Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Ridding Ask,ciom from home page

  1. #1
    Member
    Join Date
    Jan 2012
    Posts
    38

    Default Ridding Ask,ciom from home page

    After getting rid of all viruses with Baidu antivirus and Spybot Professional version 2.1, I reinstalled Internet Explorer 9. Connection to internet with this browser is working fine but has an irritating Ask.com as my home page. I try getting rid of Ask.com as my home page by going to Tool and Search Providers and checking the box "Preventing programs from suggest changes to my default search provider" but this attempt does not get rid of Ask.com. I would appreciate if someone could help me.

    The DDS is shown below. My OS is Windows 7 which is not compatible with ERUNT. Also tried running aswMBR but got a message that my computer cannot complete the task.

    ______________________________________________________________________________________________________________________________

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16506
    Run by Ken at 0:12:52 on 2013-09-29
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6135.3361 [GMT -7:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\STacSV64.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BAVSvc.exe
    C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bavhm.exe
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\SymcPCCULaunchSvc.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\Windows\system32\taskeng.exe
    c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
    c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_175_ActiveX.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
    C:\Windows\system32\taskhost.exe
    c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe
    C:\Windows\system32\consent.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://news.google.com/news/
    uSearch Bar = hxxp://www.google.com/
    uURLSearchHooks: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - <orphaned>
    uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    mWinlogon: Userinit = userinit.exe,
    BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: Movies Toolbar (Dist. by Bandoo Media, Inc.): {ec2bae47-25af-4ce9-9e78-10627a49c9ea} - C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx.dll
    BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Movies Toolbar (Dist. by Bandoo Media, Inc.): {ec2bae47-25af-4ce9-9e78-10627a49c9ea} - C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    mRun: [Baidu Antivirus] "C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe" -auto
    mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    dRunOnce: [AvanquestMainUI] C:\Program Files (x86)\Avanquest\Fix-It\Fix-It.exe
    uPolicies-Explorer: HideSCAHealth = dword:1
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
    TCP: NameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{75F16E61-762B-4D6A-B51A-E306450592E7} : DHCPNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{75F16E61-762B-4D6A-B51A-E306450592E7}\1424A4D27657563747 : DHCPNameServer = 209.18.47.61 209.18.47.62 192.168.33.1
    TCP: Interfaces\{75F16E61-762B-4D6A-B51A-E306450592E7}\14863686F69723031303 : DHCPNameServer = 10.0.0.1
    TCP: Interfaces\{75F16E61-762B-4D6A-B51A-E306450592E7}\14863686F69723031303F5548545 : DHCPNameServer = 10.0.0.1
    TCP: Interfaces\{75F16E61-762B-4D6A-B51A-E306450592E7}\3757E636F6163747 : DHCPNameServer = 192.168.0.1 192.168.0.1 192.168.1.1
    TCP: Interfaces\{75F16E61-762B-4D6A-B51A-E306450592E7}\75F6E676C2B4E2 : DHCPNameServer = 209.18.47.61 209.18.47.62
    Notify: SDWinLogon - SDWinLogon.dll
    AppInit_DLLs= C:\PROGRA~2\MOVIES~1\Datamngr\mgrldr.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    x64-SSODL: WebCheck - <orphaned>
    x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
    R1 Bfilter;Baidu Antivirus Minifilter Driver;C:\Windows\System32\drivers\Bfilter.sys [2013-6-17 50496]
    R1 Bfmon;Baidu FS Monitor Driver;C:\Windows\System32\drivers\Bfmon.sys [2013-6-17 32576]
    R1 Bprotect;Baidu Protect;C:\Windows\System32\drivers\Bprotect.sys [2013-6-17 106624]
    R1 SDHookDriver;Hook Test Driver;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [2013-9-14 63776]
    R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe [2010-4-19 89600]
    R2 BAVSvc;Baidu Antivirus Service;C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BAVSvc.exe [2013-9-26 1830208]
    R2 BHipsSvc;Baidu Hips Service;C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe [2013-9-26 451224]
    R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
    R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\SymcPCCULaunchSvc.exe [2011-12-13 135608]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-9-14 1817560]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-9-14 1033688]
    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2010-11-23 1974080]
    R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2009-6-29 70656]
    R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2009-10-12 151040]
    R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-8-19 11856]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe [2011-12-13 126392]
