# need to remove funmoods



## Cheryl910 (Jun 23, 2012)

Fun moods browser has become my unimvited web page. I uninstlled it in add remove programs but it still is there.

I have followed the instructions for logs and they are as follows

DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421
Run by Cheryl at 21:15:35 on 2012-06-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.4137 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~2\COUPON~1\bar\3.bin\2pbarsvc.exe
C:\Windows\system32\dleecoms.exe
C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe
C:\PROGRA~2\GAMING~2\bar\1.bin\gtbarsvc.exe
C:\ProgramData\IBUpdaterService\ibsvc.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Dell V715w\dleemon.exe
C:\Program Files (x86)\Dell V715w\ezprint.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Kaspersky Security Scan\KSS.exe
C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe
C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtbrmon.exe
C:\Program Files (x86)\Iminent\Iminent.exe
C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CouponAlert_2p\bar\3.bin\2pbrmon.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\StikyNot.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingBar.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.iminent.com/?appId=650823d0-5818-4dfc-ac5d-10ecb493b3b7&ref=homepage
mStart Page = hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzutAtN2Y1L1Qzu0DtDyCyB0EyDtD0AtCtD0CyC0FyE0BtAtN0D0TzutBtDtCtBtDyCtCyE&cr=686938904
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: N/A: {a8625cb7-85fe-4936-92a4-b2a7c925209e} - C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtSrcAs.dll
uURLSearchHooks: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll
uURLSearchHooks: N/A: {7b9f8c21-46ec-4c0b-8683-e755ef84577a} - C:\Program Files (x86)\CouponAlert_2p\bar\3.bin\2pSrcAs.dll
uURLSearchHooks: MW2 Hack Lobby Post Your Gamertag Toolbar: {078076e7-229b-400e-95b6-a0b8ea60aedb} - C:\Program Files (x86)\MW2_Hack_Lobby_Post_Your_Gamertag\prxtbMW20.dll
mURLSearchHooks: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll
mURLSearchHooks: MW2 Hack Lobby Post Your Gamertag Toolbar: {078076e7-229b-400e-95b6-a0b8ea60aedb} - C:\Program Files (x86)\MW2_Hack_Lobby_Post_Your_Gamertag\prxtbMW20.dll
mWinlogon: Userinit=userinit.exe
BHO: MW2 Hack Lobby Post Your Gamertag Toolbar: {078076e7-229b-400e-95b6-a0b8ea60aedb} - C:\Program Files (x86)\MW2_Hack_Lobby_Post_Your_Gamertag\prxtbMW20.dll
BHO: I Want This: {11111111-1111-1111-1111-110011221158} - C:\Program Files (x86)\I Want This\I Want This.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Facetheme: {27a220b7-bb43-4faf-b27b-f803d18eea28} - C:\Program Files (x86)\Object\bho_project.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: Toolbar BHO: {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} - C:\PROGRA~2\COUPON~1\bar\3.bin\2pbar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: {3D8DDF5B-60F5-2FC7-BA91-41C0E8E82D7B} - No File
BHO: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll
BHO: TBSB01620 Class: {58124a0b-dc32-4180-9bff-e0e21ae34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll
BHO: {59749E81-BFEA-A317-8D43-77D43422ECD0} - No File
BHO: Search Assistant BHO: {60e91567-ef8a-4520-bce2-83aba5256799} - C:\Program Files (x86)\CouponAlert_2p\bar\3.bin\2pSrcAs.dll
BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO: Funmoods Helper Object: {75ebb0aa-4214-4cb4-90ec-e3e07ecd04f7} - C:\PROGRA~2\Funmoods\1.5.23.22\bh\escort.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Toolbar BHO: {7c8f8fe5-9785-4f74-bcf8-895ef9752d97} - C:\PROGRA~2\GAMING~2\bar\1.bin\gtbar.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120622170453.dll
BHO: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
BHO: Fantapper: {8a86d350-37ab-410a-8531-7d1363f317b3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO: IMinent WebBooster (BHO): {a09ab6eb-31b5-454c-97ec-9b294d92ee2a} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll
BHO: WinZip Courier BHO: {a8fb70fa-0fdf-4601-9dc4-bfa1b357204f} - C:\PROGRA~2\WINZIP~2\wzwmcie.dll
BHO: Search Assistant BHO: {ab5d199e-9659-47a2-930b-fc3b69061353} - C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtSrcAs.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: DataMngr: {b939cf93-f2cb-443d-956c-dc523d85c9db} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\BROWSE~1.DLL
BHO: Wincore Mediabar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TBSB07898 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
TB: GamingWonderland: {a899079d-206f-43a6-be6a-07e0fa648ea0} - C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtbar.dll
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB: IMinent Toolbar: {977ae9cc-af83-45e8-9e03-e2798216e2d5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll
TB: Funmoods Toolbar: {a4c272ec-ed9e-4ace-a6f2-9558c7f29ef3} - C:\PROGRA~2\Funmoods\1.5.23.22\escorTlbr.dll
TB: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll
TB: Coupon Alert: {3462c343-be19-4143-af70-cefb56f46fc6} - C:\Program Files (x86)\CouponAlert_2p\bar\3.bin\2pbar.dll
TB: Coupons.com CouponBar: {8660e5b3-6c41-44de-8503-98d99bbecd41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
TB: MW2 Hack Lobby Post Your Gamertag Toolbar: {078076e7-229b-400e-95b6-a0b8ea60aedb} - C:\Program Files (x86)\MW2_Hack_Lobby_Post_Your_Gamertag\prxtbMW20.dll
TB: Wincore Mediabar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll
uRun: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
uRun: [AROReminder] 
uRun: [RESTART_STICKY_NOTES] C:\Windows\system32\StikyNot.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [<NO NAME>] 
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun: [GamingWonderland Search Scope Monitor] "C:\PROGRA~2\GAMING~2\bar\1.bin\gtsrchmn.exe" /m=2 /w /h
mRun: [GamingWonderland Browser Plugin Loader] C:\PROGRA~2\GAMING~2\bar\1.bin\gtbrmon.exe
mRun: [Dell V715w] "C:\Program Files (x86)\Dell V715w\fm3032.exe" /s
mRun: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
mRun: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe /startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [CouponAlert_2p Browser Plugin Loader] C:\PROGRA~2\COUPON~1\bar\3.bin\2pbrmon.exe
mRun: [Coupon Alert Search Scope Monitor] "C:\PROGRA~2\COUPON~1\bar\3.bin\2psrchmn.exe" /m=2 /w /h
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [DATAMNGR] C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\KASPER~1.LNK - C:\Program Files (x86)\Kaspersky Security Scan\KSS.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{9A2C600D-A613-4124-8012-60BE4E7920C1} : DhcpNameServer = 192.168.0.1 205.171.3.25
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll 
BHO-X64: MW2 Hack Lobby Post Your Gamertag Toolbar: {078076e7-229b-400e-95b6-a0b8ea60aedb} - C:\Program Files (x86)\MW2_Hack_Lobby_Post_Your_Gamertag\prxtbMW20.dll
BHO-X64: MW2 Hack Lobby Post Your Gamertag - No File
BHO-X64: I Want This: {11111111-1111-1111-1111-110011221158} - C:\Program Files (x86)\I Want This\I Want This.dll
BHO-X64: CrossriderApp0002258 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Facetheme: {27a220b7-bb43-4faf-b27b-f803d18eea28} - C:\Program Files (x86)\Object\bho_project.dll
BHO-X64: BHO Project - No File
BHO-X64: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO-X64: Babylon toolbar helper - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: Toolbar BHO: {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} - C:\PROGRA~2\COUPON~1\bar\3.bin\2pbar.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: {3D8DDF5B-60F5-2FC7-BA91-41C0E8E82D7B} - No File
BHO-X64: Bcool - No File
BHO-X64: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll
BHO-X64: WinZipBar - No File
BHO-X64: TBSB01620 Class: {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll
BHO-X64: TBSB01620 - No File
BHO-X64: {59749E81-BFEA-A317-8D43-77D43422ECD0} - No File
BHO-X64: Bcool - No File
BHO-X64: Search Assistant BHO: {60e91567-ef8a-4520-bce2-83aba5256799} - C:\Program Files (x86)\CouponAlert_2p\bar\3.bin\2pSrcAs.dll
BHO-X64: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO-X64: StartNow Toolbar Helper - No File
BHO-X64: Funmoods Helper Object: {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\PROGRA~2\Funmoods\1.5.23.22\bh\escort.dll
BHO-X64: Funmoods Helper Object - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Toolbar BHO: {7c8f8fe5-9785-4f74-bcf8-895ef9752d97} - C:\PROGRA~2\GAMING~2\bar\1.bin\gtbar.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120622170453.dll
BHO-X64: scriptproxy - No File
BHO-X64: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
BHO-X64: Fantapper: {8A86D350-37AB-410A-8531-7D1363F317B3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll
BHO-X64: Fantapper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO-X64: IMinent WebBooster (BHO): {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll
BHO-X64: IMinent WebBooster - No File
BHO-X64: WinZip Courier BHO: {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\PROGRA~2\WINZIP~2\wzwmcie.dll
BHO-X64: WinZip Courier BHO - No File
BHO-X64: Search Assistant BHO: {ab5d199e-9659-47a2-930b-fc3b69061353} - C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtSrcAs.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: DataMngr: {B939CF93-F2CB-443d-956C-DC523D85C9DB} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\BROWSE~1.DLL
BHO-X64: Wincore Mediabar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll
BHO-X64: Wincore Mediabar - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TBSB07898 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll
BHO-X64: TBSB07898 - No File
BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
TB-X64: GamingWonderland: {a899079d-206f-43a6-be6a-07e0fa648ea0} - C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtbar.dll
TB-X64: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB-X64: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB-X64: IMinent Toolbar: {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll
TB-X64: Funmoods Toolbar: {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\PROGRA~2\Funmoods\1.5.23.22\escorTlbr.dll
TB-X64: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll
TB-X64: Coupon Alert: {3462c343-be19-4143-af70-cefb56f46fc6} - C:\Program Files (x86)\CouponAlert_2p\bar\3.bin\2pbar.dll
TB-X64: Coupons.com CouponBar: {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
TB-X64: MW2 Hack Lobby Post Your Gamertag Toolbar: {078076e7-229b-400e-95b6-a0b8ea60aedb} - C:\Program Files (x86)\MW2_Hack_Lobby_Post_Your_Gamertag\prxtbMW20.dll
TB-X64: Wincore Mediabar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [(Default)] 
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun-x64: [GamingWonderland Search Scope Monitor] "C:\PROGRA~2\GAMING~2\bar\1.bin\gtsrchmn.exe" /m=2 /w /h
mRun-x64: [GamingWonderland Browser Plugin Loader] C:\PROGRA~2\GAMING~2\bar\1.bin\gtbrmon.exe
mRun-x64: [Dell V715w] "C:\Program Files (x86)\Dell V715w\fm3032.exe" /s
mRun-x64: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
mRun-x64: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe /startup
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [CouponAlert_2p Browser Plugin Loader] C:\PROGRA~2\COUPON~1\bar\3.bin\2pbrmon.exe
mRun-x64: [Coupon Alert Search Scope Monitor] "C:\PROGRA~2\COUPON~1\bar\3.bin\2psrchmn.exe" /m=2 /w /h
mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [DATAMNGR] C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE
IE-X64: {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk
AppInit_DLLs-X64: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll 
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 CouponAlert_2pService;Coupon AlertService;C:\PROGRA~2\COUPON~1\bar\3.bin\2pbarsvc.exe [2012-4-5 42504]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 dlee_device;dlee_device;C:\Windows\system32\dleecoms.exe -service --> C:\Windows\system32\dleecoms.exe -service [?]
R2 FTSvc;Fantapper Player Update Service;C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe [2011-12-15 11776]
R2 GamingWonderlandService;GamingWonderlandService;C:\PROGRA~2\GAMING~2\bar\1.bin\gtbarsvc.exe [2011-11-17 42504]
R2 IBUpdaterService;Updater Service;C:\ProgramData\IBUpdaterService\ibsvc.exe [2012-4-29 397848]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-11-11 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-11-11 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-11-11 1692480]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-5-29 2143072]
R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [2011-10-25 244960]
R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-6-11 935480]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2012-3-29 11856]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-7-13 150920]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-11-11 224704]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-4-10 25072]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-06-19 05:30:22	--------	d-----w-	C:\Users\Cheryl\AppData\Roaming\Mael
2012-06-19 05:26:24	--------	d-----w-	C:\Program Files (x86)\HxD
2012-06-14 22:24:10	--------	d-----w-	C:\Program Files (x86)\Yontoo
2012-06-14 22:24:07	--------	d-----w-	C:\ProgramData\Tarma Installer
2012-06-14 22:23:14	--------	d-----w-	C:\Program Files (x86)\1ClickDownload
2012-06-14 21:18:06	--------	d-----w-	C:\Program Files (x86)\ARO 2012
2012-06-14 21:07:21	35680	----a-w-	C:\Windows\System32\uxtuneup.dll
2012-06-14 21:07:21	29024	----a-w-	C:\Windows\SysWow64\uxtuneup.dll
2012-06-14 21:04:53	34656	----a-w-	C:\Windows\System32\TURegOpt.exe
2012-06-14 21:04:51	25952	----a-w-	C:\Windows\System32\authuitu.dll
2012-06-14 21:04:50	21344	----a-w-	C:\Windows\SysWow64\authuitu.dll
2012-06-14 21:04:32	--------	d-----w-	C:\Users\Cheryl\AppData\Roaming\TuneUp Software
2012-06-14 21:04:23	--------	d-----w-	C:\Program Files (x86)\TuneUp Utilities 2012
2012-06-14 21:04:21	--------	d-----w-	C:\ProgramData\TuneUp Software
2012-06-14 21:04:17	--------	d-sh--w-	C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-06-14 21:03:39	--------	d-----w-	C:\Users\Cheryl\FrostWire
2012-06-14 21:03:36	--------	d-----w-	C:\Users\Cheryl\.frostwire5
2012-06-14 21:03:34	--------	d-----w-	C:\Users\Cheryl\AppData\Roaming\OpenCandy
2012-06-14 20:12:37	--------	d-----w-	C:\Users\Cheryl\AppData\Roaming\MusicNet
2012-06-14 20:12:36	--------	d-----w-	C:\ProgramData\2436C
2012-06-14 20:12:15	--------	d-----w-	C:\ProgramData\boost_interprocess
2012-06-14 20:11:27	--------	d-----w-	C:\Program Files (x86)\BearShare Applications
2012-06-14 20:10:43	--------	d-----w-	C:\Users\Cheryl\AppData\Local\PackageAware
2012-06-14 01:38:09	77312	----a-w-	C:\Windows\System32\rdpwsx.dll
2012-06-14 01:38:09	149504	----a-w-	C:\Windows\System32\rdpcorekmts.dll
2012-06-14 01:38:08	9216	----a-w-	C:\Windows\System32\rdrmemptylst.exe
2012-06-13 06:39:40	--------	d-----w-	C:\Users\Cheryl\AppData\Local\{36393369-F3D6-48E4-BD83-F4904D977A78}
2012-05-27 08:37:42	--------	d-----w-	C:\Users\Cheryl\AppData\Roaming\Optimizer Pro
2012-05-27 08:37:34	--------	d-----w-	C:\ProgramData\Premium
2012-05-27 08:37:32	--------	d-----w-	C:\ProgramData\Bcool
2012-05-27 08:37:18	--------	d-----w-	C:\Program Files (x86)\Optimizer Pro
2012-05-27 08:37:00	--------	d-----w-	C:\ProgramData\InstallMate
2012-05-27 08:16:09	--------	d-----w-	C:\Program Files (x86)\MW2_Hack_Lobby_Post_Your_Gamertag
2012-05-27 07:01:19	--------	d-----w-	C:\Users\Cheryl\PDFCreator
2012-05-24 16:16:03	--------	d-----w-	C:\Users\Cheryl\AppData\Local\{FFBF516B-ADB9-4C1A-AF78-BF2632732D2D}
.
==================== Find3M ====================
.
2012-05-18 02:06:48	2311680	----a-w-	C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14	1392128	----a-w-	C:\Windows\System32\wininet.dll
2012-05-18 01:58:39	1494528	----a-w-	C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22	173056	----a-w-	C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30	2382848	----a-w-	C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37	1800192	----a-w-	C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47	1129472	----a-w-	C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39	1427968	----a-w-	C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45	142848	----a-w-	C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45	2382848	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33	3146752	----a-w-	C:\Windows\System32\win32k.sys
2012-05-04 11:06:22	5559664	----a-w-	C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53	3968368	----a-w-	C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50	3913072	----a-w-	C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20	209920	----a-w-	C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21	210944	----a-w-	C:\Windows\System32\drivers\rdpwd.sys
2012-04-24 05:37:37	184320	----a-w-	C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37	140288	----a-w-	C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36	1462272	----a-w-	C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42	140288	----a-w-	C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42	1158656	----a-w-	C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42	103936	----a-w-	C:\Windows\SysWow64\cryptnet.dll
2012-04-19 11:50:26	28480	----a-w-	C:\Windows\System32\drivers\avgidsha.sys
2012-04-07 12:31:40	3216384	----a-w-	C:\Windows\System32\msi.dll
2012-04-07 11:26:29	2342400	----a-w-	C:\Windows\SysWow64\msi.dll
2012-03-30 11:35:47	1918320	----a-w-	C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 21:18:24.54 ===============

