# Popup Message From Webpage



## Agranny (Nov 12, 2011)

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft® Windows Vista Home Premium, Service Pack 1, 32 bit
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+, x64 Family 15 Model 75 Stepping 2
Processor Count: 2
RAM: 1917 Mb
Graphics Card: NVIDIA GeForce 6150 LE, 128 Mb
Hard Drives: C: Total - 298834 MB, Free - 226503 MB; D: Total - 6408 MB, Free - 905 MB;
Motherboard: ASUSTek Computer INC., NODUSM3
Antivirus: Trend Micro Titanium, Updated: Yes, On-Demand Scanner: Enabled
I keep getting pop up message Message from web page - it is driving me nuts. I'm not very computer litterate and I don't know how to remove. It pops up 10 20 times a minutes and freezes up everything! Help.


----------



## flavallee (May 12, 2002)

Why hasn't Windows Vista been upgraded to SP2?

--------------------------------------------------------

Go here and click the green "Download latest version" link to download and save *HiJackThis 2.0.4*.

After it's been downloaded and saved, close all open windows first, then double-click the saved file to install it.

Allow it to install in its default location - C:\Program Files.

After it's been installed, start it and then click "Do a system scan and save a log file".

When the scan is finished in less than 30 seconds, a log file will appear.

Save that log file.

Return here to your thread, then copy-and-paste the entire log file here.

--------------------------------------------------------

Start HiJackThis, but don't run a scan.

Click on the "Open The Misc Tools Section" button.

Click on the "Open Uninstall Manager" button.

Click on the "Save List" button.

Save the "uninstall_list.txt" file somewhere.

It'll then open in Notepad.

Return here to your thread, then copy-and-paste the entire file here.

--------------------------------------------------------


----------



## Agranny (Nov 12, 2011)

Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 11 ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.3
Adobe Shockwave Player 11
Adobe® Photoshop® Album Starter Edition 3.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcadeWeb
Bing Bar
Bonjour
Brother MFL-Pro Suite
Carbonite Online Backup Setup
Citrix Presentation Server Client
Citrix Presentation Server Web Client for Win32
Coupon Printer for Windows
Coupon Printer for Windows
DivX
DriverSmith
Family Feud (remove only)
Free Ride Games Player
Free_Ride_Games_2 Toolbar
Gadwin PrintScreen
Garmin Communicator Plugin
Garmin USB Drivers
Garmin WebUpdater
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Advisor
HP Customer Experience Enhancements
HP Customer Feedback
HP Easy Setup - Core
HP Easy Setup - Frontend
HP Update
iTunes
J2SE Runtime Environment 5.0 Update 11
Java(TM) 6 Update 2
Java(TM) 6 Update 21
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft UI Engine
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 5.0
My Web Search
My.Freeze.com NetAssistant
NVIDIA Drivers
OcxSetup
OGA Notifier 2.0.0048.0
OpenOffice.org Installer 1.0
PaperPort
Professor Answers
Professor Teaches Excel 2007
Professor Teaches Excel 2007 Advanced
Professor Teaches Word 2007
Professor Teaches Word Advanced 2007
Python 2.4.3
Questionmark Secure Browser
QuickTime
Rapport
Rapport
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Rhapsody Player Engine
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Safari
Scrabble (remove only)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Shop for HP Supplies
Shop to Win 2
ShopAtHome SelectRebates
Soft Data Fax Modem with SmartCP
Trend Micro Titanium
Trend Micro Titanium
Uniblue DriverScanner
Uniblue DriverScanner
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Live ID Sign-in Assistant
Yahoo! Software Update


----------



## Agranny (Nov 12, 2011)

What is SP2?


----------



## flavallee (May 12, 2002)

Agranny said:


> What is SP2?


Windows Vista has had 2 service pack upgrades since it was first released.

You appear to have only Service Pack 1 installed.

I'm surprised that Windows Updates hasn't alerted you to install Service Pack 2.

------------------------------------------------------

It's going to take me several minutes to go over your uninstall_list.txt log.

You have some work to do.

-----------------------------------------------------


----------



## Agranny (Nov 12, 2011)

There are a lot of upgrades that Windows recommends but my system won't let me upload them. When I try, I get a message that it is not configured correctly and it reverts back to an earlier date. Not sure what that is about.


----------



## flavallee (May 12, 2002)

You haven't completed the first part of post #2.

I need to see a HiJackThis scan log too.

-------------------------------------------------------


----------



## Agranny (Nov 12, 2011)

I thought that was what I posted above - How do I do that?


----------



## flavallee (May 12, 2002)

Do the following in the order that I've listed them.

Take your time and don't get in a hurry so you don't make any mistakes or mess up.

I'm going off-line for the night, so I'll check back with you in the morning.

---------------------------------------------------------

Download and SAVE the following programs:

*Adobe Flash Player Plugin 11.1.102.55*

*Adobe Reader 10.1.1*

*Java Runtime Environment 6 Update 29*

*Microsoft Silverlight 4.0.60831.0*

*Malwarebytes Anti-Malware 1.51.2.1300*

*SUPERAntiSpyware 5.0.0.1136*

(Click the green icon with white arrow at each site)

DON'T install any of them yet.

---------------------------------------------------------

Go to Control Panel - Programs And Features.

Uninstall the following programs:

*Adobe Reader 8.1.3

Bing Bar

DriverSmith

HP Advisor

HP Customer Experience Enhancements

HP Customer Feedback

HP Update

J2SE Runtime Environment 5.0 Update 11

Java(TM) SE Runtime Environment 6 Update 1

Java(TM) 6 Update 2

Java(TM) 6 Update 3

Java(TM) 6 Update 5

Java(TM) 6 Update 7*

(DON'T uninstall *Java(TM) 6 Update 21*)

*My Web Search

My.Freeze.com NetAssistant

OpenOffice.org Installer 1.0

Shop For HP Supplies

ShopAtHome SelectRebates

Uniblue DriverScanner

Yahoo! Software Update*

If you're prompted to restart the computer to complete the uninstall of any of them, do so.

