Very slow internet Need clean up help

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Camlee98

Thread Starter
Joined
Mar 21, 2004
Messages
184
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:16:56 AM, on 1/8/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
C:\Users\Cameron\AppData\Local\Smartbar\Application\Smartbar.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
C:\Program Files (x86)\USB Camera\VM331_STI.EXE
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12brmon.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\Linkury\Linkury.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Cameron\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=4.0002002
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
R3 - URLSearchHook: (no name) - {b3b5c47e-61f7-4d81-af06-461fc86686ce} - C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12SrcAs.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Toolbar BHO - {0214754e-4e7d-4589-829d-e2523e6a3085} - C:\PROGRA~2\MYSCRA~2\bar\1.bin\12bar.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Assistant BHO - {65f159fb-5f5e-46f4-b45d-ccfa236d2073} - C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12SrcAs.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: EgisPBIE - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111223103703.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: RewardsArcadeSuite - {B6EF6C45-5E8D-4c3b-B580-A5073261A381} - C:\Program Files (x86)\RewardsArcadeSuite\RewardsArcadeSuite.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: WeCareReminder - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: My Scrap Nook - {fe6f06fb-0fc0-4499-828f-ee48088f504f} - C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12bar.dll
O4 - HKLM\..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [VitaKeyTSR] C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe /run
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [PLTSR] "C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe"
O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [My Scrap Nook Search Scope Monitor] "C:\PROGRA~2\MYSCRA~2\bar\1.bin\12srchmn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [MyScrapNook_12 Browser Plugin Loader] C:\PROGRA~2\MYSCRA~2\bar\1.bin\12brmon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Linkury Chrome Smartbar] C:\Program Files (x86)\Linkury\Linkury.exe startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3877460089-2181327256-4035426072-1001\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Cameron')
O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')
O4 - Global Startup: GamersFirst LIVE!.lnk = C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: EgisTec Service - Egis Technology Inc. - C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
O23 - Service: EgisTec Service Help - Egis Technology Inc. - C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\mcafee\msc\mcawfwk.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: My Scrap NookService (MyScrapNook_12Service) - COMPANYVERS_NAME - C:\PROGRA~2\MYSCRA~2\bar\1.bin\12barsvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater13.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 19362 bytes
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457
Run by Dad at 9:36:52 on 2013-01-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4010.1995 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\windows\system32\mfevtps.exe
C:\PROGRA~2\MYSCRA~2\bar\1.bin\12barsvc.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
C:\Users\Cameron\AppData\Local\Smartbar\Application\Smartbar.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
C:\Program Files (x86)\USB Camera\VM331_STI.EXE
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12brmon.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Linkury\Linkury.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\windows\system32\taskeng.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
C:\windows\system32\svchost.exe -k HPService
C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\taskhost.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
mStart Page = hxxp://home.sweetim.com/?crg=4.0002002
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
uURLSearchHooks: <No Name>: {b3b5c47e-61f7-4d81-af06-461fc86686ce} - C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12SrcAs.dll
mWinlogon: Userinit = userinit.exe
BHO: Toolbar BHO: {0214754e-4e7d-4589-829d-e2523e6a3085} - C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12bar.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Assistant BHO: {65f159fb-5f5e-46f4-b45d-ccfa236d2073} - C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12SrcAs.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: EgisPBIE Class: {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20111223103703.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: RewardsArcadeSuite: {B6EF6C45-5E8D-4c3b-B580-A5073261A381} - C:\Program Files (x86)\RewardsArcadeSuite\RewardsArcadeSuite.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SweetIM Toolbar Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: SweetIM Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: My Scrap Nook: {fe6f06fb-0fc0-4499-828f-ee48088f504f} - C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12bar.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Linkury Chrome Smartbar] C:\Program Files (x86)\Linkury\Linkury.exe startup
uRun: [NCsoft] <no file>
mRun: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [VitaKeyTSR] C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe /run
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [PLTSR] "C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe"
mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [My Scrap Nook Search Scope Monitor] "C:\PROGRA~2\MYSCRA~2\bar\1.bin\12srchmn.exe" /m=2 /w /h
mRun: [MyScrapNook_12 Browser Plugin Loader] C:\PROGRA~2\MYSCRA~2\bar\1.bin\12brmon.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: [GrpConv] grpconv -o
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMERS~1.LNK - C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{B140C977-8BF5-4ED8-A952-BBDE030C470A} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{B140C977-8BF5-4ED8-A952-BBDE030C470A}\3416D6C65656938314 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{B140C977-8BF5-4ED8-A952-BBDE030C470A}\35D616C6C634865656471686D27657563747 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{B140C977-8BF5-4ED8-A952-BBDE030C470A}\8494464656E634275656B6D27657563747 : DHCPNameServer = 192.168.14.3
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Notification Packages = scecli EgisPwdFilter EgisDSPwdFilter EgisPLPwdFilter
x64-mStart Page = hxxp://lenovo.msn.com
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: EgisPBIE Class: {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\SystemCore\ScriptSn.20111223103703.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
x64-Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe
x64-Run: [Logitech Download Assistant] C:\windows\System32\rundll32.exe C:\windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 fbfmon;fbfmon;C:\windows\System32\drivers\fbfmon.sys [2011-10-10 57952]
R0 LHDmgr;LHDmgr;C:\windows\System32\drivers\LhdX64.sys [2011-10-10 39008]
R0 mfehidk;McAfee Inc. mfehidk;C:\windows\System32\drivers\mfehidk.sys [2011-3-13 647080]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\System32\drivers\mfewfpk.sys [2011-3-13 284648]
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2012-9-3 30568]
R1 BPntDrv;BPntDrv;C:\windows\System32\drivers\BPntDrv.sys [2011-10-10 13408]
R1 EgisTecFF;EgisTecFF;C:\windows\System32\drivers\EgisTecFF.sys [2011-10-10 55880]
R1 mfenlfk;McAfee NDIS Light Filter;C:\windows\System32\drivers\mfenlfk.sys [2011-3-13 75808]
R1 mwlPSDFilter;mwlPSDFilter;C:\windows\System32\drivers\mwlPSDFilter.sys [2011-10-10 22912]
R1 mwlPSDNServ;mwlPSDNServ;C:\windows\System32\drivers\mwlPSDNserv.sys [2011-10-10 20328]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\windows\System32\drivers\mwlPSDVDisk.sys [2011-10-10 62584]
R2 EgisTec Service Help;EgisTec Service Help;C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [2010-10-22 327024]
R2 EgisTec Service;EgisTec Service;C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe [2010-12-13 703856]
R2 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-12-13 650096]
R2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);C:\windows\System32\drivers\FPSensor.sys [2010-10-31 35952]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-10-10 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-10-10 208536]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\windows\System32\mfevtps.exe [2011-10-10 161168]
R2 MyScrapNook_12Service;My Scrap NookService;C:\PROGRA~2\MYSCRA~2\bar\1.bin\12barsvc.exe [2012-11-25 42504]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2012-3-20 128456]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-10-10 2656280]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-8 711112]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2010-10-25 29792]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
R3 cfwids;McAfee Inc. cfwids;C:\windows\System32\drivers\cfwids.sys [2011-3-13 65264]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2010-12-24 31088]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-4-15 317440]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\System32\drivers\mfeavfk.sys [2011-3-13 229528]
R3 mfefirek;McAfee Inc. mfefirek;C:\windows\System32\drivers\mfefirek.sys [2011-3-13 481768]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2011-10-10 307304]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-10-10 333928]
R3 vm331avs;Digital Camera 1;C:\windows\System32\drivers\vm331avs.sys [2011-10-10 228224]
R3 vmuvcflt;Vimicro USB Camera Filter;C:\windows\System32\drivers\vmuvcflt.sys [2011-10-10 8320]
RUnknown 38887213;38887213; [x]
RUnknown 4236652drv;4236652drv; [x]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\System32\drivers\ssudbus.sys [2012-2-15 99384]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-10-10 225216]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-9-5 234776]
S3 mferkdet;McAfee Inc. mferkdet;C:\windows\System32\drivers\mferkdet.sys [2011-3-13 100912]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\System32\drivers\ssudmdm.sys [2012-2-15 203320]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2011-8-2 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-12-25 1255736]
S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-01-08 13:53:49 -------- d-----w- C:\ProgramData\Kaspersky Lab
2013-01-07 14:50:37 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8AF5CD96-E3F1-4278-9702-098ED4DE18F0}\offreg.dll
2013-01-07 14:43:52 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8AF5CD96-E3F1-4278-9702-098ED4DE18F0}\mpengine.dll
2013-01-06 14:18:57 9125352 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-12-30 13:45:12 9125352 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D4C6FE2C-A526-4CB0-9036-C8F864D1213C}\mpengine.dll
2012-12-23 23:40:24 46080 ----a-w- C:\windows\System32\atmlib.dll
2012-12-23 23:40:24 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
2012-12-23 23:40:19 367616 ----a-w- C:\windows\System32\atmfd.dll
2012-12-23 23:40:17 295424 ----a-w- C:\windows\SysWow64\atmfd.dll
2012-12-19 00:49:08 -------- d-----w- C:\Users\Dad\AppData\Local\ElevatedDiagnostics
2012-12-12 12:42:35 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2012-12-12 12:42:35 2048 ----a-w- C:\windows\System32\tzres.dll
2012-12-12 12:42:01 3149824 ----a-w- C:\windows\System32\win32k.sys
2012-12-12 12:40:26 478208 ----a-w- C:\windows\System32\dpnet.dll
2012-12-12 12:40:25 376832 ----a-w- C:\windows\SysWow64\dpnet.dll
2012-12-10 00:32:00 -------- d-----w- C:\Program Files (x86)\Steam
.
==================== Find3M ====================
.
2012-12-11 22:58:51 697272 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-12-11 22:58:50 73656 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-14 06:11:44 2312704 ----a-w- C:\windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-11-08 21:23:45 30568 ----a-w- C:\windows\System32\drivers\avgtpx64.sys
2012-10-16 08:38:37 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\windows\apppatch\AcLayers.dll
.
============= FINISH: 9:38:31.81 ===============
 
Joined
May 7, 2011
Messages
14,142
Hi, you are running two Anti Virus programs which is not recommended. I would suggest you uninstall McAfee and keep Microsoft Security Essentials as it is lower on system resources. Then run this tool to clean up the remnants: McAfee Removal Tool

You can install this to replace the Firewall: Comodo Free Firewall Click on the CONTINUE button and the download will start. Double click on the downloaded file when complete and it will install.

Please run these two scans and post the logs:

SCAN 1
Click on this link to download : ADWCleaner and save it to your desktop.

NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

Close your browser and click on this icon on your desktop:


You will then see the screen below, click on the Delete button (as indicated), accept any prompts that appear and allow it to reboot the PC. When the PC has rebooted you will be presented with the report, copy & paste it into your next post.





SCAN 2
Download RogueKiller (by tigzy) and save direct to your Desktop.
On the web page click on this:


  • Quit all running programs
  • Start RogueKiller.exe
  • Wait until Prescan has finished.
  • Ensure all boxes are ticked under "Report" tab.
  • Click on Scan.
  • Click on Report when complete. Copy/paste the contents of the report and paste into your next reply.
  • NOTE: DO NOT attempt to remove anything that the scan detects.

 

Camlee98

Thread Starter
Joined
Mar 21, 2004
Messages
184
Here are the 2 scans. I doing all of this on my login which is the admin login. Will I need to do this with my sons login also or will these firewalls and scans reside on all logins?

# AdwCleaner v2.105 - Logfile created 01/09/2013 at 08:39:14
# Updated 08/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Dad - CAMERON-PC
# Boot Mode : Normal
# Running from : C:\Users\Dad\Desktop\virus protection\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Deleted : C:\Program Files (x86)\Linkury
Folder Deleted : C:\Program Files (x86)\SweetIM
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Linkury
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\SweetIM
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\Users\cambuscus\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\cambuscus\AppData\Local\Linkury
Folder Deleted : C:\Users\cambuscus\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Cameron\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Cameron\AppData\Local\Linkury
Folder Deleted : C:\Users\Cameron\AppData\Local\Smartbar
Folder Deleted : C:\Users\Cameron\AppData\Local\Temp\Smartbar
Folder Deleted : C:\Users\Cameron\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Cameron\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Dad\AppData\Local\APN
Folder Deleted : C:\Users\Dad\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Folder Deleted : C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Folder Deleted : C:\Users\Dad\AppData\Local\Linkury
Folder Deleted : C:\Users\Dad\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Dad\AppData\Local\Temp\[email protected]
Folder Deleted : C:\Users\Dad\AppData\Local\TempDir
Folder Deleted : C:\Users\Dad\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Dad\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\sim-packages
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\SweetIM
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Linkury Chrome Smartbar]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=4.0002002 --> hxxp://www.google.com

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.8] : homepage = "hxxp://feed.helperbar.com/?publisher=W3i&dpid=W3i&co=US&userid=bdf805ab-bca5-4936[...]
Deleted [l.12] : urls_to_restore_on_startup = [ "hxxp://feed.helperbar.com/?publisher=W3i&dpid=W3i&co=US&us[...]
Deleted [l.45] : keyword = "feed.helperbar.com",
Deleted [l.48] : search_url = "hxxp://feed.helperbar.com/?publisher=W3i&dpid=W3i&co=US&userid=bdf805ab-bca5-49[...]
Deleted [l.1739] : homepage = "hxxp://feed.helperbar.com/?publisher=W3i&dpid=W3i&co=US&userid=bdf805ab-bca5-4936-ad[...]
Deleted [l.2119] : urls_to_restore_on_startup = [ "hxxp://feed.helperbar.com/?publisher=W3i&dpid=W3i&co=US&useri[...]

File : C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.9] : homepage = "hxxp://www.ask.com/?l=dis&o=APN10169cr&gct=hp",
Deleted [l.13] : urls_to_restore_on_startup = [ "hxxps://isearch.avg.com/?cid={2995E159-C6AC-4E23-8ACF-DA0D[...]
Deleted [l.40] : icon_url = "hxxp://www.ask.com/favicon.ico",
Deleted [l.43] : keyword = "ask.com",
Deleted [l.46] : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=67[...]
Deleted [l.47] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms[...]
Deleted [l.1916] : homepage = "hxxp://www.ask.com/?l=dis&o=APN10169cr&gct=hp",
Deleted [l.2179] : urls_to_restore_on_startup = [ "hxxps://isearch.avg.com/?cid={2995E159-C6AC-4E23-8ACF-DA0D73B[...]

File : C:\Users\cambuscus\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [19831 octets] - [09/01/2013 08:39:14]

########## EOF - C:\AdwCleaner[S1].txt - [19892 octets] ##########RogueKiller V8.4.3 [Jan 8 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Dad [Admin rights]
Mode : Scan -- Date : 01/09/2013 08:52:55

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[STARTUP][SUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
[STARTUP][SUSP PATH] Best Buy pc app.lnk @Default User : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HITACHI HTS547550A9E384 +++++
--- User ---
[MBR] 3ce20c676674fa56bdc7febf7370d243
[BSP] d03871c42c5310a7683df689eb3a301b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 431938 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 885020672 | Size: 29692 Mo
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 945829888 | Size: 15109 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_01092013_02d0852.txt >>
RKreport[1]_S_01092013_02d0852.txt
 
Joined
May 7, 2011
Messages
14,142
ADWCleaner has removed a bunch of Adware related items and RogueKiller has found an unnecessary start up item.

Please run RogueKiller again and when the pre-scan completes hit the scan button, then click on the Delete button followed by the Report button and post the new log.

Have you noticed any improvement in performance after those scans and uninstalling McAfee?
 

Camlee98

Thread Starter
Joined
Mar 21, 2004
Messages
184
Yes seems to be getting better. Less hang ups.
Will I need to run these processes on the other accounts on this computer?

RogueKiller V8.4.3 [Jan 8 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Dad [Admin rights]
Mode : Remove -- Date : 01/10/2013 00:54:40

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[STARTUP][SUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HITACHI HTS547550A9E384 +++++
--- User ---
[MBR] 3ce20c676674fa56bdc7febf7370d243
[BSP] d03871c42c5310a7683df689eb3a301b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 431938 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 885020672 | Size: 29692 Mo
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 945829888 | Size: 15109 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3]_D_01102013_02d0054.txt >>
RKreport[1]_S_01092013_02d0852.txt ; RKreport[2]_S_01102013_02d0054.txt ; RKreport[3]_D_01102013_02d0054.txt
 
Joined
May 7, 2011
Messages
14,142
You do not need to run the scans on the other accounts, if you look at the Files deleted by ADWCleaner you can see three user accounts it removed items from.

Please run these two scans:


Download Security Check by screen317 from Here or Here.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please Copy & Paste the contents of that document into your next reply.



Eset online scan instructions.
IMPORTANT ---> Please make sure you follow the instruction to uncheck the box next to Remove found threats. Eset will detect anything that looks even remotely suspicious, this can include legitimate program files. If you do not uncheck the box, as instructed, Eset will automatically remove all suspect files which could leave some of your software inoperative. If you make a mistake these files can be restored from quarantine, but it would be preferable not to add any extra work to the clean up of your system.

  • Disable your existing Anti Virus following these instructions.
  • Please go here to use the Eset Online Scanner.
  • When the web page opens click on this button
  • If you are not using Internet Explorer you will see a message box open asking you to to download the ESET Smart Installer, click on the link and allow it to download and then run it. Accept the Terms of use and click on Start. The required components will download.
  • If using Internet Explorer the Terms of use box will open immediately, accept it and click on Start.
  • After the download is complete the Computer scan settings window will open, IMPORTANT ----> uncheck the box next to Remove found threats and click on Start. The virus signature database will then download which may take some time depending on the speed of your internet connection. The scan will automatically start when the download is complete.
  • This is a very thorough scan and may take several hours to complete depending on how much data you have on your hard drive. Do not interrupt it, be patient and let it finish.
  • A Scan Results window will appear at the end of the scan. If it lists any number of Infected Files click on List of found threats. Click on Copy to clipboard, come back to this thread and right click on the message box. Select Paste and the report will appear, add any comments you have and post the reply.
  • Back on the Eset window, click the Back button and then click on Finish.
 