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:53:23 PM, on 6/22/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Dell V715w\dleemon.exe
C:\Program Files (x86)\Dell V715w\ezprint.exe
C:\Program Files (x86)\Kaspersky Security Scan\KSS.exe
C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe
C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtbrmon.exe
C:\Program Files (x86)\Iminent\Iminent.exe
C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CouponAlert_2p\bar\3.bin\2pbrmon.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingBar.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Users\Cheryl\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.iminent.com/?appId=650823d0-5818-4dfc-ac5d-10ecb493b3b7&ref=homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=nv...0FyE0BtAtN0D0TzutBtDtCtBtDyCtCyE&cr=686938904
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
R3 - URLSearchHook: (no name) - {a8625cb7-85fe-4936-92a4-b2a7c925209e} - C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtSrcAs.dll
R3 - URLSearchHook: WinZipBar Toolbar - {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll
R3 - URLSearchHook: (no name) - {7b9f8c21-46ec-4c0b-8683-e755ef84577a} - C:\Program Files (x86)\CouponAlert_2p\bar\3.bin\2pSrcAs.dll
R3 - URLSearchHook: MW2 Hack Lobby Post Your Gamertag Toolbar - {078076e7-229b-400e-95b6-a0b8ea60aedb} - C:\Program Files (x86)\MW2_Hack_Lobby_Post_Your_Gamertag\prxtbMW20.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: MW2 Hack Lobby Post Your Gamertag - {078076e7-229b-400e-95b6-a0b8ea60aedb} - C:\Program Files (x86)\MW2_Hack_Lobby_Post_Your_Gamertag\prxtbMW20.dll
O2 - BHO: CrossriderApp0002258 - {11111111-1111-1111-1111-110011221158} - C:\Program Files (x86)\I Want This\I Want This.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BHO Project - {27a220b7-bb43-4faf-b27b-f803d18eea28} - C:\Program Files (x86)\Object\bho_project.dll (file missing)
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: Toolbar BHO - {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} - C:\PROGRA~2\COUPON~1\bar\3.bin\2pbar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Bcool - {3D8DDF5B-60F5-2FC7-BA91-41C0E8E82D7B} - (no file)
O2 - BHO: WinZipBar - {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll
O2 - BHO: TBSB01620 - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll
O2 - BHO: Bcool - {59749E81-BFEA-A317-8D43-77D43422ECD0} - (no file)
O2 - BHO: Search Assistant BHO - {60e91567-ef8a-4520-bce2-83aba5256799} - C:\Program Files (x86)\CouponAlert_2p\bar\3.bin\2pSrcAs.dll
O2 - BHO: StartNow Toolbar Helper - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\PROGRA~2\Funmoods\1.5.23.22\bh\escort.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Toolbar BHO - {7c8f8fe5-9785-4f74-bcf8-895ef9752d97} - C:\PROGRA~2\GAMING~2\bar\1.bin\gtbar.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120622170453.dll
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
O2 - BHO: Fantapper - {8A86D350-37AB-410A-8531-7D1363F317B3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
O2 - BHO: IMinent WebBooster - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll
O2 - BHO: WinZip Courier BHO - {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\PROGRA~2\WINZIP~2\wzwmcie.dll
O2 - BHO: Search Assistant BHO - {ab5d199e-9659-47a2-930b-fc3b69061353} - C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtSrcAs.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: DataMngr - {B939CF93-F2CB-443d-956C-DC523D85C9DB} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\BROWSE~1.DLL
O2 - BHO: Wincore Mediabar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TBSB07898 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
O3 - Toolbar: GamingWonderland - {a899079d-206f-43a6-be6a-07e0fa648ea0} - C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtbar.dll
O3 - Toolbar: StartNow Toolbar - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
O3 - Toolbar: IMinent Toolbar - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll
O3 - Toolbar: Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\PROGRA~2\Funmoods\1.5.23.22\escorTlbr.dll (file missing)
O3 - Toolbar: WinZipBar Toolbar - {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll
O3 - Toolbar: Coupon Alert - {3462c343-be19-4143-af70-cefb56f46fc6} - C:\Program Files (x86)\CouponAlert_2p\bar\3.bin\2pbar.dll
O3 - Toolbar: Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" (file missing)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
O3 - Toolbar: MW2 Hack Lobby Post Your Gamertag Toolbar - {078076e7-229b-400e-95b6-a0b8ea60aedb} - C:\Program Files (x86)\MW2_Hack_Lobby_Post_Your_Gamertag\prxtbMW20.dll
O3 - Toolbar: Wincore Mediabar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
O4 - HKLM\..\Run: [GamingWonderland Search Scope Monitor] "C:\PROGRA~2\GAMING~2\bar\1.bin\gtsrchmn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [GamingWonderland Browser Plugin Loader] C:\PROGRA~2\GAMING~2\bar\1.bin\gtbrmon.exe
O4 - HKLM\..\Run: [Dell V715w] "C:\Program Files (x86)\Dell V715w\fm3032.exe" /s
O4 - HKLM\..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
O4 - HKLM\..\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [CouponAlert_2p Browser Plugin Loader] C:\PROGRA~2\COUPON~1\bar\3.bin\2pbrmon.exe
O4 - HKLM\..\Run: [Coupon Alert Search Scope Monitor] "C:\PROGRA~2\COUPON~1\bar\3.bin\2psrchmn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE
O4 - HKCU\..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\system32\StikyNot.exe
O4 - Global Startup: Kaspersky Security Scan.lnk = ?
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Fantapper - {AB745E88-1BAD-4B80-A83E-7C964EAC9804} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll (HKCU)
O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll
O20 - AppInit_DLLs: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll 
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Coupon AlertService (CouponAlert_2pService) - COMPANYVERS_NAME - C:\PROGRA~2\COUPON~1\bar\3.bin\2pbarsvc.exe
O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
O23 - Service: dlee_device - - C:\Windows\system32\dleecoms.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Fantapper Player Update Service (FTSvc) - Brand Affinity Technologies - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: GamingWonderlandService - COMPANYVERS_NAME - C:\PROGRA~2\GAMING~2\bar\1.bin\gtbarsvc.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Updater Service (IBUpdaterService) - Unknown owner - C:\ProgramData\IBUpdaterService\ibsvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\mcafee\msc\mcawfwk.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Dell DataSafe Online (NOBU) - Dell, Inc. - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service for StartNow Toolbar - Unknown owner - C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater11.1.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 20548 bytes


