I foolishly installed Privitize VPM an now have a mess. Actually, I don't even know if that was the source of my problem, but it may have been. I completed a removal using SB S&D 2 but I am left with cookies from every tracking site and porn site on the internet that repopulate every time I delete them. (S&D wasn't effective) What can I do to get rid of the source so that it doesn't keep coming back?
DSS Log
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16800
Run by me at 21:52:35 on 2013-03-29
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2814.1702 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\lxducoms.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Java\jre6\bin\jucheck.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1331&r=173611095203p0324v115r4841s22o
mStart Page = hxxp://searchou.com/?affil=7&uid=db7d2b60-8c3c-11e2-8bcd-001f16fd7d03
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1331&r=173611095203p0324v115r4841s22o
uURLSearchHooks: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
uRun: [Global Registration] "C:\Program Files (x86)\eMachines\Registration\GREG.exe" BOOT
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Organizer Pro] C:\Program Files (x86)\Organizer Pro\AtDem.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun: [Lexmark 5600-6600 Series] "C:\Program Files (x86)\Lexmark 5600-6600 Series\fm3032.exe" /s
mRun: [atr.exe] <no file>
StartupFolder: C:\Users\me\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\me\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{7534CCD2-2C51-4A20-9540-82EDBC5C9D8A} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{81C171C3-4CE2-42E6-AA66-D6B1A6F3A632} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{81C171C3-4CE2-42E6-AA66-D6B1A6F3A632}\035324430333837353735343 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{81C171C3-4CE2-42E6-AA66-D6B1A6F3A632}\140707C65602E4564777F627B602336303366333 : DHCPNameServer = 10.0.1.1
TCP: Interfaces\{81C171C3-4CE2-42E6-AA66-D6B1A6F3A632}\16733616 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{81C171C3-4CE2-42E6-AA66-D6B1A6F3A632}\854414D275966696D23586162796E676 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{81C171C3-4CE2-42E6-AA66-D6B1A6F3A632}\C696E6B6379737 : DHCPNameServer = 209.18.47.61 209.18.47.62
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1331&r=173611095203p0324v115r4841s22o
x64-mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1331&r=173611095203p0324v115r4841s22o
x64-BHO: Expat Shield Class: {3706EE7C-3CAD-445D-8A43-03EBC3B75908} -
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [lxdumon.exe] "C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe"
x64-Run: [lxduamon] "C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe"
x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\bvhir24s.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
.
============= SERVICES / DRIVERS ===============
.
R2 lxdu_device;lxdu_device;C:\Windows\System32\lxducoms.exe -service --> C:\Windows\System32\lxducoms.exe -service [?]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-3-28 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-3-28 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-3-28 168384]
R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2009-8-14 240160]
R3 athrusb;Netgear WG111T modded device driver;C:\Windows\System32\drivers\athrxusb.sys [2009-11-29 1037312]
S2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe --> C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [?]
S2 lxduCATSCustConnectService;lxduCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxduserv.exe [2010-1-14 29184]
S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.sys [2010-3-6 16392]
.
=============== Created Last 30 ================
.
2013-03-30 01:07:50 -------- d-----w- C:\Users\me\AppData\Local\Macromedia
2013-03-28 22:05:41 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-03-28 22:05:25 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-03-28 22:05:16 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-03-26 09:32:21 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D04DAA15-4027-41A0-96E8-3FF986C9CD7A}\mpengine.dll
2013-03-14 01:03:52 -------- d-----w- C:\Users\me\AppData\Roaming\BitTorrent
2013-03-14 00:58:22 -------- d-----w- C:\Users\me\AppData\Local\Torch
2013-03-14 00:22:03 -------- d-----w- C:\ProgramData\CLSoft LTD
2013-03-14 00:21:47 -------- d-----w- C:\ProgramData\MAgoniPicc
2013-03-14 00:21:44 -------- d-----w- C:\ProgramData\InstallMate
.
==================== Find3M ====================
.
2013-01-31 13:15:21 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-31 13:15:21 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-17 05:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 21:53:00.89 ===============
aswMBR Log
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-29 21:56:57
-----------------------------
21:56:57.192 OS Version: Windows x64 6.1.7600
21:56:57.193 Number of processors: 1 586 0x7F02
21:56:57.194 ComputerName: ME-PC UserName: me
21:56:58.779 Initialize success
21:59:51.383 AVAST engine defs: 13032901
22:00:00.365 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000057
22:00:00.369 Disk 0 Vendor: ST332041 CC44 Size: 305245MB BusType: 3
22:00:00.462 Disk 0 MBR read successfully
22:00:00.466 Disk 0 MBR scan
22:00:00.475 Disk 0 unknown MBR code
22:00:00.496 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14336 MB offset 2048
22:00:00.514 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 29362176
22:00:00.524 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290807 MB offset 29566976
22:00:00.552 Disk 0 scanning C:\Windows\system32\drivers
22:00:11.254 Service scanning
22:00:34.720 Modules scanning
22:00:34.769 Disk 0 trace - called modules:
22:00:34.800 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
22:00:35.184 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002fa5680]
22:00:35.195 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8002b907b0]
22:00:35.205 5 ACPI.sys[fffff88000e1a781] -> nt!IofCallDriver -> \Device\00000057[0xfffffa8002b909d0]
22:00:36.235 AVAST engine scan C:\Windows
22:00:38.529 AVAST engine scan C:\Windows\system32
22:05:03.820 AVAST engine scan C:\Windows\system32\drivers
22:05:17.472 AVAST engine scan C:\Users\me
22:05:59.301 Disk 0 MBR has been saved successfully to "C:\Users\me\Desktop\MBR.dat"
22:05:59.318 The log file has been saved successfully to "C:\Users\me\Desktop\aswMBR.txt"
I hope you can help. Thanks in advance.