---------------------------------------------------------

Install the previously saved 6 programs.

If you're prompted to restart the computer to complete the install of any of them, do so.

---------------------------------------------------------

Click Start - Run, then type in

*%temp%*

then click OK.

Once that temp folder appears and you can view its contents, select and delete EVERYTHING that's inside it.

If a few files resist being deleted, that's normal behavior. Leave them alone and delete EVERYTHING else.

After you're done, restart the computer.

---------------------------------------------------------


----------



## flavallee (May 12, 2002)

Agranny said:


> I thought that was what I posted above - How do I do that?


Forget about the scan log for now. I've given you a LOT to do. I'm signing off for the night.

--------------------------------------------------------


----------



## Agranny (Nov 12, 2011)

I'll do what I can tonight. I'll be at church in the morning, but will get back on line after I fix lunch for my husband. Thx.


----------



## flavallee (May 12, 2002)

Agranny said:


> I'll do what I can tonight. I'll be at church in the morning, but will get back on line after I fix lunch for my husband. Thx.


That's fine. We're working at YOUR pace.

Let me know when you're all done and if you ran into any problems along the way.

---------------------------------------------------------


----------



## Agranny (Nov 12, 2011)

I just got back from church. I will eat lunch with my husband and be back shortly. I got thru the list and I think I got everything you asked. The only thing I had trouble with was the HP Customer Feedback you wanted me to uninstall - I couldn't find that; but on the HP Customer Experience Enhancements, it said "and all related " so it might have been in that - anyway, don't see it in my programs. I went back and installed the original 6 programs that you had me save after I uninstalled the other programs and then deleted all the temporary files as you asked.


----------



## Agranny (Nov 12, 2011)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:19:27 PM, on 11/13/2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19048)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Windows\system32\taskeng.exe
C:\Users\Anne Pease\AppData\Roaming\Smilebox\SmileboxTray.exe
C:\Program Files\Free Ride Games\GPlayer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Documents\Apease\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\wuauclt.exe
c:\program files\real\realplayer\RealPlay.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - Default URLSearchHook is missing
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg.dll
O2 - BHO: FCSB000062035 Class - {20FEC4E7-F7B7-438B-8191-33D2EFC5EBEA} - C:\Program Files\Shop to Win 2\ShoppingBHO.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AW Gaming Software - {9F531FB1-7C1F-4e1a-8C0C-E8D6177130E2} - C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] "C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe" -1 --delay 15
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [BrMfcWnd] "C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] "C:\Program Files\Brother\ControlCenter3\brctrcen.exe" /autorun
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800
O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL ""
O4 - HKLM\..\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
O4 - HKLM\..\Run: [AW TrayIcon] RunDll32.exe "C:\Program Files\ArcadeWeb\arcadeweb32.dll", RunTrayIcon
O4 - HKLM\..\Run: [TrayIcRun] RunDll32.exe "C:\Program Files\ArcadeWeb\arcadeweb32.dll", RunTrayIcon
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [SpywareSweeperProMFC] "C:\Program Files\Spyware Sweeper Pro\Spyware Sweeper Pro.exe"
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
O4 - HKCU\..\Run: [SmileboxTray] "C:\Users\Anne Pease\AppData\Roaming\Smilebox\SmileboxTray.exe"
O4 - HKCU\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v47/scrabblecubes/scrabblecubes.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - http://coupons.smartsource.com/download/cscmv5X.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - 
O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) - https://clients.parking.com/eds/arview2.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} (WorldWinner ActiveX Launcher Control) - http://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EBC1356E-7D5E-44EC-831D-847882F06FE5} (Gateway Client for MetaFrame) - https://portal.parking.com/cpc%20access%20portal/cds/CGC/en/CSGProxy.cab
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\Windows\system32\brsvc01a.exe
O23 - Service: Google Update Service (gupdate1cac3f3697c9f91) (gupdate1cac3f3697c9f91) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 13215 bytes


----------



## flavallee (May 12, 2002)

Agranny said:


> I just got back from church. I will eat lunch with my husband and be back shortly. I got thru the list and I think I got everything you asked. The only thing I had trouble with was the HP Customer Feedback you wanted me to uninstall - I couldn't find that; but on the HP Customer Experience Enhancements, it said "and all related " so it might have been in that - anyway, don't see it in my programs. I went back and installed the original 6 programs that you had me save after I uninstalled the other programs and then deleted all the temporary files as you asked.


Okay, good. :up:

Let me look at your HiJackThis scan log, then I'll get back to you. 

--------------------------------------------------------


----------



## flavallee (May 12, 2002)

Start HiJackThis, then click "Do a system scan only".

The scan is quick and should be finished in less than a minute.

After it's finished, put a checkmark in these log entries:

*R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: FCSB000062035 Class - {20FEC4E7-F7B7-438B-8191-33D2EFC5EBEA} - C:\Program Files\Shop to Win 2\ShoppingBHO.dl

O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)

O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - http://coupons.smartsource.com/download/cscmv5X.cab

O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/dow...in/actxcab.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab*

After you confirm that you selected the correct log entries, click "Fix Checked - Yes".

Close HiJackThis, then restart the computer.

-------------------------------------------------------

Start Malwarebytes Anti-Malware.

Click "Updates(tab) - Check for Updates".

When the definition files have updated, click "OK".

Click "Scanner(tab) - *Perform quick scan* - Scan".

If infections or problems are found during the scan, the number of them will be highlighted in red.

When the scan is finished, click "Show Results".

Make sure that *EVERYTHING* is selected, then click "Remove Selected".

If you're prompted to restart to finish the removal process, click "Yes".

Start Malwarebytes Anti-Malware again.

Click "Logs"(tab).

Highlight the scan log entry, then click "Open".

When the scan log appears in Notepad, copy-and-paste it here.

-------------------------------------------------------

Start SUPERAntiSpyware.

Click "Check for Updates".

When the definition files have updated, click "Close".

Select the *Quick Scan* option, then click "Scan your Computer".

If infections or problems are found during the scan, a list will appear and the number of them will be highlighted in red.

When the scan is finished and the scan summary window appears, click "Continue".