----------



## flavallee (May 12, 2002)

Your DDS log shows both *McAfee* and *AVG 2012* installed and running.

Multiple antivirus programs installed and running in the same computer will fight each other and bog it down and cause other problems.

I suggest you get rid of BOTH of them and then install *Microsoft Security Essentials 4.0.1526.0* to replace them.

If you do decide to get rid of BOTH of them, you need to run *McAfee Consumer Product Removal Tool* and *AVG Remover(64bit) 2012* afterwards so they find and remove the leftover file and registry "debris" from their uninstalls.

After that's all done, you can then install Microsoft Security Essentials.

It's light-weight and very user-friendly and well-recommended here.

-----------------------------------------------------------

We need to get a better picture of what's currently installed in your computer, so do the following:

Start HiJackThis.

Click on the "Open The Misc Tools Section" button.

Click on the "Open Uninstall Manager" button.

Click on the "Save List" button.

Save the "uninstall_list.txt" file somewhere.

It'll then open in Notepad.

Return here to your thread, then copy-and-paste the entire file here.

---------------------------------------------------------

Your computer is infested with malware, spyware, etc. and has a number of other issues that need to be resolved.

--------------------------------------------------------


----------



## Cheryl910 (Jun 23, 2012)

1ClickDownloader
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.3) MUI
All Star Slots
ATI Catalyst Control Center
Babylon toolbar on IE
Bcool
Bejeweled 2 Deluxe
Bing Bar
Bing Rewards Client Installer
Blackhawk Striker 2
Blio
Bounce Symphony
Build-a-lot 2
Cake Mania
Catalyst Control Center - Branding
Chuzzle Deluxe
Consumer In-Home Service Agreement
Coupon Printer for Windows
CouponAlert Toolbar
CouponBar
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Digital Delivery
Dell Getting Started Guide
Dell Marketplace Webslice IE8
Dell MusicStage
Dell PhotoStage
Dell PhotoStage
Dell Stage
Dell VideoStage 
Dell VideoStage 
Diner Dash 2 Restaurant Rescue
DirectX 9 Runtime
Dora's World Adventure
eBay
Escape Whisper Valley (TM)
Facetheme
Family Tree Maker 9.0
Fantapper Player
Farm Frenzy
FATE
Final Drive Fury
Final Drive Nitro
GamingWonderland
GoToAssist 8.0.0.514
High-Definition Video Playback
HxD Hex Editor version 1.7.7.0
I Want This
Iminent
Iminent
IMinent Toolbar
Internet Explorer
Java(TM) 6 Update 31
Jewel Quest
Jewel Quest Solitaire 2
Junk Mail filter update
Kaspersky Security Scan
Luxor
McAfee SecurityCenter
Mesh Runtime
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MW2 Hack Lobby Post Your Gamertag Toolbar
Namco All-Stars PAC-MAN
Nero 10 Movie ThemePack Basic
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
Opera 11.61
Optimizer Pro v3.0
Penguins!
PhotoScape
PhotoShowExpress
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Creator Starter
Roxio Creator Starter
Roxio Express Labeler 3
Samantha Swift
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Skype Toolbars
Skype™ 4.2
Sonic CinePlayer Decoder Pack
StartNow Toolbar
SyncUP
SyncUP
TrustedID
TuneUp Utilities 2012
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update Installer for WildTangent Games App
Updater Service
Virtual Villagers 4 - The Tree of Life
Visual Studio 2008 x64 Redistributables
Wedding Dash - Ready, Aim, Love!
WildTangent Games
WildTangent Games App (Dell Games)
Wincore MediaBar
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mail
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.20 beta 3 (32-bit)
WinZip Courier
WinZipBar Toolbar
Zinio Reader 4
Zinio Reader 4
Zuma Deluxe


----------



## flavallee (May 12, 2002)

Do the following in the order that they're listed.

------------------------------------------------------------

Download and SAVE

*Adobe Flash Player ActiveX 11.3.300.257*

*Adobe Flash Player Plugin 11.3.300.257*

*Java Runtime Environment 1.6.0.33(6 Update 33)*

*Malwarebytes Anti-Malware 1.61.0.1400*

*Opera 11.64*

*SUPERAntiSpyware 5.1.0.1002*

Just download and SAVE them and DON'T do anything with them yet.