Camlee98

Thread Starter
Joined
Mar 21, 2004
Messages
184
Here you go and thank you for the help so far! I have noticed a difference so far.

Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java(TM) 6 Update 37
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
Google Chrome 23.0.1271.91
Google Chrome 23.0.1271.95
Google Chrome 23.0.1271.97
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Comodo Firewall cmdagent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 7%
````````````````````End of Log``````````````````````

C:\ProgramData\Microsoft\Windows\DRM\4490.tmp.dat a variant of Win32/Kryptik.AKON trojan
C:\Users\All Users\Microsoft\Windows\DRM\4490.tmp.dat a variant of Win32/Kryptik.AKON trojan
C:\Users\Dad\AppData\Local\EgisTec\Best Buy pc app\yxuoo.dll a variant of Win32/Kryptik.AFRA trojan
C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Default\aahpmbnpodmgfnlolhapljignfkaedjj\background.html Win32/BHO.OEI trojan
C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3V5BSW5H\47233-2[2].htm HTML/ScrInject.B.Gen virus
C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4HJGNVLZ\tt[1].htm HTML/ScrInject.B.Gen virus
C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5YRFFU10\if[1].htm HTML/ScrInject.B.Gen virus
C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6NI1O1CS\47233-9[1].htm HTML/ScrInject.B.Gen virus
C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BLU2LWQ3\tt[1].htm HTML/ScrInject.B.Gen virus
C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BLU2LWQ3\tt[2].htm HTML/ScrInject.B.Gen virus
C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GIF11UBE\if[1].htm HTML/ScrInject.B.Gen virus
C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GIF11UBE\if[2].htm HTML/ScrInject.B.Gen virus
C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GIF11UBE\if[3].htm HTML/ScrInject.B.Gen virus
C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GIF11UBE\if[4].htm HTML/ScrInject.B.Gen virus
C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GIF11UBE\if[5].htm HTML/ScrInject.B.Gen virus
C:\Users\Dad\AppData\Local\Temp\0.7971786022674157 multiple threats
C:\Users\Dad\AppData\Local\Temp\12CA.tmp a variant of Win32/Kryptik.AKON trojan
C:\Users\Dad\AppData\Local\Temp\DropDownDeals-S-Setup_Suite1.exe Win32/Adware.Yontoo application
C:\Users\Dad\AppData\Local\Temp\YontooSetup-S.exe Win32/Adware.Yontoo application
C:\Users\Dad\AppData\Local\Temp\nsmD628.tmp\rlrjomrye.dll a variant of Win32/Kryptik.AFRA trojan
C:\Users\Dad\AppData\Local\Temp\nsmD628.tmp\yxuoo.dll a variant of Win32/Kryptik.AFRA trojan
 
Joined
May 7, 2011
Messages
14,142
You're welcome, glad to hear things are improving.

Java and Adobe Reader are out of date but first we need to deal with the infections Eset found.

Please download OTM by OldTimer. Save it to your desktop.

Double click OTM.exe to start the tool.

  • Copy the text in the code box below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

Code:
:Processes
explorer.exe

:Files
C:\ProgramData\Microsoft\Windows\DRM\4490.tmp.dat    
C:\Users\All Users\Microsoft\Windows\DRM\4490.tmp.dat    
C:\Users\Dad\AppData\Local\EgisTec\Best Buy pc app
C:\Users\Dad\AppData\Local\Google\Chrome\User  Data\Default\Default\aahpmbnpodmgfnlolhapljignfkaedjj\background.html    
C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet  Files\Low\Content.IE5\3V5BSW5H\47233-2[2].htm    
C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet  Files\Low\Content.IE5\4HJGNVLZ\tt[1].htm    
C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet  Files\Low\Content.IE5\5YRFFU10\if[1].htm    
C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet  Files\Low\Content.IE5\6NI1O1CS\47233-9[1].htm    
C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet  Files\Low\Content.IE5\BLU2LWQ3\tt[1].htm    
C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet  Files\Low\Content.IE5\BLU2LWQ3\tt[2].htm 
C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet  Files\Low\Content.IE5\GIF11UBE\if[1].htm    
C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet  Files\Low\Content.IE5\GIF11UBE\if[2].htm    
C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet  Files\Low\Content.IE5\GIF11UBE\if[3].htm    
C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet  Files\Low\Content.IE5\GIF11UBE\if[4].htm    
C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet  Files\Low\Content.IE5\GIF11UBE\if[5].htm    
C:\Users\Dad\AppData\Local\Temp\0.7971786022674157    
C:\Users\Dad\AppData\Local\Temp\12CA.tmp    
C:\Users\Dad\AppData\Local\Temp\DropDownDeals-S-Setup_Suite1.exe    
C:\Users\Dad\AppData\Local\Temp\YontooSetup-S.exe    
C:\Users\Dad\AppData\Local\Temp\nsmD628.tmp\rlrjomrye.dll    
C:\Users\Dad\AppData\Local\Temp\nsmD628.tmp\yxuoo.dll    

:Commands
[createrestorepoint]
[emptyflash]
[emptytemp]
[resethosts]
[reboot]
  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • All your desktop icons will disappear as the scan begins. It should complete within a few minutes.
  • Once complete you may see a box appear asking you to Restart the system to complete the file removal, accept it and it will reboot.
  • Even if that box does not appear the system should reboot as the command is included in the script.
  • When the system has come back to the desktop a Notepad document will open, please copy and paste that into your next post.

-- Note: The logs are saved here: C:\_OTM\MovedFiles
============================================================================

Please also download and run these two tools:

Download Temporary file cleaner and save it to the desktop.
Double click on the icon to run it (it appears as a dark grey dustbin). For Windows 7 and Vista right click the icon and select Run as Administrator.
When the window opens click on Start. It will close all running programs and clear the desktop icons.
When complete you may be asked to reboot, if so accept the request and your PC will reboot automatically. NOTE: there is no log to post from this scan.



Please download Malwarebytes
and save it to your desktop. Open the tool, let it update and run a Full system scan with it and post the log produced.
============================================================================
 

Camlee98

Thread Starter
Joined
Mar 21, 2004
Messages
184
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
C:\ProgramData\Microsoft\Windows\DRM\4490.tmp.dat moved successfully.
File/Folder C:\Users\All Users\Microsoft\Windows\DRM\4490.tmp.dat not found.
C:\Users\Dad\AppData\Local\EgisTec\Best Buy pc app folder moved successfully.
File/Folder C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Default\aahpmbnpodmgfnlolhapljignfkaedjj\background.html not found.
File/Folder C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3V5BSW5H\47233-2[2].htm not found.
File/Folder C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4HJGNVLZ\tt[1].htm not found.
File/Folder C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5YRFFU10\if[1].htm not found.
File/Folder C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6NI1O1CS\47233-9[1].htm not found.
File/Folder C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BLU2LWQ3\tt[1].htm not found.
File/Folder C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BLU2LWQ3\tt[2].htm not found.
File/Folder C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GIF11UBE\if[1].htm not found.
File/Folder C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GIF11UBE\if[2].htm not found.
File/Folder C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GIF11UBE\if[3].htm not found.
File/Folder C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GIF11UBE\if[4].htm not found.
