# Solved: MyWebSearch/FunWebProducts



## jillian2 (Sep 11, 2004)

Can't get rid of this permanently, Superantispyware finds it in a scan and I get rid of it , but it comes back when my computer is rebooted. I do not have My web Search toolbar. i deleted that , but this is still here and I cannot find it. It is not a virus or malware , but it is here and I want to get rid of it.

I have used SuperAntispyware , Malwarebytes , Ad-aware , and Microsoft 's Defender and this still comes back. Can anyone help me ?


----------



## jillian2 (Sep 11, 2004)

Someone please answer my post. It is post # 1. There are enough people here that someone must have an answer . Thanks in advance


----------



## WhitPhil (Oct 4, 2000)

Please have patience. 15 minutes is not a very long time for a new thread to be responded to. 

Download, install and run HiJackThis

Run the scan and save log file option
When the LOG file opens in Notepad, Edit > Select All, Edit > Copy

Then, in a Reply post, Paste the contents for review.
(and again it may take some time to respond to the HJT log!)

BTW at this very minute there are only 2 TSG members logged onto this particular forum: You and me!


----------



## jillian2 (Sep 11, 2004)

okay. Sorry. it's just that I have been a week or more trying to get rid of this.


----------



## Jason08 (Oct 13, 2008)

At a lot of forums outside of TSG, usually help does not come until hours and even days later. Usually only in live chat does help come almost instantaneously like that.

Is there an option to uninstall it from the web?


----------



## jillian2 (Sep 11, 2004)

here is the HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:09:31 PM, on 3/23/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Users\June\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Secunia\PSI\psi.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Ad-Watch] "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe"
O4 - HKCU\..\Run: [googletalk] C:\Users\June\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O13 - Gopher Prefix: 
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7924 bytes


----------



## Kenny94 (Dec 16, 2004)

Hi jillian2

I would like you to generate a "Add/Remove Software list" log using the HijackThis application. Here is how you can do this:

To get an Uninstall List from HijackThis:

Open HijackThis, click Config, click Misc Tools
Click "*Open Uninstall Manager*"
Click "Save List" (generates *uninstall_list.txt*)
Click Save, copy and paste the results in your next post.


----------



## jillian2 (Sep 11, 2004)

I can't find this on my computer. SupreAntiSpyware finds it and deletes it and it comes right back when I reboot. I did have MyWebSearch Toolbar , not by choice though. It was put there from a downloaded game. but it was uninstalled. But this was left over. it is hidden somewhere.


----------



## jillian2 (Sep 11, 2004)

Here it is kenny



robat.com
Ad-Aware
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Adobe Shockwave Player 11
Apple Software Update
Avira AntiVir Personal - Free Antivirus
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite Deluxe
Enhanced Multimedia Keyboard Solution
ESET Online Scanner
Google Earth
Google Toolbar for Internet Explorer
Google Updater
Hardware Diagnostic Tools
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Experience Enhancements
HP Customer Feedback
HP Demo
HP Easy Setup - Frontend
HP Picasso Media Center Add-In
HP Update
Java(TM) 6 Update 11
LabelPrint
LightScribe System Software 1.10.23.1
LightScribeTemplateLabeler
Malwarebytes' Anti-Malware
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.0.7)
muvee autoProducer 6.1
Power2Go
PowerDirector
Python 2.5
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Secunia PSI
SUPERAntiSpyware Professional
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 8.0 Runtime Setup Package (x64)
Windows Media Player Firefox Plugin
Yahoo! Install Manager
Yahoo! Software Update
Yahoo! Toolbar


----------



## Kenny94 (Dec 16, 2004)

I want to look at a SUPERAntiSpyware Scan Log

Run SUPERAntiSpyware 
It will ask if you want to update the program definitions, click *Yes*.
Under *Configuration and Preferences*, click the Preferences button.
Click the *Scanning Control* tab.
Under *Scanner Options* make sure the following are checked:
Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining.
*Please leave the others unchecked.*
Click the Close button to leave the control center screen.