    S2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-9-14 171928]
    S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-1-9 228408]
    S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-7-20 140712]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 139616]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-6-20 366600]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-4-19 258560]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-24 59392]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-29 1255736]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
    S4 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2009-7-8 30520]
    .
    =============== File Associations ===============
    .
    FileExt: .vbe: VBEFile=NOTEPAD.EXE %1
    FileExt: .vbs: VBSFile=NOTEPAD.EXE %1
    FileExt: .js: JSFile=NOTEPAD.EXE %1
    FileExt: .jse: JSEFile=NOTEPAD.EXE %1
    FileExt: .wsf: WSFFile=NOTEPAD.EXE %1
    .
    =============== Created Last 30 ================
    .
    2013-09-29 05:55:09 9694160 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{23E3AE7E-DC7A-4306-8B4A-A0FFFC298D2D}\mpengine.dll
    2013-09-28 17:32:58 9694160 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-09-26 07:36:06 36160 ----a-w- C:\Windows\System32\uxtuneup.dll
    2013-09-26 07:36:05 29504 ----a-w- C:\Windows\SysWow64\uxtuneup.dll
    2013-09-26 07:36:05 25920 ----a-w- C:\Windows\System32\authuitu.dll
    2013-09-26 07:36:04 21312 ----a-w- C:\Windows\SysWow64\authuitu.dll
    2013-09-26 07:19:25 34624 ----a-w- C:\Windows\System32\TURegOpt.exe
    2013-09-26 07:14:32 -------- d-----w- C:\Program Files (x86)\TuneUp Utilities 2011
    2013-09-15 06:57:23 -------- d-sh--w- C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
    2013-09-15 06:57:23 -------- d--h--w- C:\ProgramData\Common Files
    2013-09-15 06:20:20 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
    2013-09-12 23:15:01 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-09-11 21:06:39 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
    2013-09-11 10:00:02 170344 ----a-w- C:\ProgramData\FileSplitUpLoad.dll
    2013-09-08 06:29:00 -------- d-----w- C:\Users\Ken\AppData\Local\{2723AA89-1DCE-4089-8519-67D914247444}
    2013-09-06 05:20:47 965008 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D0C9ABBE-A461-4C01-89AA-BADF88BF66C2}\gapaengine.dll
    2013-09-01 05:20:53 -------- d-----w- C:\ProgramData\Wincert
    2013-09-01 05:20:46 -------- d-----w- C:\Users\Ken\AppData\Local\ilividmoviestoolbardla
    2013-09-01 05:20:21 -------- d-----w- C:\Program Files (x86)\Movies Toolbar
    .
    ==================== Find3M ====================
    .
    2013-09-21 06:08:30 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-09-21 06:08:30 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-08-20 06:10:52 106624 ----a-w- C:\Windows\System32\drivers\Bprotect.sys
    2013-08-12 19:17:22 50496 ----a-w- C:\Windows\System32\drivers\Bfilter.sys
    2013-08-12 19:17:22 32576 ----a-w- C:\Windows\System32\drivers\Bfmon.sys
    2013-08-08 01:20:43 3155456 ----a-w- C:\Windows\System32\win32k.sys
    2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
    2013-08-02 02:23:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll
    2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll
    2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
    2013-08-02 01:59:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
    2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
    2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
    2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2013-07-31 13:29:19 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2013-07-31 13:19:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2013-07-31 13:18:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2013-07-31 13:14:29 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2013-07-31 13:13:07 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2013-07-31 13:08:44 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-07-31 10:00:20 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-07-31 09:52:44 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-07-31 09:52:34 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2013-07-31 09:48:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2013-07-31 09:48:09 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2013-07-31 09:45:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
    2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
    2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
    2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll
    2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
    2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll
    2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll
    2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
    2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2010-10-12 21:24:28 6278656 ----a-w- C:\Program Files\ParetoLogic Data Recovery.msi
    .
    ============= FINISH: 0:18:25.88 ===============

  2. #2
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,067

    Default

    hi gnowgnow,

    Sorry for the delay, if you still need help simply reply back.
    How Can I Reduce My Risk?