File/Folder C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GIF11UBE\if[5].htm not found.
C:\Users\Dad\AppData\Local\Temp\0.7971786022674157 moved successfully.
C:\Users\Dad\AppData\Local\Temp\12CA.tmp moved successfully.
C:\Users\Dad\AppData\Local\Temp\DropDownDeals-S-Setup_Suite1.exe moved successfully.
C:\Users\Dad\AppData\Local\Temp\YontooSetup-S.exe moved successfully.
LoadLibrary failed for C:\Users\Dad\AppData\Local\Temp\nsmD628.tmp\rlrjomrye.dll
C:\Users\Dad\AppData\Local\Temp\nsmD628.tmp\rlrjomrye.dll moved successfully.
LoadLibrary failed for C:\Users\Dad\AppData\Local\Temp\nsmD628.tmp\yxuoo.dll
C:\Users\Dad\AppData\Local\Temp\nsmD628.tmp\yxuoo.dll moved successfully.
========== COMMANDS ==========
Restore point Set: OTM Restore Point

[EMPTYFLASH]

User: All Users

User: cambuscus
->Flash cache emptied: 58874 bytes

User: Cameron
->Flash cache emptied: 61646 bytes

User: Dad
->Flash cache emptied: 8276245 bytes

User: Default
->Flash cache emptied: 58264 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Mom

User: Public

Total Flash Files Cleaned = 8.00 mb


[EMPTYTEMP]

User: All Users

User: cambuscus
->Temp folder emptied: 714780 bytes
->Temporary Internet Files folder emptied: 189521 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 8287552 bytes
->Flash cache emptied: 0 bytes

User: Cameron
->Temp folder emptied: 281443631 bytes
->Temporary Internet Files folder emptied: 740477341 bytes
->Java cache emptied: 370776 bytes
->Google Chrome cache emptied: 83490362 bytes
->Flash cache emptied: 0 bytes

User: Dad
->Temp folder emptied: 659310356 bytes
->Temporary Internet Files folder emptied: 610961457 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 110689790 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mom

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 675719798 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46310988 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 761 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50400 bytes
RecycleBin emptied: 234608 bytes

Total Files Cleaned = 3,069.00 mb

C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTM by OldTimer - Version 3.1.21.0 log created on 01112013_081545

Files moved on Reboot...
C:\Users\Dad\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SG9O00QX\google_com[2].htm moved successfully.
C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.11.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Dad :: CAMERON-PC [administrator]

1/11/2013 8:46:42 AM
MBAM-log-2013-01-11 (10-37-20).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 469625
Time elapsed: 1 hour(s), 25 minute(s), 28 second(s)

Memory Processes Detected: 1
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12brmon.exe (PUP.MyWebSearch) -> 1272 -> No action taken.

Memory Modules Detected: 5
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12brstub.dll (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12auxstb.dll (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12SrcAs.dll (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12dlghk.dll (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12ieovr.dll (PUP.MyWebSearch) -> No action taken.

Registry Keys Detected: 66
HKLM\SYSTEM\CurrentControlSet\Services\MyScrapNook_12Service (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{65f159fb-5f5e-46f4-b45d-ccfa236d2073} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65F159FB-5F5E-46F4-B45D-CCFA236D2073} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{65F159FB-5F5E-46F4-B45D-CCFA236D2073} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{65F159FB-5F5E-46F4-B45D-CCFA236D2073} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{9d691733-7ee6-48e6-adae-2be39b132bd1} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{9664e31f-b2bc-4de2-87c7-43694e33ecc4} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{661A3047-196C-40BE-B957-98532655A787} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{0214754e-4e7d-4589-829d-e2523e6a3085} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0214754E-4E7D-4589-829D-E2523E6A3085} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0214754E-4E7D-4589-829D-E2523E6A3085} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0214754E-4E7D-4589-829D-E2523E6A3085} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyScrapNook_12bar Uninstall (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{122e5f70-9c86-4e54-ac4c-d85d003b9935} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{dd51b24f-4ad0-43e2-83bb-ed9af4475a0d} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{0CEC5206-43FA-4BC8-91A7-DC5B121F7960} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{4aee45aa-b3b1-4eff-ba81-3e3afa0fbfb9} (PUP.MyWebSearch) -> No action taken.
HKCR\MyScrapNook_12.DynamicBarButton.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyScrapNook_12.DynamicBarButton (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{c80ddfba-1646-4b6d-845f-85288c7b8201} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{c43dde8b-9428-4c43-9a64-fc66912fe6a4} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{DFF78A48-9941-4ABF-8E21-E1D66F6AF4B1} (PUP.MyWebSearch) -> No action taken.
HKCR\MyScrapNook_12.FeedManager.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyScrapNook_12.FeedManager (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{5DB6F0A5-C6E8-41C6-B88A-94551911A53F} (PUP.MyWebSearch) -> No action taken.
HKCR\MyScrapNook_12.HTMLMenu.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyScrapNook_12.HTMLMenu (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5DB6F0A5-C6E8-41C6-B88A-94551911A53F} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{c401ebc5-c988-48d7-a721-42c59fb48d0d} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{e9934f5d-7a0f-4240-a709-11c91854ce21} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{4EECBA27-86E3-49FF-9084-986F22CFDE7B} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{0f2a56e1-2b3f-4a50-9f44-946532ab3279} (PUP.MyWebSearch) -> No action taken.
HKCR\MyScrapNook_12.MultipleButton.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyScrapNook_12.MultipleButton (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{ee718602-1282-4d49-ac4e-afab43840b99} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{a7d84ee2-a611-4726-b353-3732a55c734c} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{3EA07715-76B5-4572-85D4-592263F48907} (PUP.MyWebSearch) -> No action taken.
HKCR\MyScrapNook_12.XMLSessionPlugin.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyScrapNook_12.XMLSessionPlugin (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EE718602-1282-4D49-AC4E-AFAB43840B99} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{8a3b777d-5f5b-448d-b3cd-fdf00932306d} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{2addcc11-40ad-4244-afc6-90feeb3bb2e9} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{943D23D4-4C0C-4668-AE21-3483CCA4DCEF} (PUP.MyWebSearch) -> No action taken.
HKCR\MyScrapNook_12.RadioSettings.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyScrapNook_12.RadioSettings (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{69b8636b-4a89-4e55-bcf3-a45464ad2171} (PUP.MyWebSearch) -> No action taken.
HKCR\MyScrapNook_12.ScriptButton.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyScrapNook_12.ScriptButton (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{34afd9f3-f1b2-4e3d-9836-04c592956564} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{0fa48495-56eb-4eba-be5f-183846983a48} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{098E4E5F-7877-4EBE-9A51-49CDEFBED242} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{ccea288e-f1bf-4044-b3e9-e41b1656084c} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{a12635f7-09ea-479c-8fa0-65c98b053c3a} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{0C40607D-5922-4D40-9AAF-8AF96DF5C704} (PUP.MyWebSearch) -> No action taken.