Make sure that *EVERYTHING* in the list is selected, then click "Remove Threats".

Click "OK - Finish".

If you're prompted to restart to finish the removal process, do so.

Start SUPERAntiSpyware again.

Click "View Scan Logs".

Highlight the scan log entry, then click "View Selected Log".

When the scan log appears in Notepad, copy-and-paste it here.

-------------------------------------------------------


----------



## Agranny (Nov 12, 2011)

Thx - I had a dickens of a time trying to figure out the hijack this log - but looks like I finally got it. I'll be around until around 5:00 p.m (6:00 your time) and then I'll leave to go back to church. I'll check back with you every so often - I know by the size of the file that this step may take a while. I should be back home around 7:30 - 8:00 p.m. (8:30 to 9:00 your time) so you may not want to mess with this that late. That is fine - I appreciate everything you are trying to do for me. If I don't catch you tonight, I'll check back with you tomorrow night. Thx again.


----------



## flavallee (May 12, 2002)

The quick scans won't take long at all.

Just make sure you don't accidentally select the full/complete scan because it'll take much longer.

Don't use your computer while each scan is in progress.

You may have time to get it all done before you go to church and before I sign off for the day.

---------------------------------------------------------


----------



## Agranny (Nov 12, 2011)

ok - here goes.


----------



## Agranny (Nov 12, 2011)

I tried to delete the files you asked from HiJackThis but I got an error message.
Also, do I have to complete this step before I do the malwarebytes Anti-Malware and the Super Anti Spyware and do I have to purchase these programs before I can use?


----------



## flavallee (May 12, 2002)

Skip the section about fixing the log entries.

You do NOT need to purchase those 2 programs. If you're prompted to purchase the fully-functional version, decline to do so. The free version works fine for what you need it for.

I'm getting ready to go off-line for the night. Unless you ran into a problem, I'll check your scan logs in the morning.

------------------------------------------------------


----------



## Agranny (Nov 12, 2011)

12:15:43 Anne Pease MESSAGE Protection started successfully
12:15:48 Anne Pease MESSAGE IP Protection started successfully
12:18:41 Anne Pease MESSAGE Scheduled update executed successfully
12:18:42 Anne Pease MESSAGE IP Protection stopped
12:18:47 Anne Pease MESSAGE Database updated successfully
12:18:50 Anne Pease MESSAGE IP Protection started successfully
12:56:41 Anne Pease MESSAGE Protection started successfully
12:56:46 Anne Pease MESSAGE IP Protection started successfully
12:58:46 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb QUARANTINE
12:58:47 Anne Pease ERROR Quarantine failed: DeleteFile failed with error code 5
13:04:59 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
13:05:02 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
13:05:08 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
13:17:38 Anne Pease MESSAGE Protection started successfully
13:17:46 Anne Pease MESSAGE IP Protection started successfully
13:20:13 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb QUARANTINE
13:20:15 Anne Pease ERROR Quarantine failed: DeleteFile failed with error code 5
13:20:17 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
13:20:20 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
13:46:26 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
14:10:45 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
14:31:29 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
14:54:44 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
14:54:47 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
15:08:44 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
15:08:47 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
15:08:48 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
15:30:42 Anne Pease MESSAGE Protection started successfully
15:30:48 Anne Pease MESSAGE IP Protection started successfully
15:34:56 Anne Pease MESSAGE Protection started successfully
15:35:02 Anne Pease MESSAGE IP Protection started successfully
15:39:23 Anne Pease MESSAGE Protection started successfully
15:39:30 Anne Pease MESSAGE IP Protection started successfully
15:48:02 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb QUARANTINE
15:48:03 Anne Pease ERROR Quarantine failed: DeleteFile failed with error code 5
15:48:16 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
15:50:09 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
15:50:10 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
15:50:12 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
15:55:20 Anne Pease MESSAGE Protection started successfully
16:08:48 Anne Pease MESSAGE Protection started successfully
16:08:55 Anne Pease MESSAGE IP Protection started successfully
16:13:08 Anne Pease MESSAGE Protection started successfully
16:13:15 Anne Pease MESSAGE IP Protection started successfully
16:22:17 Anne Pease MESSAGE Protection started successfully
16:22:23 Anne Pease MESSAGE IP Protection started successfully
16:28:38 Anne Pease MESSAGE Protection started successfully
16:28:45 Anne Pease MESSAGE IP Protection started successfully
16:32:36 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb QUARANTINE
16:32:37 Anne Pease ERROR Quarantine failed: DeleteFile failed with error code 5
16:32:42 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
16:32:46 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
16:36:55 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
16:36:55 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
16:36:59 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
16:36:59 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
16:37:03 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
16:37:04 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
16:42:09 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
16:42:11 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
16:42:13 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
16:45:48 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
16:45:50 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
16:45:52 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
16:46:36 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
16:47:32 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
16:52:22 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
16:52:24 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
16:52:26 Anne Pease DETECTION C:\PROGRAM FILES\ARCADEWEB\ARCADEWEB32.DLL Adware.ArcadeWeb DENY
16:55:55 Anne Pease MESSAGE IP Protection stopped
16:56:08 Anne Pease MESSAGE Database updated successfully
16:56:11 Anne Pease MESSAGE IP Protection started successfully
17:43:05 Anne Pease MESSAGE Protection started successfully
17:43:11 Anne Pease MESSAGE IP Protection started successfully
20:42:40 Anne Pease MESSAGE Protection started successfully
20:42:48 Anne Pease MESSAGE IP Protection started successfully