------------------------------------------------------------

Go to Control Panel - Programs And Features, then uninstall

*Babylon Toolbar

Bing Bar

CouponAlert Toolbar

CouponBar

Fantapper Player

Funmoods Toolbar

GamingWonderland Toolbar

I Want This

Iminent

IMinent Toolbar

MW2 Hack Lobby Post Your Gamertag Toolbar

Optimizer Pro

StartNow Toolbar

TuneUp Utilities

Wincore MediaBar

WinZipBar Toolbar

Yontoo Layers*

------------------------------------------------------------

Install *Malwarebytes Anti-Malware* and *SUPERAntiSpyware*.

Make sure to update their definition files during the install process.

Make sure to uncheck and decline to install any extras, such as toolbars and homepages, they may offer.

Decline to use the "trial" version.

After they've been installed and updated, restart the computer.

DON'T run any scans with them yet.

------------------------------------------------------------

Advise when all of the above has been done.

------------------------------------------------------------


----------



## Cheryl910 (Jun 23, 2012)

All of the above has been done. 2 issues though
Although funmood is removed from the list of programs it remains the initial browser that pops up.
and 
2. Yontoo layers would not uninstall. message said "set up iniatialization error"


----------



## flavallee (May 12, 2002)

Do the following in the order listed.

DON'T use the computer while each scan is in progress.

--------------------------------------------------------

Start Malwarebytes Anti-Malware.

Click "Scanner(tab) - *Perform quick scan* - Scan".

If infections or problems are found during the scan, the number of them will be highlighted in red.

When the scan is finished, click "Show Results".

Make sure that *EVERYTHING* is selected, then click "Remove Selected".

If you're prompted to restart to finish the removal process, click "Yes".

Start Malwarebytes Anti-Malware again.

Click "Logs"(tab).

Highlight the scan log entry, then click "Open".

When the scan log appears in Notepad, copy-and-paste it here.

--------------------------------------------------------

Start SUPERAntiSpyware.

Select the "*Quick Scan*" option, then click "Scan your Computer".

If infections or problems are found during the scan, a list will appear and the number of them will be highlighted in red.

When the scan is finished and the scan summary window appears, click "Continue".

Make sure that *EVERYTHING* in the list is selected, then click "Remove Threats".

Click "OK - Finish".

If you're prompted to restart to finish the removal process, do so.

Start SUPERAntiSpyware again.

Click "View Scan Logs".

Highlight the scan log entry, then click "View Selected Log".

When the scan log appears in Notepad, copy-and-paste it here.

--------------------------------------------------------

Start HiJackThis, then click "Do a system scan and save a log file"

Save the new log that appears, then copy-and-paste it here.

--------------------------------------------------------


----------



## Cheryl910 (Jun 23, 2012)

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.24.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Cheryl :: CHERYL-PC [administrator]

6/25/2012 10:54:42 AM
mbam-log-2012-06-25 (10-54-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208201
Time elapsed: 4 minute(s), 19 second(s)

Memory Processes Detected: 1
C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> 1888 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 29
HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.
HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCR\funmoods.funmoodsHlpr.1 (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCR\funmoods.funmoodsHlpr (PUP.FunMoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoods.dskBnd (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\f (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{23B38049-323F-443D-9732-F454E5B15B72} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
HKCR\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facetheme-apl (PUP.FCTPlugin) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\Program Files (x86)\Object (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\chromeaddon (PUP.FCTPlugin) -> Quarantined and deleted successfully.

Files Detected: 16
C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> Delete on reboot.
C:\ProgramData\Bcool\bhoclass.dll (PUP.DownloadnSave) -> Quarantined and deleted successfully.
C:\Users\Cheryl\Desktop\DownloadSetup.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\Users\Cheryl\Downloads\FLVPlayerSetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Cheryl\Downloads\freefileviewer_2_1283.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.
C:\Users\Cheryl\Downloads\IWONSetup2.3.96.3.ZLchr999.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\enable.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\ChromeAddon.pem (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\config.ini (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\facetheme-apl_uninstall.exe (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\status2.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\status3.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\chromeaddon\._included.js (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\chromeaddon\background.html (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\chromeaddon\included.js (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\chromeaddon\manifest.json (PUP.FCTPlugin) -> Quarantined and deleted successfully.

(end)


----------



## Cheryl910 (Jun 23, 2012)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/25/2012 at 11:13 AM

Application Version : 5.1.1002

Core Rules Database Version : 8788
Trace Rules Database Version: 6600

Scan type : Quick Scan
Total Scan Time : 00:06:08

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 656
Memory threats detected : 0
Registry items scanned : 54346
Registry threats detected : 7
File items scanned : 11874
File threats detected : 199

PUP.StartNow Toolbar
(x86) HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
(x86) HKU\S-1-5-21-232740147-1963858834-2666491947-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
(x86) HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}