On the main screen, under *Scan for Harmful Software* click *Scan your computer*.
On the left check *C:\Fixed Drive*.
On the right, under Complete Scan, choose *Perform Complete Scan*.
Click *Next* to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click *OK*.
Make sure everything in the white box has a check next to it, then click *Next*.
It will quarantine what it found and if it asks if you want to reboot, click *Yes*.
To retrieve the removal information for me please do the following:
After reboot, double-click the SUPERAntispyware icon on your desktop.
Click *Preferences*. Click the *Statistics/Logs* tab.
Under Scanner Logs, double-click *SUPERAntiSpyware Scan Log*.
It will open in your default text editor (such as Notepad/Wordpad).
Please highlight everything in the notepad, then right-click and choose *copy*.

Click close and close again to exit the program.
Save the log information. And paste this info...


----------



## jillian2 (Sep 11, 2004)

Okay. thanks.


----------



## Kenny94 (Dec 16, 2004)

jillian2 said:


> Okay. thanks.


:up:


----------



## jillian2 (Sep 11, 2004)

Here is the log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/23/2009 at 02:10 PM

Application Version : 4.25.1014

Core Rules Database Version : 3810
Trace Rules Database Version: 1764

Scan type : Custom Scan
Total Scan Time : 00:34:08

Memory items scanned : 438
Memory threats detected : 0
Registry items scanned : 5526
Registry threats detected : 2
File items scanned : 106609
File threats detected : 17

Adware.Tracking Cookie
C:\Users\June\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\June\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\June\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\June\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
C:\Users\June\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\June\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\June\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\June\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\June\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\June\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\June\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\June\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected]itbox[1].txt
C:\Users\June\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\June\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\June\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\June\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\June\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt

Adware.MyWebSearch/FunWebProducts
HKCR\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}
HKCR\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}\TreatAs


----------



## Kenny94 (Dec 16, 2004)

SUPERAntiSpyware is picking up an CLSID Key in the HKey. Lets see if ComboFix picks up anything....

http://forums.superantispyware.com/viewtopic.php?f=4&t=2629

Download ComboFix from *Here* to your Desktop.

***Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer***
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


*Very Important!* *Temporarily disable* your *anti-virus* and *anti-malware* real-time protection and any *script blocking components of them or your firewall*_* before* _performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause _"unpredictable results" or stop combofix running at all_
Click on *THIS LINK * to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re enable the protection again after combofix has finished*
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running 
Double click on *combofix.exe* & follow the prompts.​If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this 
When finished, it will produce a report for you. 
Please post the *"C:\ComboFix.txt" *along with a *new HijackThis log* for further review

*****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze *****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read  HERE  why we disable autoruns

*Please do not install any new programs or update anything unless told to do so while we are fixing your problem. *


----------



## jillian2 (Sep 11, 2004)

ok I am doing this now


----------



## jillian2 (Sep 11, 2004)

When I ran it , it said I had an incompatible OS. I have Vista Home Premium 64Bit


----------



## Kenny94 (Dec 16, 2004)

jillian2 said:


> ok I am doing this now


OK. I'll look at it tonight or tomorrow. We have baseball....


----------



## jillian2 (Sep 11, 2004)

it is not compatible with Vista. So what do I do ?


----------



## jillian2 (Sep 11, 2004)

Deleted double post.


----------



## Kenny94 (Dec 16, 2004)

Try this tool, it will not remove anything but will give use a nice report


Download *random's system information tool (RSIT)* by *random/random* from *here*.
*It is important that is saved to your desktop.*
Double click on *RSIT.exe* to run *RSIT*.
Click *Continue* at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both *log.txt* (<<will be maximized) and *info.txt* (<<will be minimized)