----------



## Agranny (Nov 12, 2011)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 11/13/2011 at 09:39 PM
Application Version : 5.0.1136
Core Rules Database Version : 7937
Trace Rules Database Version: 5749
Scan type : Quick Scan
Total Scan Time : 00:45:53
Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 1 (Build 6.00.6001)
UAC On - Limited User (Administrator User)
Memory items scanned : 602
Memory threats detected : 0
Registry items scanned : 37141
Registry threats detected : 3
File items scanned : 76889
File threats detected : 156
Trojan.DNSChanger-Codec
HKU\S-1-5-21-3861044452-3139563411-3663233647-1000\Software\uninstall
Adware.IWinGames
HKU\S-1-5-21-3861044452-3139563411-3663233647-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8CA5ED52-F3FB-4414-A105-2E3491156990}
Adware.ShopAtHomeSelect
HKU\S-1-5-21-3861044452-3139563411-3663233647-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Adware.Tracking Cookie
C:\Users\Anne Pease\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /ads.bridgetrack ]
C:\Users\Anne Pease\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /adxpose ]
C:\Users\Anne Pease\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /atdmt ]
C:\Users\Anne Pease\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /doubleclick ]
C:\Users\Anne Pease\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt [ /doubleclick ]
C:\Users\Anne Pease\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /eyewonder ]
C:\Users\Anne Pease\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /hotels-and-discounts ]
C:\Users\Anne Pease\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /invitemedia ]
C:\Users\Anne Pease\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /mywebsearch ]
C:\Users\Anne Pease\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /oracle.112.2o7 ]
C:\Users\Anne Pease\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /questionmarket ]
C:\Users\Anne Pease\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /specificclick ]
C:\Users\Anne Pease\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /specificmedia ]
C:\Users\Anne Pease\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt [ /specificmedia ]
C:\Users\Anne Pease\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /track.freenewgifts ]
C:\Users\Anne Pease\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /track.yourrewardinside ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][4].txt [ Cookie:anne [email protected]/hc/LPservicemagic ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][5].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/cgi-bin/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][4].txt [ Cookie:anne [email protected]/ak/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/servlet/ajrotator/track/pt628637 ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt [ Cookie:anne [email protected]/hc/19452074 ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/clicksense/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/adserving ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:anne [email protected]/servlet/ajrotator/track/pt628650 ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\anne[email protected][2].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][5].txt [ Cookie:anne [email protected]/hc/56294818 ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][7].txt [ Cookie:anne [email protected]/pagead/conversion/1002798411/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][6].txt [ Cookie:anne [email protected]/hc/53965383 ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][5].txt [ Cookie:anne [email protected]/pagead/conversion/1072605658/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/pagead/conversion/1046803300/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt [ Cookie:anne [email protected]/pagead/conversion/975728701/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\Cookies\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\Cookies\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\Cookies\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\Cookies\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\Cookies\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\Cookies\[email protected][2].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\Cookies\[email protected][2].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\Cookies\[email protected][1].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\Cookies\[email protected][3].txt [ Cookie:anne [email protected]/ ]
C:\USERS\ANNE PEASE\Cookies\[email protected][2].txt [ Cookie:anne [email protected]/ ]


----------



## flavallee (May 12, 2002)

I have no idea what you submitted in post #22.

That's NOT a Malwarebytes Anti-Malware scan log.

-------------------------------------------------------

Did you select and remove all 159 threats that the SUPERAntiSpyware scan found?

-------------------------------------------------------


----------



## Agranny (Nov 12, 2011)

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8156
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19048
11/13/2011 5:37:50 PM
mbam-log-2011-11-13 (17-37-50).txt
Scan type: Quick scan
Objects scanned: 208902
Time elapsed: 38 minute(s), 59 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 71
Registry Values Infected: 6
Registry Data Items Infected: 1
Folders Infected: 15
Files Infected: 18
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
c:\program files\arcadeweb\arcadeweb32.dll (Adware.ArcadeWeb) -> Delete on reboot.
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{0656A137-B161-CADD-9777-E37A75727E78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0B682CC1-FB40-4006-A5DD-99EDD3C9095D} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{78919608-B066-4B5A-B248-38E12A783E05} (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9F531FB1-7C1F-4e1a-8C0C-E8D6177130E2} (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{2A04A1D0-1969-400e-A53C-6A5433A4B658} (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{21C1577D-B190-4F9D-8034-F26DE5F9F3C2} (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AWGames.Addon.1 (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AWGames.Addon (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9F531FB1-7C1F-4E1A-8C0C-E8D6177130E2} (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{9F531FB1-7C1F-4E1A-8C0C-E8D6177130E2} (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9F531FB1-7C1F-4E1A-8C0C-E8D6177130E2} (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{A670E878-A272-443D-BD19-ED0A9BFD3FD8} (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5F280841-8023-4BE6-9A4F-184D3E79A785} (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ExplorerPlugin.Extension.1 (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ExplorerPlugin.Extension (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78919608-B066-4B5A-B248-38E12A783E05} (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78919608-B066-4B5A-B248-38E12A783E05} (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9DD4258A-7138-49C4-8D34-587879A5C7A4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B8C0220D-763D-49A4-95F4-61DFDEC66EE6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C3BCC488-1AE7-11D4-AB82-0010A4EC2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000DA-0786-4633-87C6-1AA7A4429EF1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Arcadeweb (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\TYPELIB (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MPMFC1 (Rogue.SearchAndDestroy) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\System\CurrentControlSet\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\System\CurrentControlSet\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656A137-B161-CADD-9777-E37A75727E78} (Fake.Dropped.Malware) -> Value: {0656A137-B161-CADD-9777-E37A75727E78} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AW TrayIcon (Adware.ArcadeWeb) -> Value: AW TrayIcon -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\TrayIcRun (Adware.ArcadeWeb) -> Value: TrayIcRun -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656A137-B161-CADD-9777-E37A75727E78} (Fake.Dropped.Malware) -> Value: {0656A137-B161-CADD-9777-E37A75727E78} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SpywareSweeperProMFC (Rogue.SpywareSweeper) -> Value: SpywareSweeperProMFC -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Value: SystemCheck2 -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Folders Infected:
c:\programdata\19113520 (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr\setups (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Windows\spyware sweeper pro (Rogue.SpywareSweeper) -> Quarantined and deleted successfully.
c:\Users\anne pease\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected] (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
c:\Users\anne pease\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\Chrome (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
c:\Users\anne pease\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
Files Infected:
c:\program files\arcadeweb\arcadeweb32.dll (Adware.ArcadeWeb) -> Delete on reboot.
c:\$Recycle.Bin\s-1-5-21-3861044452-3139563411-3663233647-1000\$RME174Z\adobe_flash_player.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3861044452-3139563411-3663233647-1000\$RME174Z\wpbt0.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\program files\arcadeweb\awun.exe (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
c:\Users\anne pease\Desktop\click to find and fix errors.lnk (Rogue.Link) -> Quarantined and deleted successfully.
c:\Windows\spyware sweeper pro setup log.txt (Rogue.SpywareSweeper) -> Quarantined and deleted successfully.
c:\Windows\spyware sweeper pro uninstall log.txt (Rogue.SpywareSweeper) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr\1.bin\F3EZSETP.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr\1.bin\F3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr\1.bin\NPFUNWEB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Windows\spyware sweeper pro\uninstall.exe (Rogue.SpywareSweeper) -> Quarantined and deleted successfully.
c:\Users\anne pease\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\chrome.manifest (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
c:\Users\anne pease\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\install.rdf (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
c:\Users\anne pease\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\Chrome\awtextlinks.jar (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
c:\Users\anne pease\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components\arcadewebfirefox.dll (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
c:\Users\anne pease\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components\arcadewebfirefox.xpt (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
c:\Users\anne pease\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components\awextension.js (Adware.ArcadeWeb) -> Quarantined and deleted successfully.