Adware.Tracking Cookie
C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\FVIC35HT.txt [ /thetrafficstat.net ]
C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\4MB8G3BP.txt [ /doubleclick.net ]
C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\768YHN6S.txt [ /apmebf.com ]
C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\EFE4H949.txt [ /r1-ads.ace.advertising.com ]
C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\AWDPARNX.txt [ /ru4.com ]
C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\0TMMNF0X.txt [ /mediaplex.com ]
C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\JU90PBFE.txt [ /mywebsearch.com ]
C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\6NUGLZWO.txt [ /statse.webtrendslive.com ]
C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\BLDS6RG1.txt [ /bs.serving-sys.com ]
C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\JQ0R2KJF.txt [ /pointroll.com ]
C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\I6ZIRVMO.txt [ /msnportal.112.2o7.net ]
C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\TO6E55AA.txt [ /atdmt.com ]
C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\346MQ2NX.txt [ /adserv.brandaffinity.net ]
C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\0KULRR63.txt [ /avgtechnologies.112.2o7.net ]
C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\H2BVRE7Z.txt [ /interclick.com ]
C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\9IT5RREK.txt [ /invitemedia.com ]
C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\23DA90J0.txt [ /api31.thetrafficstat.net ]
C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\QIC9LPB9.txt [ /lucidmedia.com ]
C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\CDHC3DNE.txt [ /casalemedia.com ]
C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\Z1EB5IJS.txt [ /adxpose.com ]
C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\91QVX1SQ.txt [ /mm.chitika.net ]
C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\3RDJTG38.txt [ /ads.pointroll.com ]
C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\CNOG5VXA.txt [ /search.mywebsearch.com ]
C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\TX1KYHOC.txt [ /questionmarket.com ]
C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\DEHS8ZUM.txt [ /ads.undertone.com ]
C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\E3TEO0UU.txt [ /tags.toolbarsmedia.com ]
C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\SUAM3ZGC.txt [ /at.atwola.com ]
C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\BNW9SCH1.txt [ /a1.interclick.com ]
C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\7TG4TBLP.txt [ /home.mywebsearch.com ]
C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\MJ6AFAZH.txt [ /pro-market.net ]
C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\Q2OJHKUL.txt [ /adbrite.com ]
C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\Z4T0O3G6.txt [ /mywebsearch.com ]
C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\33VO8ZYR.txt [ /chitika.net ]
C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\P7LSMPWI.txt [ /advertising.com ]
C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\LRXYU3S4.txt [ /yieldmanager.net ]
C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\MWNCZITU.txt [ /imrworldwide.com ]
C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\5HJM9YKY.txt [ /ad.yieldmanager.com ]
C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\7Z20O0G5.txt [ /c.atdmt.com ]
C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\6KYQDY6A.txt [ /adserver.adtechus.com ]
C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\STJUT4HT.txt [ /thetrafficstat.net ]
C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\8SUIHOYC.txt [ /zgstats.com ]
C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\OVSEBYM0.txt [ /media6degrees.com ]
C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\YN73NS9D.txt [ /api32.thetrafficstat.net ]
C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\KECXHIJ6.txt [ /serving-sys.com ]
C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\D34KLLFV.txt [ /zedo.com ]
C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\4Q0V53LZ.txt [ /tags.toolbarsmedia.com ]
C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\MOCKFOKB.txt [ Cookie:[email protected]/pagead/conversion/1001747818/ ]
C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\CP4VLVPY.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\MLPIB6X7.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\W41S26YC.txt [ Cookie:[email protected]e.advertising.com/ ]
C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\NKGWRIFL.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\O269MC8V.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\07MD0YIQ.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\CE43HL19.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\TMS3VYJ2.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZLVC2SBW.txt [ Cookie:[email protected]/pagead/conversion/1061409011/ ]
C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\R1473B7V.txt [ Cookie:[email protected]/adserving ]
C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\9XOPUOIS.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZA0SAANO.txt [ Cookie:[email protected]/pagead/conversion/1029939769/ ]
C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\OOV9S2X5.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\PWKVPXAL.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\PMWP30GZ.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\LVAUNMZN.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\DUR28JA5.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\D1DN2ZGM.txt [ Cookie:[email protected]/pagead/conversion/1017653003/ ]
C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\BC0HWH0V.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\IQ4WO8HP.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\M4157BEP.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\JCBOJIK9.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\B02RNRWK.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\PTOYTMHV.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\SO1D4V61.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\H5TKL24N.txt [ Cookie:[email protected]/adi/tgn.rootsweb.com/ ]
C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\9R5OA1N1.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\53E07K7Y.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z44EP05H.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\S2WS9P5B.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\EF5Z1CEV.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\9IJL5B1A.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\9SEDWKQ7.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\BFTM1CCX.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\E4AH32F3.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\IM0FQLH1.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\KF449NYV.txt [ Cookie:[email protected]/pagead/conversion/1010576464/ ]
C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\226QO8YU.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\6Y6C239M.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\SZ83W9AF.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\PYSKN0L2.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\GN8S3JGY.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\JHN92TQ5.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\M6E7WDIG.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\4L9MS45V.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\4QEZXKWE.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\OUQBK3VC.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\AppData\Roaming\Microsoft\Windows\Cookies\Low\9FNKONTW.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\Cookies\FVIC35HT.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\Cookies\4MB8G3BP.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\Cookies\EFE4H949.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\Cookies\AWDPARNX.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\Cookies\0TMMNF0X.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\Cookies\JU90PBFE.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\Cookies\6NUGLZWO.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\Cookies\JQ0R2KJF.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\Cookies\I6ZIRVMO.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\Cookies\TO6E55AA.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\Cookies\346MQ2NX.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\Cookies\0KULRR63.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\Cookies\H2BVRE7Z.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\Cookies\QIC9LPB9.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\Cookies\Z1EB5IJS.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\Cookies\91QVX1SQ.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\Cookies\CNOG5VXA.txt [ Cookie:[email protected]/mywebsearch/ ]
C:\USERS\CHERYL\Cookies\TX1KYHOC.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\Cookies\E3TEO0UU.txt [ Cookie:[email protected]/track/ ]
C:\USERS\CHERYL\Cookies\SUAM3ZGC.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\Cookies\BNW9SCH1.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\Cookies\MJ6AFAZH.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\Cookies\33VO8ZYR.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\Cookies\P7LSMPWI.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\Cookies\LRXYU3S4.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\Cookies\5HJM9YKY.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\Cookies\6KYQDY6A.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\Cookies\OVSEBYM0.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\Cookies\YN73NS9D.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\Cookies\KECXHIJ6.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\Cookies\D34KLLFV.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\Cookies\4Q0V53LZ.txt [ Cookie:[email protected]/ ]

PUP.MyWebSearch
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2EJJS7UY\unified[2].css [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5NKZB03R\query[3].js [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YUWOL2MT\GGmain[1].htm [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YM4BU9V1\hp.home-base[1].js [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YM4BU9V1\GGmain[1].htm [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YM4BU9V1\query[2].js [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YUWOL2MT\query[1].js [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YM4BU9V1\redirect[3].jhtml [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SWV26LM6\query[2].js [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YUWOL2MT\redirect[1].jhtml [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SWV26LM6\enable_mywebsearch_com[1].htm [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SWV26LM6\mwsGBv2-compressed[1].js [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YM4BU9V1\redirect[1].jhtml [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U1E1OWLX\ads[1].htm [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5NKZB03R\query[9].js [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U1E1OWLX\query[9].js [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YUWOL2MT\query[2].js [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U1E1OWLX\GGmain[2].htm [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5NKZB03R\query[2].js [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2EJJS7UY\query[11].js [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5SLDYQGT\unified[1].css [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YM4BU9V1\query[1].js [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YM4BU9V1\redirect[2].jhtml [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2EJJS7UY\query[4].js [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2EJJS7UY\query[10].js [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5NKZB03R\queryCAKCYT9M.js [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QEGZ2KQ1\query[3].js [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U1E1OWLX\query[8].js [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YM4BU9V1\query[5].js [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SWV26LM6\query[5].js [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YM4BU9V1\standard[2].js [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U1E1OWLX\query[3].js [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YUWOL2MT\ads[4].js [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QEGZ2KQ1\query[1].js [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2EJJS7UY\query[9].js [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5NKZB03R\query[1].js [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2EJJS7UY\query[5].js [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2EJJS7UY\query[1].js [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SWV26LM6\query[1].js [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5SLDYQGT\query[1].js [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QEGZ2KQ1\redirect[2].jhtml [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QEGZ2KQ1\query[11].js [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5NKZB03R\query[7].js [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YM4BU9V1\query[6].js [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2EJJS7UY\query[8].js [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QEGZ2KQ1\query[5].js [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U1E1OWLX\query[11].js [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5NKZB03R\ads[1].htm [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QEGZ2KQ1\query[2].js [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2EJJS7UY\query[3].js [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U1E1OWLX\query[5].js [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QEGZ2KQ1\query[6].js [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2EJJS7UY\GGmain[1].htm [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QEGZ2KQ1\query[9].js [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U1E1OWLX\query[7].js [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2EJJS7UY\query[7].js [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QEGZ2KQ1\query[4].js [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5NKZB03R\query[11].js [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5NKZB03R\redirect[1].jhtml [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U1E1OWLX\query[4].js [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5NKZB03R\query[4].js [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5NKZB03R\query[10].js [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QEGZ2KQ1\query[10].js [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5NKZB03R\getSegment[1].htm [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U1E1OWLX\query[6].js [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2EJJS7UY\query[2].js [ cache:mywebsearch.com ]
C:\USERS\CHERYL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U1E1OWLX\GGmain[1].htm [ cache:mywebsearch.com ]