----------



## jillian2 (Sep 11, 2004)

Thanks . I am doing this now


----------



## jillian2 (Sep 11, 2004)

Logfile of random's system information tool 1.06 (written by random/random)
Run by June at 2009-03-23 20:22:28
Microsoft® Windows Vista Home Premium Service Pack 1
System drive C: has 441 GB (95%) free of 467 GB
Total RAM: 4094 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:22:32 PM, on 3/23/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Users\June\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\June\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\June.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Ad-Watch] "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe"
O4 - HKCU\..\Run: [googletalk] C:\Users\June\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O13 - Gopher Prefix: 
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 8305 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\Google Software Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-11-20 911600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-01-23 304736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2008-12-24 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll [2008-12-24 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-12-24 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2008-12-24 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2008-12-24 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2008-11-20 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-11-20 911600]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll [2008-12-24 251504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"avgnt"=C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"Ad-Watch"=C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe [2009-03-09 515416]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"googletalk"=C:\Users\June\AppData\Roaming\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"SUPERAntiSpyware"=C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-02-25 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"ForceActiveDesktopOn"=
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-03-23 20:22:28 ----D---- C:\rsit
2009-03-23 20:22:28 ----D---- C:\Program Files (x86)\trend micro
2009-03-23 16:57:46 ----D---- C:\Windows\pss
2009-03-23 16:31:09 ----D---- C:\Users\June\AppData\Roaming\OpenOffice.org
2009-03-23 16:29:45 ----D---- C:\Program Files (x86)\JRE
2009-03-23 16:29:42 ----D---- C:\Program Files (x86)\OpenOffice.org 3
2009-03-23 16:29:28 ----A---- C:\Windows\system32\javaws.exe
2009-03-23 16:29:28 ----A---- C:\Windows\system32\javaw.exe
2009-03-23 16:29:28 ----A---- C:\Windows\system32\java.exe
2009-03-23 16:28:58 ----D---- C:\Program Files (x86)\Common Files\Java
2009-03-23 15:43:28 ----D---- C:\ComboFix
2009-03-23 15:43:28 ----A---- C:\Windows\system32\CF28445.exe
2009-03-23 15:43:25 ----A---- C:\Windows\system32\cmd.execf
2009-03-23 14:58:08 ----A---- C:\Windows\system32\CF19562.exe
2009-03-23 14:53:17 ----A---- C:\Windows\system32\CF18612.exe
2009-03-23 14:51:52 ----A---- C:\Windows\system32\swsc.exe
2009-03-23 14:51:52 ----A---- C:\Windows\system32\CF18334.exe
2009-03-23 14:51:51 ----D---- C:\Qoobox
2009-03-23 14:51:51 ----A---- C:\Bug.txt
2009-03-23 09:46:45 ----D---- C:\Program Files (x86)\EsetOnlineScanner
2009-03-23 09:15:22 ----D---- C:\ProgramData\Yahoo!
2009-03-23 08:35:54 ----HDC---- C:\ProgramData\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-23 08:35:52 ----D---- C:\Program Files (x86)\Lavasoft
2009-03-15 08:06:46 ----D---- C:\Program Files (x86)\Bonjour
2009-03-13 08:19:10 ----D---- C:\ProgramData\Avira
2009-03-13 08:19:10 ----D---- C:\Program Files (x86)\Avira
2009-03-13 07:58:21 ----D---- C:\Windows\Prefetch
2009-03-12 19:04:48 ----D---- C:\Program Files (x86)\Common Files\Adobe
2009-03-10 21:47:03 ----A---- C:\Windows\system32\schannel.dll
2009-03-10 18:28:31 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-03-10 18:28:31 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-03-10 18:28:31 ----A---- C:\Windows\system32\icardres.dll
2009-03-10 18:28:30 ----A---- C:\Windows\system32\infocardapi.dll
2009-03-10 18:28:30 ----A---- C:\Windows\system32\icardagt.exe
2009-03-10 18:28:28 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-03-10 18:28:26 ----A---- C:\Windows\system32\PresentationHost.exe
2009-03-10 18:07:18 ----D---- C:\Windows\TEMP
2009-03-10 18:01:20 ----A---- C:\Windows\system32\netfxperf.dll
2009-03-10 18:01:14 ----A---- C:\Windows\system32\dfshim.dll
2009-03-10 18:01:02 ----A---- C:\Windows\system32\mscoree.dll
2009-03-10 18:00:50 ----A---- C:\Windows\system32\mscorier.dll
2009-03-10 18:00:47 ----A---- C:\Windows\system32\mscories.dll
2009-03-10 16:22:40 ----D---- C:\ProgramData\IncrediMail
2009-03-10 16:22:40 ----D---- C:\ProgramData\IM
2009-02-25 11:52:04 ----D---- C:\Windows\Sun