----------



## Agranny (Nov 12, 2011)

Sorry - I think I copied the protection log rather than the scan log. I re-posted in #25 - Let me know if that isn't what you are looking for. 

And yes, I deleted all 159 threats that anit-spyware found.


----------



## flavallee (May 12, 2002)

Your computer was infested worse than I expected.

It looks like you selected and removed EVERYTHING.

Are you still receiving the pop-up messages?

-------------------------------------------------------

Start HiJackThis, then click "Do a system scan and save a log file".

Save the new log that appears, then submit it here.

-------------------------------------------------------


----------



## Agranny (Nov 12, 2011)

I'm still receiving the pop up messages. I need to do this for you - but I had to leave work early today for a Dr.'s appointment and they are asking for a report that I need to get to them and I have a physical therapy appointment in the morning. I know you are trying diligently to help me, but I may have to work late tomorrow and I have church on Wednesday night. But, I will try to get back to you in between - I really do appreciate everything you are trying to do for me!


----------



## Agranny (Nov 12, 2011)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:58:36 PM, on 11/14/2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19048)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Users\Anne Pease\AppData\Roaming\Smilebox\SmileboxTray.exe
C:\Program Files\Free Ride Games\GPlayer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Documents\Apease\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg.dll
O2 - BHO: FCSB000062035 Class - {20FEC4E7-F7B7-438B-8191-33D2EFC5EBEA} - C:\Program Files\Shop to Win 2\ShoppingBHO.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] "C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe" -1 --delay 15
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [BrMfcWnd] "C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] "C:\Program Files\Brother\ControlCenter3\brctrcen.exe" /autorun
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800
O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL ""
O4 - HKLM\..\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
O4 - HKCU\..\Run: [SmileboxTray] "C:\Users\Anne Pease\AppData\Roaming\Smilebox\SmileboxTray.exe"
O4 - HKCU\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v47/scrabblecubes/scrabblecubes.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - http://coupons.smartsource.com/download/cscmv5X.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - 
O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) - https://clients.parking.com/eds/arview2.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} (WorldWinner ActiveX Launcher Control) - http://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EBC1356E-7D5E-44EC-831D-847882F06FE5} (Gateway Client for MetaFrame) - https://portal.parking.com/cpc%20access%20portal/cds/CGC/en/CSGProxy.cab
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\Windows\system32\brsvc01a.exe
O23 - Service: Google Update Service (gupdate1cac3f3697c9f91) (gupdate1cac3f3697c9f91) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 12861 bytes

I couldn't get the report they need for work as I am still getting the same error message I was before - IT still don't have my "work" issue fixed - but that is their problem. Here is the new HiJACK This scan log.


----------



## flavallee (May 12, 2002)

Click Start - Run, then type in *MSCONFIG* and then click OK - "Startup" tab.

Write down only the names in the "Startup Item" column that have a checkmark.

If the column isn't wide enough to see the entire name of any of them, widen the column.

Submit those names here in a vertical list.

Make sure to spell them exactly as you see them there.

-------------------------------------------------------


----------



## flavallee (May 12, 2002)

Start HiJackThis, then click "Do a system scan only".

When the scan is finished, put a checkmark in these log entries:

*O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: FCSB000062035 Class - {20FEC4E7-F7B7-438B-8191-33D2EFC5EBEA} - C:\Program Files\Shop to Win 2\ShoppingBHO.dll

O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - http://coupons.smartsource.com/download/cscmv5X.cab

O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/dow...in/actxcab.cab*

After you confirm that you selected the correct log entries, click "Fix Checked - Yes".

Close HiJackThis.

------------------------------------------------------

You appear to be browsing websites that have shop-to-win, coupons, incentive offers, etc..

These websites are placing spyware-related activeX controls in your computer, and it's my guess this is where the pop-ups are generated from.

------------------------------------------------------


----------



## Agranny (Nov 12, 2011)

Windows DefenderhpsysdrvTrend Micro Antivirus 2007HD Audio Control PanelSSBkgdupdate ApplicationPaperPortBrother Status Monitor ApplicationControl CenterAdobe Photoshop Album Starter EditionNVIDIA Compatible Windows Vista Display Driver, Version 175.21MobileMeCarbonite Setup LiteReal Player (32-bit)Trend Micro TitaniumApple PushiTunesQuick TimeAdobe Reader and Acrobat ManagerJAVA ™ Platform SE Auto Updater 2 0MalWarebytes' Anti-MalwareMalWarebytes' Anti-MalwareMicrosoft ® Windows ® Operating SystemMicrosoft ® Windows ® Operating SystemISUSPM StartupGadwin PrintScreenHPADVISORSmileboxEXETender ™ ClientDW6SUPERANTISPYWAReMicrosoft Office OneNote


----------



## Agranny (Nov 12, 2011)

Ok - now I see why you said type in - I tried typing and then copying and pasting - that looks pretty hard to read.