Browser Hijacker.Deskbar
(x64) HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
(x64) HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32
(x64) HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib
(x64) HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version

Adware.ShopAtHome/SelectRebates
C:\USERS\CHERYL\DESKTOP\SHOPATHOME_TOOLBAR.EXE

Adware.Casino Games (Golden Palace Casino)
ZIP ARCHIVE( C:\USERS\CHERYL\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\LTSHX907\CASINO.EXE[1].ZIP )/CASINO.EXE
C:\USERS\CHERYL\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\LTSHX907\CASINO.EXE[1].ZIP
ZIP ARCHIVE( C:\USERS\CHERYL\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\LTSHX907\CASINO.EXE[1].ZIP )/CASINO.EXE
C:\USERS\CHERYL\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\LTSHX907\CASINO.EXE[1].ZIP


----------



## Cheryl910 (Jun 23, 2012)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:21:11 AM, on 6/25/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Dell V715w\dleemon.exe
C:\Program Files (x86)\Dell V715w\ezprint.exe
C:\Program Files (x86)\Kaspersky Security Scan\KSS.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Users\Cheryl\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=ironto
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=ir...0FyE0BtAtN0D0TzutBtDtCtBtDyCtBtA&cr=498605432
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - (no file)
R3 - URLSearchHook: (no name) - {078076e7-229b-400e-95b6-a0b8ea60aedb} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BHO Project - {27a220b7-bb43-4faf-b27b-f803d18eea28} - C:\Program Files (x86)\Object\bho_project.dll (file missing)
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Bcool - {3D8DDF5B-60F5-2FC7-BA91-41C0E8E82D7B} - (no file)
O2 - BHO: Bcool - {59749E81-BFEA-A317-8D43-77D43422ECD0} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll
O2 - BHO: WinZip Courier BHO - {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\PROGRA~2\WINZIP~2\wzwmcie.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TBSB07898 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll (file missing)
O2 - BHO: PricePeep - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
O3 - Toolbar: Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll (file missing)
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
O4 - HKLM\..\Run: [Dell V715w] "C:\Program Files (x86)\Dell V715w\fm3032.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Kaspersky Security Scan.lnk = ?
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (file missing)
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
O23 - Service: dlee_device - - C:\Windows\system32\dleecoms.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Dell DataSafe Online (NOBU) - Dell, Inc. - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11965 bytes


----------



## flavallee (May 12, 2002)

As you can see, quick scans with *Malwarebytes Anti-Malware* and *SUPERAntiSpyware* found a LOT of infestation.

I'm going to assume that you selected and removed EVERYTHING that the scans found.

----------------------------------------------------------

Install the updated versions of *Adobe Flash Player*(activeX and plugin) and *Java Runtime Environment* and *Opera* that I advised you to download and save in post #4.

Uncheck and decline to install any extras, such as toolbars and homepages, they may offer.

After you're all done, restart the computer.

----------------------------------------------------------

Start HiJackThis, then click "Do a system scan only".

When the scan is finished in about 30 - 60 seconds, put a checkmark in these log entries:

*R3 - URLSearchHook: (no name) - {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - (no file)

R3 - URLSearchHook: (no name) - {078076e7-229b-400e-95b6-a0b8ea60aedb} - (no file)

O2 - BHO: BHO Project - {27a220b7-bb43-4faf-b27b-f803d18eea28} - C:\Program Files (x86)\Object\bho_project.dll (file missing)

O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (file missing)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: Bcool - {3D8DDF5B-60F5-2FC7-BA91-41C0E8E82D7B} - (no file)

O2 - BHO: Bcool - {59749E81-BFEA-A317-8D43-77D43422ECD0} - (no file)

O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll

O2 - BHO: TBSB07898 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll (file missing)

O2 - BHO: PricePeep - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll

O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll

O3 - Toolbar: Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll (file missing)

O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (file missing)

O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)*

After you confirm that you selected the correct log entries, click "Fix Checked - Yes".

Close HiJackThis, then restart the computer.

Start HiJackThis again, then click "Do a system scan and save a log file".

Save the new log that appears, then copy-and-paste it here.

----------------------------------------------------------


----------



## Cheryl910 (Jun 23, 2012)

I thought I should tell you, fun moods is trying to remain my opening browser

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:48:11 PM, on 6/25/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Dell V715w\dleemon.exe
C:\Program Files (x86)\Dell V715w\ezprint.exe
C:\Program Files (x86)\Kaspersky Security Scan\KSS.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Users\Cheryl\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=ironto
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=ir...0FyE0BtAtN0D0TzutBtDtCtBtDyCtBtA&cr=498605432
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: WinZip Courier BHO - {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\PROGRA~2\WINZIP~2\wzwmcie.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
O4 - HKLM\..\Run: [Dell V715w] "C:\Program Files (x86)\Dell V715w\fm3032.exe" /s
O4 - HKLM\..\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Kaspersky Security Scan.lnk = ?
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
O23 - Service: dlee_device - - C:\Windows\system32\dleecoms.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Dell DataSafe Online (NOBU) - Dell, Inc. - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11005 bytes


----------



## flavallee (May 12, 2002)

Start HiJackThis, then click "Do a system scan only".

When the scan is finished in about 30 - 60 seconds, put a checkmark in these log entries:

*R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=ironto

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=iro...A&cr=498605432*

then click "Fix Checked - Yes".

Close HiJackThis.

-----------------------------------------------------------

Go to Start - Run - *MSCONFIG* - OK - "Startup" tab.

Write down only the names in the "Startup Item" column that have a checkmark next to them.

If the "Startup Item" column isn't wide enough to see the entire name of any of them, widen the column.

Submit those names here in a vertical list.

Make sure to spell them EXACTLY as you see them there.

-----------------------------------------------------------


----------



## Cheryl910 (Jun 23, 2012)

HI

I ran Hijackthis again and checked those two for fixing. However am unable to find run in
the start menu. I looked for it in Task Bar and properties menu found it unchecked so I checked it but it
still does not show.


----------



## Cheryl910 (Jun 23, 2012)

Going back to undo that check since it did not seem to work


----------



## Cheryl910 (Jun 23, 2012)

I found system configuration

here are all checked

Microsoft windows operating system
Super Anti Spyware
Catalyst Control Center
Adobe Acrobat
Adobe Acrobat Reader
Common SDK
Dell Safe Online
Roxio Burner
Nero Launcher
Fax Solution
AccuWeather
Kaspersky Security Scan


----------



## Cheryl910 (Jun 23, 2012)

Ok was able to find "run"

Under MSCONFIG these are in startup

Real Tech Audio Manager
dleemon.exe
EZ Print
stage_primary
Microsoft windows operating system
Super Anti Spyware
Catalyst Control Center
Adobe Acrobat
Adobe Acrobat Reader
Common SDK
Dell Safe Online
Roxio Burner
Nero Launcher
Fax Solution
AccuWeather
Kaspersky Security Scan


----------



## flavallee (May 12, 2002)

Right-click the colored Start button, then click Properties.

Click the "Start Menu" tab, then click the "Customize" button.

Scroll down the list, then put a checkmark in "Run command".

Click OK - Apply - OK.

*Run* will now appear in your Start menu.

------------------------------------------------

Go to Start - Run - MSCONFIG - OK - "Startup" tab.

Uncheck these startup entries:

*Realtek Audio Manager

SUPERAntiSpyware

Adobe Acrobat

Adobe Acrobat Reader

Roxio Burner

Nero Launcher*

After you're done, click Apply - OK/Close - Exit Without Restart.

Go to Start - Run - SERVICES.MSC - OK.

Expand the services window so you can see the list clearly.

Double-click these service entries, one at a time, to open their properties window:

*Adobe Acrobat Update Service

Adobe Flash Player Update Service

AMD External Events Utility

Application Layer Gateway Service

GamesAppService

Google Update Service

Google Update Service

Nero Update

RoxMediaDB12OEM

Roxio Hard Drive Watcher 12*

If "Startup Type" is set on Automatic, change it to Manual, then click Apply - OK.

If "Startup Type" is already set on Manual, close the properties window.

After you're all done, close the services window and then restart the computer.

Wait for the computer to settle down from the restart.

Start HiJackThis, then click "Do a system scan and save a log file".

Save the new log that appears, then copy-and-paste it here.

-------------------------------------------------


----------



## flavallee (May 12, 2002)

How is the computer running now?

-------------------------------------------------------


----------



## Cheryl910 (Jun 23, 2012)

"Fun Moods browser still boots up first when I open Opera...."

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:26:18 PM, on 6/26/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Dell V715w\dleemon.exe
C:\Program Files (x86)\Dell V715w\ezprint.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Kaspersky Security Scan\KSS.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Users\Cheryl\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: WinZip Courier BHO - {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\PROGRA~2\WINZIP~2\wzwmcie.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
O4 - HKLM\..\Run: [Dell V715w] "C:\Program Files (x86)\Dell V715w\fm3032.exe" /s
O4 - HKLM\..\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Kaspersky Security Scan.lnk = ?
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
O23 - Service: dlee_device - - C:\Windows\system32\dleecoms.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero Update (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Dell DataSafe Online (NOBU) - Dell, Inc. - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10036 bytes


----------



## flavallee (May 12, 2002)

Run another quick scan with *Malwarebytes Anti-Malware* and *SUPERAntiSpyware* - after you first update their definition files.

Make sure to select and remove EVERYTHING they find - if anything.

Submit the new scan logs here.

Be careful not to accidentally re-submit the previous logs.

----------------------------------------------------------


----------



## Cheryl910 (Jun 23, 2012)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/26/2012 at 01:59 PM

Application Version : 5.1.1002

Core Rules Database Version : 8788
Trace Rules Database Version: 6600

Scan type : Quick Scan
Total Scan Time : 00:04:16

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 644
Memory threats detected : 0
Registry items scanned : 54350
Registry threats detected : 0
File items scanned : 10545
File threats detected : 57

Adware.Tracking Cookie
.doubleclick.net [ C:\USERS\CHERYL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\CHERYL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\CHERYL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\CHERYL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\CHERYL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\CHERYL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad-g.doubleclick.net [ C:\USERS\CHERYL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bs.serving-sys.com [ C:\USERS\CHERYL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\CHERYL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\CHERYL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\USERS\CHERYL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\CHERYL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\CHERYL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\CHERYL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\CHERYL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\CHERYL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\CHERYL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\CHERYL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\CHERYL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\CHERYL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\CHERYL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adxpose.com [ C:\USERS\CHERYL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\CHERYL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\CHERYL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\CHERYL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\CHERYL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\CHERYL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\CHERYL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\USERS\CHERYL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\LXAKFCCP.txt [ /doubleclick.net ]
.questionmarket.com [ C:\USERS\CHERYL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\CHERYL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\CHERYL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\CHERYL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\CHERYL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\CHERYL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\CHERYL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\CHERYL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\CHERYL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\CHERYL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies\G4BQIBUM.txt [ /atdmt.com ]
.adbrite.com [ C:\USERS\CHERYL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\CHERYL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\CHERYL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\CHERYL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\CHERYL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\CHERYL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\CHERYL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\CHERYL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\CHERYL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\CHERYL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\CHERYL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\CHERYL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\CHERYL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\USERS\CHERYL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\USERS\CHERYL\Cookies\LXAKFCCP.txt [ Cookie:[email protected]/ ]
C:\USERS\CHERYL\Cookies\G4BQIBUM.txt [ Cookie:[email protected]/ ]

________________________________________________________________________________________________

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.26.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Cheryl :: CHERYL-PC [administrator]

6/26/2012 2:08:05 PM
mbam-log-2012-06-26 (14-08-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208408
Time elapsed: 1 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


----------



## flavallee (May 12, 2002)

Cheryl:

I don't use the *Opera* or *Chrome* browsers, so I'm not familiar with their look or their settings.

I've done pretty much everything that I can for you.

I can request a gold/blue shield removal specialist jump in to assist you, but I can't guarantee the problem will be resolved.

--------------------------------------------------------


----------



## Cheryl910 (Jun 23, 2012)

Would it help if I changed browsers? I very much appreciate your help. I would like the gold/blue shield removal specialist
jump in, to perhaps give me some idea of what if anything I can do next.
I know I do not want to just live with this fun mood hyjacking my browser. Not sure what it is and what else it might be doing.

Again Thank You
Cheryl


----------



## flavallee (May 12, 2002)

The only browser that I use is *Windows Internet Explorer 9.0.7*, but on occasion I do use *Mozilla Firefox 13.0.1*.

I've requested a removal specialist to jump in and assist you. This section is very busy, so you may need to wait awhile for one to reply.

--------------------------------------------------------


----------



## Cheryl910 (Jun 23, 2012)

Nods, I just learned changing browsers may not matter since it can hyjack any of them. I would very much appreciate
a removal specialist. I also very much appreciate the time and effort you spent. It has definately been a learning experience
and that can never be all bad.
I imagine the whole site is quite busy and I will be patient, no problem. 

I just did this. I have IE7 but do not use it often. 
I went to "Tools"
Then "Manage add ons"
"Search Providers"
Change the Default to the provider you prefer.
Clicked on Funmoods and then was able to delete it. I made opera my default provider.
If you don't set another default first, it will not highlight the button to disable.
Problem now is I can't find tools for Opera in order to remove it from there. It definately 
shows fun mood as pinned to Opera but unpinning it does nothing.
Will keep searching for the toolbar for Opera.

Again Thanks
Much appreciated


----------



## flavallee (May 12, 2002)

I keep very few browser add-ons enabled - mostly Adobe and Java.

You're welcome. 

--------------------------------------------------------


----------



## Cheryl910 (Jun 23, 2012)

makes sense, I just may be doing that myself. The gadgets are most times not worth the junk that comes with.


----------

