# IE won't work after malwarebytes



## phatfarm747 (Jan 6, 2013)

I should probably start by saying that all of my problems began after a trojan removal by malwarebytes. I had 2 trojans found and removed by malwarebytes and subsequently I lost my internet access through internet explorer. Internet explorer however does work in safe mode. I've been using malwarebytes for years and have never had a problem with it before, so I'm not inclinded to believe that it has caused the problem. What is strange is that my computer shows that I have full access to the internet, and this is validated because I have a remote access program that is working like a champ. Norton has access and those are the only two programs that do have access. Oh and internet explorer, turbo tax, google chrome etc all work just fine and have access in safe mode with networking. The log for the malwarebytes scan is right below the list of things I have tried. It says that all of the trojans have been removed successfully so I'd say that my computer is clean of spyware that might stop my computer from access. Right after malwarebytes is hijack this. I know it shows there are a lot of things running but keep in mind I've already done a clean boot and turned all of it off, still...no internet. 

ipconfig /release and reset 
dns flushed 
winsock and tcp/ip set back to defaults (i'm sure there's a technical term for all of this but I don't know it)

 clean boot (all the services etc turned off...although for some reason I can't turn the norton service off) 




Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

 Database version: v2012.12.26.05

 Windows 7 Service Pack 1 x86 NTFS
 Internet Explorer 9.0.8112.16421
 Jay :: D12CQBC1 [administrator]

 12/25/2012 11:44:06 PM
 mbam-log-2012-12-25 (23-44-06).txt

 Scan type: Quick scan
 Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
 Scan options disabled: P2P
 Objects scanned: 320930
 Time elapsed: 21 minute(s), 59 second(s)

 Memory Processes Detected: 0
 (No malicious items detected)

 Memory Modules Detected: 0
 (No malicious items detected)

 Registry Keys Detected: 142
 HKCR\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\MyWebSearchToolBar.SettingsPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\MyWebSearchToolBar.SettingsPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\FunWebProducts.IECookiesManager.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\FunWebProducts.IECookiesManager (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\FunWebProducts.DataControl.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\FunWebProducts.DataControl (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4D7B-9389-0F166788785A} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\CLSID\{2EFF3CF7-99C1-4c29-BC2B-68E057E22340} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\TypeLib\{621FEACD-8857-43A6-AE26-451D670D5370} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\Interface\{2763E333-B168-41A0-A112-D35F96F410C0} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\FunWebProducts.ShellViewControl.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\FunWebProducts.ShellViewControl (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2EFF3CF7-99C1-4C29-BC2B-68E057E22340} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\FunWebProducts.HTMLMenu.2 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\FunWebProducts.HTMLMenu (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\MyWebSearch.HTMLPanel.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\MyWebSearch.HTMLPanel (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\MyWebSearchToolBar.ToolbarPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\MyWebSearchToolBar.ToolbarPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\FunWebProducts.PopSwatterSettingsControl.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\FunWebProducts.PopSwatterSettingsControl (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\MyWebSearch.PseudoTransparentPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\MyWebSearch.PseudoTransparentPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\FunWebProducts.PopSwatterBarButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\FunWebProducts.PopSwatterBarButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\FunWebProducts.HTMLMenu.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\ScreenSaverControl.ScreenSaverInstaller.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\ScreenSaverControl.ScreenSaverInstaller (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\CLSID\{A6573479-9075-4A65-98A6-19FD29CF7374} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\TypeLib\{98635087-3F5D-418F-990C-B1EFE0797A3B} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\Interface\{38A7C9DA-8DB7-4D0F-A7B1-C4B1A305BDDB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\FunWebProducts.BrowserOverlayEmbed.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\FunWebProducts.BrowserOverlayEmbed (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A6573479-9075-4A65-98A6-19FD29CF7374} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\MyWebSearch.OutlookAddin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\MyWebSearch.OutlookAddin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\FunWebProducts.KillerObjManager.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\FunWebProducts.KillerObjManager (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\FunWebProducts.HistoryKillerScheduler.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\FunWebProducts.HistoryKillerScheduler (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\FunWebProducts.HistorySwatterControlBar.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\FunWebProducts.HistorySwatterControlBar (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\CLSID\{D778513B-1C40-4819-B0C5-49E40B39AFD0} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\FunWebProducts.BrowserOverlayBarButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\FunWebProducts.BrowserOverlayBarButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\MyWebSearch.ChatSessionPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\MyWebSearch.ChatSessionPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
 HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
 HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCU\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKCU\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKLM\SOFTWARE\FocusInteractive (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKLM\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKLM\SOFTWARE\FunWebProducts (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKLM\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKLM\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Trojan.BHO) -> Quarantined and deleted successfully.
 HKCR\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Trojan.BHO) -> Quarantined and deleted successfully.
 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Trojan.BHO) -> Quarantined and deleted successfully.
 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Trojan.BHO) -> Quarantined and deleted successfully.
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully.
 HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully.
 HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully.
 HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully.
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Trojan.BHO) -> Quarantined and deleted successfully.
 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully.
 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully.