======List of files/folders modified in the last 1 months======

2009-03-23 20:22:28 ----D---- C:\Program Files (x86)
2009-03-23 18:07:27 ----D---- C:\Windows\System32
2009-03-23 18:07:27 ----D---- C:\Windows\inf
2009-03-23 18:03:33 ----D---- C:\Windows\Tasks
2009-03-23 17:59:53 ----HD---- C:\ProgramData
2009-03-23 17:57:53 ----D---- C:\Program Files (x86)\Mozilla Firefox
2009-03-23 17:48:19 ----D---- C:\Program Files (x86)\Yahoo!
2009-03-23 16:57:46 ----D---- C:\WINDOWS
2009-03-23 16:53:25 ----D---- C:\Windows\SysWOW64
2009-03-23 16:30:57 ----SHD---- C:\Windows\Installer
2009-03-23 16:30:50 ----RSD---- C:\Windows\assembly
2009-03-23 16:29:56 ----RSD---- C:\Windows\Fonts
2009-03-23 16:29:34 ----SHD---- C:\System Volume Information
2009-03-23 16:29:28 ----D---- C:\Program Files (x86)\Java
2009-03-23 16:28:58 ----D---- C:\Program Files (x86)\Common Files
2009-03-23 09:46:41 ----SD---- C:\Windows\Downloaded Program Files
2009-03-23 09:44:21 ----D---- C:\ProgramData\Yahoo! Companion
2009-03-23 08:35:52 ----D---- C:\ProgramData\Lavasoft
2009-03-22 22:31:12 ----D---- C:\ProgramData\Google Updater
2009-03-21 04:16:59 ----D---- C:\Program Files (x86)\SUPERAntiSpyware
2009-03-15 08:06:46 ----RD---- C:\Program Files
2009-03-14 13:21:29 ----D---- C:\Windows\Debug
2009-03-13 08:19:10 ----D---- C:\Windows\system32\drivers
2009-03-12 19:04:52 ----D---- C:\ProgramData\Adobe
2009-03-12 19:04:48 ----D---- C:\Program Files (x86)\Adobe
2009-03-11 08:34:55 ----D---- C:\Windows\Microsoft.NET
2009-03-11 08:26:45 ----D---- C:\Windows\winsxs
2009-03-11 08:15:04 ----D---- C:\Program Files (x86)\Windows Mail
2009-03-10 18:52:45 ----D---- C:\Windows\rescache
2009-03-10 18:34:07 ----D---- C:\Windows\system32\XPSViewer
2009-03-10 18:34:01 ----D---- C:\Windows\system32\wbem
2009-03-10 18:34:01 ----D---- C:\Windows\system32\en-US
2009-03-10 17:33:53 ----D---- C:\Windows\registration
2009-03-02 19:42:09 ----D---- C:\ProgramData\WildTangent
2009-03-02 09:28:15 ----D---- C:\Windows\system32\Macromed
2009-02-28 11:28:06 ----HD---- C:\hp
2009-02-27 17:19:42 ----D---- C:\Program Files (x86)\Microsoft Silverlight

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys []
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys []
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio64.sys []
R3 CAXHWBS2;CAXHWBS2; C:\Windows\system32\DRIVERS\CAXHWBS2.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys []
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture; C:\Windows\system32\drivers\HCW85BDA.sys []
R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\CAX_DP.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 netr7364;USB Wireless 802.11 b/g Adaptor Driver for Vista; C:\Windows\system32\DRIVERS\netr7364.sys []
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys []
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\CAX_CNXT.sys []
S1 SASDIFSV;SASDIFSV; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2009-01-15 8944]
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys [2009-01-15 55024]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-19 65536]
R2 HPBtnSrv;HP Chasis Button Service; c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-07-12 354840]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2007-11-19 79136]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio64.exe []
R2 YahooAUService;Yahoo! Updater; C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R3 iPod Service;iPod Service; C:\Program Files (x86)\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-20 182768]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-07-27 93184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-20 19968]

-----------------EOF-----------------


----------



## Kenny94 (Dec 16, 2004)

Hi jillian2

I see no evidence of any MyWebSearch and etc... So, I'm having some experts to look at this thread... Hope to have something shortly.


----------



## Kenny94 (Dec 16, 2004)

Lets run Malwarebytes while we wait.... I know you probably ran MBAM to check for MyWebSearch. And Malwarebytes does well with MyWebSearch and their components. But lets run it anyways and see....


Launch Malwarebytes' Anti-Malware
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
*If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.*


----------



## jillian2 (Sep 11, 2004)

Thanks kenny. It is in quarantine in SupeAntirSpyWare. As long as it is in quarantine , I don't think it will show up. If I delete it out of there , then on the next reboot it is back. So I will just leave it in quarantine. Thanks for all your help.


----------



## Kenny94 (Dec 16, 2004)

jillian2 said:


> Thanks kenny. It is in quarantine in SupeAntirSpyWare. As long as it is in quarantine , I don't think it will show up. If I delete it out of there , then on the next reboot it is back. So I will just leave it in quarantine. Thanks for all your help.


I'll ask SUPERAntiSpy why his product is doing this... And let you know.


----------



## jillian2 (Sep 11, 2004)

Okay. thanks so much. I paid for it and can't let it out of quarantine without it coming back. They do need to know this about the product.


----------



## Kenny94 (Dec 16, 2004)

I PM SUPERAntiSpy and mention it's the SUPERAntiSpyware Professional....


----------



## Kenny94 (Dec 16, 2004)

Open you C: Drive and remove:

*C:\Qoobox
C:\ComboFix*

These were added when you try to run ComboFix...


----------



## jillian2 (Sep 11, 2004)

Okay Kenny. I'll try and find this. Might take me a while lol.


----------



## jillian2 (Sep 11, 2004)

I deleted both of these


----------



## jillian2 (Sep 11, 2004)

Now my whole desktop is gone


----------



## jillian2 (Sep 11, 2004)

All my icons , my trash can everything is gone from my desktop


----------



## jillian2 (Sep 11, 2004)

Never mind the desktop is back up but I have to click on the bottom of my screen to get it back up everytime


----------



## jillian2 (Sep 11, 2004)

Everything is back. I rebooted and my desktop is back up as usual. Don't know what happened , but when I deleted these two things , my desktop just went blank , except for the wallpaper. But it is okay now. No problems here.


----------



## Kenny94 (Dec 16, 2004)

Great!

I talk to SUPERAntiSpy (Nick) and he said:



> Have him submit a support ticket here so we can run a diagnostic and see what's going on:
> http://www.superantispyware.com/csrcreateticket.html


And he'll let me know as well....:up:


----------



## jillian2 (Sep 11, 2004)

Thanks kenny. I just submitted this problem to them. Again , thank you so much . You have been wonderfully helpful..

I had tried to contact them about this , but was unable to get to a screen to send them an email.


----------



## jillian2 (Sep 11, 2004)

Kenny , the adware is permanently gone from my computer. I don't know why . I did nothing differently today as I have been doing for over the past week , but it is finally gone. The SuperAntiSpyware support had me remove it from quarantine and then scan as they wanted to see the scan results. I did this and the adware never showed up again. i rebooted several times and it never came back. So this issue was resolved with SuperAntiSpyware . And Here too. 

I really appreciate your help in this. It was excellent help. Thanks .


----------



## Kenny94 (Dec 16, 2004)

Nick with SuperAntiSpyware really stays on top of his product! I'm glad it worked out jillian2....


----------