Let's try that again.

Windows Defender
hpsysdrv
Trend Micro Antivirus 2007
HD Audio Control Panel
SSBkgdupdate Application
PaperPort
Brother Status Monitor Application
Control Center
Adobe Photoshop Album Starter Edition
NVIDIA Compatible Windows Vista Display Driver, Version 175.21
MobileMe
Carbonite Setup Lite
Real Player (32-bit)
Trend Micro Titanium
Apple Push
iTunes
Quick Time
Adobe Reader and Acrobat Manager
JAVA (TM) Platform SE AUTO Update 2 0
MalWarebytes' Anti-Malware
MalWarebytes' Anti-Malware
Microsoft R (circle around the R couldn't figure out how to insert ) Windows R Operating System
ISUSPM Startup
Gadwin PrintScreen
HPADVISOR
Smilebox
EXETender TM Client
DW6
SUPERANTISPYWARE
Microsoft Office OneNote


----------



## Agranny (Nov 12, 2011)

Please help us improve HijackThis by reporting this error
Click 'Yes' to submit
Error Details: 
An unexpected error has occurred at procedure: modBackup_MakeBackup(sItem=O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - http://coupons.smartsource.com/download/cscmv5X.cab)
Error #75 - Path/File access error
Windows version: Windows NT 6.00.1905
MSIE version: 8.0.6001.19048
HijackThis version: 2.0.4

I keep getting the above error message when I try this step. It keeps sending me back to the TrendSecure site and asking me to re-evaluate - I'm not sure what to do at this point.


----------



## Agranny (Nov 12, 2011)

I get that some of the sites I've been visiting aren't that safe. I know now I need to be more careful in the future. Does this possibly mean that I'm not going to be able to restore my computer and have these nasty popups removed?


----------



## flavallee (May 12, 2002)

Go back to Start - Run - *MSCONFIG* - OK - "Startup" tab.

Remove the checkmark in the below entries in the "Startup Item" column.

Take your time and make sure you uncheck the correct entries.

*Windows Defender

HD Audio Control Panel

SSBkgdupdate Application

Adobe Photoshop Album Starter Edition

NVIDIA Compatible Windows Vista Display Driver, Version 175.21

Real Player (32-bit)

iTunes

Quick Time

Adobe Reader and Acrobat Manager

JAVA (TM) Platform SE AUTO Update 2 0

MalWarebytes' Anti-Malware

ISUSPM Startup

HPADVISOR

SUPERANTISPYWARE

Microsoft Office OneNote*

After you're done, click Apply - OK/Close - Restart.

Start HiJackThis, then click "Do a system scan and save a log file".

Save the new log that appears, then submit it here.

-------------------------------------------------------------


----------



## Agranny (Nov 12, 2011)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:18:37 PM, on 11/16/2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19048)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Free Ride Games\GPlayer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Documents\Apease\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\wuauclt.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] "C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe" -1 --delay 15
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [BrMfcWnd] "C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] "C:\Program Files\Brother\ControlCenter3\brctrcen.exe" /autorun
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL ""
O4 - HKLM\..\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKUS\S-1-5-18\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup (User 'Default user')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v47/scrabblecubes/scrabblecubes.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - http://coupons.smartsource.com/download/cscmv5X.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - 
O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) - https://clients.parking.com/eds/arview2.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} (WorldWinner ActiveX Launcher Control) - http://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EBC1356E-7D5E-44EC-831D-847882F06FE5} (Gateway Client for MetaFrame) - https://portal.parking.com/cpc%20access%20portal/cds/CGC/en/CSGProxy.cab
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\Windows\system32\brsvc01a.exe
O23 - Service: Google Update Service (gupdate1cac3f3697c9f91) (gupdate1cac3f3697c9f91) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 10248 bytes
Sorry - I didn't send sooner but, this box to reply hasn't been at the end of the thread. I had to login and find the thread and was able to finally get back in. Here is the latest HiJACK This Log. The pop ups are gone!


----------



## flavallee (May 12, 2002)

Go to Control Panel - Programs And Features.

What's listed there that begins with *Trend Micro*?

Your log is showing

*Trend Micro Antivirus 2007

Trend Micro Titanium

Trend Micro Client Framework*

-------------------------------------------------------

Go to the *C:\Program Files\Trend Micro* folder.

What folder names are listed inside that folder?

-------------------------------------------------------


----------



## flavallee (May 12, 2002)

Agranny said:


> Sorry - I didn't send sooner but, this box to reply hasn't been at the end of the thread. I had to login and find the thread and was able to finally get back in. Here is the latest HiJACK This Log. The pop ups are gone!


I'm glad to hear the pop-ups are gone.  :up:

Let's put Malwarebytes and SUPERAntiSpyware to use again, just to make sure all the malware/spyware is gone.

Follow the previous instructions in the middle and bottom sections of post #16.

---------------------------------------------------------


----------



## Agranny (Nov 12, 2011)

Trend Micro TM AntiVirus


----------



## Agranny (Nov 12, 2011)

I've tried #16 many times - it let me delete the R3 - Default URLSearch Hook is missing and 03 - Toolbar: (no name) - (07B29EA9-AS23-4961-B6BB-170DE4475CCA) - (no file) but the others I keep getting an error message. Let me re-start my computer and see if any others come off.


----------



## Agranny (Nov 12, 2011)

There are two files
Trend Micro
Folders: AMSP AntiVirus 2007 Titanium and UniClient
Trend Micro (TM) AntiVirus 
Folders: Setup Folder and Tools Folder


----------



## flavallee (May 12, 2002)

Agranny said:


> There are two files
> Trend Micro
> Folders: AMSP AntiVirus 2007 Titanium and UniClient
> Trend Micro (TM) AntiVirus
> Folders: Setup Folder and Tools Folder


You are using a very outdated version of Trend Micro. The current version is 2012.

I suggest you uninstall it and then replace it with a newer and more user-friendly antivirus program.