HKCR\MyScrapNook_12.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyScrapNook_12.ThirdPartyInstaller (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCEA288E-F1BF-4044-B3E9-E41B1656084C} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{ffbe11e1-494b-4396-895e-9776dc069ab7} (PUP.MyWebSearch) -> No action taken.
HKCR\MyScrapNook_12.UrlAlertButton.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyScrapNook_12.UrlAlertButton (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{25d62e1a-bd8b-4e6e-b7cc-1e0ee04a4622} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{4a9994e4-a107-4c07-abe2-832242bf8486} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{962DE9EA-6508-4D38-B5A1-EA8E431CF0A0} (PUP.MyWebSearch) -> No action taken.
HKCR\MyScrapNook_12.HTMLPanel.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyScrapNook_12.HTMLPanel (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25D62E1A-BD8B-4E6E-B7CC-1E0EE04A4622} (PUP.MyWebSearch) -> No action taken.

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MyScrapNook_12 Browser Plugin Loader (PUP.MyWebSearch) -> Data: C:\PROGRA~2\MYSCRA~2\bar\1.bin\12brmon.exe -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|My Scrap Nook Search Scope Monitor (PUP.MyWebSearch) -> Data: "C:\PROGRA~2\MYSCRA~2\bar\1.bin\12srchmn.exe" /m=2 /w /h -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 36
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12barsvc.exe (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12brmon.exe (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12brstub.dll (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12auxstb.dll (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12SrcAs.dll (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12dlghk.dll (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12ieovr.dll (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12SrchMn.exe (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12bar.dll (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12datact.dll (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12dyn.dll (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12feedmg.dll (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12highin.exe (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12hkstub.dll (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12htmlmu.dll (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12httpct.dll (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12idle.dll (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12impipe.exe (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12medint.exe (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12mlbtn.dll (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12msg.dll (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12Plugin.dll (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12radio.dll (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12regfft.dll (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12reghk.dll (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12regiet.dll (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12script.dll (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12skin.dll (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12skplay.exe (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12tpinst.dll (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12uabtn.dll (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\NP12Stub.dll (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\T8HTML.DLL (PUP.MyWebSearch) -> No action taken.
C:\_OTM\MovedFiles\01112013_081545\C_ProgramData\Microsoft\Windows\DRM\4490.tmp.dat (Trojan.Agent.BRVGen) -> No action taken.
C:\_OTM\MovedFiles\01112013_081545\C_Users\Dad\AppData\Local\Temp\0.7971786022674157 (Trojan.Happili) -> No action taken.
C:\_OTM\MovedFiles\01112013_081545\C_Users\Dad\AppData\Local\Temp\12CA.tmp (Trojan.Agent.BRVGen) -> No action taken.

(end)
 
Joined
May 7, 2011
Messages
14,142
Please run another Full scan with Malwarebyes and this time select everything found for removal and post the new log.
 

Camlee98

Thread Starter
Joined
Mar 21, 2004
Messages
184
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.11.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Dad :: CAMERON-PC [administrator]

1/11/2013 8:46:42 AM
mbam-log-2013-01-11 (08-46-42).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 469625
Time elapsed: 1 hour(s), 25 minute(s), 28 second(s)

Memory Processes Detected: 1
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12brmon.exe (PUP.MyWebSearch) -> 1272 -> Delete on reboot.

Memory Modules Detected: 5
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12brstub.dll (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12auxstb.dll (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12SrcAs.dll (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12dlghk.dll (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12ieovr.dll (PUP.MyWebSearch) -> Delete on reboot.

Registry Keys Detected: 66
HKLM\SYSTEM\CurrentControlSet\Services\MyScrapNook_12Service (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{65f159fb-5f5e-46f4-b45d-ccfa236d2073} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65F159FB-5F5E-46F4-B45D-CCFA236D2073} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{65F159FB-5F5E-46F4-B45D-CCFA236D2073} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{65F159FB-5F5E-46F4-B45D-CCFA236D2073} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{9d691733-7ee6-48e6-adae-2be39b132bd1} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{9664e31f-b2bc-4de2-87c7-43694e33ecc4} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{661A3047-196C-40BE-B957-98532655A787} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{0214754e-4e7d-4589-829d-e2523e6a3085} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0214754E-4E7D-4589-829D-E2523E6A3085} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0214754E-4E7D-4589-829D-E2523E6A3085} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0214754E-4E7D-4589-829D-E2523E6A3085} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyScrapNook_12bar Uninstall (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{122e5f70-9c86-4e54-ac4c-d85d003b9935} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{dd51b24f-4ad0-43e2-83bb-ed9af4475a0d} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{0CEC5206-43FA-4BC8-91A7-DC5B121F7960} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{4aee45aa-b3b1-4eff-ba81-3e3afa0fbfb9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.DynamicBarButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.DynamicBarButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{c80ddfba-1646-4b6d-845f-85288c7b8201} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{c43dde8b-9428-4c43-9a64-fc66912fe6a4} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{DFF78A48-9941-4ABF-8E21-E1D66F6AF4B1} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.FeedManager.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.FeedManager (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{5DB6F0A5-C6E8-41C6-B88A-94551911A53F} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.HTMLMenu.