the installer depending on the speed of your connection, allow it to complete.
    • If any error messages appear click on OK and then click on the Agree and start free download button again.
    • Please wait for the Java Setup window to appear. Uncheck the box to install the Ask Toolbar and then click on Next.
    • NOTE: The Ask Toolbar option may change without notice to something different, please make sure you uncheck the box for anything else that is offered. On some systems this offer may not appear, in which case, continue with the next instruction.
    • You will then see the Java Setup Progress window and another will appear for JavaFX (on some systems the JavaFX will not appear or be installed). Finally the Java Setup Complete window will appear, click on Close.
    • If a Java page then appears with a button to Verify Java Version click on it and it will verify the installation.
    • The Installation is now complete, please reboot the system.
    • NOTE: The JavaFX component is not required unless you are developing Java applications. It is perfectly safe to keep on your system, but if you wish to uninstall it please do so.

    ==========================================================================

    I shall now mark this thread as Solved and leave you with some security advice, but please feel free to post back if you have any remaining issues or concerns.

    There are many places where you will find security advice, but most are biased towards a particular item of software that they are trying to promote. I have given some unbiased advice below that should help keep you better protected. Unfortunately there is no "best protection", new Malware is being produced every minute of the day so it is a cat & mouse game for all security software vendors to keep up with the latest infections.

    It has always been the case that what one Anti Virus program will detect another one will miss and vice versa. That being said, never be tempted to install more than one Anti Virus program thinking that will give you better protection as in fact the reverse is true. Two or more AV programs will (in most cases) conflict with each other, slow your system down and actually reduce your security level. Don't assume that your present Anti Virus is no good on the grounds that you got infected, if I have seen you are using a poor Anti Virus I will have advised you earlier in the thread. There are a lot of nasty infections out there waiting to jump onto a PC and with some of the newest infections there is very little that will block them. Fortunately there are those who dedicate their spare time, for little reward, in making the tools we use here to remove these infections. It is those people that we have to thank as without them a reinstall would often be the only way out.

    Some additional security measures.
    If your present security software does not include a third party Firewall or AntiSpyware.

    Go Here for a selection of third party Firewalls.

    Go Here or Here for Anti Spyware.

    Malwarebytes free version (which you may have used during this thread) is worth having for regular scans of your system, always check for updates before using it. If you can afford the Malwarebytes Pro version it will provide even better protection with a full time active scanner. Never have more than one active anti virus, anti spyware or firewall running on your system as it can cause conflicts and slow down the PC. You can safely run the Pro version of Malwarebytes with any Anti Virus software.

    WOT (Web OF Trust) Will warn you (in most cases) about dangerous web sites. (This is only available for use with Internet Explorer).

    Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Attacks exploiting vulnerable programs and plug-ins are rarely blocked by traditional anti-virus and are therefore increasingly "popular"among criminals.

    WinPatrol is a useful facility to have. WinPatrol takes snapshots of your critical system resources and alerts you to any changes that may occur without your knowledge. It can also be used to control all your start up programs.

    Finally, make sure that Windows Update is turned on as many updates are to fix newly discovered security holes in the Windows Operating System. You should also make sure that any Java or Adobe products are kept up to date and any old versions are uninstalled. Never use Registry Cleaners as they can and do damage the systems registry and stay well clear of P2P file sharing sites as these are one of the best places to get your PC infected.
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1084275

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice