rodbhi

January 14, 2013

My Apologies.. I thought I had replied. I did run the updates everything went smooth. The computer is running much better. The question I have it what should I be running as part of my defense. I have windows essentials, Maleware bytes and spy bots.

I really appreciate your help, it been a huge to get the computer working better.

January 7, 2013

Here is the Security Check Log

I have a question about the ESET Online Scanner found 7 issues. I unchecked the "Remove found threats" option so did these issue get removed with this step?

Security Check Log

Results of screen317's Security Check version 0.99.56

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Windows Firewall Disabled!

Microsoft Security Essentials

(On Access scanning disabled!)

Error obtaining update status for antivirus!

`````````Anti-malware/Other Utilities Check:`````````

Spybot - Search & Destroy

Malwarebytes Anti-Malware version 1.65.1.1000

JavaFX 2.1.0

Java 6 Update 29

Java 7 Update 7

Java version out of Date!

Adobe Flash Player 11.5.502.135

Adobe Reader 10.1.3 Adobe Reader out of Date!

Mozilla Firefox (17.0.1)

Google Chrome 21.0.1180.83

Google Chrome 21.0.1180.89

Google Chrome 22.0.1229.79

Google Chrome 22.0.1229.94

Google Chrome 23.0.1271.64

Google Chrome 23.0.1271.91

Google Chrome 23.0.1271.95

Google Chrome 23.0.1271.97

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 8%

````````````````````End of Log``````````````````````

January 7, 2013

Ok Here is the Log from ESET Scan

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6844

# api_version=3.0.2

# EOSSerial=a1ea00ed8e494c44aa0b8e8514480f51

# end=finished

# remove_checked=false

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2013-01-07 02:40:09

# local_time=2013-01-06 07:40:09 (-0700, US Mountain Standard Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5122 16777214 0 9 10043162 57120951 0 0

# compatibility_mode=5892 16777213 88 94 7432386 10215381 0 0

# scanned=269207

# found=7

# cleaned=0

# scan_time=9558

C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12datact.dll a variant of Win32/Toolbar.MyWebSearch.A application (unable to clean) BAEFCB03679575349E01668C4F0938643BAAA022 I

C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12htmlmu.dll probably a variant of Win32/Toolbar.MyWebSearch.B application (unable to clean) 53F3044159FFCF82C746898941DBE3DC2AC9A24C I

C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12Plugin.dll a variant of Win32/Toolbar.MyWebSearch application (unable to clean) 58B593186C002382ADB9B3DDB26B1BF82334D6F5 I

C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar72.zip Win32/Bagle.gen.zip worm (unable to clean) 3139B770E4721155AAF9EF97724E47828C40D70F I

C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar72.zip Win32/Bagle.gen.zip worm (unable to clean) 3139B770E4721155AAF9EF97724E47828C40D70F I

C:\Users\YUKA\AppData\LocalLow\CouponAlert_2pEI\Installr\Cache\0075DD65.exe a variant of Win32/Toolbar.MyWebSearch.O application (unable to clean) 6BBAE5C007C2D3FEF7BF0A321FDFCD532133B129 I

C:\Users\YUKA\AppData\LocalLow\MyScrapNook_12EI\Installr\Cache\002BE936.exe a variant of Win32/Toolbar.MyWebSearch.O application (unable to clean) 1A1EB4B91142EEA8AEDC289936B79E3C206E6342 I

January 6, 2013

Its working much better. I have not run into any more issue. Hopefully searchqu will not resurface. Thanks for all your help I really appreciate it.

January 4, 2013

Ok Here are next set of log files

ComboFix 2

ComboFix 13-01-04.03 - Rodney 01/04/2013 15:43:26.3.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2307 [GMT -7:00]

Running from: c:\users\Rodney\Desktop\ComboFix.exe

Command switches used :: c:\users\Rodney\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\progra~2\WI3C8A~1\Datamngr

.

((((((((((((((((((((((((( Files Created from 2012-12-04 to 2013-01-04 )))))))))))))))))))))))))))))))

.

2013-01-04 22:55 . 2013-01-04 22:55 -------- d-----w- c:\users\YUKA\AppData\Local\temp

2013-01-04 22:55 . 2013-01-04 22:55 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-04 05:37 . 2013-01-04 05:37 0 ----a-w- c:\windows\SysWow64\shoC6EC.tmp

2013-01-02 21:24 . 2013-01-02 21:24 -------- d-----w- C:\found.002

2012-12-27 00:46 . 2012-08-21 20:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-12-27 00:46 . 2012-12-27 00:46 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-12-27 00:46 . 2012-12-27 00:46 -------- d-----w- c:\program files\iTunes

2012-12-27 00:46 . 2012-12-27 00:46 -------- d-----w- c:\program files\iPod

2012-12-27 00:39 . 2012-12-27 00:39 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2012-12-27 00:39 . 2012-12-27 00:39 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2012-12-27 00:39 . 2012-12-27 00:39 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2012-12-27 00:39 . 2012-12-27 00:39 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2012-12-27 00:39 . 2012-12-27 00:39 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2012-12-27 00:39 . 2012-12-27 00:39 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2012-12-27 00:39 . 2012-12-27 00:39 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2012-12-27 00:39 . 2012-12-27 00:39 -------- d-----w- c:\program files (x86)\QuickTime

2012-12-22 03:51 . 2012-12-22 03:51 0 ----a-w- c:\windows\SysWow64\shoFA10.tmp

2012-12-21 19:09 . 2012-12-21 19:09 -------- d-----w- c:\users\Rodney\AppData\Roaming\USTechSupport

2012-12-20 21:17 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-20 21:17 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-20 21:17 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-20 21:17 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-12 16:29 . 2012-11-14 07:11 763424 ----a-w- c:\program files\Internet Explorer\iexplore.exe

2012-12-12 14:47 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll

2012-12-12 14:46 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll

2012-12-12 14:46 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll

2012-12-09 04:25 . 2012-12-09 04:25 -------- d-----w- c:\users\YUKA\AppData\Roaming\USTechSupport

2012-12-09 04:25 . 2012-10-05 14:56 19336 ----a-w- c:\windows\system32\roboot64.exe

2012-12-09 04:24 . 2012-12-09 04:24 -------- d-----w- c:\program files (x86)\Common Files\USTechSupport

2012-12-09 04:24 . 2012-12-09 04:25 -------- d-----w- c:\program files (x86)\USTechSupport

2012-12-09 04:23 . 2012-12-09 04:39 -------- d-----w- c:\programdata\USTechSupport

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-12 16:32 . 2010-12-25 18:34 67413224 ----a-w- c:\windows\system32\MRT.exe

2012-12-12 15:05 . 2012-04-01 03:12 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-12-12 15:05 . 2011-05-13 15:48 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-04 05:20 . 2012-12-04 05:20 0 ----a-w- c:\windows\SysWow64\shoDAC5.tmp

2012-12-03 04:54 . 2012-12-03 04:54 0 ----a-w- c:\windows\SysWow64\shoE36F.tmp

2012-11-28 22:22 . 2012-11-28 22:23 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2F39678D-78AB-49BD-B61A-E756FA64C2B7}\gapaengine.dll

2012-11-20 01:01 . 2012-11-20 01:01 0 ----a-w- c:\windows\SysWow64\shoA983.tmp

2012-11-11 04:35 . 2012-11-11 04:35 0 ----a-w- c:\windows\SysWow64\sho9C3E.tmp

2012-11-08 17:24 . 2013-01-04 21:15 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7CEFDCA8-F50D-4FD5-8233-C828602283C7}\mpengine.dll

2012-11-08 17:24 . 2013-01-03 17:17 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-10-25 10:12 . 2012-10-25 10:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2012-10-25 10:12 . 2012-10-25 10:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

2012-10-16 08:38 . 2012-11-28 14:20 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38 . 2012-11-28 14:20 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39 . 2012-11-28 14:21 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-09 18:17 . 2012-11-14 18:28 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2012-10-09 18:17 . 2012-11-14 18:28 226816 ----a-w- c:\windows\system32\dhcpcore6.dll

2012-10-09 17:40 . 2012-11-14 18:28 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40 . 2012-11-14 18:28 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0214754e-4e7d-4589-829d-e2523e6a3085}]

c:\progra~2\MYSCRA~2\bar\1.bin\12bar.dll [bU]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{65f159fb-5f5e-46f4-b45d-ccfa236d2073}]

c:\program files (x86)\MyScrapNook_12\bar\1.bin\12SrcAs.dll [bU]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{66516A07-F617-488A-90CF-4E690CFB3C5F}]

c:\users\YUKA\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll [bU]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]

c:\progra~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{fe6f06fb-0fc0-4499-828f-ee48088f504f}"= "c:\program files (x86)\MyScrapNook_12\bar\1.bin\12bar.dll" [bU]

"{311B58DC-A4DC-4B04-B1B5-60299AD3D803}"= "c:\users\YUKA\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll" [bU]

.

[HKEY_CLASSES_ROOT\clsid\{fe6f06fb-0fc0-4499-828f-ee48088f504f}]

.

[HKEY_CLASSES_ROOT\clsid\{311b58dc-a4dc-4b04-b1b5-60299ad3d803}]

[HKEY_CLASSES_ROOT\ShopAtHome.ShopAtHome.3]

[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]

[HKEY_CLASSES_ROOT\ShopAtHome.ShopAtHome]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-21 719672]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-10 39408]

"Tango"="c:\program files (x86)\Tango\Tango.exe" [2011-11-04 13489992]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]

"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-12-16 498160]

"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-02-03 103896]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"ShopAtHomeWatcher"="c:\users\YUKA\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe" [2012-10-18 103864]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]

.

c:\users\Rodney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 htcusbnet;HTC USB-NDIS miniport;c:\windows\system32\DRIVERS\htcusbnet.sys [2010-12-15 153600]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-17 232480]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-17 325152]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-25 1255736]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]

S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]

S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-02-03 793048]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]

S2 USTSPCODiskOptimizer;USTSPCODiskOptimizer;c:\program files (x86)\USTechSupport\PC Optimizer\USTSPCODefragSrv64.exe [2012-10-05 283528]

S2 USTSScheduler;US Tech Support Scheduling Service;c:\program files (x86)\USTechSupport\SchedulerService\SchedulerService.exe [2012-07-12 736648]

S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]

S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [2010-02-03 20984]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-03-30 53800]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-30 35104]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-04 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 15:05]

.

2013-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-10 21:13]

.

2013-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-10 21:13]

.

2013-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1573542286-1161663109-1103225728-1001Core.job

- c:\users\YUKA\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-07 01:49]

.

2013-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1573542286-1161663109-1103225728-1001UA.job

- c:\users\YUKA\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-07 01:49]

.

2013-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1573542286-1161663109-1103225728-1003Core.job

- c:\users\Rodney\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-20 04:46]

.

2013-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1573542286-1161663109-1103225728-1003UA.job

- c:\users\Rodney\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-20 04:46]

.

2012-11-28 c:\windows\Tasks\Norton Security Scan for Rodney.job

- c:\progra~2\NORTON~2\Engine\372~1.5\Nss.exe [2012-04-18 09:45]

.

2012-11-29 c:\windows\Tasks\Norton Security Scan for YUKA.job

- c:\progra~2\NORTON~2\Engine\372~1.5\Nss.exe [2012-04-18 09:45]

.

2013-01-04 c:\windows\Tasks\RMSchedule.job

- c:\program files (x86)\PC Tools Registry Mechanic\RegMech.exe [2012-04-21 20:34]

.

2013-01-04 c:\windows\Tasks\USTSPCO-USTSPCOOneClickCare.job

- c:\program files (x86)\USTechSupport\PC Optimizer\USTSPCO.exe [2012-12-09 14:56]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-18 487424]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-03 5712896]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.1.1

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - ProfilePath - c:\users\Rodney\AppData\Roaming\Mozilla\Firefox\Profiles\mi11xrbj.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - ExtSQL: !HIDDEN! 2011-05-06 09:26; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF - ExtSQL: !HIDDEN! 2011-12-15 08:55; 12ffxtbr@MyScrapNook_12.com; c:\program files (x86)\MyScrapNook_12\bar\1.bin

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-10 - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-Juniper_Setup_Client Activex Control - c:\windows\Downloaded Program Files\JuniperSetupClientCtrlUninstaller.exe

AddRemove-ShopAtHome.com Toolbar - c:\users\YUKA\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\ShopAtHomeUninstall.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe

.

**************************************************************************

.

Completion time: 2013-01-04 16:14:49 - machine was rebooted

ComboFix-quarantined-files.txt 2013-01-04 23:14

ComboFix2.txt 2013-01-04 21:42

ComboFix3.txt 2013-01-04 18:01

.

Pre-Run: 397,532,708,864 bytes free

Post-Run: 397,534,142,464 bytes free

.

- - End Of File - - 43842DE75714B4DC0942F5F278C38252

AdwCleaner2

# AdwCleaner v2.104 - Logfile created 01/04/2013 at 16:18:56

# Updated 29/12/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Rodney - YUKA-PC

# Boot Mode : Normal

# Running from : C:\Users\Rodney\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchResults.xml

File Deleted : C:\user.js

File Deleted : C:\Users\Rodney\AppData\Roaming\Mozilla\Firefox\Profiles\mi11xrbj.default\searchplugins\CouponAlert_2p.xml

File Deleted : C:\Users\YUKA\AppData\Roaming\Mozilla\Firefox\Profiles\qn8t9lvt.default\searchplugins\CouponAlert_2p.xml

File Deleted : C:\Users\YUKA\AppData\Roaming\Mozilla\Firefox\Profiles\qn8t9lvt.default\searchplugins\MyStart Search.xml

File Deleted : C:\Users\YUKA\AppData\Roaming\Mozilla\Firefox\Profiles\qn8t9lvt.default\searchplugins\SearchResults.xml

Folder Deleted : C:\Program Files (x86)\Perion

Folder Deleted : C:\Program Files (x86)\Windows iLivid Toolbar

Folder Deleted : C:\ProgramData\boost_interprocess

Folder Deleted : C:\Users\Rodney\AppData\LocalLow\BabylonToolbar

Folder Deleted : C:\Users\Rodney\AppData\LocalLow\CouponAlert_2p

Folder Deleted : C:\Users\YUKA\AppData\Local\Ilivid Player

Folder Deleted : C:\Users\YUKA\AppData\LocalLow\BabylonToolbar

Folder Deleted : C:\Users\YUKA\AppData\LocalLow\CouponAlert_2p

Folder Deleted : C:\Users\YUKA\AppData\LocalLow\Searchqutoolbar

Folder Deleted : C:\Users\YUKA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\CouponAlert_2p

Key Deleted : HKCU\Software\IM

Key Deleted : HKCU\Software\ImInstaller

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils

Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}

Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook

Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1

Key Deleted : HKLM\Software\CompeteInc

Key Deleted : HKLM\Software\IB Updater

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8867AC9B-4426-44A2-A693-C95850D3405C}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{23B0AE65-17D2-4491-98E5-B1AA6228DDA2}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2AF08E71-3657-462F-898C-F7E791948F94}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56965DCF-718F-4148-BECF-5A2B466F4556}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7225F6C9-CF64-4D6D-AE8A-169779FD7B4D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{004EB151-885B-4A9E-A22D-CA98DD998D75}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{041278C7-DF92-486D-AE85-921BDFC75A43}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F1794F2-900B-4C81-8146-9234E5CC5BE2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1116A14B-F6A3-4FD9-A00E-FF8CF270EE48}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{21D9997E-5D2A-4737-BCBA-C958C0590295}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{36A7148B-639E-423C-90BB-30B6E1A40BD7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{56965DCF-718F-4148-BECF-5A2B466F4556}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5F701D7D-C869-41F0-B0E2-8136F02B539C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{61DAB0AD-AD23-4E40-84AC-7C6CE64D4EB3}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{65D8E17B-312E-4E12-913B-A841A8631143}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6BDA50D2-5597-4C68-A842-9B857FCCDA49}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6CA3D0AB-F807-462C-BA7F-E27F07F91E32}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{860AF5D1-0735-409D-8E5F-E3E99356D7E9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8997561D-CF0B-42C7-AAE6-78801B3ADC7F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{92580E8C-88F5-4551-9D9E-8147E7EE2C32}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A0636D37-97D0-4DC4-95A6-93AABA07437F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A786F51D-B3C7-4F52-91EF-E1A892C2A2AE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D244EAC5-A0F5-4859-A1F8-18ABC0AC3A00}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8AF87C1-0B1E-494B-AAF0-CECC3FFEDF99}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC4DAE-7794-4E16-9A98-F6001303DCD0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAB77009-B974-48DF-8229-E70CFAA11C69}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EBAA6283-B61F-4DDD-9659-56635433A307}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFB0C189-5077-4340-9838-AF7B8E792A54}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFB4F034-3EB5-48D5-84DD-89BBCF9A182F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F9D45087-1CF1-452E-9649-FDFDAC578E03}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF2EBC1C-6579-41DB-91DD-945A1C8DB2D2}

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Users\YUKA\AppData\Roaming\Mozilla\Firefox\Profiles\qn8t9lvt.default\prefs.js

C:\Users\YUKA\AppData\Roaming\Mozilla\Firefox\Profiles\qn8t9lvt.default\user.js ... Deleted !

Deleted : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb185?a=6R8MYdg5Jm&i=26");

Deleted : user_pref("browser.search.order.1", "iLivid Web Search");

Deleted : user_pref("extensions.CouponAlert_2p.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/open[...]

Deleted : user_pref("extensions.CouponAlert_2p.prevKwdURL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.[...]

Deleted : user_pref("extensions.incredibar.admin", false);

Deleted : user_pref("extensions.incredibar.aflt", "orgnl");

Deleted : user_pref("extensions.incredibar.cntry", "US");

Deleted : user_pref("extensions.incredibar.dfltLng", "");

Deleted : user_pref("extensions.incredibar.dfltSrch", false);

Deleted : user_pref("extensions.incredibar.did", "10678");

Deleted : user_pref("extensions.incredibar.envrmnt", "production");

Deleted : user_pref("extensions.incredibar.excTlbr", false);

Deleted : user_pref("extensions.incredibar.hdrMd5", "C127B6B7B527486BFB76502A48C7A85A");

Deleted : user_pref("extensions.incredibar.hmpg", false);

Deleted : user_pref("extensions.incredibar.id", "7c4e86d4000000000000c0cb38136d6b");

Deleted : user_pref("extensions.incredibar.installerproductid", "26");

Deleted : user_pref("extensions.incredibar.instlDay", "15676");

Deleted : user_pref("extensions.incredibar.instlRef", "");

Deleted : user_pref("extensions.incredibar.isDcmntCmplt", true);

Deleted : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1418:37:33");

Deleted : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");

Deleted : user_pref("extensions.incredibar.newTab", false);

Deleted : user_pref("extensions.incredibar.noFFXTlbr", false);

Deleted : user_pref("extensions.incredibar.ppd", "111");

Deleted : user_pref("extensions.incredibar.prdct", "incredibar");

Deleted : user_pref("extensions.incredibar.productid", "26");

Deleted : user_pref("extensions.incredibar.prtnrId", "Incredibar");

Deleted : user_pref("extensions.incredibar.sg", "none");

Deleted : user_pref("extensions.incredibar.smplGrp", "none");

Deleted : user_pref("extensions.incredibar.tlbrId", "base");

Deleted : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8MYdg5Jm&loc=IB_T[...]

Deleted : user_pref("extensions.incredibar.upn2", "6R8MYdg5Jm");

Deleted : user_pref("extensions.incredibar.upn2n", "92825499365636064");

Deleted : user_pref("extensions.incredibar.vrsn", "1.5.11.14");

Deleted : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1418:37:33");

Deleted : user_pref("extensions.incredibar.vrsni", "1.5.11.14");

Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");

Deleted : user_pref("extensions.incredibar_i.dfltLng", "");

Deleted : user_pref("extensions.incredibar_i.did", "10678");

Deleted : user_pref("extensions.incredibar_i.excTlbr", false);

Deleted : user_pref("extensions.incredibar_i.id", "7c4e86d4000000000000c0cb38136d6b");

Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");

Deleted : user_pref("extensions.incredibar_i.instlDay", "15676");

Deleted : user_pref("extensions.incredibar_i.instlRef", "");

Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");

Deleted : user_pref("extensions.incredibar_i.newTab", false);

Deleted : user_pref("extensions.incredibar_i.ppd", "111");

Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");

Deleted : user_pref("extensions.incredibar_i.productid", "26");

Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");

Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");

Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");

Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8MYdg5Jm&loc=IB[...]

Deleted : user_pref("extensions.incredibar_i.upn2", "6R8MYdg5Jm");

Deleted : user_pref("extensions.incredibar_i.upn2n", "92825499365636064");

Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");

Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1418:37:33");

Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");

File : C:\Users\Rodney\AppData\Roaming\Mozilla\Firefox\Profiles\mi11xrbj.default\prefs.js

Deleted : user_pref("extensions.CouponAlert_2p.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/open[...]

-\\ Google Chrome v23.0.1271.97

File : C:\Users\YUKA\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Rodney\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [17409 octets] - [04/01/2013 15:07:12]

AdwCleaner[R2].txt - [17352 octets] - [04/01/2013 16:18:33]

AdwCleaner[s1].txt - [17637 octets] - [04/01/2013 16:18:56]

########## EOF - C:\AdwCleaner[s1].txt - [17698 octets] ##########

January 4, 2013

Appreciate the help here are the additional logs

ComboFix

ComboFix 13-01-04.03 - Rodney 01/04/2013 14:24:41.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.1737 [GMT -7:00]

Running from: c:\users\Rodney\Desktop\ComboFix.exe

Command switches used :: c:\users\Rodney\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\YUKA\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar

c:\users\YUKA\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\basis.xml

c:\users\YUKA\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\ClearHist.exe

c:\users\YUKA\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\icons.bmp

c:\users\YUKA\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\IE8GuardWorkaround.exe

c:\users\YUKA\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\logo.png

c:\users\YUKA\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\minus.png

c:\users\YUKA\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\plus.png

c:\users\YUKA\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\SAH_favicon.ico

c:\users\YUKA\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\SAHPlugin.dll

c:\users\YUKA\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-alert.png

c:\users\YUKA\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-clearsearch.png

c:\users\YUKA\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-comment.png

c:\users\YUKA\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-contests.png

c:\users\YUKA\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-freecoupons.png

c:\users\YUKA\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-freesamples.png

c:\users\YUKA\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-go.png

c:\users\YUKA\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-grocerycoupons.png

c:\users\YUKA\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-information.png

c:\users\YUKA\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-mysah.png

c:\users\YUKA\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-options.png

c:\users\YUKA\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-restaurant.png

c:\users\YUKA\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-wishlist.png

c:\users\YUKA\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\ShopAtHomeUninstall.exe

c:\users\YUKA\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\TbCommonUtils.dll

c:\users\YUKA\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll

c:\users\YUKA\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbhelper.dll

c:\users\YUKA\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\TbHelper2.exe

c:\users\YUKA\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbs_include_script_externalsearch.js

c:\users\YUKA\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbs_include_script_showhidetoolbar.js

c:\users\YUKA\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\uninstall.exe

c:\users\YUKA\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\update.exe

c:\users\YUKA\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\version.txt

.

((((((((((((((((((((((((( Files Created from 2012-12-04 to 2013-01-04 )))))))))))))))))))))))))))))))

.

2013-01-04 21:31 . 2013-01-04 21:31 -------- d-----w- c:\users\YUKA\AppData\Local\temp