  3. #3
    Member
    Join Date
    Jan 2012
    Posts
    38

    Default

    Thank you for responding. Yes, I still need help.

  4. #4
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,067

    Default

    Ok, first look in your add/remove programs panel and uninstall if present: Movies Toolbar (Dist. by Bandoo Media, Inc.)
    After the uninstall reboot your machine.

    Next:
    Lets see what adwcleaner can drag up.

    Please download Adwcleaner.exe to your desktop.
    Right click on AdwCleaner.exe, and select "run as admin"
    Click on the Scan button
    Once its done click on the Report button
    Copy and paste the contents of the log file in your next reply
    You can also find the logfile at C:\AdwCleaner[R1].txt as well
    Exit AdwCleaner with the X (close) button. click ok at the final prompt.

    We will go from there.
    How Can I Reduce My Risk?

  5. #5
    Member
    Join Date
    Jan 2012
    Posts
    38

    Default

    Removed Movies Toolbar and rebooted computer but Ask.com is still controlling my home page.

    Downloaded Adwcleaner and did a scan as you have directed. Here is the log:

    # AdwCleaner v3.006 - Report created 03/10/2013 at 22:08:58
    # Updated 01/10/2013 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Ken - KEN-PC
    # Running from : C:\Users\Ken\AppData\Local\Temp\Temporary Internet Files\Content.IE5\NCVDSMI3\AdwCleaner (1).exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    File Found : C:\END
    File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
    File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
    File Found : C:\Users\Public\Desktop\eBay.lnk
    Folder Found C:\Program Files (x86)\Conduit
    Folder Found C:\Program Files (x86)\Movies Toolbar
    Folder Found C:\Program Files (x86)\RebateInformer
    Folder Found C:\Program Files\Viewpoint
    Folder Found C:\ProgramData\baidu
    Folder Found C:\ProgramData\Conduit
    Folder Found C:\Users\Ken\AppData\Local\Conduit
    Folder Found C:\Users\Ken\AppData\LocalLow\baidu
    Folder Found C:\Users\Ken\AppData\LocalLow\Conduit
    Folder Found C:\Users\Ken\AppData\Roaming\baidu

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\movies~1\datamngr\mgrldr.dll
    Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll
    Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~3\Wincert\WIN64C~1.DLL
    Key Found : HKCU\Software\APN PIP
    Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Found : HKCU\Software\AppDataLow\Software\Conduit
    Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Found : HKCU\Software\AppDataLow\Software\smartbar
    Key Found : HKCU\Software\Conduit
    Key Found : HKCU\Software\CToolbar
    Key Found : HKCU\Software\DataMngr
    Key Found : HKCU\Software\ilivid
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EC2BAE47-25AF-4CE9-9E78-10627A49C9EA}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EC2BAE47-25AF-4CE9-9E78-10627A49C9EA}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
    Key Found : HKCU\Software\SearchProtect
    Key Found : HKCU\Software\YahooPartnerToolbar
    Key Found : [x64] HKCU\Software\APN PIP
    Key Found : [x64] HKCU\Software\Conduit
    Key Found : [x64] HKCU\Software\CToolbar
    Key Found : [x64] HKCU\Software\DataMngr
    Key Found : [x64] HKCU\Software\ilivid
    Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
    Key Found : [x64] HKCU\Software\SearchProtect
    Key Found : [x64] HKCU\Software\YahooPartnerToolbar
    Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{7CD74AFF-3433-4E34-92E2-D98DFDB30754}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{EC2BAE47-25AF-4CE9-9E78-10627A49C9EA}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
    Key Found : HKLM\Software\Conduit
    Key Found : HKLM\Software\CToolbar
    Key Found : HKLM\Software\DataMngr
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EC2BAE47-25AF-4CE9-9E78-10627A49C9EA}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
    Key Found : HKLM\Software\PIP
    Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
    Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
    Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ConduitFloatingPlugin_klibnahbojhkanfgaglnlalfkgpcppfi]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
    Value Found : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
    Value Found : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
    Value Found : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
    Value Found : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
    Value Found : HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls [x64]
    Value Found : HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls [x86]