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.HTMLMenu (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5DB6F0A5-C6E8-41C6-B88A-94551911A53F} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{c401ebc5-c988-48d7-a721-42c59fb48d0d} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{e9934f5d-7a0f-4240-a709-11c91854ce21} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{4EECBA27-86E3-49FF-9084-986F22CFDE7B} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{0f2a56e1-2b3f-4a50-9f44-946532ab3279} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.MultipleButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.MultipleButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{ee718602-1282-4d49-ac4e-afab43840b99} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{a7d84ee2-a611-4726-b353-3732a55c734c} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{3EA07715-76B5-4572-85D4-592263F48907} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.XMLSessionPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.XMLSessionPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EE718602-1282-4D49-AC4E-AFAB43840B99} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{8a3b777d-5f5b-448d-b3cd-fdf00932306d} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{2addcc11-40ad-4244-afc6-90feeb3bb2e9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{943D23D4-4C0C-4668-AE21-3483CCA4DCEF} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.RadioSettings.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.RadioSettings (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{69b8636b-4a89-4e55-bcf3-a45464ad2171} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.ScriptButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.ScriptButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{34afd9f3-f1b2-4e3d-9836-04c592956564} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{0fa48495-56eb-4eba-be5f-183846983a48} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{098E4E5F-7877-4EBE-9A51-49CDEFBED242} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{ccea288e-f1bf-4044-b3e9-e41b1656084c} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{a12635f7-09ea-479c-8fa0-65c98b053c3a} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{0C40607D-5922-4D40-9AAF-8AF96DF5C704} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.ThirdPartyInstaller (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCEA288E-F1BF-4044-B3E9-E41B1656084C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{ffbe11e1-494b-4396-895e-9776dc069ab7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.UrlAlertButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.UrlAlertButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{25d62e1a-bd8b-4e6e-b7cc-1e0ee04a4622} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{4a9994e4-a107-4c07-abe2-832242bf8486} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{962DE9EA-6508-4D38-B5A1-EA8E431CF0A0} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.HTMLPanel.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.HTMLPanel (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25D62E1A-BD8B-4E6E-B7CC-1E0EE04A4622} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MyScrapNook_12 Browser Plugin Loader (PUP.MyWebSearch) -> Data: C:\PROGRA~2\MYSCRA~2\bar\1.bin\12brmon.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|My Scrap Nook Search Scope Monitor (PUP.MyWebSearch) -> Data: "C:\PROGRA~2\MYSCRA~2\bar\1.bin\12srchmn.exe" /m=2 /w /h -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 36
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12barsvc.exe (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12brmon.exe (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12brstub.dll (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12auxstb.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12SrcAs.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12dlghk.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12ieovr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12SrchMn.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12bar.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12datact.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12dyn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12feedmg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12highin.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12hkstub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12htmlmu.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12httpct.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12idle.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12impipe.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12medint.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12mlbtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12msg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12Plugin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12radio.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12regfft.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12reghk.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12regiet.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12script.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12skin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12skplay.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12tpinst.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12uabtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\NP12Stub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\T8HTML.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\_OTM\MovedFiles\01112013_081545\C_ProgramData\Microsoft\Windows\DRM\4490.tmp.dat (Trojan.Agent.BRVGen) -> Quarantined and deleted successfully.
C:\_OTM\MovedFiles\01112013_081545\C_Users\Dad\AppData\Local\Temp\0.7971786022674157 (Trojan.Happili) -> Quarantined and deleted successfully.
C:\_OTM\MovedFiles\01112013_081545\C_Users\Dad\AppData\Local\Temp\12CA.tmp (Trojan.Agent.BRVGen) -> Quarantined and deleted successfully.

(end)
 
Joined
May 7, 2011
Messages
14,142
Please run one more Full system scan with Malwarebytes and post the log, select anything found for removal. If all is well it should find nothing.

How well is the system running now, please describe any remaining issues.
 

Camlee98

Thread Starter
Joined
Mar 21, 2004
Messages
184
It seems that all is well now. Internet is quick and responsive and opening and closing programs is much better. If you feel that everything is clean then I'll mark this solved. Thank you very much for your help. I'm glad this site is still around after all these years!



Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.11.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Dad :: CAMERON-PC [administrator]

1/12/2013 3:49:58 PM
mbam-log-2013-01-12 (15-49-58).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 470688
Time elapsed: 18 hour(s), 8 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
Joined
May 7, 2011
Messages
14,142
Ok, all you need do now is update Java and Adobe reader.

Please also open OTM and click on the CleanUp¡ button which will remove itself and other tools used, any remaining logs or tools left on the desktop can be deleted.

Adobe
Close any programs you may have running - especially your web browser.
Click on Start
> Control Panel, double-click on Programs and Features and uninstall the following Adobe entries:

Adobe Reader 9

NOTE: For XP click on
> Control Panel, double-click on Add or Remove Programs and continue as above.


Then go to this link Adobe Downloads and select the latest version to download and install. You will see this page below, click on the appropriate button for for the Adobe product that was just removed.



You will now see a page similar to this one:



All four Adobe products, Reader, Flash Player, Air and Shockwave Player are set by default to download the version for Windows Operating Systems and for Internet Explorer in English. If you are using a Macintosh, or you want to use the Adobe product with a different Browser or language you must click on the line (as indicated in the above image) to make further selections to meet your requirements.

As you will see in the above image the Adobe Reader is set for Windows 7, please click (as indicated) if you are using a different version of Windows to make further selections. All the other Adobe products are universal and you will only need to change the selection for different Browsers, Languages or for Macintosh.
NOTE: In all the downloads look out for the Google Toolbar and uncheck the box if you do not need it.

Some additional instructions may appear for XP installations. In all cases save the download to your desktop, then close your browser and double click on the Adobe icon on your desktop to install it. If you have any problems installing, disconnect from the internet and disable your Anti Virus and any other security software, instructions for most AV's, etc. can be found here: How to disable security software.
=====================================================================


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java and update.

How to update Java:
Be aware that the act of downloading any Java installer means that you have read and agree to abide by the end users license agreement.
End user licence agreement

First uninstall all existing versions of Java.

  • Go to Start > Control Panel double-click on Add/Remove programs (or Programs and Features) and click on any item with Java, Java(TM), JRE or J2SE in the name.
  • Click the Uninstall, Remove or Change/Remove button and allow it to uninstall.
  • If a User Account Control warning appears click on Allow.
  • Repeat as many times as necessary to remove each and every item.
  • Reboot your computer once all Java components are removed.

NOTE: If you have a 64bit version of Windows and are using the 64bit version of Internet Explorer the Java site will automatically give you the correct Java version using the instructions below,
but it is recommended that you use only 32bit browsers and versions of Java. Please read this for further information: Which Java download should I choose for my 64bit operating system?.
If you install Java for the 64bit version of Internet Explorer and you use any other browser you will also need to repeat the installation while using your other browser which will most likely be 32bit. If in doubt please ask.


How to install the latest version.

  • Open the browser that you normally use and click on this link: Java Download
  • Click on the big red button Free Java Download
  • On the next page click on the big red button Agree and Start Free Download
  • Select Run whenever the option appears. If no Run option appears click on Save and then when the download completes click on Run. If a User Account Control warning appears click on Continue.
  • When the Welcome to Java window appears click on Install.
  • It may takes several minutes to download the installer depending on the speed of your connection, allow it to complete.
  • If any error messages appear click on OK and then click on the Agree and start free download button again.
  • Please wait for the Java Setup window to appear. Uncheck the box to install the Ask Toolbar and then click on Next.
  • NOTE: The Ask Toolbar option may change without notice to something different, please make sure you uncheck the box for anything else that is offered. On some systems this offer may not appear, in which case, continue with the next instruction.
  • You will then see the Java Setup Progress window and another will appear for JavaFX (on some systems the JavaFX will not appear or be installed). Finally the Java Setup Complete window will appear, click on Close.
  • If a Java page then appears with a button to Verify Java Version click on it and it will verify the installation.
  • The Installation is now complete, please reboot the system.
  • NOTE: The JavaFX component is not required unless you are developing Java applications. It is perfectly safe to keep on your system, but if you wish to uninstall it please do so.

==========================================================================

I shall now mark this thread as Solved and leave you with some security advice, but please feel free to post back if you have any remaining issues or concerns.

There are many places where you will find security advice, but most are biased towards a particular item of software that they are trying to promote. I have given some unbiased advice below that should help keep you better protected. Unfortunately there is no "best protection", new Malware is being produced every minute of the day so it is a cat & mouse game for all security software vendors to keep up with the latest infections.

It has always been the case that what one Anti Virus program will detect another one will miss and vice versa. That being said, never be tempted to install more than one Anti Virus program thinking that will give you better protection as in fact the reverse is true. Two or more AV programs will (in most cases) conflict with each other, slow your system down and actually reduce your security level. Don't assume that your present Anti Virus is no good on the grounds that you got infected, if I have seen you are using a poor Anti Virus I will have advised you earlier in the thread. There are a lot of nasty infections out there waiting to jump onto a PC and with some of the newest infections there is very little that will block them. Fortunately there are those who dedicate their spare time, for little reward, in making the tools we use here to remove these infections. It is those people that we have to thank as without them a reinstall would often be the only way out.

Some additional security measures.
If your present security software does not include a third party Firewall or AntiSpyware.

Go Here for a selection of third party Firewalls.

Go Here or Here for Anti Spyware.

Malwarebytes free version (which you may have used during this thread) is worth having for regular scans of your system, always check for updates before using it. If you can afford the Malwarebytes Pro version it will provide even better protection with a full time active scanner. Never have more than one active anti virus, anti spyware or firewall running on your system as it can cause conflicts and slow down the PC. You can safely run the Pro version of Malwarebytes with any Anti Virus software.

WOT (Web OF Trust) Will warn you (in most cases) about dangerous web sites. (This is only available for use with Internet Explorer).

Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Attacks exploiting vulnerable programs and plug-ins are rarely blocked by traditional anti-virus and are therefore increasingly "popular"among criminals.

WinPatrol is a useful facility to have. WinPatrol takes snapshots of your critical system resources and alerts you to any changes that may occur without your knowledge. It can also be used to control all your start up programs.

Finally, make sure that Windows Update is turned on as many updates are to fix newly discovered security holes in the Windows Operating System. You should also make sure that any Java or Adobe products are kept up to date and any old versions are uninstalled. Never use Registry Cleaners as they can and do damage the systems registry and stay well clear of P2P file sharing sites as these are one of the best places to get your PC infected.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top