There's no need to pay for an antivirus program because they are several free good ones out there.

------------------------------------------------------


----------



## Agranny (Nov 12, 2011)

sounds like I got ripped off. Trend Micro is what was on my computer when I bought it. I have renewed every year - they have sent me a download. I thought I was current. If I have an old version, it doens't make sense. But, from what you had me look at before, I believe you are correct. I have uninstalled both Trend Micro and Micro Titatium and have a 30 day free trial of Kaspersky which someone at work recommended. I will see if I like that one.

In the meantime, I still can't upload all my updates. Again, someone had recommended that I use my Vista disc and repair, but they loaded everything on my computer and didn't give me a disc. I've checked on the internet about downloading a repair disc, but that sounds way over my head - I've never burned a CD in my life!


----------



## flavallee (May 12, 2002)

Go to the *C:\Program Files\Trend Micro* folder.

What's listed inside that folder?

----------------------------------------------------------

Do NOT install the 30-day trial of Kaspersky.

Go here and click the green button to download and save *Microsoft Security Essentials 2.1.1116.0*.

Close all open windows first, then install it.

After it's installed, restart the computer.

----------------------------------------------------------


----------



## Agranny (Nov 12, 2011)

Ok - now I'm scared. You told me to uninstall Micro Trend Antivirus and and I did. I didn't know what free service to use and a friend at work had recommended Kaspersky so I downloaded a 30 day free trial (or at least I thought I did) - now I don't even see that. It appears that my computer is now unprotected and that scares me. I can't re-install Micro Trend as I only bought the one time use version; I didn't buy the one where you could re-install at a later date. I've gone into Microsoft Security Essentials 2.1116.0 and installed and re-started my computer. Now what?


----------



## Agranny (Nov 12, 2011)

Ok - I found my latest e-mail from Micro Trend and re-installed; then I realized that the Micro Security Essentials was a free anti-virus security program and I had only saved it - not installed it. I uninstalled Micro Trend (again) and then installed the Microsoft Security Essentials 2.1116.0 and re-started my computer. It is now running my updates. Sorry, I've been dealing with a shoulder injury and didn't sleep much last night - the rain today made me have a lot of pain. I wasn't thinking straight. But, I think I've now done what you asked. What do I do now?


----------



## flavallee (May 12, 2002)

If you've installed *Microsoft Security Essentials*, there will be a green icon with a white checkmark in the taskbar.

There will also be a *Microsoft Security Essentials* or *Microsoft Security Client* entry in Control Panel - Programs And Features.

If *Kaspersky* is NOT in Control Panel - Programs And Features, you have NOT installed it - which you DON'T want to do.

If you have installed it and it's in the list, uninstall it.

------------------------------------------------------------

Start HiJackThis, then click "Do a system scan and save a log file".

Save the new log that appears, then submit it here.

-------------------------------------------------------------


----------



## Agranny (Nov 12, 2011)

Ok - Kaspersky isn't in the control panel - programs and features. Microsoft security essentials is in the control panel - programs and features. So think I'm okay. Here is new HIJACK THIS log.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:24:16 PM, on 11/21/2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19048)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Free Ride Games\GPlayer.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Program Files\Documents\Apease\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [BrMfcWnd] "C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] "C:\Program Files\Brother\ControlCenter3\brctrcen.exe" /autorun
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files\FileHippo.com\UpdateChecker.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup (User 'Default user')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v47/scrabblecubes/scrabblecubes.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - http://coupons.smartsource.com/download/cscmv5X.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - 
O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) - https://clients.parking.com/eds/arview2.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} (WorldWinner ActiveX Launcher Control) - http://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EBC1356E-7D5E-44EC-831D-847882F06FE5} (Gateway Client for MetaFrame) - https://portal.parking.com/cpc%20access%20portal/cds/CGC/en/CSGProxy.cab
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - (no file)
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\Windows\system32\brsvc01a.exe
O23 - Service: Google Update Service (gupdate1cac3f3697c9f91) (gupdate1cac3f3697c9f91) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 9519 bytes
ntrol panel - programs and features. So, I think I am okay. See new HiJackThis log.


----------



## flavallee (May 12, 2002)

Everything seems to be okay in your log.

*Microsoft Security Essentials(MSC)* is in the O4 startup list. :up:

There are no entries for Kaspersky in the O23 services list. :up:

----------------------------------------------------------

Go to Start - Run - MSCONFIG - OK - "Startup" tab.

Write down only the entries in the "Startup Item" column that have a checkmark.

Widen the "Startup Item" column if you can't see the entire name of any of them.

Submit those names here in a vertical list.

----------------------------------------------------------

Go to Start - Run - SERVICES.MSC - OK.

If *NVIDIA Display Driver Service* is currently set on Automatic, double-click it to open its properties window.

Change its startup type to Manual, then click Apply - OK.

Close the services window.

----------------------------------------------------------


----------



## Agranny (Nov 12, 2011)

Ok - I went into start run SERVICES.MSC of - NVIDIA Display Driver Services - double clicked - properties and changed to manual startup apply ok - closed services window. Done.

Went into Start Run MSCONFIG - Here are checked items:
hypsydrv
Brother Status Monitor Application
Control Center
NVIDIA Media Center Library
Apple Push
JAVA (TM) Platform SE Auto Updater 2 0
Microsoft (R with circle around it) Windows R Operating System
Microsoft (R with circle around it) Windows R Operating System
Gadwin Print Screen
EXEtender TM Screen
FileHippo.com Update Checker
Adobe Reader and Acrobat Manager
HP Advisor
ISUSPM Startup
iTunes
Malwarebytes' Anti-Malware
Malwarebytes' Anti-Malware
NVIDIA Compatible Vista Display Driver, Version 175.21
QuickTime
HD Audio Control Panel
SSBkgdUpdate Application
JAVA (TM) Platform SE Auto Update 2 0
SUPERAntiSpyware
RealPlayer (32-bit)
Windows Defender
Microsoft Office OneNote


----------



## flavallee (May 12, 2002)

Go back to Start - Run - MSCONFIG - OK = "Startup" tab.