    ***** [ Browsers ] *****

    -\\ Internet Explorer v9.0.8112.16506


    -\\ Google Chrome v29.0.1547.76

    [ File : C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Found : homepage
    Found : urls_to_restore_on_startup

    *************************

    AdwCleaner[R0].txt - [8477 octets] - [03/10/2013 22:06:57]
    AdwCleaner[R1].txt - [8349 octets] - [03/10/2013 22:08:58]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [8409 octets] ##########

  6. #6
    Member
    Join Date
    Jan 2012
    Posts
    38

    Default

    After sending you the log from Adwcleaner, I went back to the Uninstall panel and found another Movies Toolbar.. After uninstalling this, I lost connection to my webpage.

    In the process of downloading Adwcleaner.exe I noticed there were several sponser adververtized programs attached to the download and Baidu Antivirus warned me about some malicious programs trying to gain access to my computer. I ran a Baidu full scan and caught several Trojan viruses.

  7. #7
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,067

    Default

    Adwcleaner dosnt present other offers or have malware in it. You got it directly from bleepingcomputer.com?
    Run adwcleaner like you did before: click the scan button, when the scan is done this time click the clean button. Machine will reboot and at restart show a new log. Please post the new log in your reply.
    We will also get another download to use, which you can keep as another anti-malware app;

    Please download the free version of Malwarebytes to your desktop.

    Double-click mbam-setup.exe and follow the prompts to install the program.

    Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

    If an update is found, it will download and install the latest version.

    Once the program has loaded, select Perform FULL SCAN, then click Scan.
    When the scan is complete, click OK, then Show Results to view the results.

    Be sure that everything is checked, and click *Remove Selected.*

    *A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

    When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
    Post the log in your reply.
    How Can I Reduce My Risk?

  8. #8
    Member
    Join Date
    Jan 2012
    Posts
    38

    Default

    Thank you very much for helping me to rid the pesky Ask.com from my homepage and getting my webpage back in Explorer.

    The loading time for websites is very slow. Closing some of my websites, especially the banking websites where I pay all my bills, take a long time. Do you think some virus remnants are still lurking in my machine?

    Here are the logs for Adwcleaner and Malwarebytes after I have hit the clean buttons:
    ___________________________________________________________________________________________________________________________
    AdwCleaner v3.006 - Report created 04/10/2013 at 23:10:17
    # Updated 01/10/2013 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Ken - KEN-PC
    # Running from : C:\Users\Ken\AppData\Local\Temp\Temporary Internet Files\Content.IE5\QONNFQVJ\AdwCleaner.exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Found C:\ProgramData\baidu

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll
    Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~3\Wincert\WIN64C~1.DLL

    ***** [ Browsers ] *****

    -\\ Internet Explorer v9.0.8112.16506


    -\\ Google Chrome v29.0.1547.76

    [ File : C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [8477 octets] - [03/10/2013 22:06:57]
    AdwCleaner[R1].txt - [8537 octets] - [03/10/2013 22:08:58]
    AdwCleaner[R2].txt - [1884 octets] - [04/10/2013 20:54:59]
    AdwCleaner[R3].txt - [1145 octets] - [04/10/2013 23:10:17]
    AdwCleaner[S0].txt - [7458 octets] - [03/10/2013 23:50:17]
    AdwCleaner[S1].txt - [1601 octets] - [04/10/2013 20:55:31]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1325 octets] ##########