 Registry Values Detected: 8
 HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{00A6FAF6-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
 HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data: ©Ž±#¥aI¶»
äG\Ê -> Quarantined and deleted successfully.
 HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
 HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
 HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
 HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
 HKCU\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search| (Adware.Hotbar) -> Data: http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm088LEUS -> Quarantined and deleted successfully.
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform|FunWebProducts (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.

 Registry Data Items Detected: 0
 (No malicious items detected)

 Folders Detected: 25
 C:\Users\Jay\AppData\Roaming\FunWebProducts (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Users\Jay\AppData\Roaming\FunWebProducts\Data (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Users\Jay\AppData\Roaming\FunWebProducts\Data\Jay (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Users\Kaitlin\AppData\Roaming\FunWebProducts (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Users\Kaitlin\AppData\Roaming\FunWebProducts\Data (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Users\Kaitlin\AppData\Roaming\FunWebProducts\Data\Kaitlin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\FunWebProducts (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\FunWebProducts\ScreenSaver (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\FunWebProducts\ScreenSaver\Images (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\FunWebProducts\Shared (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\FunWebProducts\Shared\Cache (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\1.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Avatar (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Avatar\COMMON (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Cache (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Game (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\History (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Notifier (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Search (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Search\COMMON (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Settings (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\SrchAstt (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\SrchAstt\1.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.

 Files Detected: 118
 C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Windows\System32\f3PSSavr.scr (PUP.FunWebProducts) -> Quarantined and deleted successfully.
 C:\Users\Nicole\Downloads\Guffins.exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.
 C:\Users\Nicole\Downloads\SetupGamevance.exe (Adware.Gamevance) -> Quarantined and deleted successfully.
 C:\Windows\System32\f3PSSavr.scr (Trojan.Agent) -> Quarantined and deleted successfully.
 C:\Users\Jay\AppData\Roaming\FunWebProducts\Data\Jay\avatar.dat (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Users\Kaitlin\AppData\Roaming\FunWebProducts\Data\Kaitlin\avatar.dat (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Users\Kaitlin\AppData\Roaming\FunWebProducts\Data\Kaitlin\register.dat (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\FunWebProducts\ScreenSaver\Images\00A16A44.urr (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Avatar\COMMON\avatar.htm (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Avatar\COMMON\close.gif (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common-x.css (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common.css (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Avatar\COMMON\htmlctrl.js (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Avatar\COMMON\include.js (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Avatar\COMMON\index.htm (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loading.gif (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Avatar\COMMON\login.htm (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Avatar\COMMON\logo.gif (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max.gif (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min.gif (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Avatar\COMMON\noflash.htm (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.gif (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.swf (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Avatar\COMMON\unmax.gif (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Avatar\COMMON\wardrobe.htm (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Avatar\COMMON\window.ico (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Cache\000B00F4 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Cache\002800B9.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Cache\00280646.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Cache\00280702.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Cache\0028077F.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Cache\005F513E (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Cache\005F5D06.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Cache\005F6226.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Cache\005F6DFE.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Cache\005F6F84.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Cache\005F707E.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Cache\005F7C84.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Cache\files.ini (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\History\search2 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Search\COMMON.F3S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Search\COMMON\bd_grad.gif (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Search\COMMON\center.htm (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Search\COMMON\index.htm (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Search\COMMON\mid_dots.gif (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Search\COMMON\stop.gif (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Search\COMMON\systray.htm (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Search\COMMON\systrayp.htm (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Search\COMMON\tp_grad.gif (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Search\COMMON\warn.gif (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Settings\setting2.htm.bak (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Settings\settings.dat (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Settings\settings.dat.bak (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (PUP.MyWebSearch) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
 C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Trojan.BHO) -> Quarantined and deleted successfully.