Remove the checkmark in these startup entries:

*NVIDIA Media Center Library

Java(TM) Platform SE Auto Updater 2.0

Gadwin Print Screen

EXEtender TM Screen

FileHippo.com Update Checker

Adobe Reader And Acrobat Manager

HP Advisor

ISUSPM Startup

iTunes

Malwarebytes Anti-Malware*
(The free version doesn't have "real time" monitoring, so there's no need for it to auto-start and run)

*NVIDIA Compatible Vista Display Driver, Version 175.21

QuickTime

HD Audio Control Panel

SSBkgdUpdate Application

SUPERAntiSpyware*
(The free version doesn't have "real time" monitoring, so there's no need for it to auto-start and run)

*RealPlayer (32-bit)

Windows Defender

Microsoft Office OneNote*

After you're done, click Apply - OK/Close - Restart.

Wait for the computer to completely settle down from the restart.

Start HiJackThis, then click "Do a system scan and save a log file".

Save the new log that appears, then submit it here.

------------------------------------------------------


----------



## Agranny (Nov 12, 2011)

I removed everything that you asked but the malwarebyte's Antispyware - I decided to buy one of those because I liked it. Also, I didn't uncheck the Gadwin print screen - I didn't want to lose that - I use it all the time. Does removing it from here make me lose it or would I have to go in and uninstall? I like having it on my task bar. But, if you assure me I will still be able to use it, I will go in and uncheck from the MSCONFIG.

Here is the latest HIJACK THIS log

ogfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:04:08 PM, on 11/22/2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19048)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Documents\Apease\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [BrMfcWnd] "C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] "C:\Program Files\Brother\ControlCenter3\brctrcen.exe" /autorun
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKUS\S-1-5-18\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup (User 'Default user')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v47/scrabblecubes/scrabblecubes.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - http://coupons.smartsource.com/download/cscmv5X.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - 
O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) - https://clients.parking.com/eds/arview2.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} (WorldWinner ActiveX Launcher Control) - http://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EBC1356E-7D5E-44EC-831D-847882F06FE5} (Gateway Client for MetaFrame) - https://portal.parking.com/cpc%20access%20portal/cds/CGC/en/CSGProxy.cab
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (file missing)
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg.dll (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\Windows\system32\brsvc01a.exe
O23 - Service: Google Update Service (gupdate1cac3f3697c9f91) (gupdate1cac3f3697c9f91) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 9328 bytes


----------



## Agranny (Nov 12, 2011)

I'm going to log off - I have some cooking to do and a houseful of company here for the next few days, so probably won't be on the computer much. I will get back to you - but it may be a few days.


----------



## flavallee (May 12, 2002)

Start HiJackThis, then click "Do a system scan only".

The scan should finish in less than a minute.

After it does, put a checkmark in these log entries:

*O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg.dll (file missing)

O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (file missing)

O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (file missing)

O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg.dll (file missing)*

then click "Fix Checked - Yes".

Close HiJackThis.

-----------------------------------------------------

I don't see any evidence of *Microsoft Security Essentials* in your last HiJackThis scan log, so I don't know if you've accidentally disabled it.

Go back to Start - Run - MSCONFIG - OK - "Startup" tab.

Make sure that *Microsoft Security Client(MSC)* or *msseces* is checked.

Go back to Start - Run - SERVICES.MSC - OK.

Make sure that *Microsoft Antimalware Service* is set on Automatic.

-----------------------------------------------------


----------



## Agranny (Nov 12, 2011)

Ok - I decided to get back on for a few minutes before everyone got up. I went back and did the start run MSCONFIG and unchecked Gadwin Print Screen and Malwarebytes as I realized these were auto starting and that I would still be able to use these manually. However, the gadwin print screen still keeps popping up - even tho I do the start MSCONFIG uncheck apply ok restart. Not sure what that is about.

Again, I will be limited the next few days on getting on the computer due to company, but will check when I can - definitely be back online by late Friday or early Saturday.


----------



## flavallee (May 12, 2002)

Put the computer aside for awhile and enjoy your Thanksgiving weekend.

---------------------------------------------------------

Just some advice for you. The holidays at the end of the year are a prime time for computer problems to start popping up because visiting family members are allowed to use it and do who-knows-what.

---------------------------------------------------------


----------



## Agranny (Nov 12, 2011)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:08:04 AM, on 11/23/2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19048)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Documents\Apease\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [BrMfcWnd] "C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] "C:\Program Files\Brother\ControlCenter3\brctrcen.exe" /autorun
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] "C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash
O4 - HKUS\S-1-5-18\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup (User 'Default user')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v47/scrabblecubes/scrabblecubes.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - http://coupons.smartsource.com/download/cscmv5X.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - 
O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) - https://clients.parking.com/eds/arview2.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} (WorldWinner ActiveX Launcher Control) - http://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EBC1356E-7D5E-44EC-831D-847882F06FE5} (Gateway Client for MetaFrame) - https://portal.parking.com/cpc%20access%20portal/cds/CGC/en/CSGProxy.cab
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (file missing)
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg.dll (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\Windows\system32\brsvc01a.exe
O23 - Service: Google Update Service (gupdate1cac3f3697c9f91) (gupdate1cac3f3697c9f91) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 9199 bytes
Ok - I re-installed the Micro Essential Security. I really don't think I uninstalled it tho and the Kaspersky 30 day trial I had installed and the next day it was gone. Same with this - scary. But, I have re-installed for now.

It won't let me remove the items from the HIJACKTHIS in your last thread - I tried but they keep popping back up.

I am going to log off now - will be back with you on Saturday. I won't let anyone use my computer while they're here - I promise! Enjoy your Thanksgiving holiday as well.


----------



## flavallee (May 12, 2002)

Okay, that's fine.

Unless you have anything else to address, why don't we put this thread to sleep.

----------------------------------------------------------


----------



## Agranny (Nov 12, 2011)

Ok - thanks for all your help. Hope you had a wonderful Thanksgiving holiday.


----------



## flavallee (May 12, 2002)

You're welcome.  You too. 

--------------------------------------------------------


----------