    ____________________________________________________________________________________________________________________________

    Malwarebytes Anti-Malware (PRO) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.10.05.02

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Ken :: KEN-PC [administrator]

    Protection: Enabled

    10/4/2013 8:59:26 PM
    MBAM-log-2013-10-04 (23-04-31).txt

    Scan type: Full scan (C:\|D:\|E:\|F:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 606627
    Time elapsed: 3 hour(s), 57 minute(s), 30 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 2
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browsersafeguard (PUP.Optional.BrowserSafeGuard.A) -> No action taken.
    HKLM\SOFTWARE\BROWSERSAFEGUARD (PUP.Optional.BrowserSafeGuard.A) -> No action taken.

    Registry Values Detected: 1
    HKLM\SOFTWARE\Browsersafeguard|sourceid (PUP.Optional.BrowserSafeGuard.A) -> Data: google_browsersafeguard-display-us-bleeping-728x90-36639128953 -> No action taken.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 4
    C:\Program Files (x86)\Browsersafeguard (PUP.Optional.BrowserSafeGuard.A) -> No action taken.
    C:\Program Files (x86)\Browsersafeguard\Resources (PUP.Optional.BrowserSafeGuard.A) -> No action taken.
    C:\Users\Ken\AppData\Local\Temp\ct3289847 (PUP.Optional.Conduit.A) -> No action taken.
    C:\Users\Ken\AppData\Local\Temp\ct3289847\plugins (PUP.Optional.Conduit.A) -> No action taken.

    Files Detected: 21
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\Datamngr.dll.vir (PUP.Optional.Bandoo.A) -> No action taken.
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe.vir (PUP.Optional.Bandoo.A) -> No action taken.
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrUI.exe.vir (PUP.Optional.Bandoo.A) -> No action taken.
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\IEBHO.dll.vir (PUP.Optional.Bandoo.A) -> No action taken.
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\x64\Datamngr.dll.vir (PUP.Optional.Bandoo.A) -> No action taken.
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\x64\IEBHO.dll.vir (PUP.Optional.Bandoo.A) -> No action taken.
    C:\Users\Ken\AppData\Local\Temp\Temporary Internet Files\Content.IE5\NCVDSMI3\Setup.exe (PUP.Optional.iBryte) -> No action taken.
    C:\Users\Ken\AppData\Local\Temp\Temporary Internet Files\Content.IE5\QONNFQVJ\cbsidlm-tr1_15-AdwCleaner-SEO-75851221.exe (PUP.Optional.InstallBrain.A) -> No action taken.
    C:\Program Files (x86)\Browsersafeguard\ewebstorewrapper.dll (PUP.Optional.BrowserSafeGuard.A) -> No action taken.
    C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe (PUP.Optional.BrowserSafeGuard.A) -> No action taken.
    C:\Program Files (x86)\Browsersafeguard\install.log (PUP.Optional.BrowserSafeGuard.A) -> No action taken.
    C:\Program Files (x86)\Browsersafeguard\makecert.exe (PUP.Optional.BrowserSafeGuard.A) -> No action taken.
    C:\Program Files (x86)\Browsersafeguard\TrustedRoot.cer (PUP.Optional.BrowserSafeGuard.A) -> No action taken.
    C:\Program Files (x86)\Browsersafeguard\uninstall.browsersafeguard.exe (PUP.Optional.BrowserSafeGuard.A) -> No action taken.
    C:\Program Files (x86)\Browsersafeguard\Resources\certutil.exe (PUP.Optional.BrowserSafeGuard.A) -> No action taken.
    C:\Program Files (x86)\Browsersafeguard\Resources\libnspr4.dll (PUP.Optional.BrowserSafeGuard.A) -> No action taken.
    C:\Program Files (x86)\Browsersafeguard\Resources\libplc4.dll (PUP.Optional.BrowserSafeGuard.A) -> No action taken.
    C:\Program Files (x86)\Browsersafeguard\Resources\libplds4.dll (PUP.Optional.BrowserSafeGuard.A) -> No action taken.
    C:\Program Files (x86)\Browsersafeguard\Resources\nss3.dll (PUP.Optional.BrowserSafeGuard.A) -> No action taken.
    C:\Program Files (x86)\Browsersafeguard\Resources\smime3.dll (PUP.Optional.BrowserSafeGuard.A) -> No action taken.
    C:\Program Files (x86)\Browsersafeguard\Resources\softokn3.dll (PUP.Optional.BrowserSafeGuard.A) -> No action taken.