Logfile of Trend Micro HijackThis v2.0.4
 Scan saved at 8:47:14 PM, on 1/5/2013
 Platform: Windows 7 SP1 (WinNT 6.00.3505)
 MSIE: Internet Explorer v8.00 (8.00.7601.17514)
 Boot mode: Normal

Running processes:
 C:\Program Files\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
 C:\Program Files\Norton Family\Engine\2.6.0.43\ccSvcHst.exe
 C:\Windows\system32\taskhost.exe
 C:\Windows\system32\Dwm.exe
 C:\Windows\Explorer.EXE
 C:\Windows\System32\WDBtnMgr.exe
 C:\Program Files\Common Files\Java\Java Update\jusched.exe
 C:\Windows\sttray.exe
 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
 C:\Program Files\iTunes\iTunesHelper.exe
 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
 C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
 C:\Program Files\TeamViewer\Version8\TeamViewer.exe
 C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
 C:\Windows\ehome\ehmsas.exe
 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
 C:\Garmin\gStart.exe
 C:\Program Files\Eye-Fi\Helper\EyeFiHelper.exe
 C:\Program Files\DellSupport\DSAgnt.exe
 C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
 C:\Users\Jay\AppData\Local\Akamai\netsession_win.exe
 C:\Program Files\CineForm\Tools\GoProCineFormStatusViewer.exe
 C:\Program Files\My Book\WD Backup\uBBMonitor.exe
 C:\Program Files\FingerPrint\FingerPrint.exe
 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
 C:\Users\Jay\AppData\Local\Akamai\netsession_win.exe
 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
 C:\Users\Jay\Desktop\IE9-Windows7-x86-enu.exe
 C:\Windows\system32\msconfig.exe
 C:\Windows\system32\notepad.exe
 C:\Program Files\Google\Chrome\Application\chrome.exe
 C:\Program Files\Google\Chrome\Application\chrome.exe
 C:\Program Files\Google\Chrome\Application\chrome.exe
 C:\Program Files\Google\Chrome\Application\chrome.exe
 C:\Program Files\Google\Chrome\Application\chrome.exe
 C:\Windows\system32\taskhost.exe
 C:\Windows\system32\taskeng.exe
 C:\Users\Jay\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070104
 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070104
 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
 O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\yt.dll
 O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
 O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\IPSBHO.DLL
 O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
 O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
 O2 - BHO: Norton Family BHO - {B8E07826-0971-4f16-B133-047B88034E89} - C:\Program Files\Norton Family\Engine\2.6.0.43\coIEPlg.dll
 O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
 O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
 O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
 O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\YTSING~1.DLL
 O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\yt.dll
 O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
 O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
 O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
 O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
 O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
 O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
 O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
 O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
 O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
 O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
 O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
 O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
 O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
 O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
 O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" -s
 O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
 O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
 O4 - HKCU\..\Run: [Eye-Fi] "C:\Program Files\Eye-Fi\Helper\EyeFiHelper.exe"
 O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
 O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Jay\AppData\Local\Akamai\netsession_win.exe"
 O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
 O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
 O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
 O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
 O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
 O4 - Startup: My Program.lnk = C:\Program Files\FingerPrint\FingerPrint.exe
 O4 - Global Startup: CineForm Status.lnk = C:\Program Files\CineForm\Tools\GoProCineFormStatusViewer.exe
 O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
 O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe
 O9 - Extra 'Tools' menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe
 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
 O15 - Trusted Zone: *.dell.com
 O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
 O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support.microsoft.com/ActiveX/MSDcode.cab
 O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
 O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
 O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
 O23 - Service: Adobe Active File Monitor V10 (AdobeActiveFileMonitor10.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
 O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
 O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
 O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
 O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
 O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
 O23 - Service: FingerPrint Service (FingerPrint) - Collobos Software - C:\Program Files\FingerPrint\FingerPrintService.exe
 O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
 O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
 O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
 O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
 O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
 O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
 O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
 O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
 O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
 O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
 O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
 O23 - Service: Norton Family (NSM) - Symantec Corporation - C:\Program Files\Norton Family\Engine\2.6.0.43\ccSvcHst.exe
 O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
 O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
 O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\System32\STacSV.exe
 O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
 O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
 O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe


----------



## johnb35 (Jan 6, 2013)

Open IE, click on tools, internet options, click advanced tab.  Click on both reset buttons at the bottom.  Close out IE and then restart it and see if it gets online.


----------



## phatfarm747 (Jan 6, 2013)

resetting the internet explorer settings didn't work. 
I noticed in the R1 settings of hijack this there was a proxy:server entry that looks fishy. Is that supposed to be there? i've never used a proxy server on purpose in my life.


----------



## johnb35 (Jan 6, 2013)

Go back into internet options, connections tab, click on lan settings, uncheck proxy server box if checked.


----------



## phatfarm747 (Jan 6, 2013)

it wasn't checked


----------



## phatfarm747 (Jan 6, 2013)

I swear I think i've tried everything. I hope you awesomely nerdy computer guys can figure this stuff out. I've been battling this problem for days


----------



## johnb35 (Jan 6, 2013)

Are you able to download files from a different machine and transfer them to the computer that can't get online?  If so, Please download and run the following.

*Download and Run ComboFix*
*If you already have Combofix, please delete this copy and download it again as it's being updated regularly.*

*Download this file* here :

*Combofix*


When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
Save the file to your windows desktop.  The combofix icon will look like this when it has downloaded to your desktop.





We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:


Close all open Windows including this one. 

Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found *here*.
Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.

Please click on I agree on the disclaimer window.
ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.





ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.





Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:





At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.

Please click on yes in the next window to continue scanning for malware.

ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.

ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.

While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.





When ComboFix has finished running, you will see a screen stating that it is preparing the log report.

This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.

When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.  

Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy.  Then come to the forum in your reply and right click on your mouse and click on paste.  



In your next reply please post:

The ComboFix log
A fresh HiJackThis log
An update on how your computer is running

If this don't work, I still have a few tricks up my sleeve.


----------



## phatfarm747 (Jan 6, 2013)

I will give it a go. I can transfer files no problem. I will keep you posted


----------



## phatfarm747 (Jan 6, 2013)

actually before i run combo fix...what is the difference between it and malwarebytes? the description of combo fix is essentially a malware utility..is that not what malwarebytes does? just curius, this is all a learning process for me


----------



## johnb35 (Jan 6, 2013)

They are both malware utilities but combofix is a much deeper scanning tool.  You had a lot of mywebsearch infections and malwarebytes usually doesn't get it all.  Mywebsearch plays havoc with IE.  Just make sure you disable norton auto protect before running.  You will also need to disable its antispyware program as well.


----------



## phatfarm747 (Jan 6, 2013)

OK. That makes sense. i'll be right back with the results


----------



## phatfarm747 (Jan 6, 2013)

I'm waiting for my computer to come back online. I've been doing everything via teamviewer because it's the only way I can get all of these files transferred to run the malware utilities per request. Will post soon when my sick computer is back up with the log file


----------



## johnb35 (Jan 6, 2013)

Hopefully, i'll still be awake as I'm getting ready for bed.  If not, i'll check back in the morning.


----------



## phatfarm747 (Jan 6, 2013)

much appreciated. I think it might take a while. The internet connection isn't back up anyways


----------



## johnb35 (Jan 6, 2013)

It might take 20 minutes or so to fully complete and post the log.


----------



## phatfarm747 (Jan 6, 2013)

Internet explorer is still hanging when I execute it. It's really weird. I double click it to start it, it opens and then it's as if it's perpetually loading. No error codes or anything. Anyways here is the log: 

ComboFix 13-01-05.01 - Jay 01/05/2013  22:38:07.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2046.790 [GMT -5:00]
Running from: c:\users\Jay\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Nicole\WINDOWS
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15.inf
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\system32\winsusrm.dll
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2012-12-06 to 2013-01-06  )))))))))))))))))))))))))))))))
.
.
2013-01-06 03:56 . 2013-01-06 03:56	--------	d-----w-	c:\users\Nicole\AppData\Local\temp
2013-01-06 03:56 . 2013-01-06 03:56	--------	d-----w-	c:\users\Kaitlin\AppData\Local\temp
2013-01-06 03:56 . 2013-01-06 03:56	--------	d-----w-	c:\users\Judy\AppData\Local\temp
2013-01-06 03:56 . 2013-01-06 03:56	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-06 03:56 . 2013-01-06 03:56	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2013-01-05 23:33 . 2013-01-05 23:33	--------	d-----w-	c:\program files\Common Files\CineForm
2013-01-05 22:12 . 2013-01-05 22:13	--------	d-----w-	c:\users\Administrator2
2012-12-30 06:12 . 2012-12-30 06:12	--------	d-----w-	c:\users\Kaitlin\AppData\Local\GoPro
2012-12-29 21:37 . 2012-12-29 21:37	--------	d-----w-	c:\users\Jay\AppData\Local\Programs
2012-12-27 23:11 . 2012-12-27 23:11	--------	d-----w-	c:\windows\system32\drivers\NSM
2012-12-27 23:11 . 2012-12-27 23:11	--------	d-----w-	c:\program files\Norton Family
2012-12-26 21:10 . 2012-12-27 23:05	--------	d-----w-	c:\users\Jay\AppData\Local\GoPro
2012-12-26 17:01 . 2012-12-26 17:01	--------	d-----w-	c:\users\Jay\AppData\Roaming\GoPro
2012-12-26 16:55 . 2012-12-26 16:55	--------	d-----w-	c:\program files\CineForm
2012-12-26 16:55 . 2012-12-26 16:56	--------	d-----w-	c:\users\Public\CineForm
2012-12-26 16:55 . 2012-12-26 16:55	--------	d-----w-	c:\program files\GoPro
2012-12-26 13:32 . 2012-12-27 23:11	--------	d-----w-	c:\users\Jay\AppData\Roaming\TeamViewer
2012-12-26 13:30 . 2012-12-26 13:30	--------	d-----w-	c:\program files\TeamViewer
2012-12-26 04:43 . 2012-12-26 04:43	--------	d-----w-	c:\users\Jay\AppData\Roaming\Malwarebytes
2012-12-26 04:43 . 2012-12-26 04:43	--------	d-----w-	c:\programdata\Malwarebytes
2012-12-26 04:43 . 2012-12-29 21:38	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-12-26 04:43 . 2012-12-14 21:49	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-12-26 04:29 . 2012-12-26 04:29	--------	d-----w-	c:\program files\CCleaner
2012-12-26 04:15 . 2012-12-26 04:16	--------	d-----w-	c:\program files\Defraggler
2012-12-26 04:06 . 2012-12-26 04:06	--------	d-----w-	c:\users\Jay\AppData\Roaming\Tific
2012-12-26 04:06 . 2012-12-26 04:06	--------	d-----w-	c:\users\Jay\AppData\Local\Symantec
2012-12-25 22:28 . 2012-12-25 22:28	--------	d-----w-	c:\users\Jay\AppData\Roaming\Titanium
2012-12-25 22:28 . 2013-01-06 03:57	--------	d-----w-	c:\users\Jay\AppData\Local\Eye-Fi
2012-12-25 22:28 . 2012-12-26 03:39	--------	d-----w-	c:\users\Jay\AppData\Roaming\Eye-Fi
2012-12-25 22:27 . 2012-12-25 22:27	--------	d-----w-	c:\program files\Eye-Fi
2012-12-25 22:19 . 2012-12-25 22:20	--------	d-----w-	c:\users\Jay\AppData\Local\Deployment
2012-12-25 08:14 . 2012-12-16 14:13	295424	----a-w-	c:\windows\system32\atmfd.dll
2012-12-25 08:14 . 2012-12-16 14:13	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-12-24 17:16 . 2012-11-22 02:56	2345984	----a-w-	c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-27 23:11 . 2009-10-26 00:05	142496	----a-w-	c:\windows\system32\drivers\SYMEVENT.SYS
2012-12-24 17:23 . 2012-08-11 19:26	697272	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-12-24 17:23 . 2011-07-07 00:35	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-28 07:45 . 2012-10-28 07:45	1466368	----a-w-	c:\windows\system32\CFHD.dll
2012-10-16 07:39 . 2012-12-04 00:09	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-10-09 17:40 . 2012-11-21 03:50	44032	----a-w-	c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-21 03:50	193536	----a-w-	c:\windows\system32\dhcpcore6.dll
2007-07-04 19:56 . 2007-07-04 19:56	1586332	----a-w-	c:\program files\WRT54Gv5v6_v1.02.0_fw.bin
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-07-26 247768]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-15 68856]
"gStart"="c:\garmin\gStart.exe" [2008-08-13 1891416]
"Eye-Fi"="c:\program files\Eye-Fi\Helper\EyeFiHelper.exe" [2011-12-22 3961464]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2006-11-12 446976]
"Akamai NetSession Interface"="c:\users\Jay\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WD Button Manager"="WDBtnMgr.exe" [2007-01-12 339968]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"SigmatelSysTrayApp"="sttray.exe" [2007-01-12 303104]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-01-05 236544]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 90112]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
.
c:\users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-9-9 113664]
My Program.lnk - c:\program files\FingerPrint\FingerPrint.exe [2012-2-26 924728]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CineForm Status.lnk - c:\program files\CineForm\Tools\GoProCineFormStatusViewer.exe [2012-10-28 152064]
WD Backup Monitor.lnk - c:\program files\My Book\WD Backup\uBBMonitor.exe [2007-1-12 98304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A};Symantec Redirector - Norton Family;c:\windows\system32\drivers\NSM\0206000.02B\SymRdrS.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1109000.00C\SYMDS.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1109000.00C\SYMEFA.SYS [x]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20121130.005\BHDrvx86.sys [x]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1109000.00C\ccHPx86.sys [x]
S1 ccSet_NSM;Norton Family Settings Manager;c:\windows\system32\drivers\NSM\0206000.02B\ccSetx86.sys [x]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20130104.001\IDSvix86.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1109000.00C\Ironx86.SYS [x]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NIS\1109000.00C\SYMTDIV.SYS [x]
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [x]
S2 FingerPrint;FingerPrint Service;c:\program files\FingerPrint\FingerPrintService.exe [x]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe [x]
S2 NSM;Norton Family;c:\program files\Norton Family\Engine\2.6.0.43\ccSvcHst.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - SPBBCDrv
*Deregistered* - SYMDNS
*Deregistered* - SYMFW
*Deregistered* - SYMIDS
*Deregistered* - SYMNDIS
*Deregistered* - SYMNDISV
*Deregistered* - SYMREDRV
*Deregistered* - SYMTDI
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-11 17:24]
.
2012-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-31 19:13]
.
2012-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-31 19:13]
.
2013-01-01 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Jay.job
- c:\program files\Norton Internet Security\Engine\17.9.0.12\navw32.exe [2011-10-12 22:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cnn.com/
uInternet Settings,ProxyOverride = <local>
Trusted Zone: dell.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 192.168.1.254 192.168.0.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.9.0.12\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NSM]
"ImagePath"="\"c:\program files\Norton Family\Engine\2.6.0.43\ccSvcHst.exe\" /s \"NSM\" /m \"c:\program files\Norton Family\Engine\2.6.0.43\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-05  23:01:16
ComboFix-quarantined-files.txt  2013-01-06 04:01
.
Pre-Run: 206,435,307,520 bytes free
Post-Run: 207,054,155,776 bytes free
.
- - End Of File - - F5AA7EC4149B8BB98582471D21E41C61


----------



## johnb35 (Jan 6, 2013)

Can you try downloading a new browser to see if it will browse the net?  Trying to figure out if IE is just broken or if its actually something else.  Go into your tcp/ip settings and make sure obtain ip address and dns serves are set to obtain automatically.  

Also navigate to your hosts file and tell me what is listed in it.  You can copy and paste it if you wish.

Your hosts file is located here.

c:\windows\system32\drivers\etc

Right click on the hosts file in the etc folder and click on open, make sure you use notepad to open it.  

You should see something similar to this.

127.0.0.1       localhost

Another possibility is that nortons could be screwing up the internet connection.  Could try uninstalling it temporarily to see.


----------



## phatfarm747 (Jan 7, 2013)

I looked in the host file and it had 120.0.0.1 localhost like you said. I installed firefox fresh since it was a browser i didn't have and it said that it wasn't able to connect. I'm about to uninstall norton to see what happens will reply momentarily


----------



## phatfarm747 (Jan 7, 2013)

I'm sorry that it's taking a while. I'm waiting to talk to a norton rep to get ahold of the information I need to reinstall just in case i need to reinstall it. I think it might actually be norton now that you mentioned it. It seems to be the only program with full access to the internet for updates etc...everything else doesn't


----------



## johnb35 (Jan 7, 2013)

Most likely a firewall setting.  This is one of the reasons why I hate internet security programs, the firewall can be a pain in the butt.


----------



## phatfarm747 (Jan 7, 2013)

alright i got ahold of my product key and low and behold i need to get rid of norton family first before I uninstall norton internet security. for the life of me i can't remember the damned login information. I suspect this will take me some time to fish the information from norton on how to get rid of it without the login info. If i don't reply tonight I will in the morning. Thank you again for all of your help


----------



## phatfarm747 (Jan 8, 2013)

IT WORKED!!!!!! norton was blocking everything for some reason. I'm debating whether I wan't to reinstall or not. I've never had many problems with it before. Any recommendations?


----------



## johnb35 (Jan 8, 2013)

I kinda figured that after everything we went through.  Frankly, if you are a careful websurfer and don't download a bunch of stupid crap you really don't need a paid antivirus program.  Avast or Microsoft Security Essentials should work really well for you.


----------