    (end)

  9. #9
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,067

    Default

    hi,

    ok Your welcome. Please rerun Malwarebytes once more and this time make sure:

    When the scan is complete, click OK, then Show Results to view the results.

    Be sure that everything is checked, and click *Remove Selected.*

    Where it says-> "No action taken" in the your log means that malwarebytes did not delete anything

    Folders Detected: 4
    C:\Program Files (x86)\Browsersafeguard (PUP.Optional.BrowserSafeGuard.A) -> No action taken.
    C:\Program Files (x86)\Browsersafeguard\Resources (PUP.Optional.BrowserSafeGuard.A) -> No action taken.
    C:\Users\Ken\AppData\Local\Temp\ct3289847 (PUP.Optional.Conduit.A) -> No action taken.
    C:\Users\Ken\AppData\Local\Temp\ct3289847\plugins (PUP.Optional.Conduit.A) -> No action taken.

    websites is very slow.
    With Internet Explorer open go to tools>internet options>advanced tab> click on the Reset button below where it says: Reset Internet Explorer Settings
    How Can I Reduce My Risk?

  10. #10
    Member
    Join Date
    Jan 2012
    Posts
    38

    Default

    Hi Shelf life:

    The log from Malwarebytes attached below. The loading time for each website I browse through is faster now. However, I am getting a message that some of the websites I visit were not responding. I have to hit the recover button,

    I checked the Uninstall panel and found three programs, TVAgent, Express Install and Tiny Install, were installed on 10/04/13. Since I was unfamiliar with these programs, I uninstalled them. Are these programs I shouldn't have uninstalled?

    __________________________________________________________________________________________________________________________
    Malwarebytes Anti-Malware (PRO) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.10.06.05

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Ken :: KEN-PC [administrator]

    Protection: Enabled

    10/6/2013 1:26:45 PM
    mbam-log-2013-10-06 (13-26-45).txt

    Scan type: Full scan (C:\|D:\|E:\|F:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 609966
    Time elapsed: 1 hour(s), 59 minute(s), 52 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 2
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browsersafeguard (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\BROWSERSAFEGUARD (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.

    Registry Values Detected: 1
    HKLM\SOFTWARE\Browsersafeguard|sourceid (PUP.Optional.BrowserSafeGuard.A) -> Data: google_browsersafeguard-display-us-bleeping-728x90-36639128953 -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 4
    C:\Program Files (x86)\Browsersafeguard (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Browsersafeguard\Resources (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
    C:\Users\Ken\AppData\Local\Temp\ct3289847 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Ken\AppData\Local\Temp\ct3289847\plugins (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

    Files Detected: 13
    C:\Program Files (x86)\Browsersafeguard\ewebstorewrapper.dll (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Browsersafeguard\install.log (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Browsersafeguard\makecert.exe (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Browsersafeguard\TrustedRoot.cer (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Browsersafeguard\uninstall.browsersafeguard.exe (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Browsersafeguard\Resources\certutil.exe (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Browsersafeguard\Resources\libnspr4.dll (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Browsersafeguard\Resources\libplc4.dll (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Browsersafeguard\Resources\libplds4.dll (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Browsersafeguard\Resources\nss3.dll (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Browsersafeguard\Resources\smime3.dll (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Browsersafeguard\Resources\softokn3.dll (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.

    (end)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •